What Is Self Sovereign Identity
The average American is becoming a digital serf living in the crypto estates of mighty tech baronies. At best the current model puts individuals at risk to the data practices of others. At worst, it captures every individual to the mercy of powerful multinationals or governments (who can completely monitor them and possibly delete them or take advantage of them). The identity system represents massive risks but also a massive opportunity for improvement in a new multi-billion dollar ecosystem.
The vision we are seeking has been described as self-sovereign identity (SSID). Self-sovereign identity puts individuals back in control of their identities. Although the term is just a few years old, there is growing consensus on the meaning as a system that allows individuals to determine their own identity destinies, rather than being at the mercy of governments, technologies, and corporations.
One of the earliest references to self-sovereign identity comes in 2012 from Moxie Marlinspike, who debates that we have the current identity model backward. “Administration systems do not give us ‘identity’. Individuals use their IDentity (sic) to administer Society.” In provocative language, Marlinspike claims that the current model forces citizens to be “dogs” of the government, instead of the government answering to the people. Self-sovereign authority, he says should be “a perfectly accountable legal construct.”
Christopher Allen from Blockstream, in a seminal piece on the path to self-sovereign identity, explains the problem and the solution as a way to protect the individual:
Today, nations and corporations conflate driver’s licenses, social security cards and other state-issued credentials with identity. This is problematic because it suggests a person can lose his very identity if a state revokes his credentials or even if he just crosses state borders. I think, but I am not…. Self-sovereign identity is the next step beyond user-centric identity, and that means it begins at the same place — The user must be central to the administration of identity. That requires not just the interoperability of a user’s identity across multiple locations, with the user’s consent, but also true user control of that digital identity, creating user autonomy.
The Sovrin Foundation, a non-profit leader in SSID established by Evernym, also wrote a detailed white paper on self-sovereign identity in 2016 that is worth reviewing (aptly titled “The Inevitable Rise of Self Sovereign Identity”). They explain the solution as a “new public utility — precisely what the ‘internet for identity’ should be.”
Features of SSID
Self-sovereign identity is a concept, rather than a framework, to empower individuals to reclaim their digital and legal personas. In order for SSID to work, there are several features that must be present in any solution. Any self-sovereign identity solution must ensure that the user has complete control of their own data. This model is the opposite of the current data model that underpins most modern business and government models:
1. Access: The user must have complete access to the information and complete control over who else has access (even the network or technology provider should not be able to see anything without the user’s permission)
2. Persistence: The identity cannot be turned off by anyone except the owner
3. Mobility: The identity must be transportable — it should be able to go where the user wants it to go, including hosting and usage. This means agnosticism and significant leverage for the user
4. Accountability: The owner of the identity must have complete visibility into and accountability from any technology or service provider that touches any part of their SSID. None of these providers should be able to make decisions that materially affect the owner of the identity without their consent
As Evernym explain: “If anyone other than you can ‘pull the plug’ or change the rules for your identity, it isn’t self-sovereign, it is siloed–even if it uses ‘blockchain’ technology.”
Benefits of SSID
The implications of SSID are profound. A truly self-sovereign world is one with increased democracy, access, and trust, and creates a more accessible and vibrant global economy.
Democracy. “Of the people, by the people, for the people,” becomes weaker when those in control have complete visibility of the people. Knowledge is the precursor to control in any totalitarian state. If your identity can be altered, deleted, or restricted, by any group, democracy fails as groups or individuals can be excluded from rights, employment, opportunities, or even the ability to participate in the democratic process.
