Your data and account ownership interest doesn’t disappear because of failure to possess the right sequence of bytes or a string. Can you imagine if your real estate or securities ownership evaporated because you didn't have the right password? Silliness.
> Your data and account ownership interest doesn’t disappear because of failure to possess the right sequence of bytes or a string.
Somehow you have to establish that you are the owner of the account, in a way that nobody else can do it. This is very much not a trivial problem, and government IDs don't provide any kind of solution to it.
If you need a driver's license, how do you get a driver's license? With a birth certificate? Okay, how do you get a copy of your birth certificate when you don't have a driver's license?
If there is a path to go from your house burning down and you having zero documents to you having a valid ID again without proving you've memorized or otherwise backed up any kind of secrets, an attacker can do the same thing and get an ID in your name. This is why identity theft is a thing in every system that relies on government ID. Requiring all systems to accept government ID is requiring all systems to be subject to identity theft.
> Somehow you have to establish that you are the owner of the account, in a way that nobody else can do it. This is very much not a trivial problem, and government IDs don't provide any kind of solution to it.
This is actually very easy. You can identity proof someone through Stripe Identity [1] for ~$2/transaction. There are of course other private companies who will do this. You bind this identity to the digital identity once, when you have a high identity assurance level (IAL). Account recovery is then trivial.
> If you need a driver's license, how do you get a driver's license? With a birth certificate? Okay, how do you get a copy of your birth certificate when you don't have a driver's license?
This is government's problem luckily, not that of private companies who would need to offer account identity bootstrapping. Does the liquor store or bar care where you got your government ID? The notary? The bank? They do not, because they trust the government to issue these credentials. They simply require the state of federal government credential. Based on the amount of crypto fraud that has occurred (~$72B and counting [2]), government identity web of trust is much more robust than "not your keys, not your crypto" and similar digital only primitives.
NIST 800-63 should answer any questions you might have I have not already answered: https://pages.nist.gov/800-63-3/ (NIST Digital Identity Guidelines)
[1] https://stripe.com/identity
[2] https://www.web3isgoinggreat.com/charts/top
(customer identity is a component of my work in financial services)
"Pay someone else to do it" is easy in the sense that doing the hard thing is now somebody else's problem, not in the sense that doing it is not hard. That also seems like a compliance service -- you are required to KYC, service provides box-checking for the regulatory requirement -- not something that can actually determine if someone is using a fraudulent ID, e.g. because they breached some DMV or some other company's servers and now have access to their customers' IDs.
> This is government's problem luckily, not that of private companies who would need to offer account identity bootstrapping.
But it's actually the user's problem if it means the government's system has poor security and allows someone else to gain access to their account.
> Based on the amount of crypto fraud that has occurred (~$72B and counting [2]), government identity web of trust is much more robust than "not your keys, not your crypto" and similar digital only primitives.
The vast majority of these are from custodial services, i.e. the things that don't keep the important keys in the hands of the users. Notably this number (which is global) is less than the losses from identity theft in the US alone.
The general problem also stems from "crypto transactions are irreversible" rather than "crypto transactions are secured by secrets". Systems with irreversible transactions are suitable for storing and transferring moderate amounts of value, as for example the amount of ordinary cash a person might keep in their wallet. People storing a hundred million dollars in a crypto wallet and not physically securing the keys like they're a hundred million dollars in gold bars are the fools from the saying about fools and their money.
Using vitalchek, you can order a BC with a notarized document, using two people who have valid IDs as people to vouch for your identity. I've done it for multiple clients.
So if I'm understanding this correctly, if me and one of my friends both have a valid ID, we can get anybody's birth certificate?
