Awareness of the serious drawbacks of centralized identity services is growing.
Spurred by the Equifax breach earlier this year, the problem isnât relegated to the U.S. credit scoring company alone. In mid-October, a database leaked the personal information of more than 30 million South Africans (more than half the population). Further, searching âdata breachâ in Google news turns up a significant recent data breaches globally.
Yet, a new breed of entrepreneurs believes that by updating the underlying technology used by such services, consumer data can be better protected.
âThis move to the cloud and greater digitization of government services has led to greater centralization,â said Brian Behlendorf, executive director of Hyperledger.
And if something isnât done to distribute that data, the lead developer of one of the largest blockchain consortiums, one boasting membership from IBM, Baidu, Intel and more, believes breaches will continue.
This is the main reason Behlendorf believes stakeholders are more interested in exploring self-sovereign identity â a means of decentralizing identifying information so that the individual has control over their own data. The concept of a self-sovereign ID has âbeen percolating for awhile,â he said, but it wasnât until the advent of distributed ledger technology that the notion started to feel somewhat attainable.
Behlendorf told CoinDesk:
âYouâre using [distributed ledgers] simply to store addresses, pointers and hashes to data that is stored off-chain elsewhere. Recognition of that basic model is starting to become clear to the different organizations in [the identity] space.â
While itâs still early days, several stakeholders have taken the lead, with governments seeming most interested in utilizing blockchain technology to shape the future of identity management.
And thatâs whatâs perhaps most notable. Governments arenât typically recognized as first movers, but some are proving responsive to a solution that might allow them to offload some of the risk of storing large silos of citizensâ data.
For instance, the state of Illinois, through the Illinois Blockchain Initiative (IBI), is exploring how it can implement blockchain technology in areas like land titles and birth certificates.
According to Jennifer OâRourke, Illinoisâ blockchain business liaison, âMoving to a model where you as an individual are responsible for your information as opposed to institutions carrying that responsibility was very interesting for us.â
In a birth certificates trial, Illinois partnered with blockchain firm Evernym, which uses the non-profit Sovrin Foundationâs blockchain.
âI think weâre starting to see a significant amount of momentum here, where the number of calls that weâre getting from our counterparts at both state and sovereign level to learn from the works that we have done has increased dramatically,â OâRourke told CoinDesk, adding:
âIt is clear that many people are focused on this in the government sector.â
The Brazilian governmentâs Ministry of Planning is also exploring a number of identity management use cases, recently piloting a program with ConsenSysâ uPort using the ethereum blockchain. And IBM â in the midst of an identity pilot with SecureKey and a number of Canadian banks â is seeing interest from government agencies as well.
âWeâve gotten interest from the U.S. and other countries that want to do something similar so weâre in discussions now with interested parties in those regions on how can expand what weâre doing,â Adam Gunther, director of blockchain identity offerings at IBM, said.
But with that interest also comes concern.
Many blockchain-based ID systems rely on decentralized identifiers (DIDs), which hold unique metadata that proves ownership of a particular ID. So, in Illinoisâ birth certificate proof-of-concept, the actual birth certificate does not get stored on the blockchain, and the DIDs are meaningless outside one interaction.
And there arenât yet standards for use case, which makes these kinds of frameworks even more complex to understand and utilize.
IBMâs Gunther believes DIDs need to be standardized in case of loss or theft. The reason? So they work more similarly to the way credit cards do, where consumers are able to call up a company responsible for safeguarding the data to see if it has been stolen.
âThen the damage someone can do with that is much less significant,â he said. âWe need that same type of identity standard.â
Another concern is that, with an ever-increasing number of blockchains, a stakeholder chooses the one that doesnât get the most traction in the end. Here, groups are also working on standards, in an effort to make blockchain ID systems interoperable.
âI donât believe we will have only one blockchain platform used by the government in Brazil,â said Vinicius de Faria Silva, coordinator-general of the division within the countryâs Ministry of Planning responsible for its blockchain work.
He continued, âOf course, there are a lot of questions, a lot of doubts, I donât think [the concerns are] about security, much more about how to use this technology, how to implement the solutions and how this will grow throughout time.â
Yet, some of these questions could be answered by new regulations.
Behlendorf is hoping Europeâs General Data Protection Regulation (GDPR) will be a catalyst for greater adoption of blockchain-based self-sovereign ID systems.
âItâs far easier to meet the GDPR requirements when youâre collecting data from individuals and ⦠minimizing data you store,â he said. âYouâre keeping the consumer informed about that data, giving them a chance to inspect it, correct it, that sort of thing.â
Behlendorf also sees a kind of chicken-and-egg problem in the space. âWho would adopt it with enough distribution for it to be worth people moving to?â he asks.
Regulation, as it has in the past with financial services technology, could spur a resolution. But many, including Evernymâs chief trust officer Drummond Reed, remain optimistic.
Reed told CoinDesk:
âThis is going to be like the adoption of the web. It didnât happen overnight, but itâs going to be inevitable.â
Digital fingerprint image via Shutterstock
