Identity Without Permission: Why the Future of Citizenship Lives On-Chain
4.4 million people are stateless — not because they don't exist, but because a state decided they don't count. The passport is the last monopoly. Blockchain-based identity is the disruption.
Approximately 4.4 million people worldwide are stateless. Not because they don't exist. Because a state decided they don't count.
Aleksejs Ivashuk's recent paper in the Cambridge Journal of Law, Politics, and Art lays out the structural mechanics: states intentionally produce statelessness through nationality laws designed to exclude. Twenty-four countries still prevent women from passing citizenship to their children. Entire ethnic groups — the Rohingya being the most visible example — exist in a legal void because the state that controls their territory refuses to recognize them as persons.
This is not a humanitarian edge case. It is the logical endpoint of a system where identity is a monopoly product issued by a single provider who can revoke it at will.
And the structural problem extends far beyond the stateless. Digital nomads holding residencies in three countries but "belonging" to none. Crypto professionals whose wealth exists in a jurisdiction-less space while their identity remains trapped in one. Founders incorporating in Wyoming, living in Portugal, banking in Switzerland — manually stitching together four identity systems that were never designed to interoperate.
The passport is the last monopoly. And like every monopoly, it will be disrupted.
Cypherpunks Saw This Coming
In 1982, David Chaum published a paper called "Blind signatures for untraceable payments" — the first formal proposal for digital cash. The paper introduced "a new kind of cryptography, blind signatures" that would allow "untraceable payments systems which offer improved audibility and control compared to current systems, while at the same time offering increased personal privacy."
Chaum wasn't building a payment system. He was building a thesis. Three years later, in his paper "Security without Identification: Card Computers to make Big Brother Obsolete," he spelled out the threat model with eerie precision: "Even a small group using [pattern recognition techniques] and tapping into data gathered in everyday consumer transactions could secretly conduct mass surveillance, inferring individuals' lifestyles, activities, and associations." He foresaw that decentralized architectures, supported by the laws of mathematics, would be the only way to retain sovereignty in an increasingly digital world.
Money was just the first application.
Six years later, Timothy May dressed that thesis in political clothes. His Crypto Anarchist Manifesto (1988) predicted that "computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner" and that "these developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation."
May wasn't wrong. He was early.
By 1992, the movement had a name — Cypherpunks — and a mailing list that, as May recalled, "took off like a rocket as we had a hundred subscribers within the first two weeks." Eric Hughes, who had worked for Chaum in the Netherlands and shared an apartment with May in the Bay Area, wrote the movement's operational doctrine in A Cypherpunk's Manifesto (1993):
"Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it... Cypherpunks realize that security is not built in a day and are patient with incremental progress."
The cypherpunk project was always broader than money. As Phil Zimmermann wrote when releasing PGP: "Privacy is as apple-pie as the Constitution." He believed the ability to communicate privately was a fundamental right — and rushed his encryption software to the public, skipping five mortgage payments in the process, because a US Senate bill threatened to legalize government surveillance of all communications.
Wei Dai captured the operational logic in 1998: "There has never been a government that didn't sooner or later try to reduce the freedom of its subjects and gain more control over them, and there probably never will be one. Therefore, instead of trying to convince our current government not to try, we'll develop the technology... that will make it impossible for the government to succeed."
Bitcoin solved the money problem. Identity is the unfinished business.
What Changed Technically
The missing piece was always the same: how do you prove who you are without depending on the entity that might be the threat?
Two standards now make this possible. W3C Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) accomplish what Chaum's blind signatures did for money — they separate identity from issuer. A DID is a globally unique identifier controlled by the holder, not by any central authority. A Verifiable Credential is a cryptographically signed attestation — your university degree, your tax residency, your professional license — that can be verified by anyone without calling back to the issuer.
The architecture is elegant in its implications. Personal data stays off-chain, under the holder's control. Credentials are anchored on-chain for verifiability. Selective disclosure lets you prove you're over 18 without revealing your birthdate, or that you're a licensed professional without exposing your home address.
This isn't theoretical. The Rohingya Project has already built blockchain-based identity records and a community token (R-Coin, where each token represents one hour of community service work) for stateless populations — people creating their own identity infrastructure because the state that should serve them chose to erase them instead. Ivashuk documents this in detail: the most excluded people on earth are building the identity systems that the most privileged will eventually adopt.
The legacy system is catching up, partially. The EU's eIDAS 2.0 regulation and Digital Identity Wallet represent the establishment's response — still state-controlled, but acknowledging that identity must become digital, portable, and interoperable. The direction is correct. The architecture isn't.
The Network State Lens
Balaji Srinivasan's framework maps the shift precisely. His Three Leviathans model — God, State, Network — describes the three organizing principles of human society across history. Identity follows the same arc:
God era: Identity meant parish records and baptismal certificates. The Church decided who you were.
State era: Identity means passports, national IDs, and birth certificates. The nation-state decides who you are.
