Identity and the blockchain: what are we looking for, anyway?
Identity theft and falsification has been a problem ever since, well, since identities were identities. And it’s easy to understand why. Apart from political necessity (the need to escape persecution), there’s criminal intent (I’m harder to catch if you don’t know who I really am), and the frivolous desire for fun (so I’m not really responsible for what I do). Most of us have seen those movies, read those books and played the game of fantasizing about being someone else for a while.
And as the headlines and the police constantly remind us, online it is so easy to become someone else. Pseudo Twitter accounts, fake Facebook profiles and anonymous chat room IDs are the tip of the iceberg when it comes to assuming the personalities of others. You’ve probably seen the famous New Yorker cartoon:
So far we have not yet found a way to get around the problem. And the more we think about it, the less clear the problem becomes.
Is it one of identity verification? Is it one of identity portability? Or is it more a question of showing the right things to the right people at the right time? What exactly is it that we’re looking for?
We haven’t found an ideal solution yet, but we seem to be getting close. The technology of the blockchain — the public, decentralized database that is hard to hack and modify but easy to distribute — has opened up new possibilities that could solve some of the stubborn barriers that online identity has been coming up against.
The advantage of the blockchain is that just about anything can be digitized, hashed (compressed) and stored. Because the ledger is public, the information can be accessed from anywhere, and sent to anyone. It can only be modified by the holder(s) of the private keys. And because the ledger is decentralized, no one person or entity can stop it from being used.
You’re no doubt asking yourself, “in what way would that stop falsification?”. Obviously just putting information on the blockchain doesn’t make it true.
Several blockchain business have emerged, hoping to make identities easier to create and use. And yet most focus on identity management rather than verification. Netki announced a funding round of $3.5 million a few days ago, to develop a digital certificate of identity, piggybacking on an official US identity program and making it usable on any blockchain. ShoCard wants to use the bitcoin blockchain for identity tokens that can not only be used by banks to identify transactors, but can also change the way we travel by holding our passport details, photo, airline tickets, hotel reservation… It can be pulled from the blockchain for confirmation by any airline or airport official, anywhere in the world.
Object-Collab is a research and proof-of-concept project working with banks and regulators around the world to design a global ID that is individual, secure and accessible from anywhere. Cambridge Blockchain offers a platform that allows transacting parties to learn certain types of information about one another without compromising their full privacy. BitID wants to convert your bitcoin wallet into a unique and universal ID that would allow you to pay for goods online, check in to hotels, authenticate identity on websites… Trunomi makes KYC easier for financial institutions, and facilitates consent-based sharing of financial data. Cryptid uploads your official ID onto the blockchain, and assigns you a card along with a QR code that makes the ID more portable and more secure. Civic’s goal is not to issue nor to manage your identity, but to protect it by letting you know every time it is used online. Identifi combines identity with reputation.
And thinking big, BitNation offers a global ID that accompanies your passport, allowing you to become a “world citizen”. For those without a passport, it can issue a Blockchain Emergency ID to facilitate refugee access to aid and donations. These are just some of the ideas and businesses tackling the identity issue, and we will no doubt be hearing more about these and others in the months to come.
Big tech companies are also very interested in the field. A few days ago IBM completed a blockchain identity trial with French bank Crédit Mutuel that would allow banks to securely share their customers’ identities with third parties such as utility companies and online businesses. A few weeks ago Microsoft announced a collaboration with Ethereum developer Consensys and Blockstack to build an open-source identity platform that bridges Bitcoin and Ethereum.
With so much brain power and money behind the search for a solution, why is it proving so elusive? Some say that it’s because the solutions are too fragmented. I believe that it’s because we’re asking too much of the solution.
What is identity, anyway? I’ve just finished reading Richard Morgan’s Altered Carbon. In it, the protagonist is digitally sent back to Earth and assigned a “sleeve” (someone else’s body). But he’s himself, using his own name, and carrying around his own complicated past. His body is just a garment. Given that we can’t disassociate ourselves from our bodies, what are we? Are we our past? Our thoughts? Our abilities? Or are we something more solid? Perhaps an amalgam of our history and our qualifications, represented by a set of physical features. Given that both our past and our physiques are constantly changing, how can these relatively fluid concepts irrefutably identify us?
And, why do we need it? For transactions? Access? Privileges? Each “need” requires proof of different aspects of our self. My passport alone won’t get me a job, or a discount at the college bookstore. My job title is not enough to allow me into a country, or entitle me to a tax rebate. The fact that I’m a CFA won’t let me open a bank account, or get me treated at the local hospital.
We live in a world of fragmented identity, with different organizations issuing different validations for different requirements. As we have seen above, many blockchain services are trying to find a solution of unification and portability. But is this even possible? We can upload our identity (or identities) online, adapt them for many uses, send them around the world. But what identity? Who issues that which we upload? And how does anyone know that it is correct? Identity documents, after all, are only as trustworthy as the issuer. My British passport carries more weight than my coupon card from Val’s Laundromat.
It is also much more useful, and much, much harder to fake. But it can be done. Getting a passport is not easy, but as we know, false ones are available to those with the right connections and resources. Which highlights the difficulty, if not impossibility, of truly verified identities online. If identities can be faked offline, it’s even easier when you can’t look the person in the eye. Photos of smiling faces holding identity documents to prove physical similarities can be doctored. Scans of official documents can be manipulated. Signatures can be forged. Links can be diverted. Identity creation, validation (which is not the same as verification), dissemination and protection are all fundamental for secure online transactions. But they don’t address the issue of what identity is, and how we can be sure that it’s real.
Maybe there is no “one identity” that will do. And maybe that is just fine. Maybe we need to rethink at the concept of identity for this new, hyper-connected and multi-layered world. Online it’s easy to be many different people. Offline, it’s harder. So, maybe we need to forget about the search for how to represent one true identity, and focus on what that identity is needed for. What characteristics does it need to have?
In “Identity is the New Money”, David Birch proposes fragmenting our identities and offering the part that is needed according to the situation. Notice the plural — online, most of us have more than one identity, often without realising it. We sign in to services using different avatars. We use different platforms for different reasons. And while the superficial identities are easy to set-up and destroy, that doesn’t make them any less real.
“All of the identities we exchange are virtual, and while these virtual identities are of course linked to our mundane identities, they should not be confused. None of them is ‘real’.”
So the search for the “real identity solution” is looking for something that doesn’t exist, because there is no one particular universal format or need. Maybe the answer lies not in finding the solution that fulfils all needs, but in finding a multi-format but coherent solution that adapts to whatever the need is. A solution that is secure but updatable, easy to share but difficult to steal, decentralized but universal, adaptable but compact… This sounds complex, as are the issues around who would create such a system and how it would be maintained. But well designed and implemented, on a public blockchain, with official involvement and creative leeway for businesses and services, its use could end up being simple. And if it works, and if users, businesses, regulators and governments learn to trust it, the opportunities it opens up for efficiency, safety, wealth creation and freedom are immense.
(A similar version to this article was published on fintechblue.com, where I write about fintech, blockchain and cryptocurrencies. I also tweet away at @NoelleInMadrid.)