Private Ownership of Personal Portfolios

Ownership and authenticity of personal credentials is a problem in today’s societies. The M.I.T.’s dean of admissions resigned in 2007 after admitting that she fabricated her educational credentials when applying to work for the institute in 1979. According to Advanced Secure Technologies’ CV Fraud Statistics Study of 2017, up to 80% of CVs contain some discrepancies, 57% of which relate to the academic background. This problem goes way beyond university diplomas. The goal of this article is to answer the following question: What can a decentralized portfolio do for societies and public services?

CVs: we are doing it wrong

Nowadays, people have the choice between personally holding onto a file or a paper version of their resumes and diplomas. Files can ‘safely’ be stored by using centralized cloud systems or using centralized apps such as LinkedIn. But these data are then in hands of private companies, and they can use it for commercial purposes. All of these options have various downsides. When choosing the first option and holding onto the diplomas personally, the risk of losing the paper version or computer file is high and verification of authenticity is another inconvenience. For university diplomas, contacting the university that awarded the diploma is one of the only ways one can confirm that the diploma and grades are legitimate. The Hague Convention Abolishing the Requirement of Legalisation for Foreign Public Documents is a step towards making the verification easier, but it is an outdated solution. The process of receiving an apostille stamp takes a lot of time and effort and could be improved by digitizing it.

Other problems with verifications subsist. First of all, if taking a diploma in a school that does not exist anymore, verifications suddenly become arduous. Resumes are not only about university diplomas. What happens when it comes to professional certificates, recommendation letters or other diplomas that are neither verifiable through a central database or standardized by law? What happens if the company where someone claims to have worked has been bankrupt for years? How can the information be verified?

Verifications take time and can be painful processes. Not only in the field of recruiting.

A solution to these botherations needs to be thought about and achieved. In this article we introduce a decentralized portfolio that could include somewhat of a life resume with verified information, having the potential to solve some of these problems. This portfolio would include as much data as users would allow, and could function as a resume where information would be safe from leaking to undesired parties. Such a portfolio would have the potential to ease recruitment processes while fighting fraud and keeping data in safe hands, but could also include any other type of data going from medical records to tax information, depending on how far the government implementing it wants to go. A decentralized portfolio would also solve the problem of lost physical documents and files.

Having several centralized databases run by third parties is neither efficient or safe, but including all personal information on one portfolio also has its risks. People should have the right not to give third parties access to all of their personal information, and that is fortunately possible with the decentralized portfolio we propose.

One of the key ideas behind the portfolio that we describe is that it could and should be operated by the public sector. It goes without saying that it could very well be set up and run by actors from the private sector or outsourced to them by governments, but it would be safer from a government point of view to improve the life of its citizens with a decentralized portfolio while not depending on private companies. The implementation of a state-run decentralized portfolio could start as a resume only including information that is generally used on CVs, and then, depending on its success, it could move onto containing more information. This would simplify government data storage by running one decentralized portfolio instead of various centralized databases that do not communicate. All of this is possible while keeping the data safe. Compared to current options it also has the advantage of having no downtime. Linkedin as an example is currently blocked in Russia, while distributed systems cannot be taken down in such a way, making their potential use universal.

Previous work

The problem of property and data ownership is not recent, and people have been working on solutions for a long time. Nick Szabo already wrote about his idea of property clubs in 1998, proposing a solution to a common pattern of confiscation of land via the forgery or destruction of public records during eras of political instability or oppression:

‘A group, called a property club, gets together on the Internet and decides to keep track of the ownership of some kind of property. The property is represented by titles: names referring to the property, and the public key corresponding to a private key held by its current owner, signed by the previous owner, along with a chain of previous such titles. Title names may “completely” describe the property, for example, allocations in a namespace. (Of course, names always refer to something, the semantics, so such a description is not really complete). Or the title names might simply be labels referring to the property. Various descriptions and rules — maps, deeds, and so on — may be included’.

As straightforward transcription of written records into a centralized online repository would make many of these problems even worse — electronic records can be highly vulnerable to loss and forgery, and insiders are the most common source of such attacks, a distributed ledger was his proposed solution.

Decentralization — What’s the deal

As well stated by Vitalik Buterin, the founder of Ethereum, decentralization is often seen as blockchain’s raison d’être, but nonetheless tends to be defined very poorly.

Decentralization is the dispersion or distribution of functions and powers.

Since the inception of Bitcoin and the introduction of blockchain technology in 2008, distributed systems have attracted much attention. The centralized powers that are sometimes too big to fail, have a significant impact on our societies. People, including employees of these companies, are becoming more and more aware of this. The monopoly positions of technology companies have sometimes reached to levels where they have the knowledge and funds to either buy or copy competitors’ business model and attracting the best scientists, leaving little space for true competition.

