Avoiding the Dangers of Excessive Data Sharing with SSI

[ — by Jelle Millenaar]

Tim Berners-Lee, the creator of the World Wide Web, has recently gained attention for his efforts to fix the internet through the SOLID project. This project aims to give people control over their own data and shares many goals and concepts with Self-Sovereign Identity (SSI). Instead of tech giants owning people’s data, individuals will be able to collect and share their own data with only those they choose, becoming the ultimate controllers of their own digital selves. One thing that isn’t talked about a lot with SOLID and SSI is how people will be protected from companies asking for too much data. We will further explore this challenge in this blogpost.

The Dangers of Self-Sovereign Identity

Imagine a world where having a rich digital identity is normal. People would be carrying around large amounts of personal information on their phones or computers, and sharing this information would be as easy as making payments with a phone. Parties receiving this information can instantly verify its integrity and source, making it almost trivial to establish trust. One app (a so-called wallet) on a person’s phone contains all sorts of important documents like their passport, licences, degrees, medical history, transportation tickets, concert tickets, and much more. While there are many benefits to this technology, it also presents challenges. For example, if it is this easy to share information, companies might ask for more information than they strictly need. The additional information might be valuable for companies to create customer profiles or and run analytics at the cost of your privacy. Companies might not let you use their services or go to certain places if you don’t agree to share the additional information.

Corporate Accountability

Fortunately, modern privacy laws like the EUs General Data Protection Regulation (GDPR) protect people from data overcollection by companies. These laws state that companies can only collect and use personal data for specific, explicitly defined purposes and cannot collect or use more data than is necessary. While this corporate accountability is crucial, it can be difficult to enforce, because it is hard to gather evidence of data overcollection as an individual. However, we now have the opportunity to build this accountability into new protocols for data sharing, such as the new OpenId standards, that are at the heart of Self-Sovereign Identity.

One way to stop companies from collecting too much data is to keep track of data requests. This means storing a list of what data is being asked by whom and for what purposes. This helps make sure that companies are only collecting and using data for the purposes they have defined, and not collecting or using more data than they need. It’s also important to make sure that data requests can be linked to a specific company through their digital identity. This helps ensure that the requests are coming from real companies and not from people trying to do something bad. However, even if we keep a log of data requests, it might be hard to use it as proof if a company denies the log is true.

Non-Repudiation

Non-repudiation, or the inability to deny something that has happened, is an interesting solution for this. After a company has been successfully identified, they can use their digital identity to sign data requests. These cryptographic signatures can’t be faked and show clearly who signed the request. Just like with a contract, assuming no forgery, a company can’t deny that they have signed it, because you have undeniable proof with their signature since digital signatures forgery is almost impossible. By using this method to sign data requests, we can add non-repudiation to our log of data requests.

If at any point a company requests any amount of information, the digital identity wallet will keep track of this information including the signature proof. If the information request is excessive, it would be possible to contact your local data protection agency and not only submit a complaint, but also have non-repudiable proof. Naturally, this requires the data protection agencies to recognize the SSI method of identification and trustworthy corporate digital identities. With these things in place, it would be possible to fully automate the process of submitting a complaint.

Voluntary Participation

When this idea has been discussed before, corporations are often hesitant and don’t like the idea of being held accountable. Unfortunately, we can’t force them to work this way, but we can make it voluntary. If it’s completely voluntary and there are no consequences, it probably won’t be used very much. However, there is something we have complete control over.

When a person interacts with a company through a digital identity wallet, both parties will check each other’s identities and the user will get a request to share data. This request must be shown to the user and they have to agree to it by clicking “Yes” or “No”. The wallet designer has complete control over how this looks. This is where we can add consequences for companies that don’t voluntarily agree to sign data requests. The wallet can simply show a warning that says the data request might not be done in good faith and the user should be careful. This leads to a lack of trust by the user, which may persuade some users to opt for another service that doesn’t do this, creating market pressure to sign data requests fairly.

Accountability will be cornerstones for a healthy Self-Sovereign Identity ecosystem. It is important to design solutions that protect users and not further weaken their privacy. Impierce Technologies takes this huge responsibility very seriously. We design software that enables modern data sharing possibilities while protecting privacy.