This article explores the main concepts surrounding blockchain identity technologies and how they could potentially improve modern identity challenges.
Identity is a fundamental human right. From the minute we are born, we have our own identity, our own way of officially addressing who we are. There is an array of important pieces to one’s identity and right off the bat, we can name a few. Our first and last name, date of birth, nationality, and oftentimes there is a national identifier such as an SSN. In other words, data points that are kept on record on birth certificates, passports, and IDs that the state issues.
Evidently, there is a notable problem that lies within these types of documents. Above all else, they require the maintenance of physical artifacts. Such a task is difficult to do, especially in a world that is continuously becoming more digital. Not only that, but they rely heavily on the central authorities that are responsible for issuance and validation. According to the UN, the outcome of this is that 1.1 billion people worldwide don’t have a way to claim ownership over their identity.
If someone does not have a valid form of ID, it is impossible for them to engage in a variety of undertakings. They are unable to own property, vote, receive government services, or open a bank account. What’s more, they would not be able to find full-time employment. Probably the most egregious is, without identity control, one runs the risk of becoming invisible. They are nothing more than a spectator, unable to participate in society.
All of this just because they cannot prove that they are who they are claiming they are.
This is where blockchain technology comes in. Over the years, steps have been taken to improve the quality of the identity industry. However, the incorporation of blockchain could aid this improvement greatly.
The main issues
To give credit where credit is due, the industry concerning identification is taking initiative in trying to improve itself. That being said, it is still plagued with issues. The traditional tools of identity verification have endured over the years, but this endurance leads to multiple problems. Ones that develop alongside the identity industry itself.
The storage of conventional data, such as passport numbers and driver’s licenses, is in centralized servers and databases. Almost immediately, it’s easy to see how such a system could backfire. The three major issues that this can cause are the following:
- It is only these centralized entities that can distribute identities.
- These same centralized entities can potentially mishandle your personal data.
- Potential cases of identity theft.
1 – The distribution of identities
The maintenance of traditional centralized identity is done so in centralized servers. Because of this, these entities have the right to issue and verify these identities to anyone they want. Going by the U.N.’s aforementioned findings, over a billion people worldwide don’t have the luxury of claiming ownership of their identity. If you are without a valid identity, then it’s next to impossible for you to even open a bank account. As such, the number of people across the globe that are ‘unbanked’ is continuing to increase.
The number of people that do not have a bank account reaches up to a staggering 2 billion. Within this group, roughly 438 million people are unbanked in Southeast Asia alone. That number equates to 73% of the entire population that resides in the region. A study that was done by McKinsey shows an interesting fact regarding the Association of Southeast Asian Nations. They found that reaching the unbanked population could increase the economic contribution of the region. By 2030, it could go from $17 billion to $52 billion.
2 – These entities could potentially mishandle your personal information
At the risk of stating the obvious, your personal data is crucial to your identity ownership. Should something unfortunate happen to them, the consequences could be dire. We place a lot of trust in those who hold our personal data, believing that they will take care of it. That placement of faith could backfire; still, we have no other choice.
To further emphasize this, take a moment to observe the landscape that we are currently living in. There exists a wide variety of platforms online, with each one of them requiring you to create an identity. Doing so will allow you to access the platform’s services. It’s mandatory for you to create a Facebook profile to use Facebook and create a Twitter account to post a tweet.
This seems fair. If you want to enjoy what these platforms have to offer, it only makes sense that you make an account. So, where’s the issue? Well, all of these platforms are actively creating their own identity silo. In the grand scheme of things, we are essentially renting out our identity to them. What’s more, we do not technically have any ownership over it. This can result in a devastating outcome if what happened to Facebook is anything to go by.
The Facebook fiasco
In 2014, Aleksandr Kogan, a Cambridge University data researcher, developed an app. This app would go by the name of “This Is Your Digital Life” (aka. ‘thisisyourdigitallife’). The app, at its core, was an array of surveys and was seen to have an academic purpose. At the time, there was a push for users to complete it.
