Can blockchain enhance digital privacy and data control?

Identity is a murky – and complex – topic. By René Seifert, co-founder of TrueProfile.io.

  • Sunday, 31st May 2020 Posted 4 years ago in by Phil Alsop

When you think of what makes up who you are, or your identity, it is the things like your passport or birth certificate that first spring to mind. Notably, what these both have in common is that a central authority, such as the government, issued and has control over these pieces of identifying information. 

 

However, the topic of identity has been made far more complicated when characteristics of today’s digital world, such as social media and third-party cookies, are brought into the mix. Whether it is providing your date of birth for that newsletter you are registering to or giving your address away to sign up to a new social media platform, your identifying information is widely dispersed across the web. In fact, the reality is that we all now have hundreds of different identities online, with most of this data owned and managed by third-party companies.

 

Fortunately, a greater awareness and public understanding of how identifying information is being collected and used, particularly following Cambridge Analytica, has been growing over the last couple of years. In turn, this has brought much-needed attention to the issue of data control and resulted in a push to see the formation of digital identities controlled only by those whose information they contain.

 

This is also known as the theory of “self-sovereign identity” (SSI) – or the idea that both people and businesses should have the ability to take ownership of and control their identifying information digitally. 

 

Defining self-sovereign identity is harder than it seems

There is no current consensus on an exact definition of self-sovereign identity. However, SSI is most widely understood as the (somewhat utopian) concept of individuals and organisations having sole ownership of, and a greater level of control over, both their analogue and digital identities. 

 

Whether your identification is a business license or university degree, everyone, including organisations, has unique sets of identifying information. These need to be presented when a person or organisation needs to prove their identity. SSI is the idea that an individual or organisation can manage and control access to those credentials digitally.  

 

Crucially, under this model, individuals and organisations, also known as the ‘holders’ who have one or more ‘identifiers’ (something that enables an individual or organisation to be identified), can then provide validation of those credentials without relying on a central authority. 

 

The effects of SSI could be quite profound

From a security perspective, this concept seems to solve the issue of data control and digital privacy. In other words, the risk of a person’s or organisation’s identity and identifying information being stolen by criminals is significantly reduced, as they no longer have to surrender their identifying information to thousands of databases each time they want to, for example, purchase something online.  

 

However, the effects of SSI could be quite profound and go much further than this.

 

For example, if you lost your passport, you would not need to contact a third party to verify or access it. It will also help to remedy the parts of the world where people have no identity, particularly in areas where birth certificates aren't common practice or their birth was never registered, which means that they don't have a passport and cannot ever get one.

 

What steps would we need to take? 

In theory, the first move would be to transform all analogue documents, such as birth certificates, businesses licenses and university diplomas, into a single, digital document stored by the individual or organisation themselves. Practically, all identifying information could be held in a single, secure ‘digital wallet’.

 

For example, after getting a degree or diploma, instead of receiving paper certificates, students would get credentials sent directly to their digital wallet, which would be digitally signed by the university to prove they are official and have not been tampered with. This means that they will not have to worry about searching for a paper copy to validate their educational background.

 

Hold up: can SSI actually be made practical?   

The criticism often levelled at the concept of SSI is that it is ‘too utopian’ and some way off from being made into a practical reality. However, there is potential in new decentralised technologies — most notably blockchains — to build data privacy and control into the centre of digital systems and help make SSI a reality. 

 

In simple terms, a blockchain is a shared file which records transactions. Each of the transactions, such as a piece of identifying information, is added in as a ‘block’ and is stored decentralised in the chain which means that once added in, no one can interfere with or control its content. This means that blockchain removes the need to have a central authority responsible for securing personal details, allowing people to secure their own details with high levels of security. 

 

Through blockchain, highly sensitive documents – such as a university certificate – can be stored digitally as “fingerprints” instead. Each fingerprint is individual and does not reveal any information about the document it belongs to, which of course safeguards the information it contains and enables the owner of the document to choose exactly who can access their verified personal information. 

 

In practice, this means if someone secures a university diploma, they can add the “fingerprint” of that verified diploma to their self-sovereign identity from one of the leading providers, such as uPort, and the individual handles the control of their identity and how it is used entirely at their discretion. Then, when an individual has to present some form of identifying information, their identity can be validated by just accepting a “verifiable credential” issued to the user by competent and trusted identity authorities. 

 

We’re still some way off…

There are a host of issues that arise from the role that blockchain can play in helping make SSI a reality. Firstly, if an individual’s data is all in one place, will personal identifying data become more private under SSI or more visible? Secondly, if a country doesn’t have control over citizenship, who does?

 

These issues will become clearer and debated more closely once the SSI model becomes more practical. After all, we are still a long way of making SSI a reality, with very little use cases in operation. 

 

However, once the gears do get into motion, we at TrueProfile.io believe it could be a game changer for data control and data privacy, as decentralised technologies like blockchain can clearly provide individuals and organisations with the tools they need to have greater control over how and when their identifying data is being used.