STRATEGYDays to result

Physical World Rights Test for Digital Identity

Evaluate any digital identity proposal by asking whether it replicates the rights you already hold in physical space.

Problem it solves

People and policymakers accept digital identity systems that silently erode physical-world privacy norms because they lack a concrete evaluation standard.

Best for

Advocates, policy wonks, technologists, and informed citizens who need a repeatable lens to assess digital ID proposals and push for privacy-preserving alternatives.

Not ideal for

Purely technical engineering teams focused only on protocol design who need a compliance or security checklist rather than a rights-based evaluation.

Overview

Why this framework exists

The Physical World Rights Test is a decision-making mental model that forces any proposed digital identity system through a single pivotal question: does this digital norm replicate the rights and protections people already enjoy in the physical world? The framework treats physical-world privacy norms—selective disclosure, anonymous transactions, legal due process, individual control—as the floor below which no digital system should fall. By mapping each feature of a proposed system against its physical-world analogue, evaluators can quickly spot where corporate or state control is substituted for individual autonomy, where portability is absent, and where cryptographic selective disclosure could preserve privacy but has been omitted. The output is a clear verdict: align, reform, or reject.

Core principles

6 total
  1. Physical-world privacy norms are the minimum standard for any digital identity system.
  2. Individual control over data is non-negotiable; corporate or government default custody is a red flag.
  3. Cryptography enables selective disclosure—revealing only what is necessary without exposing underlying personal data.
  4. Open standards and open-source tools level the playing field against proprietary walled gardens.
  5. The alternative to engagement is not freedom from digital identity—it is digital identity designed without your input.
  6. Portability and legal due process must be embedded at the technology and policy layer, not bolted on later.

Steps

6 steps
  1. Identify the physical-world norm at stake
    Name the specific right people already hold in the physical world that the digital proposal touches—e.g., presenting an ID without creating a permanent record, speaking without surveillance, or transacting anonymously.
    Pro tipBe precise. 'Privacy' is too broad; 'the ability to show proof of age without revealing your address' is testable.
  2. Map the digital proposal against that norm
    Examine every data flow in the proposed digital identity system. Determine whether it requires full disclosure, phone-home verification, or centralized data storage that has no physical-world equivalent.
    Pro tipRequest a data-flow diagram or whitepaper. Vague claims of 'security' are a signal to probe deeper.
    WarningWatch for systems that claim privacy by default but carve out broad exceptions for law enforcement or commercial partners in the fine print.
  3. Test for individual versus institutional custody
    Ask explicitly: does the individual hold and control their own identity credential, or is control delegated to a corporation, government, or platform by default? Default institutional custody fails the test.
    Pro tipLook for self-sovereign identity (SSI) primitives—decentralized identifiers (DIDs) and verifiable credentials are signals of individual custody.
  4. Evaluate selective disclosure capability
    Determine whether the system supports cryptographic selective disclosure—the ability to prove a specific attestation (e.g., 'over 18') without revealing the underlying data (e.g., full birthdate and address).
    Pro tipZero-knowledge proofs and selective disclosure credentials are the technical standard here; if the system cannot support them, demand a roadmap.
    WarningSystems that require full document scans or biometric phone-home checks for every verification fail this step regardless of their marketing language.
  5. Assess portability and interoperability
    Check whether the user can migrate their identity data to another system or provider, or whether they are locked into a walled garden. Portability is the digital analogue of being able to carry your own wallet.
    Pro tipOpen standards bodies like the Decentralized Identity Foundation and OpenID Foundation publish interoperability profiles you can use as a benchmark.
  6. Apply the verdict and take action
    If the proposed system erodes one or more physical-world rights without a clear, proportionate justification, label it as failing the test and redirect your advocacy toward open-standards alternatives. Contact legislators, contribute to open-source projects, or publicly document the gap.
    Pro tipFrame the argument positively: 'we want to digitize identity, not create a new digital identity' resonates more broadly than pure opposition.
    WarningDisengagement is not a neutral choice—failing to advocate means the system gets designed without your input.

Checklist

Saved in your browser

Examples

3 cases
Worldcoin iris-scan model fails the test

Worldcoin requires a biometric iris scan that is processed centrally to issue a 'proof of personhood.' Mapping against the physical-world norm of presenting a credential without a biometric record reveals an immediate failure: no physical-world ID system requires you to hand over a biometric template to a private company. Individual custody is absent, selective disclosure is not natively supported, and portability depends entirely on the issuing organization.

OutcomeThe system fails the Physical World Rights Test on custody, selective disclosure, and portability grounds, flagging it as a centralized walled-garden solution that erodes rather than replicates physical-world norms.
Cryptographic age-verification passes the test

A system using a government-issued verifiable credential and a zero-knowledge proof allows a user to prove they are over 21 at a point-of-sale without transmitting their name, address, or exact birthdate. The physical-world analogue—showing a physical ID that a merchant glances at and hands back—is replicated. The user retains custody, only the necessary attestation is revealed, and no central log is created.

OutcomeThe system passes the Physical World Rights Test: individual control is preserved, selective disclosure is active, and the digital norm matches or improves on the physical-world standard.
Utah SETA model legislation as a policy application

Evaluators applied the Physical World Rights Test to Utah's model digital identity legislation (SETA), checking whether it constrained both state and private-sector actors from retaining unnecessary data, whether it established a digital bill of rights for individuals, and whether it prohibited willy-nilly commercial resale of identity data. Each provision was mapped against the physical-world norm of controlling your own documents.

OutcomeThe legislation was found to replicate key physical-world norms at the policy layer, providing a replicable template for other states seeking to embed privacy and individual control into statute.

Common mistakes

3 traps
Conflating 'digital ID' with 'digitizing identity'
Treating all digital identity systems as equivalent causes advocates to either reject all proposals (leaving the field to bad actors) or accept all proposals uncritically. The test only works if you distinguish between a system that gives individuals control over digitized credentials versus a system that creates a new layer of institutional surveillance.
Stopping at fear without moving to evaluation
Many privacy advocates identify the risks of digital ID but never proceed to evaluate specific proposals against the physical-world standard. Fear without a structured evaluation framework produces disengagement, which guarantees worse outcomes than imperfect engagement.
Ignoring the policy layer and focusing only on technology
A cryptographically sound system can still fail the test if the legal and policy stack allows the data to be subpoenaed, sold, or mandated by regulators. The framework must be applied to both the technology design and the governing terms, law, and data-retention policies simultaneously.

Origin story

How this framework came to be

Extracted from TFTC. The framework was articulated by guest Gerald Cotten during a discussion on decentralized identity and the risks of centralized digital ID systems, framed around the principle of 'digitizing identity' rather than creating a new 'digital identity.'

Source

Traced to primary
Source · VIDEO
The Digital ID Trap Is Closing Faster Than You Think (your version, lock as-is) — TFTC
TFTC · 2026
Open source →

Related frameworks

Browse all Strategy →