Up to 300,000 Facebook users went on to download the app. They did so with the knowledge that it will collect their basic personal information. What they did not know, however, was that the app could also collect other personal information. On top of that, it could collect information from people on their friend list. This was possible due to the fundamental design of Facebook. Only later was it revealed that the app collected information of people in the users’ contact in terms of services.
The initial assumption of the number of people who were victims of the data breach was 50 million. In actuality, the total was around 87 million. Out of that total amount, roughly 70.6 million users are residents of the U.S. Following the report, Facebook found that the data breach includes public profiles, birthdays, current cities, and page likes. Evidently, that was not all. There were some users who gave the app permission to access their timeline, News Feed, and messages.
From here, Facebook and Cambridge Analytica (a British affiliate of U.S. political consulting firm) would make various claims.
Facebook claims that the firm was deceived, as it knew it was all for academic purposes. Moreover, there was a violation of the company policy when Kogan gave the data to Cambridge Analytica. Conversely, Kogan claims that the app’s terms and conditions mention “commercial use.” Facebook states that it was aware of this incident in 2015. Hence, they did demand the removal of all data that went to other parties.
Cambridge Analytica would claim that the data underwent deletion. Moreover, they conducted an internal audit to ensure that no backup exists. However, according to a report by the New York Times, multiple documents and emails suggest otherwise.
As it turns out, this is not Facebook’s first time being part of a whirlwind controversy of this variety. According to an article by End Gadget, Facebook has been something of a bulletin board for identity theft sales. Cybercriminals are “advertising stolen information like addresses, credit card numbers, dates of birth and social security numbers on Facebook.” It’s clear to see that these actions have been rampant on the platform for years. Up until now, they were unchecked.
Overall, the results were catastrophic. Considering stories like these, it becomes abundantly clear that identity silos are pretty out-of-date. With this constantly changing landscape, they are just not good enough anymore. It was obvious that there was a desperate need for a blockchain identity solution.
3 – Hacking and/or stealing identities
When you think about the worst-case scenarios when it comes to identity, identity theft is probably the first to come to mind. This is another recurring issue with the digital identity space and continues to be despite the industry’s progress.
There are various reasons as to why identity theft cases occur. Most of the time, though, it could be something as simple as ‘duping’. To better explain this, let’s look at a case from the late 90s.
One of the most infamous cases of identity theft would happen in San Diego from 1997 to 1999. Bari Nessel was hiring people for a job, and in doing so, she would acquire their personal information. Among the people that she would deceive was Linda Foley. Nessel would go on to accumulate an excessive amount of debt on Foley’s credit card.
This is not the only major case of identity theft. In fact, there is another that had more severe repercussions than the previous case. Equifax, one of the top credit-reporting companies, revealed that they were hacked in 2017. The hackers were successful in stealing the names of customers, their Social Security numbers, their birthdates, and their addresses. The duration of this hack was from mid-May to July and had an effect on half the U.S. population.
What is so frightening about this attack is that you no longer have control over your data. You place trust in a third-party to keep it secure for you. However, because everyone’s data is with this party, it suddenly becomes vulnerable to hacks and attacks. Furthermore, there’s a chance that the company knew about the hack; they just failed to efficiently inform the people. This complete absence of transparency can be a huge problem when you are dealing with these companies.
A possible solution to these issues
According to this article by Rhodri Davies:
“Trustworthy identification has been one of the main challenges facing the internet ever since it was invented because of none of the traditional, offline means of verifying that someone is who they say they are apply.”
For that matter, digital IDs can raise many questions. Predominantly, inquiries regarding central points of failure and surveillance state should a central authority create, store and manage these IDs.
Simply creating a digital identity is not exactly satisfactory. There is the requirement of specific properties in order for a digital identity to fulfill its potential. These properties will also help maximize their social impact. ID2020 has a framework that outlines the properties of a much more responsible digital ID. It is convenient that these criteria map to properties of blockchain technology. Overall, it illustrates just how blockchains can aid in creating a better digital ID.
In the simplest terms, blockchain is essentially a chain consisting of many blocks. The ‘blocks’ are pieces of data and the ‘chain’ is the public ledger they attach to when verified. It is a series of immutable data that a cluster of computers manages. Arguably the most important thing to note is that no single entity owns it.
