Nick Lambert, CEO of Dock, has been a driving force in the digital identity space for over a decade, consistently working towards empowering individuals with control over their personal data. His decentralized identity journey began at MaidSafe, where as COO he spearheaded the SAFE Network, an ambitious project aimed at creating an autonomous data network that prioritizes user privacy and data sovereignty. At Dock, Nick continues his mission to revolutionize digital identity, focusing on solutions that streamline processes and reduce friction for both individuals and organizations.
Nick joined us to share his insights on the evolving landscape of decentralized identity. He discusses the recently announced blockchain merger with Cheqd, Dock's unique approach in the market, and key sectors for growth in the coming years. Nick emphasizes that the collaborative approach in decentralized identity, with shared standards and toolsets, accelerates innovation towards user empowerment, with industry players "all pointed in roughly the same direction."
Your journey from MaidSafe to founding Dock reflects a long-standing interest in digital identity and personal data control. How did these experiences shape your vision for Dock?
It started back around 2012. I was a technology marketer and wasn't very familiar with decentralized technology. We were a startup looking to decentralize web services: enabling users to store their own data and provide it back to social media networks or other service providers. This introduced me to relevant decentralized technology, and also the blockchain and cryptocurrency industry.
It made me realize how important it is that we control our own data, whether that's documents we store, music, or academic files, and to be able to control it on our own device. You also don't want companies removing your access to it, which they can do and have done, even by mistake.
When I left MaidSafe and saw Dock, it made sense that the most important type of data you have is your identity data. Identity takes many forms, but it seemed like a critical area with work still to be done. Dock was an opportunity to take a narrower view (than MaidSafe) and ensure we could provide people with the ability to control their own identity. And for the last twelve years, that's what's really got me out of bed in the morning.
Your path perfectly captures how long-term builders and leaders in the space become focused on giving people control over their identity data. Can you elaborate on that?
Absolutely. It's such a big problem, but what's encouraging about the identity space is that it's a more focused challenge compared to something like decentralized storage. With identity, there's a much larger group of people working on the problem with, for the most part, an agreed-upon set of tools and standards. It's almost like a movement of companies and organizations solving it together.
We might have minor disagreements about implementation details, but we're all pointed in roughly the same direction. That's what makes it feel solvable. We're not all trying to work in isolation - we're collaborating, building on each other's work, and moving towards a common goal.
This approach is crucial because giving people control over their identity data is too big and important a problem for any one company to solve alone. By working together, sharing standards, and building interoperable tools, we're making real progress.
How does Dock's approach to verifiable credentials and digital identity differ from other solutions in the market?
We have a big focus on the business aspect. It's easy to fall in love with the technology, but it's the problems it solves that ensure technology is adopted and builders can make their solutions operate effectively as a business. We focus on tools that can enable business models.
An essential part is an online trust registry. Just because something's in a system or blockchain doesn't mean it's true. You need a linkage between real-world verification of a company or individual and their representation within a system. Trust registries (and the appropriate business partners) provide this, and having them programmatically exist inside your system is key.
Once you have that, it enables businesses to think about how they wish to monetize the credentials. This is important because it's very hard to get businesses to change unless you can point them to a specific business model. We're enabling credential issuers to turn what today is a cost center into a revenue source. When you combine that with our ecosystem enablement and the rest of our stack, it makes us differentiated in the market.
You've been at the forefront of communicating the business value of decentralized identity, including popularizing the term "reusable identity." Tell us your perspective on the evolution of narrative over time.
At the start, many focus their communications on the tooling -- that it's decentralized, uses certain types of cryptography, etc. You put that all over your website, thinking people will care. But the only people who care are others building those solutions.
The companies that will use and pay for these solutions are looking for solutions to problems. They don't care whether it's decentralized or what type of cryptography you're using - they just want a problem fixed.
We've made a conscious effort with our communications to focus more on the benefits we can provide. We try to understand the specific problem a group of prospects and customers are having and how we can fix it. Then we build the narrative around that. This has been the biggest shift we've had, and we're starting to see some success from it.
When discussing decentralized identity with investors, what aspects do you focus on to convey its potential value?
