Digital identity is one of those holy grails in tech. Governments want to have it. Companies want to use it. Individuals want a way out of endless password and sign-in hell.
And maybe, just maybe, there’s an escape from the industrialized harvesting of personal data by big tech platforms.
A variety of companies have been tackling this, from cybersecurity companies pursuing personal-access management, to cloud providers and data-management players; from federated learning in AI to crypto companies developing zero-knowledge proofs.
The latest entrant is Terminal 3, a Hong Kong-based startup that got its start by providing data storage and access for Web3 (crypto) companies.
The company has just raised a seed round of $8 million, co-led by Illuminate Financial and CMCC Titan Fund.
Co-founder and CEO Gary Liu told DigFin that digital identity is an application, which Terminal 3 is working on, but that it is not the core focus of the fund-raise.
“We were founded to build the infrastructure for data privacy and security,” he said. “Digital identity is just one application of that.”
Digital ID do-over
The nature of holy grails is they are pursued by many and obtained by none. What makes Liu believe he’s developing a model that could be widely adopted?
He acknowledges the challenge. “Digital identity has gone through many cycles, and there are a lot of dead soldiers on that hill,” he said. But in a way, universal digital identity is already here, just in a centralized format that is controlled by big companies.
He cites Google’s gmail and Meta’s Instagram as examples of widely used services that only require a single sign-in by anyone across the internet to access an account. The company owner/operators control and monetize the user’s data; they are responsible for data privacy and security, which they use to serve their own commercial ends.
This is something Liu knows well, having spent much of his career building monetization opportunities for big tech and media platforms such as Spotify, where he led operations and product development for its ads business.
However, he argues the time has become ripe for disrupting or building alternative models to the Big Tech data-harvesting machines.
Why now?
First, privacy-enhancing technologies (PETs) have matured, including homomorphic encryption, zero-knowledge proofs, federated learning, and other cryptographic tools. Companies have begun deploying these.
The second trend is the maturation of decentralized technologies. More companies are engaging in crypto or Web3 services, either as add-ons or natively.
Liu says Terminal 3 sits at the intersection, leveraging PETs to enable secure and self-sovereign storage of user data, which allows users to have private access to all sorts of applications: banking services, government credentials, social media, marketing, and agentic AI for transactions.
To what extent does T3 need the backing of governments, which are also pushing for their own solutions over digital identity? This is a global phenomenon but approaches (and privacy and data laws) are different: consider SingPass, Aadhaar in India, the European Union’s GDPR regime, and so on.
The thing in common is that governments prefer they control identity-related issues. This is to ensure robust protections around the data. It results, however, in a heavy-handed user experience. It’s no trivial matter to onboard onto digital credential apps like SingPass or Hong Kong’s iAM Smart – as Singaporeans and Hong Kongers learned during the Covid pandemic when residents were effectively forced to use these apps for the first time.
The value to banks and governments
These experiences are also not portable. Credentials don’t travel beyond the border; they are also isolated from normal commercial services, be it a Google account or a local bank account.
“Those government ID systems need a translation layer and a messaging layer for these identities to be able to talk to one another,” Liu said. “We’re proposing a cryptographically verifiable credential that could allow a company or the government to issue credentials based off the data the government holds.”
T3 seeks to source underlying data from many sources: governments, companies and individuals. Then it issues credentials from that. This would make its credentials valid across multiple types of digital platforms and apps.
This could be used not only for existing businesses, but also for new ones that are difficult to achieve today.
The startup does so via a Software as a Service business model, selling the issuance of credentials.
Take banks, for example. They struggle with account-based processes that continue to view a single customer’s profile through the lens of siloed products (ie, one account for a deposit, another for a loan, another for a brokerage). By issuing credentials from a decentralized SaaS, banks could sidestep the barriers to their own innovation, cut costs, and go after new products such as cross-border payments that today remain cumbersome.
“Third parties like us as – and I hate to use this word – middleware, helping enterprise and consumer apps to connect to government apps,” Liu said.
He believes governments are interested in such a solution because it would mean their app needs only one connection, to T3, enabling the company to issue credentials to anywhere these would be of use. And without sharing or moving personal identifying information, which remains guarded within a government’s centralized database.
Decentralization drive
By offering this as a recognizable SaaS product, Liu says the company can integrate with all kinds of services with basic APIs and developer SDKs. End users would have no idea there’s anything cryptographic or blockchain-related: they would just see a QR code as a credential to access a wallet or other third-party app or website.
Liu says decentralization is core to making this work, and to the values of the company.
“We should all own our data and decide when and how it can be used, and even be able to wipe it,” he said.
This means building systems that are composable: designed from smaller, independent, and modular components that can be combined or rearranged to create larger and more sophisticated systems or outputs. Although composability has been around for a long time, Liu argues that the asset (like a credential) produced from a decentralized pool of sources means it is trustworthy.
It also means a company or platform would have no control over this data. This separates the role of an operator (like a Big Tech platform) that controls or owns the data, from the network processor that creates a credential.
The digital ID is the thing users may be interested in – to meet KYC/AML demands, for example – but it’s Terminal 3’s focus on decentralized processes and cryptography that creates the pipes or rails that make this happen in a secure and privacy-preserving way.
How banks store or access data, or how a law enforcement agency conducts investigations or requests to look at personal information, are not T3’s focus. These things wouldn’t change, Liu says: T3’s role is to make these processes smoother and faster, deploying smart contracts, while keeping an immutable record of data retrievals.
“That’s accountability,” he said.
Web3 data in a web2 world
Would regulators welcome such accountability? Would large enterprises want to outsource control over customer data? The answers depend on the organization’s purpose. If the purpose is to dominate and manipulate or monetize user data, then no. If the purpose is to provide services and stay compliant, then using T3’s SaaS to issue digital identities is like any other automation: it makes things work faster and cheaper, while creating new opportunities.
To this end, Liu says he is in talks with a number of governments, including in Asia, about collaborating in regulatory sandboxes around privacy-enhancing technologies.
As for the data harvesters, a solution like Terminal 3 isn’t going to change anything related to how or whether someone uses gmail or IG. Those models will endure. But he’s pitching T3 as a way for other enterprises to slash the costs of handling data and complying with privacy laws.
And he’s selling this to crypto-native businesses that are already aligned with ideas of data self-sovereignty but face the reality of dealing with accounts, for example at a user’s bank. “Our identity stack is the bridge,” Liu said.
Among the various fintechs, crypto companies and cybersecurity businesses pushing digital-ID solutions, Liu says one reason Terminal 3 is getting funded now is because it already has reach. He says 8 million users have generated decentralized profiles. “That’s a massive number for a Web3 company,” he said.
The company is still in growth mode and not yet profitable, but because it’s an enterprise SaaS rather than a consumer-facing service, Liu expects to hit that milestone in a few years.
