EU Blockchain Observatory – Blockchain decentralized identity report
What is wrong with digital identity today?
There are few things more central to a functioning society and economy than identity. Without a way to identify each other and our possessions we would hardly be able to build large nations or create global markets. Yet the larger and more complex a society or market is, the more difficult identity becomes. In the physical world, we have developed various ways to deal with this, usually involving some kind of “proof” of identity claims, from wax seals and letters of introduction in pre-industrial times to the passports, driving licences and diplomas we are familiar with today.
To create a digital economy, we need to have similar kinds of proofs, or “credentials”, in the digital world. These too have been developed over the years, starting with simple digital representations of our physical, paper-based documents and moving on to more sophisticated means of digital identification like digital certificates, e-signatures, private/public key cryptography and hashing – methods that can help uniquely identify a piece of digital data (for example a digital document) and “prove” ownership of it.
Despite these useful building blocks, there are persistent – and increasingly serious – problems with the way digital identity works today. Most of these problems are not related to technology, but to processes. One problem is that the current digital identity landscape is extremely fragmented. Surfing the web requires users to juggle all the different identities associated with their usernames or other aliases, most of which are not strongly related to their real identities. This experience is not fluid nor, unless there is a partnership between them, is there any standard way to use the data generated by one platform on another. In an ideal world, users could directly add the latest music videos viewed on YouTube to their Spotify playlists without using an outside service, by connecting only once, all the while maintaining control of their data. We are far from such an ideal.
Another serious problem is that identity-related data is not secure. We have become accustomed to the almost daily notices of data breaches revealing sensitive user data en masse to hackers and criminals, to the ease with which scammers can create fraudulent identities and use them to commit theft, including stealing identities from others, and to the complete lack of control we have over our personal data – data that we, knowingly or unknowingly, create when we are online, and which can be and is used to profile us, earn money on us, and potentially influence our opinions. Nor is it only individuals who struggle with the shortcomings of the current digital identity regime. Businesses are faced with massive cost and complexity, not to mention regulatory and other risks, in both trying to secure and protect user data and in verifying the identities of the counterparties they deal with online, whether they be customers, suppliers, partners or competitors. Governments too have reason to wish for improvements in the way digital identity is handled. Whether to correctly identify citizens in order to provide them with government-issued/recognised credentials (who is a citizen, who not), to correctly disburse benefits, to make possible electronic voting, or to combat crimes like terrorist financing or money laundering, governments rely heavily on digital identities. They will want these to be reliable. As custodians of the well-being of their citizens, businesses, markets and economies, they also have an interest in ensuring society has access to a viable, easy-to-use digital identity framework.
A third problem is that under the current identity regime there is often a weak link between digital and “offline” identities. That makes it relatively easy to create false identities. For businesses, this weak link creates fertile ground for the phenomena of false views, false “likes”, and false comments, which can help in the perpetration of fraud and lead to lost revenue. For society, this weak link facilitates the creation and dissemination of evils like “fake news”, and so poses a potential threat to the smooth running of democracy.
What is decentralized identity?
There are many reasons for this current state of affairs. Some of these are technical, having to do for instance with the anonymous nature of digital communications or the ease with which digital data can be duplicated or falsified. Most of these technical problems can and are being solved, however. For many observers, the main problem with digital identity today is that it is to a great extent “centralised”. This does not mean that there is one, central source for digital identities, but rather that digital identities are almost always provided by some third-party authority (often a private company) for a specific purpose of its own. This may be because providing identity is its business, as is the case for example with certification authorities, or because it is necessary in order to provide an online service, as is the case with a bank or a social media company. Whatever the specific situation, in the current paradigm user identity information is “centralised” on the servers of the issuing entity.
Thanks to a combination of advances in hardware, including the increasing sophistication of smartphones, as well as advances in cryptography and the advent of the blockchain, it is now possible to build new identity frameworks based on the concept of decentralised identities – potentially including an interesting subset of decentralised identity known as self-sovereign identity (SSI). In a nutshell, decentralised identities are digital identities that are created by an individual and remain under his or her control. By attaching trusted information (credentials) from authoritative sources to these identities, the individual can create trust in the claims he or she makes about his or her identity, while still maintaining that control. To read the entire report please visit Report https://www.eublockchainforum.eu/reports