The Impact of Digital Identity

Challenges

However, distinct, one-off pilots will not be enough to create a truly “self-sovereign” digital identity. Coordination between all the organizations running these pilots will be needed. In the end, central authorities, public institutions, and private organizations will have to agree to accept these digital IDs as valid and to work together to create standards for interoperability. Technological solutions and UI/UX must continue to develop as well.

Social Coordination and Integration

Coordination is needed not just between the public-private sectors but also across institutional and geographic borders. Integration with legacy systems is important as well. For example, during the Harrison County pilot, paper copies of the blockchain ballots were created in order to scan the votes into the vote tabulators, since the votes were not automatically recorded into the election recording system⁶. This clearly defeats much of the purpose of the pilot. Major institutions recognize these issues and have created initiatives, alliances, and partnerships that aim to conduct research, fund pilot programs, set open standards, and enable multi-lateral collaboration and integration.

• The World Bank has created the ID4D initiative, which operates across the World Bank Group. ID4D consists of units working on digital development, social protection, health, financial inclusion, governance, gender, and legal issues. The initiative also focuses on integrating digital ID systems with civil registration (documenting life events such as birth, marriage, adoption, death, etc.) and vital statistics. ID4D also plans to launch the Mission Billion Challenge in November 2018, sponsored by the Omidyar Network, the Bill and Melinda Gates Foundation, and Australian Aid.
• The ID2020 Alliance is a public-private partnership dedicated to solving the challenges related to identity through technology and aims to “finance projects implementing secure, digital ID solutions, to set standards to facilitate interoperability, and to enable multi-stakeholder collaboration.” As part of the Alliance, last summer Microsoft collaborated with Accenture and Avanade to create a blockchain-based identity prototype on Microsoft Azure.⁷ This prototype was designed to be interoperable with existing identity systems so that personally identifiable information can reside “off chain.”
• The World Economic Forum also launched a shared Platform for Good Digital Identity at the Sustainable Development Impact Summit 2018 in New York this past September, with Omidyar Network committing a three-year grant to support the platform⁸.
• Evernym and the Sovrin Foundation have launched the Identity for Good Initiative, opening up Evernym’s Accelerator Programme to non-profit organizations. The hope is that with access to tools, technologies and expertise in decentralized identity models, these organizations will be better able to advance their missions.
• The Decentralized Identity Foundation is an engineering-driven organization working to create a “standards-based, decentralized identity ecosystem for people, organizations, apps, and devices” that ensures interoperability between all parties. DIF has a diverse range of members ranging from the Enterprise Ethereum Alliance and Hyperledger to IBM and Mastercard.

Acceptance of Validity

These digital identities will also need to be accepted as valid by state authorities in order to reach their full potential. Named “the most advanced digital society in the world” by Wired magazine, Estonia is one of the furthest along in this regard.

• e-Estonia: Through Estonia’s e-identity program, all citizens receive a secure digital ID card (powered by a blockchain-like infrastructure and utilizing 2048-bit public key encryption) that allows Estonians to access public, financial, and medical services, to pay taxes, vote, and get prescriptions online, to provide digital signatures, to drive, and to travel within the EU¹⁰. This digital ID card replaces most of the physical artifacts that one carries in their wallet, from driver’s licenses and passports to insurance cards and subway passes. The program runs on an open-source backbone called X-road, and utilizes K.S.I., developed by Guardtime. K.S.I. is also used by NATO and the US Department of Defense¹⁰. While Estonia’s solution still requires a physical artifact (physical digital ID card), this level of support from state authorities is what will be needed across nations for many of the above highlighted initiatives to succeed.

Key Management

Key management is commonly cited as a challenge with digital identity systems that leverage blockchain technology. Obviously, if an individual has had difficulty holding on to their ID, they may also have issues holding on to their private keys. Some suggest that private keys could reside in a smart chip on a key fob or something resembling a credit card, or could be held in a secure enclave within one’s phone. This is the most secure option. However, if the item storing an individual’s private key is lost, stolen, or damaged, they will not be able to access their account. Alternatively, keys could be stored with a central authority, although that defeats much of the purpose since decentralization is compromised.

There are several ways to attempt to balance the tradeoffs between security and decentralization. The MyPass Austin system allows two additional verified users, such as a service worker or an emergency-care provider, to be added to a homeless individual’s account in the event that they lose their private key. Similarly, uPort has created an identity recovery mechanism that lets the user select people from their contact list and with a quorum of these contacts, connect their persistent ID to a new device. With uPort, transactions are sent from a mobile device (which stores a user’s private key) through a Controller Contract to a Proxy Contract (which is tied to a unique identifier) which then interacts with an Application Contract. The Controller Contract maintains a list of “recovery delegates,” and in the event that a user loses their private key, a quorum of delegate signatures would allow the user to connect a new device to a new private key. However, the user still maintains access to their records since the new device is linked to the persistent identifier held on the Proxy Contract (the 20-byte hexadecimal string defined as the address of the Proxy Contract.)

Data Privacy

A useful digital ID necessarily includes sensitive information such as personal identifiers and medical records, and oftentimes requires a private key to be tied to biometric data in order to prevent the creation of multiple or fraudulent accounts. The MyPass team realized that people “have major concerns about the use of biometrics” and is looking for secure alternatives, including requiring participants to use a combination of a QR code and password in the future². Regulatory compliance (HIPAA, etc.) will also need to be taken into account when these systems are designed. David Dill, a professor emeritus of computer science at Stanford University and founder of the nonprofit Verified Voting, points out that while blockchain technology solves some problems related to e-voting, it “doesn’t deal with authenticating the voters before the election … or the security problems on the voters’ devices⁶.”

The Typical Trilemma

The digital identity use case faces the same trade-offs between scalability, decentralization, and privacy present in many other blockchain use cases. Many of these pilots have chosen to sacrifice some degree of decentralization to ensure better privacy and security. Most of these pilots are being run on permissioned blockchains, utilizing smart contracts to further control access to and preserve confidentiality of sensitive data. Building Blocks initially launched on a public blockchain but ran into scalability issues, finding the public version to be “too slow and too expensive¹⁴.” The ability to scale is also a challenge when considering the viability of e-voting on a national level. Depending on assumptions about platform, txn/s, and how many votes would be included per block, it could take up to two weeks to process a nationwide election with 60% voter participation in the U.S.¹¹ However, using multiple, region-based blockchains could address this issue in the short term while longer term scalability solutions are more fully developed.

For more information on the current limitations of blockchain technology in these use cases, and others, I highly recommend that you check out Building Blockchain Utopia: The Challenges Blockchain Faces Today.