There are three features of blockchain that make people eager about this technology:
- Decentralization: No centralized entity owns any of the data existing in the blockchain. All nodes that are in the blockchain’s network possess the data.
- Immutability: Upon the entrance of data into the blockchain, it is next to impossible to tamper it. This is possible thanks to cryptographic hash functions.
- Transparency: All of the network nodes are able to see all the data that enters into the blockchain.
What it will solve
Blockchain systems adequately reduce our dependence on third-party intermediaries. In addition, they have the capability of surviving disasters that could obliterate or jeopardize centralized record-keeping systems. These include breaches.
BanQu founder, Ashish Gadnis, makes a statement relating to this:
“Identity on blockchain is old news. The real value of blockchain is its unmatched ability to create and secure an economic identity for the world’s billions living in extreme poverty today…..this is truly a revolutionary opportunity.”
So basically, blockchain technology does not limit itself to only allowing for the creation of a better digital ID. Rather, it effectively presents a fulfilling opportunity to create something of “self-sovereign” identity.
There are three prominent issues plaguing the digital identity space that a blockchain identity protocol could potentially solve:
- Units that are digital should be in no way easy to replicate.
- Files that are digital should be tamper-proof.
- Processes that are digital should be tamper-proof.
1 – Inability to replicate digital units
It is logical to believe that anything that has tremendous value should be difficult to replicate. Likewise, replicating personal digital identity should be an incredibly tricky task. It should not be possible for two people to use the exact same identity details. This is not restricted to just identities; in the world of cryptocurrency, this problem is ‘double spending’.
This is an easy issue to mitigate in fiat scenarios because of two reasons. One is that you are physically transferring cash from one hand to another. The other is that you have a centralized entity, like a bank, supervising all the transactions.
The case is very much different when it comes to digital money. When you are conducting a transaction, all you are basically doing is broadcasting to the network. Specifically, announcing that you want to send a specific amount of money to another person. There is nothing stopping you from making another transaction with the same coins. Especially before the entire network is in agreement to validate your previous transaction. With that in mind, how will the network know which transaction is legitimate and which is a sham?
Bitcoin is able to mitigate this by way of utilizing blockchain technology:
- The users of the blockchain network verify each transaction.
- In exchange for a fee, the miners will validate the transaction.
- If the miners fail to catch a double-spend transaction, then they will consequently lose the fees.
If someone makes an attempt to double-spend using the same bitcoin, then both transactions will experience rejection. It is only when a transaction undergoes verification for a particular bitcoin that its details will go into a block.
2 – Tamper-proof digital files
There was once a time when all the personal record files would be physically stored in registers. Of course, this method would bring a multitude of problems.
- Registers are vulnerable to anyone who wants to steal them.
- It is not that hard to bribe someone into meddling the records.
- Registers run the risk of experiencing wear and tear.
Though the system would go on to be more digital, there were still some problems. The system could be subject to hacking and anyone could bribe an official to tamper with the records. It was imperative that they obtain a system that could store all these files and make them completely immutable. This feature is precisely what blockchain technology could provide for the system.
All of the blocks in a blockchain possess their own distinct digital fingerprint (aka. ‘hash’). As soon as the files go inside a block, it’s impossible to tamper them. The cryptographical hash functions will not allow that to happen. A cryptographic hash function is a specific class of hash functions with numerous properties, making it ideal for cryptography. There are certain properties that a cryptographic hash function requires in order to be secure. One of those properties is the ‘Avalanche Effect’.
So, even if you make a small change in your input, the reflection of the hash’s changes will be huge. Whenever someone tries to alter the blockchain’s data, it will become obvious that there was an attempt at tampering.
Furthermore, there is a link between all of the blocks that is possible by way of hash functions. Each block within the blockchain consists of hash belonging to the previous block. As such, should an instance of tampering occur, then it changes the entire structure of the chain. To reiterate, this is impossible to accomplish.
