How Combining Mobile Devices and Blockchains for Identity Portability Shields Your Data
By: Armin Ebrahimi
Using blockchains for identity portability was recently called a “double-edged sword,” asserting that while blockchain can enable portable identities, it will likely come with strings attached. The essence of blockchain technology is that it is public and immutable, meaning it cannot be changed. Therefore, if identification information is stored directly on the blockchain, the mistakes of the past — such as a mistake made in high school or a defaulted loan — cannot be changed or updated.
This dystopian future where every mistake follows you until the end of time, affecting your ability to buy a car, get hired, etc., would apply to blockchain technology only when identification information is stored directly on the blockchain. However, when blockchain technology is combined with mobile devices, it is possible to use the blockchain to verify your data without ever putting personal identification data directly on the ledger.
Using mobile devices, such as a smart phone, combined with the blockchain, makes it possible to enable the concept of “bring your own identity” or BYOID. Using this method, the actual data resides only with the provider of the data (e.g. the person giving you a rating, like a credit score) and the individual. The only data stored on the blockchain are signatures of one-way hashes of data in the form of tokens that prove the provider actually gave the rating to the user and who the user is. The blockchain serves as a validation mechanic, only recording the digital signatures of the hash of an identity-attribute based on the token.
Users don’t have to share all of their identity data — they can choose specific details to share and not share the rest. Verifiers can only verify what is shared with them, and don’t have the ability to peruse other data on the user. If a user doesn’t want to share a particular ranking, event or information about their identity, the choice is theirs. This is significant to protect user privacy and choice. However, what they do share can be validated and authenticated using the blockchain for its veracity.
In fact, using this combination of technologies enables the benefits of data portability without the drawbacks, and acts as a shield for personal data. Without large databases full of private identity information, large corporate data breaches will be fewer and far between. In a blockchain BYOID world, hackers are unable to steal millions of user records with a single breach. Rather, they would have to get physical access to millions of mobile devices and hack them one by one. This makes the cost of hacking insurmountably high and de-incentivizes the process of stealing information.
In this way, the combination of mobile devices and blockchain technology to manage your identity adds an unprecedented level of security for your personal identification information, and offers similar benefits for enterprises. As more companies fall victim to data breaches that actively destroy their reputations, and sometimes land them in legal trouble, these data breaches incentivize companies to assure customers their information is secure — even if that means not storing it themselves — and instead allows it to stay in the customer’s own control on their mobile device.
People want to be in control over their personal data’s security and who it is shared with. In the current system, there is virtually no choice but to trust the security measures of the corporations you share your data with and there is almost no way of telling who they are selling that information to. The demand for a better solution and more control is best exemplified in the EU’s General Data Protection Regulation (GDPR), a legal measure that is meant to give individuals more autonomy over their data. Though the regulation affects companies handling the data of those residing in the EU, companies that take the initiative to protect all their consumers’ data before it is legally required will have the upper hand against companies that drag their feet, showcasing a shared value in protecting personal data. ShoCard’s blockchain-based identity management ecosystem, for example, meets the GDPR’s right to erasure and privacy by design provisions, and is being incorporated into the solutions of companies facing the regulation.
A new wave of identity management is coming, and technologists, enterprises and individuals would do well not to miss the opportunity to integrate the right blockchain-enabled mobile identity into their services and access points.