When Power Cannot Tell Who You Are
Why the Absence of Verifiable Identity Forces Every Power into All-or-Nothing
An AI company now reserves the right to ask some of its users to prove who they are. Not with a password or a billing address: with a government-issued photo ID, a live selfie, and the geometry of their face, checked by a third-party verification provider. The policy, effective at Anthropic on July 8, 2026, is narrower than the headlines suggested. It applies to consumer accounts that have been flagged, as a path of recourse rather than a gate at the door; most users will never see the request, and enterprise and API customers are exempt. The company frames it as a matter of platform integrity and age compliance, and the system was in testing well before the events that made it interesting.
Still, the gesture deserves a pause. The internet shipped without a border post. You arrived, nobody asked who you were, and for thirty years that was not a bug but the design; identity was a problem for banks. Now a frontier AI lab is assembling the machinery to bind an account to a person, face first. The interesting question is not whether this is good or bad. It is why the identity layer, of all places, has suddenly become the place where everything gets decided.
On June 12, 2026, at 5:21 p.m. Eastern, three days after the two models launched, Anthropic received a letter from the U.S. Department of Commerce. The letter imposed export controls on the company's two newest models, Fable 5 and Mythos 5, requiring a license for access by any foreign national, inside or outside the United States, including Anthropic's own foreign-national employees. What happened next is a matter of public record, observable by anyone with an account: both models went dark for everyone, in every country, for eighteen days. The controls were lifted on June 30; global access returned on July 1.
The reason for the total shutdown, as Anthropic stated it, was that the company had no reliable way to verify the nationality of its users in real time. The order took effect immediately; the only way to be certain of compliance was to suspend both models for all users. That is the company's account of its own decision, and it should be read as such. But it went essentially uncontested. Independent reporting adopted it in its own words, and the legal analysts who examined the order built their arguments on top of it. Whatever else was in dispute about those eighteen days, and much was, this part was not seriously challenged: the machinery to comply narrowly did not exist, so compliance was total.
One government told one company to separate its users by nationality, and the company, unable to make that cut, cut everything. Hold on to the shape of that. The rest of this essay is about why that shape was inevitable, and what would have to exist for it not to be.
The debate that filled the field
The commentary that followed was serious and, in its own registers, thorough. Alan Rozenshtein, writing at Lawfare within days, argued that the episode revealed a government with enormous power over frontier AI and no coherent framework for exercising it: the legal authority plausible, the facts murky, the standards nonexistent. A team at CSIS worked through the statutory mechanics and found them thinner than they looked: an authority never before used as the basis for a control, one section of the export regulations that only reaches a short list of adversary countries, and another that the Commerce Department's own prior advisory opinions had read the opposite way. The Harvard Law Review's blog asked the doctrinal question directly: when a foreign national sends a prompt to a model on a U.S. server and receives a reply, has anything been exported at all?
These are the right questions for the legal layer, and they remain open. But notice what they share. All of them interrogate the order: its validity, its scope, its precedent. None of them interrogates the response, except to note, in passing, that nationality could not be verified and so the shutdown was global. The most consequential fact of the episode is treated as an implementation detail.
So ask the question the legal debate stepped over. Why was all-or-nothing the only setting available? Not to Anthropic specifically: to anyone in that position, under any directive of that shape?
The missing middle
Here is the structural answer. When identity cannot be verified at the granularity a rule requires, at the moment the rule applies, the middle of the response curve disappears. A power in that position does not become gentler or harsher; it becomes cruder. It retains exactly two settings: apply the measure to everyone the rule might cover, or apply it to no one. Over-inclusion or under-enforcement. The proportional middle, the targeted response calibrated to the actual subject of the rule, is not on the menu, because proportionality requires knowing who is who.
Which of the two failure modes you get is not random. It follows the gradient of who pays for the error. When the cost of under-compliance falls catastrophically on the enforcer or the enforced, as it does when the rule is a national-security directive with immediate effect, the rational move is to over-include: shut it all down, apologize to everyone. When the cost of enforcement falls on the enforcer and violations are cheap to ignore, the same missing layer produces the opposite failure: everyone gets through. The identity gap does not choose a direction; incentives do. What the gap determines is that the choice will be wholesale.