3 – Tamper-proof digital processes
The third and final problem that the blockchain can solve that we will go over is securing a trustless process. Every official institution has its very own process for each and every activity. However, adhering to them is not as commonplace as one might assume. This is usually because of two reasons:
- It could be out of general human negligence.
- There is malicious intent behind your actions.
Looking at these two reasons, it is clear to see that they center primarily on being human. It is not technical, it is more human nature.
In order to properly secure something with great importance, like personal identities, one needs to follow a set process. For that matter, a process that is difficult to meddle with. It is important for many actors to follow specific steps every single time. By doing so, they will ensure the safety of the process and also eliminate any semblance of corrupt human behavior.
In reality, the blockchain is already successfully tackling this problem. A long time ago, it began doing this by way of a ‘consensus mechanism’. A blockchain, as a whole, is a distributed system consisting of a large number of actors. To officially make any decision, these people have to come to a majority consensus. There are an array of ways that they can go about doing this. Some that aid in accomplishing this include ‘proof-of-work’, ‘proof-of-stake’, etc.
In the end, the main thing to take away from this is that a blockchain promises many things. It can guarantee a smooth and secure data storing process; one that is completely free from human negligence.
As of now, there are many blockchain identity projects out there that are working towards this new paradigm for identification. For the purpose of keeping this concise, we are going to cover the following: Civic, Sovrin, and uPort.
- Civic: Civic is a protocol that focuses on personal identity verification. It leverages distributed ledger technology as a means to handle digital identities in a better fashion. By using this digital identification platform, the user is able to create their own virtual identity. What’s more, they can store it together along with personal information on the device.
- Sovrin: The Sovrin Foundation is a non-profit organization that dedicates their efforts to allowing self-sovereign digital identity. Sovrin provides its users with a sense of trust, personal control, and ease-of-use of analog IDs to the Internet.
- uPort: uPort is a self-sovereign identity system whose development was thanks to ConsenSys. It draws its foundation from Ethereum and contains smart contracts and developer libraries, as well as a mobile app. Users are able to create and store personal information and identity by way of smart contracts. They can do so with the key being in the possession of the mobile app. However, you can recover the identity should the device be lost.
Incorporating blockchain into the identity industry has gone beyond being a concept. With these three projects underway (among several others), it’s clear to see that this integration is making headway.
Managing keys with your blockchain identity
Key management is often seen as a challenge when it comes to digital identity systems leveraging blockchain technology. If someone frequently has difficulty holding on to their ID, then obviously they could have issues holding their private keys. There are a good amount of people who suggest that private keys could reside within a smart chip on a key fob. Alternatively, they could be on something resembling a credit card. Also, it’s possible that they could be in a secure enclave within a person’s phone. This is arguably the most secure option of the bunch.
That being said, if the item storing a private key is lost or something damages it, account access is not possible for the owner. An alternate method would be storing keys with a central authority. However, that ultimately defeats most of the purpose seeing as how decentralization is compromised.
There are a variety of ways to try and maintain balance pertaining to the tradeoffs between security and decentralization. A noteworthy system is MyPass Austin, which allows two additional authentic users to go onto a homeless individual’s account. This is primarily in the event that they wind up losing their private key. Such users include a service worker or an emergency-care provider.
Likewise, uPort was able to successfully create an identity recovery mechanism. One that allows the user to select people from their contact list. Moreover, with a majority of these contacts, they can connect their perpetual ID to a new device. By using uPort, transactions go out from a mobile device (private key storage) through a Controller Contract to a Proxy Contract (linked to a unique identifier).
Control over identity is crucial; that much is obvious. By reclaiming that control of identity, people are also able to reclaim control over their very lives. Blockchain technology is a tool that can help us regain this valuable control. It is the ideal solution, requiring collaboration and participation from an array of organizations, institutions, and nations.
The digital identity space is an environment that is ripe for disruption, which is something that blockchain technology can do. The diverse features that it provides can wholly alter an entire industry that is on the brink of collapse. Already, there are many blockchain identity projects that are focusing on this problem. There is massive potential, though it will not be finalized overnight. Such developments like these take time and with luck, maybe they will reach the mainstream market.