Kenessary Koishibay: "Decentralized biometrics is not a tribute to fashion, but the only architectural approach that returns control to the user."

In 2025, biometric data breaches have become commonplace. According to Interface.media, over the past three years, hundreds of millions of fingerprints, facial scans, and voice samples have been compromised. Regulators are tightening control over Big Tech, and users are increasingly asking: Who can be trusted with their digital identity?

30-year-old Kazakhstani engineer Kenessary Koishibay—chief machine learning engineer of the DigitalID biometric system for all government procedures in Kazakhstan, founder of the decentralized DefaceID platform, former Amazon Business Prime Rewards developer for corporate clients like Apple and Tesla, and winner of the National Business Award in Technology—proposes a radical solution: a completely decentralized biometric identification architecture.

Centralized storage of millions of biometric templates creates a single point of failure—hacking one database compromises users forever. "There are engineers who see the solution not in tightening control, but in changing the very architecture of trust," says Koishibay. His startup DefaceID is developing a system where biometric data is never stored in full anywhere, and the user remains the sole owner of their digital identity.

From Academic Research to Global Projects

The story began at Nazarbayev University, Kazakhstan's flagship research institution established in partnership with leading global universities, where, from 2014 to 2020, Kenessary conducted research in sign language recognition. "When you work on continuous sign language recognition, you can't just 'throw a neural network at it and see what happens'—you need to think through the architecture, prepare the dataset, and justify every step," he recalls. Academic experience taught him experimental discipline and a systematic approach to ML tasks.

The transition from Computer Vision to commercial projects added new dimensions. The first serious challenges came with work in Kazakhstani security systems—TargetAI and Sergek. The first specializes in video analytics systems for retail—customer face recognition, behavior analysis, and theft prevention. The second is a large-scale "Safe City" video surveillance system for Almaty—Kazakhstan's former capital and largest city with over 2 million inhabitants, which analyzes streams from thousands of cameras in real-time, identifying suspicious activity and wanted individuals.

"Unlike Western corporations with ready-made datasets, we often started from scratch—no data, it's dirty, or legally inaccessible," explains Kenessary. Security systems require 99.9% accuracy, achieved through a multi-stage approach: careful data selection, custom architectures, and manual labeling of complex cases. They had to optimize algorithms for edge devices with limited resources and adapt models to local lighting conditions and video stream quality.

Architectural Revolution in Biometrics

The next stage was moving to Amazon Business Prime Rewards, which dramatically expanded horizons. Kenessary worked with corporate data from Apple and Tesla, responsible for data engineering—building pipelines for calculating client expenses with millions of dollars in turnover. "At Amazon, you work within a huge ecosystem where every model is part of critical infrastructure. The approach to AI there is not as research, but as a product—everything must be reliable, predictable, and meet the strictest standards," the engineer explains the difference.

"Amazon gave me a powerful experience, but I wanted not just to be part of a huge machine, but to apply knowledge where it would have maximum effect," explains Kenessary's decision to return. In Kazakhstan, a window of opportunity opened—the state is actively investing in digital solutions, but there's an acute shortage of deep expertise in machine learning and system architecture.

The DefaceID idea was born from understanding the fundamental problem of modern biometrics. "Decentralized biometrics is not a tribute to fashion, but the only architectural approach that returns control to the user," Koishibay's philosophy. In traditional systems, hacking one database compromises millions of biometric templates forever. DefaceID builds a fundamentally different type of system—even if individual components are compromised, an attacker won't gain access to biometric data because it's never stored in full anywhere.

"Blockchain here isn't about speculative tokens, but about transparent verification logic without intermediaries," explains Kenessary. Blockchain is used for managing identifiers and confirming user consent, but the biometric templates themselves remain off-chain, encrypted, and processed in secure enclaves—protected hardware modules.

The operating principle is fundamentally different from Apple FaceID or Google biometrics approaches, where all data flows to one operator. The user proves their identity through cryptographically protected confirmations without transmitting biometric data directly. The system generates mathematical proof that the biometrics correspond to the claimed identity, but the biometrics themselves remain only with the user.

The practical advantages are obvious: with decentralized architecture, mass biometric data breaches are technically impossible since centralized storage simply doesn't exist. However, Koishibay honestly acknowledges existing barriers. "The approach has limitations: UX complexity—not everyone is ready to deal with keys and verifiable credentials, infrastructure limitations—not all services accept decentralized identifiers," he lists the challenges. "But W3C, Microsoft, Mastercard, and European government structures are already moving toward self-sovereign identity. Those who start building solutions now will shape the future of digital citizenship."

Government System as Counterpoint

Parallel to DefaceID, Kenessary works on DigitalID—a centralized digital identification system for all of Kazakhstan. At first glance, it seems contradictory to work simultaneously on decentralized and centralized systems, but in practice, this is a complementary experience. "Security and UX cannot be separated. We embedded liveness detection and anti-spoofing but made the process understandable and fast even on weak devices," Koishibay says about technical solutions.

A special task was localizing algorithms for Kazakhstani specifics—from video stream quality in remote regions to appearance features of various ethnic groups. Experience working with the government system gave a deep understanding of centralized approach limitations and strengthened conviction in the need for decentralized solutions.

Global Trends and Local Innovations

DefaceID appeared at the right time and place. The global movement toward self-sovereign identity is gaining momentum—the W3C consortium is developing standards, Microsoft is investing in decentralized identifiers, and Mastercard is experimenting with blockchain passports. European states are actively moving toward digital sovereignty, implementing data localization requirements, developing indigenous cloud infrastructure, and reducing dependency on US tech giants through initiatives like the European Digital Identity framework and Gaia-X cloud federation.

Central Asia has unique advantages in this context. "The West should look at Central Asia not as a beneficiary of technological aid, but as a partner in innovation," the engineer is convinced. Working under resource constraints forms a special "engineering ingenuity"—the ability to find elegant solutions to complex problems without relying on unlimited budgets.

"Reverse talent migration"—the return of specialists from global corporations to work on local projects—strengthens the region's innovation potential. Local teams are no longer just integrators of Western solutions but are creating competitive technologies.

Technological Horizons and Personal Philosophy

The next technological challenges lie in multimodal AI systems capable of linking image, text, and speech. Edge AI with local adaptation will allow models to work privately on user devices. Privacy-preserving AI through federated learning and zero-knowledge proofs becomes necessary in an era of enhanced regulation.

"BTS Digital is moving toward an intelligent platform for configuring biometric scenarios. AI should not be a module, but an adaptive participant in dialogue with the user," predicts Koishibay.

Regulatory issues require a delicate balance. "We need to regulate not 'AI in general,' but specific use cases. For decentralized systems, regulation should account for the absence of a single operator," the engineer believes. Key principles of future regulation: voluntary participation and explicit user consent, right to deletion and full data control, prohibition of unauthorized biometric collection, and mandatory audit of models and infrastructure.

The decision to leave a promising career at Amazon and return to Kazakhstan was difficult but conscious. Family values, desire to influence home country development, and opportunity to shape an entire industry's direction outweighed the material advantages of working at a global corporation. "I wanted to apply knowledge where it would have maximum effect, not just be part of a huge machine," explains Kenessary's motivation.

Today, he works on systems that could change the very concept of digital trust. His approach to biometric identification offers an alternative to Big Tech's monopoly on users' data. The question is not whether decentralized biometrics will replace existing solutions from corporate giants, but how quickly users will understand that control over their most intimate data can and should remain with them. In a world where biometric data cannot be changed like a password after compromise, system architecture becomes a question of fundamental digital security for every person.