You buy a bottle of wine at the grocery store and the cashier asks to see your ID. Your ID has your birth date, which lets the cashier confirm that you’re over 21. But they also see your driver’s license number, address, and whatever other personal details that document contains.
Many of us don’t want to give these personal details to strangers, even strangers working in their official capacity. We don’t know if these people are trustworthy or if they might decide to harm us in some way.
How would you feel if that cashier later showed up on your home doorstep? You’d probably regret buying that wine. The same thing can happen with anyone else who might request your ID. That list includes everyone from the front desk staff at your doctor’s office to the TSA officials at airport security
Consider another scenario. A natural disaster forces you to evacuate your home on short notice. When you return, you encounter a total loss—no more birth certificate, Social Security card, or passport. How do you prove who you are to people who don’t already know you? Without your ID, you might not be able to clear airport security. You could be denied access your safe deposit box at the bank. You may even have trouble obtaining health care.
In the United States, there are procedures in place to replace your identification within a few weeks or months, even when you’ve lost everything. For the most part, it’s a short-term inconvenience.
But in some countries, particularly developing ones, this task can be impossible. It becomes especially difficult for refugees who have fled their homes and crossed national borders. Many governments don’t even issue identification to all their citizens: it’s as if those citizens don’t exist. Those individuals can’t open bank accounts, borrow money, or travel freely.
How do you build wealth when there’s no safe option for storing your money? Can you buy property or start a business when you lack access to capital? How do you get to safety when you can’t travel?
Worse yet, when someone lacks an official record of their existence, they are more vulnerable to human trafficking and slavery. More than 1 billion people worldwide have no official identity, according to ID2020, which is working to solve identity challenges through technology.
Today, our lives become enmeshed with the internet as our identities move from analog to digital formats. We prove our virtual identities with real identity documents. These and other identifying data are often stored in giant centralized databases. Those databases, in turn, are both appealing to and vulnerable against hackers.
Our online identities are often managed by the likes of Facebook and Google. These large, centralized organizations who control a treasure trove of our personal information.
Is there, in fact, a solution to all these problems?
There is, and it’s called self-sovereign identity.
How Self-Sovereign Identity Works
Imagine if you – not a government or a large company – controlled your own personally identifying information. You could decide exactly what information to share, when, and with whom. You could prove that you were a licensed driver, over 21, or a US citizen, without revealing other sensitive data, like your birth date or home address. Imagine if protecting paper documents against loss, damage, or theft was no longer an issue. You could store your data electronically, in a way that couldn’t be hacked and that others would accept as valid.
A digital signature system consisting of both a private key and a public key can make self-sovereign identity a reality. This method, called public key cryptography, allows institutions to certify various aspects of an individual’s identity, such as whether they are allowed to drive and where they earned a degree. By committing these transactions to a blockchain, they become an immutable record you control. And you could prove whatever aspect of your identity you needed to using a secure app on your phone.
The immutable nature of past blockchain records doesn’t mean that your driver’s license would never expire, or that you couldn’t lose it for driving under the influence. But it also means that if someone trying to falsify a driver’s license, for example, would face greater difficulty in adding transactions to the blockchain without consensus. This mechanism makes it possible for the entity that needs to verify your ID to trust you.
Storing Your Identity with Blockchain
Your personal information would not be stored directly on a blockchain. For one, on a public blockchain, anyone can view the transactions. You don’t want a block that says, John Doe, 123 Aurora Ave., born 9/30/1973. Plus, the existing, well-known public blockchains that have proven themselves to be secure and reliable, such as the bitcoin and ethereum blockchains, don’t have the capacity to store as much data as we would need to store.
One solution is to use a decentralized, off-chain storage solution such as Maidsafe, Storj, the Interplanetary File System, or Sia. But doesn’t that mean trusting a company? Sort of, but not in the way we’re used to. Maidsafe is open-source. So are Storj, Sia, and IPFS. That means anyone can inspect the code these platforms use. Facebook’s code, by contrast, is proprietary, not open source. But the fact that the code is open source doesn’t mean your data isn’t secure. Mozilla’s Firefox browser is open source, but no one can see your browsing history or your usernames and passwords by examining Mozilla’s code.
So what information would be stored directly on a blockchain? Only key-pairing information.
An individual could would use their private key (the password that secures their personal data) to sign both their public blockchain address and the off-chain digital record of some piece of identifying information to prove that it belongs to them. Because of the way blockchain algorithms work, the private key never gets exposed to anyone else. In fact, individuals should guard their private keys even more than they do Social Security numbers today.
Here’s another important part of the self-sovereign ID discussion. Some say a permissionless blockchain is the only way to prevent a central authority from manipulating an individual’s attributes (degree information, driver’s license, etc.). A permissionless blockchain is one that anyone can validate, like the Bitcoin or Ethereum blockchains. Others prefer permissioned blockchain for ID storage, as long as platform governance is decentralized. A permissioned blockchain is one that only approved actors can access. The ID platform Sovrin, for example, uses a permissioned blockchain model in which stewards are the approved actors.
Digital ID Challenges
The convenience that any form of digital ID would offer has great appeal. But centralization creates risk of hacking, when privacy is one of the problems self-sovereign ID hopes to solve. And centralizing digital IDs under government control adds the threat of government abuse. If a certain group becomes disfavored, it’s all too easy for the government, a single government official, or a hacker to track down and target that group. India’s centralized ID system, called Aadhaar, has been the subject of extensive controversy. Legal challenges to aspects of Aadhaar have gone to the Indian supreme court. The same could happen with a centralized system controlled by a company. Hence the appeal of a decentralized, blockchain-based solution.
Another challenge lies in teaching individuals how this system works, and the severe consequences of the loss or theft of a private key. Unlike your email password, there’s no way to change a stolen private key or recover a lost one.
A system like Coinbase might emerge to solve this problem. Coinbase acts as a custodian for customers’ digital assets, such as bitcoin. Customers don’t have to worry about their private keys because Coinbase protects them.
Blockchain technology promises a secure digital solution to the challenges of ID in the digital age. It could provide the privacy, control, and security our ID systems currently lack. Emerging platforms could give everyone worldwide the opportunity to have a secure, provable identity and give us all greater control over our lives.
The information in this article is for informational and educational purposes only. Investing in ICOs, cryptocurrencies or tokens is highly speculative, and the market is largely unregulated. Anyone considering it should be prepared to lose their entire investment.