It has become routine, in a great many ordinary dealings, to be asked to prove who one is. To open an account, to engage a service, to complete a transaction of any size, a person is now expected to verify their identity, and to do so by providing the documents that establish it.

Each request is reasonable in isolation. The institution has a legitimate need to know who it is dealing with. But the requests are not isolated. They accumulate. Over the course of a life, and particularly an active and substantial life, a person verifies their identity to a great many parties, and each verification leaves something behind.

What it leaves is a copy. The documents that establish a person's identity, among the most sensitive items they hold, come to rest not in one place but in dozens: with institutions, with services, with intermediaries, each of which retains what it was given. The person has, without ever intending to, distributed their identity widely.

This matters because every holder is a point of exposure. A person can be entirely careful with their own documents and still have them held, in copy, by parties whose security is not within the person's control and not visible to them. The exposure does not depend on the person's own conduct. It depends on the weakest holder among many.

It is also largely invisible. A person rarely keeps account of who has verified them, and so rarely knows how widely their identity has spread. The distribution happened one reasonable request at a time, and was never seen as a whole.

The sensible response is not to refuse verification, which is neither possible nor wise. It is to recognise that identity, once it must be proven repeatedly, becomes a distributed thing, and that understanding one's exposure includes understanding how far, and to whom, it has been distributed.