Foundations of Decentralized Identity

What is Decentralized Identity?

Most of us never think about identity online. We type in a username, reuse a password, or click “Log in with Google” without a second thought. Identity, in the digital world, has been designed for convenience. But behind that convenience lies a hidden cost: surveillance, lock-in, and a system where we don’t really own the data that defines us.

Digital identity today is built for convenience, not for people.

Decentralized identity is a way of proving who you are without relying on a single company or government database to hold all the power. Instead of logging in with Google or handing over a photocopy of your driver’s license, you receive digital verifiable credentials, digital versions of IDs, diplomas, or licenses, directly from trusted issuers like DMVs, universities, or employers. You store these credentials securely in your own digital wallet and decide when, where, and how to share them. Each credential is cryptographically signed, so a verifier can instantly confirm its authenticity without needing to contact the issuer. The result is an identity model that’s portable, privacy-preserving, and designed to give control back to the individual rather than intermediaries.

Decentralized identity means you own and control your credentials, like IDs or diplomas, stored in your wallet, not in someone else’s database.

In this series, we’ll explore why decentralized identity matters, how policymakers are responding, and the technology making it possible. But before diving into policy debates or technical standards, it’s worth starting with the foundations: why identity matters at all, and what it means to build a freer digital world around it.

From Borrowed Logins to Borrowed Autonomy

The internet we know today was built on borrowed identity. Early online gaming systems issued usernames, turning every move into a logged action inside a closed sandbox. Social media platforms went further, normalizing surveillance as the price of connection and building entire economies on behavioral data. Even in industries like healthcare or financial services, “identity” was usually just whatever proprietary account a platform would let you open, and then keep hostage.

Each step offered convenience, but at the cost of autonomy. Accounts could be suspended. Data could be resold. Trust was intermediated by companies whose incentives rarely aligned with their users. The result was an internet where identity was an asset to be monetized, not a right to be owned.

On today’s internet, identity is something you rent, not something you own.

Decentralized identity represents a chance to reverse that arc. Instead of treating identity as something you rent, it becomes something you carry. Instead of asking permission from platforms, platforms must ask permission from you.

Why Identity Is a Pillar of Free Societies

This isn’t just a technical argument - it’s a philosophical and economic one. Identity is at the center of how societies function.

Economists have long warned of the dangers of concentrated power. Adam Smith argued that monopolies distort markets. Milton Friedman cautioned against regulatory capture. Friedrich Hayek showed that dispersed knowledge, not central planning, leads to better decisions. Ronald Coase explained how lowering transaction costs opens new forms of cooperation.

Philosophers, too, placed identity at the heart of freedom. John Locke’s principle of self-ownership and John Stuart Mill’s defense of liberty both emphasize that individuals must control what they disclose, limited only by the harm it might cause others.

Decentralized identity operationalizes these ideas for the digital era. By distributing trust, it reduces dependency on monopolistic platforms. By lowering the cost of verification, it unlocks new forms of commerce. By centering autonomy, it ensures liberty is preserved even as interactions move online.

The Costs of Getting It Wrong

American consumers and institutions are losing more money than ever to fraud and cybercrime. In 2024 alone, the FBI’s Internet Crime Complaint Center (IC3) reported that scammers stole a record $16.6 billion, a stark 33% increase from the previous year. Meanwhile, the FTC reports that consumers lost over $12.5 billion to fraud in 2024, a 25% rise compared to 2023.

On the organizational side, data breach costs are soaring. IBM’s 2025 Cost of a Data Breach Report shows that the average cost of a breach in the U.S. has reached a record $10.22 million, driven by higher remediation expenses, regulatory penalties, and deepening complexity of attacks  .

Identity theft has become one of the fastest-growing crimes worldwide. Fake accounts drain social programs. Fraudulent applications weigh down financial institutions. Businesses lose customers, governments lose trust, and people lose confidence that digital systems are designed with their interests in mind.

The Role of AI: Threat and Catalyst

As artificial intelligence tools advance, they’re empowering fraudsters with tools that make identity scams faster, more automated, and more believable. According to a Federal Reserve–affiliated analysis, synthetic identity fraud, where criminals stitch together real and fake information to fabricate identities, reached a staggering $35 billion in losses in 2023. These figures highlight the increasing risk posed by deepfakes and AI-generated personas in undermining financial systems and consumer trust.

And at the frontline of consumer protection, the Financial Crimes Enforcement Network (FinCEN) has warned that criminals are increasingly using generative AI to create deepfake videos, synthetic documents, and realistic audio to bypass identity checks, evade fraud detection systems, and exploit financial institutions at scale.

AI doesn’t just make fraud easier—it makes strong identity more urgent.

As a result, AI looms over every digital identity conversation. On one side, it makes fraud easier: synthetic faces, forged documents, and bots capable of impersonating humans at scale. On the other, it makes strong identity more urgent and more possible.

Digital Credentials: The Building Blocks of Trust

That’s why the solution isn’t more passwords, scans, or one-off fixes - it’s a new foundation built on verifiable digital credentials. These are cryptographically signed attestations of fact - your age, your license status, your professional certification - that can be presented and verified digitally.

Unlike static PDFs or scans, digital credentials are tamper-proof. They can’t be forged or altered without detection. They’re also user-controlled: you decide when, where, and how to share them. They also support selective disclosure: you can prove you’re over 21 without sharing your exact birthdate, or prove your address is in a certain state without exposing the full line of your home address.

Verifiable digital credentials are tamper-proof, portable, and under the user’s control—an identity model built for trust.

Decentralized identity acts like an “immune system” for AI. By binding credentials to real people and organizations, it distinguishes between synthetic actors and verified entities. It also makes possible a future where AI agents can act on your behalf - booking travel, filling out forms, negotiating contracts - while remaining revocable and accountable to you.

Built on open standards, digital credentials are globally interoperable. Whether issued by a state DMV, a university, or an employer, they can be combined in a wallet and presented across contexts. For the first time, people can carry their identity across borders and sectors without relying on a single gatekeeper.

From Pilots to Infrastructure

Decentralized identity isn’t just theory - it’s already being deployed.

• In California, the DMV Wallet has issued more than two million mobile driver’s licenses in under 18 months, alongside blockchain-backed vehicle titles for over 30 million cars.
• Utah has created a statewide framework for verifiable credentials, with privacy-first principles written directly into law. SB 260 prohibits forced phone handovers, bans tracking and profiling, and mandates that physical IDs remain an option .
• At the federal level, the U.S. Department of Homeland Security is piloting verifiable digital credentials for immigration, while NIST’s NCCoE has convened banks, state agencies, and technology providers, including SpruceID, to define standards .
• Over 250 TSA checkpoints already accept mobile IDs from seventeen states, and adoption is expected to double by 2026 .

These examples show that decentralized identity is moving from pilot projects to infrastructure, just as HTTPS went from niche to invisible plumbing for the web.

Why It Matters Now

We are at a crossroads. On one side, centralized systems continue to create single points of failure - massive databases waiting to be breached, platforms incentivized to surveil, and users with no say in the process. On the other, decentralized identity offers resilience, interoperability, and empowerment.

For governments, it reduces fraud and strengthens democratic resilience. For businesses, it lowers compliance costs and builds trust. For individuals, it restores autonomy and privacy.

This isn’t just a new login model. It’s the foundation for digital trust in the 21st century - the bedrock upon which free societies and vibrant economies can thrive.

This article is part of SpruceID’s series on the future of digital identity in America.

Subscribe to be notified when we publish the next installment.