Proving your identity and stopping others from impersonating you has always been a difficult problem to solve, both online and off. Have you ever been the victim of identity theft?
As per the data compiled and fact-checked from Forbes, BBC, Mashable, CNBC and the Telegraph, the world is losing up to $200 billion in identity fraud every year, and more than 4 billion data records were stolen globally in 2016 alone.
We increasingly rely on the internet for communicating with friends or family, staying in contact with professional associates, banking, and even confirming credit card purchases. Our user names, passwords, and personal information are being stored on centralized corporate servers, many of which remain under risk of being stolen by hackers, who are always there, waiting for a chance to access your personal information and money.
Then lets look at the third world, with 2.4 billion poor people worldwide, about 1.5 billion of whom are over the age of 14, who can’t provide an identity to the satisfaction of authorities. While they certainly know who they are, they are often excluded from property ownership, free movement, and social protection simply because they can’t prove their identity. They are more exposed to corruption and crime, including people trafficking and slavery. (Insightfully, the United Nations is aiming to change this, with UN Sustainable Development Goal #16, Peace, Justice, and Strong Institutions, aiming to “provide legal identity to all, including birth registration, by 2030.”)
Globalization and population growth increase the pressure to find cost-effective solutions to prove identity. Recent advances in biometrics, from iris scanning to DNA analysis and voice pattern recognition, are likely to play an important technical role in “fixing” this, yet identity is not necessarily something that is fixed.
Today, the ID crisis, both in the third world and firsts, have already reached an unprecedented level, which has never been witnessed before. The reason for that primarily lays in massive population increase and high level of global digitization, and when the data is stored in central databases with authorities or businesses, it is susceptible to mass data breaches. It is not just random websites on the internet that are compromising people's data, even some of the world's major brands have suffered mass data breaches. The list includes popular brand names; the government databases are no exceptions either. The list of companies, which have already been faced with cyber attacks and data leakage, include Equifax, Uber, Yahoo, Adobe, Sony, JP Morgan, eBay, Zomato.
The fact is that whenever we have to identify ourselves, we are forced to present a variety of information to prove we are who we say we are, whether that’s to register for an online service, to cross a border or even prove you are old enough to drink at a bar.
Proof of identity can be a problem for rich and poor alike. For the rich, regulations around anti-money laundering, know-your-customer, and ultimate beneficial ownership increase legal and regulatory costs and hassles. Ninety percent of businesses responding to the International Chamber of Commerce’s 2016 Global Survey on Trade Finance pointed to anti-money laundering as the most significant impediment to trade.
For the poor, Hernando de Soto, the Peruvian economist famous for his work on the informal economy, observes: “Without an integrated formal property system, a modern market economy is inconceivable.” Thus a modern market economy is inconceivable without proper identification, because there are no proven holders of property rights.
Government needs to find new ways to solve these issues and blockchain technology is an avenue to explore.
Blockchain, first developed as a public ledger of all transactions in the digital currency bitcoin, is increasingly being used to securely track data in other fields.
But What is Blockchain?
The definition of the term blockchain is far from clear. The word blockchain itself most likely traces back to Satoshi Nakamoto’s original Bitcoin white paper from 2008. While there is no specific mention of the word blockchain in the paper, it describes a technology component underlying the cryptocurrency as a series of data blocks that are cryptographically chained together. In a nutshell, blockchain is nothing more than a mere distributed database that provides an unalterable public record of digital transactions. It can be viewed as a distributed digital ledger containing a chain of blocks information, where each block is identified by a cryptographic signature. These blocks are all back-linked; that is, they refer to the signature of the previous block in the chain, and that chain can be traced all the way back to the very first block created. As such, the Blockchain contains an un-editable record of all the transactions made. The transparent and decentralized nature of the Blockchain network enables the development of a non-refutable, and unbreakable record of data, which is the fundamental feature to many applications, such as identity management.
A lot of hype exists about the possibilities using blockchain technology. The need for blockchain-based identity management is particularly noticeable in the internet age. We have faced identity management challenges since the dawn of the Internet. Prime among them: security, privacy, and usability.