Anthropic's eighteen days are the over-inclusion branch of that fork, executed in public, on a compressed schedule, with the reasoning stated in a single sentence. That is what makes the case valuable. It is not an outlier; it is a demonstration.
The claim that identity is foundational to digital governance is not new. Kim Cameron named it in 2005: the internet was "built without a way to know who and what you are connecting to." The self-sovereign identity literature, the Trust over IP stack, Kevin Werbach on trust architectures, Primavera De Filippi and Aaron Wright on blockchain and the rule of code all descend, one way or another, from that diagnosis. But Cameron named a security problem, and what that lineage treats as an infrastructure problem has a political face the Fable episode makes visible: granular identity is what makes proportionality available to power. Not guaranteed. Available.
That is the step this essay adds, so let me state it plainly. Proportionality is not an engineering feature that gets bolted onto a control regime after the fact. It is a political property of the regime, and it exists only if the identity layer exists first. A power that cannot resolve individuals is not a moderate power. It is a power that can only act wholesale, whatever its intentions, whatever its legal constraints, whatever it would have preferred to do.
Two things follow from this that the operational reading, "they couldn't filter, so they blocked everything", does not give you. The first is a prediction: this will happen again, to a different company, under a different directive, with the same result, because the gap is a property of the layer, not of the firm. No frontier lab today can reliably resolve the nationality, age, or authority of a user at the moment of inference unless that fact has already been verified upstream. Upstream is where the machinery described at the opening of this essay lives: identity resolved once, asynchronously, so that it is already resolved when a rule needs it. Whatever those systems were built for, that is the capability they create, and its absence is why every order that requires such a cut today will be enforced as a blunt one.
The second is an inversion. The policy question asked after such an episode is usually: was the order proportional? The prior question is: was a proportional order even possible?
If the infrastructure for a targeted response does not exist, the disproportion was decided before the order was written, by an architecture nobody thinks of as political.
The pattern outside AI
If this were only about AI models, it would be a commentary. The pattern is older and wider.
Sanctions are the canonical case. A sanctions regime targets specific people and entities, but the institutions that must comply, banks above all, often cannot resolve at transaction speed whether a given counterparty falls inside the designated set. The documented result is de-risking:1 entire regions, categories of customers, whole correspondent-banking relationships dropped wholesale, because exclusion in bulk is cheaper and safer than identification at the margin. The targeted instrument becomes an untargeted one in execution, for exactly the reason the AI models went dark: the identity layer underneath the rule is coarser than the rule.
Age verification is the same collapse in a domain everyone can feel. A rule that says "not for minors" presupposes the ability to tell a minor from an adult at the door. Where that ability is absent or resisted, platforms and jurisdictions face the fork: gate the entire service behind checks that burden every adult, or leave it open and protect no one. The recent history of online age mandates,2 services withdrawing from whole countries rather than verifying, platforms imposing checks on entire national user bases, is the over-inclusion branch again. And it connects this essay's ending to its beginning: age compliance is one of the stated purposes of the verification system now standing at Anthropic's door.
The instructive contrast is the one domain that decided to pay. Finance did not solve this dilemma; it bought its way out of it, decades ago, by mandating identity. Know-your-customer rules made "who is who" a legal precondition of participation. The result is that financial power has the machinery for precision: a specific account frozen, a specific person designated, without shutting the payment system down. Proportional enforcement in finance is not a virtue of its regulators. It is a capability, purchased with an identity mandate, and paid for continuously by everyone in friction, fees, and exposure.
The price
Which brings us to the cost, because there is one, and an honest version of this argument has to name it rather than hope the reader will not.
Granular identity trades collective punishment for surveillance. The verification apparatus now being assembled makes the trade concrete: a government ID, a live selfie, facial geometry, held by a third-party provider, in this case Persona, a private identity-verification company backed by major venture investors. The detail to hold on to is not the vendor but the structure: proportionality, a political property, comes to depend on private infrastructure for the verification of bodies. And when CSIS enumerated Anthropic's options for restoring access under the June order, it named identity and citizenship verification of all users as one of them, and called it onerous and unlikely. Onerous is the honest word.
