De-centralised Identity: The Blockchain Breakthrough?
The countries that have made the greatest strides in moving towards government service underpinned by Blockchain are Command Nations…
The countries that have made the greatest strides in moving towards government service provision underpinned by Blockchain are those that have cracked the identity nut. Unfortunately, they’ve done it with a sledgehammer. Citizen identity cards are typically the entry-point into government services delivered digitally. Western democracies have had notorious problems introducing them. There has been hostile reaction to them in the same way that many people take a sniffy view of Covid track and trace apps. For many, government identity schemes are an excuse for citizen monitoring. It does not exactly help that the trailblazers for blockchain based services are nations like the UAE and Estonia — that are culturally much more collectivist than the United Kingdom or the United States.
However, the advantages of having a common entry point into government services are obvious. A common digital identity allows a consistent experience, and a unique identifier to unify multiple interactions across touchpoints. In effect identity can be a backbone upon which services, and access to services, can be built.
However, attempts to circumvent the identity card approach has been fraught with difficulty. In the UK, local government and central government have adopted a myriad of different approaches. The UK’s central government scheme (gov.verify) was built around a variety of private sector service providers offering different identity management services — making the choice difficult for citizens (and confusing). Therefore, take-up was poor.
In addition, centralised identity is a bit of a misnomer. Just think of the commercial sector. To access every service requires a username and password. Over time our interaction history, payment details and other personal information become associated with that identity — and there have been numerous data breaches of centralised identity databases. And government too has been involved in many well publicised data breaches — with SD cards being left on trains, or NHS data being hacked because of poor security patching.
In fact personal data management is the Achilles heel of information technology. Because, fundamentally, holistic security just doesn’t work when citizens are required to divulge lots of personal information about themselves and organisations that manage that data don’t appreciate the duty of care that attaches to that.
George Gilder, in his tour de force tome about blockchain, Life after Google, puts it like this…
Security is not a benefit or upgrade that can be supplied by adding new layers of passwords, pony-tailed “swat teams”, intrusion detection schemes, anti-virus patches, malware prophylactics, and software retro-fixes. Security is the foundation of all other services and crucial to all financial transactions. It is the most basic and indispensable component of any information technology.
And something tells me that Gilder is right. The current business model of the internet is still dominated by centralised data and centralised identity. The duty of care still sits squarely on people who routinely give away personal information in return for advertising funded services or rapid goods delivery. Perhaps it’s time to realign and give citizens their identity back.
The means of achieving that, from a blockchain point of view, is decentralised identity (or DID).
What is it? At its core is the concept of moving the power back to the individual. The current digital paradigm hasn’t really changed much since the creation of the earliest databases. In the early days of digital technology databases resided on local data storage devices in the bank or retailer. This information may have been aggregated in a data centre through batch processing. From a security point of view this was good. Each organisation’s data resources were difficult to penetrate by outsiders.
With the Internet all that changed. These days we interact daily with service providers via our browsers and information about us is held in the cloud. Hence the data breach society in which we now live — necessitating data privacy laws like GDPR. But despite the legal changes the problem continues.
Blockchain, in effect, creates a new type of identity where no one party ‘owns’ the data. Rather it’s a peer to peer chain of transactions. The network itself becomes the computing architecture with each block in the chain being immutable or unchangeable.
In an identity context blockchain allows individuals to own their identity again:
Using blockchain technology to decentralize identity is about digital validation and keys. For example, a digital wallet with cryptographic keys that cannot be recreated. You must have physical access to a device to validate identity. With a decentralized identity system, a remote hacker might have access to pieces of personal information but being able to prove an actual identity would require physical possession of that person’s device. Decentralized identity is literally putting the power back in the hands of the people. (kuppingercole)
It’s encouraging that the blockchain community is coming together to create common standards for identity. The Decentralised Identity Foundation draws together big tech as well as blockchain startups that are trying to change the nature of identity and return personal information back to the people who should own it. The DIF’s ‘charter’ includes the following:
The foundation will cultivate ideas & emerging specifications by enabling industry-wide discussions, experimentation (testing of hypothesis) and demonstration of interoperability. It will encourage an implementation led approach based on open source code contributions to developing an interoperable identity stack which can be used and adopted without restrictions.
Also, it will collaborate closely with standardization bodies to ensure more matured concepts or specifications can be formalized standards in the most suitable organizations.
It’s early days but it’s encouraging that the industry — or at least a subset of it — sees that restoring trust in the internet is about using the distributed nature of it. We all have become too used to giving away what we should be cherishing i.e. who we are. The decentralised identity ‘movement’ is one to be supported.