While there exist somewhat imperfect systems for establishing personal identity in the real world, in the form of identity document, driver’s licenses and even passports, there is no equivalent system for securing either online authentication of our personal identities or the identity of digital entities. So while governments can issue forms of physical identification, online identities and digital entities do not recognize national boundaries and digital identity authentication appears at first look to be an intractable problem without an overseeing global entity.
Blockchain technology can be applied to identity applications in areas such as digital identities, passports, e-residency, birth certificates, wedding certificates, IDs, online account logins, etc. Creating an identity on blockchain can give individuals greater control over who has their personal information and how they access it.
You can argue that when relational databases first appeared the argument that other technologies existed could have been levelled, but in the case of blockchain the hype has been significantly higher. This is bad not only from an architectural point of view but potentially for blockchain technology itself as expectations are high with little evidence to suggest success to date. Given the hype, if blockchain fails to deliver production systems with clear advantage over current architectural approaches, trust in these technologies could be damaged for some time.
Regardless of the properties blockchain technologies may offer (largely based on decentralisation, public views of the data, and immutability), there are some red flags for architects and service designers:
- The technology is immature
- There are security issues (for example, lack of Key Management)
- Blockchain has shown poor performance at scale
- There’s a lack of established standards
Governments aren't typically recognized as first movers, but some are proving responsive to a solution that might allow them to offload some of the risk of storing large silos of citizens' data.
For instance, the state of Illinois, through the Illinois Blockchain Initiative (IBI), is exploring how it can implement blockchain technology in areas like land titles and birth certificates.
According to Jennifer O’Rourke, Illinois' blockchain business liaison, "Moving to a model where you as an individual are responsible for your information as opposed to institutions carrying that responsibility was very interesting for us."
Since 2007 Estonia has been operating a universal national digital identity scheme using blockchain. All government data about individuals is stored on a distributed ledger that individuals control and can pass to others. This digital identity system powers a low-paperwork society using digital signatures. The scheme is so useful that nonnationals use it for their personal digital signatures elsewhere in Europe.
The eID project leverages the Estonian e-Residency — a Public Key Infrastructure (PKI) program started by the Estonian Government that enables anyone, regardless of one’s nationality or residence, to get a smart card, called Digi-ID, containing digital certificates attesting the cardholder’s personal information. The approach followed by the eID project is compatible with the abovementioned recent developments in self-sovereign identity research. It is in fact a claim, made by a national government, that the asymmetric, cryptographic key pair residing on the smart card is controlled by the person matching the card’s associated information.
The Brazilian government's Ministry of Planning is also exploring a number of identity management use cases, recently piloting a program with ConsenSys' uPort using the ethereum blockchain. And IBM – in the midst of an identity pilot with SecureKey and a number of Canadian banks – is seeing interest from government agencies as well.
"We've gotten interest from the U.S. and other countries that want to do something similar so we're in discussions now with interested parties in those regions on how can expand what we're doing," Adam Gunther, director of blockchain identity offerings at IBM, said.
While new technologies, such as biometrics, are making digital authentication possible, the regulatory environments in many countries have not yet caught up.
For all intents and purposes, the digital validation process is broken. Without fully digital identities, it is not possible to take advantage of everything a digital economy can offer, including greater privacy. Yet developments such as the Internet of Things, artificial intelligence and smart contracts are pushing the world towards greater straight-through processing, where no human intervention, username or password is required.
Banks have a unique role in acting as a trust anchor for digital identity solutions, due to know your customer processes and regulatory standards.
Today, many initiatives are taking a consortium approach, building an ecosystem of important identity providers, including banks, telcos, utilities and government.
This is where blockchain, or distributed ledger technology (DLT), is making a big impact. Many consortia are building platforms based on DLT because it is decentralised and, therefore, more secure, as there is not a single point of attack as there is with central repositories. DLT also provides greater levels of privacy and control for the individual. With the advent of blockchain, a truly independent, self-sovereign digital identity system becomes possible.
The future of public services: digital borders (pdf) AccentureConsulting
A Blueprint for Digital Identity (pdf) World Economic Forum
Stay Tuned for Part II, which will be published next month