So here is the thesis with its cost attached: verifiable identity is the precondition of proportional control, and proportional control costs privacy. Cryptographers will object that it need not, that selective disclosure and zero-knowledge proofs can verify a fact without exposing a person, and they are right in principle. But the layer being built now runs on government IDs and facial geometry, not zero-knowledge proofs. The price is what we are actually paying, not what we could pay. Somebody has to decide whether to keep paying it, and for whom, and under what safeguards, and the one thing the Fable episode establishes is that this is not a technical decision. Pretending the price does not exist produces the world we just watched: powers that can only act in bulk, and users who absorb the blast radius of every rule that cannot find its target.
Where this goes
The durable part of this story is not the eighteen days. It is what the eighteen days exposed, and what is now moving because of it.
The legal foundation of the June order was, by the assessment of the analysts who examined it, improvised: a statutory authority applied in a way it never had been before, without an implementing framework for such use, stretched across sections of the export rules that were written for other things.3 Congress, notably, had seen the gap before the episode demonstrated it: the House passed the Remote Access Security Act in January 2026, months before the order, precisely because existing export law does not clearly reach remote access to a model; a Senate companion awaits action in committee. Whether by that act or another, the question "can access be controlled?" is on its way to being answered in law. The question this essay is about, "can it be controlled proportionally, and what has to exist first?", will be waiting on the other side of that answer. In Europe, meanwhile, the episode was read as a supply-chain warning and folded into the case for sovereign AI, a different essay's territory, but the same lesson under a different flag: dependence on a layer you do not control is a policy exposure.
The identity layer of the digital world is going to be built. It is being built now, in privacy policies and verification vendors and draft statutes, mostly without anyone naming what it is for. This essay's claim is that we should name it. It is the layer that decides whether power can be proportional at all. The open question, and it is genuinely open, is whether those who build it will also, unasked, decide who pays its price.
Notes
- On de-risking as wholesale exit rather than managed risk: World Bank, "Fact-Finding Summary from De-Risking Surveys" (November 2015); U.S. Congressional Research Service, "De-Risking" (IF10873); U.S. Department of the Treasury, "De-risking Strategy" (April 2023), which identifies non-transparent customer identification among the contributing factors. The drivers in the literature are mixed, cost, liability, and profitability among them, but customer identification (CDD, beneficial ownership, KYCC) is consistently named among the principal ones. ↩
- Aylo withdrew Pornhub and related sites from more than twenty U.S. states, the United Kingdom, and France, France being its second-largest market, rather than deploy age verification (2025), citing refusal to collect sensitive data from every visitor. Legal anchor: Free Speech Coalition v. Paxton, U.S. Supreme Court, 27 June 2025, upholding Texas H.B. 1181. By mid-2026, twenty-five U.S. states had age-verification laws in force. ↩
- Base authority: Section 1758 of the Export Control Reform Act, codified at 50 U.S.C. §4817. Per CSIS, the authority had been used before to add "emerging and foundational technologies" to the Commerce Control List, but not as the basis for an "is informed" license requirement of this reach, for which no implementing regulatory framework exists; the order also invoked 15 C.F.R. §744.22 (which reaches only a short list of adversary countries) and §734.13 (which the Department's own prior advisory opinions had read to place remote-access transactions outside the regulations). ↩
Sources
- Kim Cameron, "The Laws of Identity" (Microsoft, 2005).
- Anthropic, "Statement on the US government directive" (12 June 2026) and "Redeploying Fable 5" (30 June 2026).
- Center for Strategic and International Studies, "The Department of Commerce Restricted Access to Anthropic's Latest Models. What Comes Next?" (16 June 2026).
- Alan Z. Rozenshtein, "A Kill Switch for Frontier AI," Lawfare (June 2026); Harvard Law Review Blog, "Is Access to Fable an Export?" (June 2026).
- Remote Access Security Act, H.R. 2683, passed the House 12 January 2026 (369–22); Senate companion S. 3519, in committee.
- Kevin Werbach, The Blockchain and the New Architecture of Trust (MIT Press, 2018); Primavera De Filippi & Aaron Wright, Blockchain and the Law: The Rule of Code (Harvard University Press, 2018).