Investors are typically looking for returns within a defined time period. They're looking for things like size of opportunity and potential market growth. They also want to see something that doesn't completely disrupt existing businesses. Evolutionary changes that complement existing businesses in a relatively easy-to-integrate way are often more interesting to investors.
We also talk about market drivers pushing adoption, like eIDAS regulations, mobile driver's license initiatives in the US, World Bank investments in digital identity, LinkedIn's use of Microsoft Entra ID for credentials, and Google's recent release of the Credentials API. These developments indicate the level of adoption we're likely to see, which excites investors.
What are some common questions or misconceptions about decentralized identity that you encounter, and how do you address them?
One common misconception is that identity only refers to government-backed identity, like a driver's license. In reality, we're talking about identity in a much broader sense. It can be anything from a website's understanding of who you are to your access to their system. Fundamentally, it's about control over your data.
Another misconception about decentralized identity is that every single aspect of it must be decentralized. What we're really talking about is the decentralized consumption of data - the presentation and verification. This typically happens in a wallet where the individual has control. They're presenting a credential given to them by a third party to another entity, who can verify it without knowing who they're verifying or what they're verifying. That's the important part of decentralization. Of course, you'll still have centralized entities issuing those credentials.
The recent merger between Dock and cheqd is significant news. What was the vision behind this decision?
Keep in mind it's a blockchain merge rather than a full company merger; the legal entities are remaining separate. We're migrating all of our chain-related elements (like revocation registries, DIDs, testnets) over to Cheqd.
The vision behind this is to allow Dock to focus on what differentiates us in the market: our issuing and verification platform, API, and our various platform features. Not all of these innovations take place at the blockchain layer but above it. As a small team, managing the entire stack was becoming a challenge.
We feel our strengths lie in the areas above the chain, and Cheqd is highly competent in the blockchain area. This allows us to focus on what really interests us and where we think we can make the most difference for our customers.
Additionally, being part of the Cheqd ecosystem with other great projects feels like a big step towards interoperability with a number of other providers. This addresses a concern I had about Dock potentially isolating itself on its own chain.
Your partnership with the University of Arkansas involves anonymous cyber incident reporting. How does this project demonstrate the capabilities of verifiable credentials?
The University of Arkansas, Little Rock is involved with some Department of Defense and energy-related projects. They're building what they call ET-ISAC (Emerging Threat Information Sharing and Analysis Center). They needed a way for people to report things anonymously, like a whistleblowing service, without fear of reprisal.
Using Dock's technology, they've created a system where someone can become a member and use that membership credential to access the reporting tool in a way where the system knows they're a member but doesn't know who they are. This is achieved using zero-knowledge proof technology.
A member of ET-ISAC receives a credential, which they can use to create a QR code in a wallet on their phone. They can then scan that QR code to gain access to the site and report an incident anonymously.
It's a unique use case that demonstrates the versatility of verifiable credentials and zero-knowledge proofs in solving real-world problems.
What use cases for decentralized identity have you found to be particularly impactful or promising?
Our current focus is on KYC (Know Your Customer) and biometrics companies. We see this as a market that's ready for innovation, especially with regulations like eIDAS 2.0 and mDL coming into play. We can make their verification checks portable, which is what reusable KYC is all about.
There's a good value transfer throughout the KYC process:
- Companies can make their verifications portable and generate new revenue streams.
- Individuals get more control over their data and can short-circuit painful onboarding processes.
- Relying parties (verifiers) don't have to start from scratch and can benefit from previous verification checks.
Beyond that, I'm excited about Customer Identity Access Management (CIAM). Many large corporations, especially in the US, have different divisions that often act as separate entities. Regulations sometimes prevent them from sharing information about individuals across these divisions. This leads to tremendous pain for both the company and the individual.
Imagine if they could give individuals control over their information, allowing them to consent and decide what they want to release to another business unit within the same corporation. This could solve many problems for large companies and enable individuals to manage their own information seamlessly.
The challenge with CIAM is that it's a slow-moving, risk-averse industry. They're just getting used to passkeys, so introducing verifiable credentials and different applications for managing those credentials might take some time. However, the potential is enormous, and I'm excited to see what happens in the next year or two.