Network era: Identity means cryptographic keys, verifiable credentials, and on-chain attestations. You decide who you are.
The network state concept makes this concrete. An on-chain census — a cryptographically verified record of members, contributions, and property — replaces the state-issued population registry. The social smart contract replaces birthright citizenship: explicit, opt-in, auditable, enforceable without courts.
"Cloud first, land last." In network state logic, the community and its governance form before any territorial claim. Identity precedes territory, not the other way around. This inverts the entire Westphalian model where you are who you are because of where you were born.
The most powerful implication: exit over voice. In a legacy state, if your identity provider mistreats you, your only option is voice — voting, protest, petition. In a network state, you leave. Competitive pressure between identity providers forces them to serve their members. This is the difference between a monopoly and a market.
The Structural Problem Affects Everyone
Ivashuk writes about the extreme case — statelessness. But the structural flaw in state-monopolized identity creates friction across the entire spectrum.
Consider the functional reality of a modern global professional: tax residency in one country, company incorporation in another, banking relationship in a third, healthcare in a fourth. Each system requires a separate identity claim, verified against a separate national database, subject to separate rules about what you can prove and to whom. There is no interoperability layer. There is no portability standard. There is no user-controlled identity that spans jurisdictions.
At Polystate, we see this daily. Clients managing Paraguay tax residency alongside a Wyoming LLC and European banking — each requiring its own identity documentation, its own verification process, its own bureaucratic logic. The system works, but only because skilled operators navigate it manually. That's not a solution. That's a workaround.
The thesis is straightforward: sovereignty is a service, not a birthright. Identity should be portable, composable, and under the holder's control. Today, we help people navigate the existing system — residency, banking, company formation across jurisdictions. Tomorrow, the system itself changes.
Steelmanning the Objections
"States provide identity because they provide services." True. But the bundle is breaking. You already get healthcare in one country, bank in another, pay taxes in a third, and educate your children in a fourth. Identity should reflect this unbundling, not pretend it isn't happening.
"Decentralized identity enables fraud and evasion." Ivashuk addresses this directly: verifiable credentials are more auditable than paper documents, not less. A cryptographically signed credential with selective disclosure is harder to forge than a photocopied passport. The question isn't whether verification happens — it's who controls the verification infrastructure.
"No state will ever recognize on-chain identity." El Salvador adopted Bitcoin as legal tender in 2021 — and while it walked that back under IMF pressure in 2025, the precedent was set: a sovereign state can recognize crypto-native infrastructure. Estonia built e-residency, now serving 130,000 digital residents from 180 countries. The EU passed eIDAS 2.0 creating legal hooks for digital identity wallets. Small states — Balaji's "bootstrap recognizers" — have every incentive to move first, because recognizing new identity infrastructure is how small jurisdictions compete with large ones. The same competitive dynamic that drove flag theory drives identity innovation.
The Unfinished Business
My book CoinStory documented the 50-year arc from Chaum's blind signatures to Bitcoin — the cypherpunk project to build technological alternatives to state control over money. That project succeeded. The next chapter is identity.
As I wrote there, reflecting on the cypherpunk legacy: history suggests that building tools for digital privacy and self-sovereignty does not require one to be a crypto-anarchist. It requires understanding that "the assumption of a continuous benevolent government is not realistic. Even strong democracies may eventually turn into dictatorships." The tools must exist before they are needed.
The question is no longer whether identity goes on-chain. The standards exist (W3C DIDs, VCs). The technology works (zero-knowledge proofs, selective disclosure). The demand is proven (4.4 million stateless people, plus millions more whose identity doesn't match their actual lives). The regulatory scaffolding is emerging (eIDAS 2.0).
The question is who builds the credibly neutral layer — the identity infrastructure that no single state controls, that no single company owns, that works across jurisdictions by design rather than by bilateral agreement.
The companies helping people navigate jurisdictions today — the ones who understand the operational reality of multi-jurisdictional identity — will be the infrastructure providers for portable identity tomorrow. That's not a prediction. It's a business plan.
Satoshi solved money. The next Satoshi solves identity. And unlike money, you can't fork yourself.
David Stancel is the founder of Polystate, a platform helping globally mobile individuals navigate residency, banking, tax optimization, and company formation across jurisdictions. He is the author of CoinStory: The Evolution of Cryptocurrencies (2022).
Sources
1. Ivashuk, A. (2025). "Blockchain's Potential in Addressing Statelessness." Cambridge Journal of Law, Politics, and Art. 2. Srinivasan, B. (2022). The Network State: How to Start a New Country. 3. Stancel, D. (2022). CoinStory: The Evolution of Cryptocurrencies. 4. Hughes, E. (1993). "A Cypherpunk's Manifesto." 5. May, T. (1988). "The Crypto Anarchist Manifesto." 6. W3C. (2024). DID Core 1.1 / Verifiable Credentials Data Model 2.0. 7. European Union. (2024). eIDAS 2.0 Regulation. 8. Zimmermann, P. (1991). PGP User's Guide.