‘The Internet Is Missing an Identity Layer’: Evin McMullen on AI, Privacy and What Comes Next

The internet was built without a native identity layer. 

Early online systems allowed anonymity, captured by the well-known idea that ‘on the internet, no one can tell you’re a dog.’

That model no longer fits today’s digital economy.

In an interview with CCN, Evin McMullen, co-founder and CEO of Billions Network, said the missing layer is now clear.

“There is a missing layer of our original internet and of our evolving frontier technologies like blockchains and AI. And that missing layer is identity.”

Online activity has shifted. More than half of interactions now come from non-human actors such as bots and AI agents. 

This shift changes how trust works and forces systems to verify who or what participates in digital environments.

Watch the full interview here:

From Surveillance Capitalism to User-Controlled Data

The modern internet runs on data collection. Advertising models track behavior and use it to shape content and recommendations.

McMullen described this structure as the “economic foundation of the internet.”

At the same time, users have become more aware of how companies collect and trade personal data.

“There are companies spending all day trading secrets about you without your awareness, participation, or benefit.”

This model creates growing risks. Large databases attract hackers, and data breaches have already exposed sensitive information for more than a billion people worldwide.

Companies also face rising costs tied to regulation, storage, and compliance. Laws such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) require companies to track, explain, and sometimes delete user data.

Zero-Knowledge Proofs: Compliance Without Exposure

Zero-knowledge proofs (ZKPs) offer a different model.

These systems allow users to prove something without revealing the underlying data. A user can confirm their age without sharing a birthdate or passport details.

McMullen explained how the system works in practice.

“The only information that ever leaves your device is like a digital thumbs up or a green light… that proves that you are qualified and allowed to enter without revealing that underlying original information.”

This removes the need for centralized databases filled with sensitive documents. Instead of storing passports or IDs, platforms receive proof of eligibility.

The same document can generate different proofs depending on what is required. A passport can confirm citizenship in one case and age in another, without exposing full details.

CBDCs and the Privacy Debate

Central bank digital currencies (CBDCs) have triggered strong reactions, especially around surveillance.

In the United States, policymakers have moved to block CBDC development. At the same time, stablecoin regulation continues to require strict identity verification.

McMullen linked these developments to public concerns.

“CBDC bans validate the thesis of what’s happening in the market, meaning that regulatory bodies recognize their citizens’ rejection of government surveillance of their financial lives.”

This creates a tension between compliance and privacy. Governments require identity checks, but users want control over their data.

Zero-knowledge systems aim to bridge that gap by enabling verification without exposing personal information.

Global Standards as the Foundation for Trust

Interoperability remains a major challenge. Different countries and systems often rely on incompatible identity frameworks.

McMullen pointed to the role of open standards.

“The World Wide Web Consortium… have actually developed interoperable technical standards.”

Modern passports already include Near Field Communication (NFC) chips with digitally signed data. These signatures can be verified without storing copies of documents.

“Any other government entity or private entity could choose to build on top of that data, could consume it, could verify it.”

Standardization allows systems to work across borders while maintaining security and trust.

Social Platforms, Regulation, and Age Verification

Digital identity is playing an increasingly important role in social media regulation.

Countries such as the United Kingdom, Australia, and Spain have introduced restrictions on underage users. These policies aim to protect children from harmful content.

However, McMullen warned that poorly designed systems can create new risks.

“The cure cannot be more harmful than the disease.”

Traditional age verification methods often require users to upload sensitive documents. This increases exposure to breaches and misuse.

Privacy-preserving identity systems offer an alternative by confirming age without storing personal data.

AI Agents and the Future of Identity

Artificial intelligence introduces new challenges.

McMullen expects every online application to be rewritten to support AI agents within the next five years. These agents will search, interact, and transact on behalf of users.

This shift requires identity systems that work for both humans and machines.

“You can assign a unique identity to an instance of an AI agent so it can prove it is acting on behalf of you… and without that element of identification… your agent cannot perform things such as financial interactions in compliance spaces.”

Without identity, AI agents cannot meet regulatory requirements such as know your costumer (KYC).

A Five-Year Transformation Ahead

The next phase of the internet will depend on how identity systems evolve alongside AI and regulation.

McMullen expects rapid change but sees a balance between innovation and oversight.

“I think real life tends to be a little bit more of a middle path… taking into account dynamics from both of these forces.”

AI will generate content and decisions at scale, while blockchain-based systems provide verifiable identity and scarcity.

This combination will shape how trust works online.

Digital identity is becoming a core layer of the internet. As AI agents replace many human interactions, systems must verify both users and machines without exposing sensitive data.

ZKPs provide a path forward. They allow compliance while protecting privacy and reducing the risks tied to centralized data storage.

CBDC debates show that users reject systems that enable surveillance. At the same time, regulators still require strong compliance.

The next few years will define how these systems are built. The outcome will shape whether the internet becomes more private, more secure, and more balanced between users, institutions, and technology.

About the Author

Dr. Lorena Nessi

Dr. Lorena Nessi is an award-winning journalist and media technology expert with 15 years of experience in digital culture and communication. Based in Oxfordshire, UK, she combines academic insight with hands-on media practice.

She holds a PhD in Communication, Sociology, and Digital Cultures, and an MA in Globalization, Identity, and Technology.

Lorena has taught at Fairleigh Dickinson University, Nottingham Trent University, and the University of Oxford. She is a former producer for the BBC in London, with additional experience creating television content in Mexico and Japan.

Her research focuses on digital cultures, social media, technology, capitalism, and the societal impact of blockchain innovation.

She has written extensively on digital media and emerging technologies, with her work featured in both academic and media platforms. Her Web3 expertise explores how blockchain technologies shape culture, economics, and decentralized systems.

Outside of work, Lorena enjoys reading science fiction, playing strategic board games, traveling, and chasing adventures that get her heart racing. A perfect day ends with a relaxing spa and a good family meal.

[email protected] LinkedIn X.com