Access. A broader definition of identity can go a long way to reducing financial and market inequality. In a world where we can better articulate and share trust networks, we can provide better opportunities for everyone. The developing economies of the world do not have a money problem, but an access problem. In the past, it has been difficult to share verifiable information in a tamperproof way. In the new model of identity, such verifications can be made about ability, status, and other basic claims across any field of human interest: from employment to initiating a loan, to buying a house, to volunteering for a charity. Additionally, this can break down barriers around who can vouch for information: in the past, we have used organizations as assessors and validators of claims. Technology now makes a person to person validation possible on a massive scale. It is problematic in many developing systems to apply traditional Western banking models due to a lack of records and verifiable information. This means that approximately 2.5 billion people are excluded from the formal economy. Solving this problem would mean a massive boon for the world’s economy.
Trust. Our world economy is built on trust. Trust that money has value. Trust that goods and services will perform as advertised. Trust that each worker in the chain will do their part of the work. Trust that employers will pay you after you have worked. Trust that investments will be paid back. As Steve Knack, a senior economist at the world bank found in over a decade of research, reported in Forbes: “trust is worth $12.4 trillion dollars a year to the U.S., which is 99.5% of this country’s income (2006 figures). If you make $40,000 a year, then $200 is down to hard work and $39,800 is down to trust.” Facilitating people to explain who they are, and vouch for one another through extended, verified, trust networks, will increase commerce universally — in turn accelerating the economy and producing more wealth for everyone.
Fraud. If adopted universally, a SSID platform will significantly reduce identity fraud as we know it. We have come to believe that we are our identity markers. We are not. The value of an identity marker is not in the information itself but in the validation of that information. In the future, a SSN or a DOB will not be enough to get a loan: the information will require a token from a trusted network to prove that the person who gave you the number is that person. As this adoption increases, the information alone becomes irrelevant: It’s no longer important if hackers acquire your SSN, because they can’t do anything with it if they are not you. Imagine a world where you have fewer concerns about unauthorized individuals and corporations maliciously using your personal data?
Vibrancy. Currently, a lot of your personal data is tracked, but it resides in silos and does not interact with other data about you. Most people resist the lure of putting all their information in one place. If there was a universal data repository that consumers had confidence in (i.e. trusted was secure and self-sovereign), data could be used in more varied and rich use cases to benefit everyone’s lives. Imagine combining DNA data with location data, income data, and fast food purchases, for example. This would be incredibly powerful in creating the products, services, and cities of the future to benefit everyone. Additionally, and counter-intuitively, the more data you put into this wallet actually makes you more secure, not less. For example, if your self-sovereign identity wallet is tracking your location, associates, and buying habits, the moment you deviate from the pattern, smart algorithms will immediately know your ID has been cloned, hacked, or you have been physically abducted, and will be able to immediately — in real time — alert you and those you trust. (This is despite a blockchain SSID making the first two extremely difficult.)
Why Now?
Identity has transformed from a personal network to documents to digital — and therefore back to network as in social media. Along the way, many companies have tried to solve the “identity problem,” including titans of industry like Facebook, Google, and Microsoft. Strikingly they have failed. We believe they have failed because each time they have violated the fundamentals of self-sovereign identity.
Microsoft tried with Passport in 1999, Facebook with Connect in 2008. Powerful consortiums also have tried with OpenID (2005), OAuth (2010), and FIDO (2013). Some of these are still in use in specific use cases, but none have become universal.
We believe the central issue of any centralized identity platform is trust. Consumers guard their identities — including the concept of online identity — fiercely. To provide someone with everything about you is to give that person complete control over you. No company is that universally loved nor trusted. Any identity platform that does not let you move your identity at will, can turn it off or change the rules at their own pleasure, and has any interest in reading it or selling it, can’t be trusted and therefore can’t succeed. The question remains in consumers’ minds, why is this company collecting my information — for my benefit, or theirs?
A second issue is root identity. We all have multiple identities, i.e. a social network identity or a legal identity (who the government says you are for voting or tax purposes). You can’t use your Google+ account to vote, because the government isn’t sure who set up the Google account in the first place.
Decentralized, unowned, truly self-sovereign identity, was not technically possible until blockchain, because however good the company, the company were still in charge. In effect, they own your digital self.