With the introduction of Ethereum in 2014, distributed applications (dApps) can be created. This takes away the ‘single-point-of-failure’ risk that we see in many business models. By having every node connected to the blockchain carrying out the pre-programmed logic by using smart-contracts. Tokens can be used for cross-border (micro-)transactions and distributed storage solutions such as BigChainDB, FileCoin, Swarm and STORJ can be used to store files or documents that are too big to be stored on the blockchain.

Many people remember services like Kazaa, LimeWire, and BitTorrent, where one could easily download files from other users connected to the service. These solutions were sort of distributed storage systems as well. The problem was that certain files would not be available if there was no interest in them, because seeders (the ones owning the files) would delete them or not offer them anymore. These solutions made use of distributed storage, but would not incentivize seeders to have a file available. Variants have been used, in which users could for example only download files if they also supplied storage space, but many of these solutions were ran by companies, forming a central point of risk. Eventually, Limewire and Kazaa were shut down, by the order of a court, because of violation of intellectual property rights. Therefore, we can conclude that a perfectly distributed storage solution is one where seeders are incentivized to have files available, where there is no central authority running the system, and where the system is perfectly distributed and robust.

In recent years, driven by blockchain, several distributed storage solutions have come to the field. Examples are BigChainDB, IPFS, Filecoin, and STORJ. Often times, these distributed storage solutions can be used with public Blockchains, such as Ethereum, where the layer of logic can be programmed on the blockchain through smart-contracts, and for example, BigChainDB can be used for distributed storage of files. For our case, we will use Filecoin as a backbone. The service is currently under development but builds on several existing technologies and new novel ideas that should eventually lead to a perfectly distributed storage system where there is no central authority in charge, where seeders are incentivized to store certain files, and where the system is robust.

Distributed storage can be done in a safe and robust manner by encrypting files and storing the encrypted file in several places. Only the person who encrypted the file will be able to decrypt the file after retrieving it. It can be stored safely by storing it at several seeders, or even shard the encrypted file and store multiple copies of the pieces of the encrypted file.

Filecoin allows for paying tokens to seeders in order to have the files stored, and keeps track of the availability of documents in a distributed way. There is no central authority controlling the system.

The potential solution

With people’s increasing presence online, the need for secure storage is growing every day. In the cases where people don’t pay for storage, their data becomes a commercial product. From a government point of view, it is better to pay minimum amounts for storage, rather than having privacy being violated or people exploited. Eventually, an efficient market should exist in which centralized storage solutions will compete with distributed storage solutions where people themselves can decide how to store their private document.

It is conceivable that in the 21st century, secure and private storage of personal documents should be a fundamental right for every person.

As mentioned earlier, such a solution would likely have to be set up by the public sector. This is first of all not to be dependent on private companies, but secondly, because it needs support from every institution participating. For example, every university would be connected to a public key, and it would be up to universities and the public sector to agree that a public key really belongs to a certain university. In this way, a university could sign a file (diploma) with its public/private key combination, and send it to the rightful owner, who is on his turn connected to a public/private key combination. If this university would cease to exist, then the existing universities could agree, or confirm, that this public key belonged to the non-existing university. By including timestamps into the signatures, it could easily be checked whether a document was signed during the existence of the university. If we speak about companies, the same system could be set up.

The way forward

Any country that decides to implement a system such as a decentralized portfolio would have to consider the trade-offs between centralized and decentralized systems. As an example, the value of tokens that are used in Filecoin are subject to market forces, and might therefore not be of interest to potential storage providers. An alternative could be that the government decides to implement a token that always keeps a stable value. Another important topic to consider is data protection rights. Potentially, a government could consider to only allow storage providers that are physically located within their jurisdiction to counter jurisdictional problems regarding data protection rights and privacy-related topics. For a system such as a decentralized portfolio to go forward in a country and its educational system, it would likely need to be done on a governmental or at least on a regional level. This would require the ministry of education or some other public institution to move forward with this idea. In order not to depend on a private company, governments could, for instance, replicate what IPFS and Filecoin do, and realize it as a public institution, allowing them to make sure the data is stored in a certain geographic zone, the European Union for instance.

This whole concept of a decentralized portfolio could potentially be applied to other personal documents than CVs, potentially changing the way public institutions deal with data and communicate with each other. Medical records, welfare program history, and tax information are just examples of data that could be stored safely and efficiently in that way. All it requires is support from the actors in the sector implementing it. The nice thing about such a system is that it cannot be taken down or censored. It would simply gather all the data important to the state and the individual while giving ownership of the data back to its owner. The different types of key data would only be available in pieces, and to those who get permission to access it.

About

This article is written by Joni Askola and Lucas Roorda as part of the series ‘A Look Into the Future’. This series was created with the aim of envisioning 21st governments and their services through reforms that have the potential to make people’s lives better. We are strongly convinced that by using disruptive technologies more efficiency, transparency, and safety can be achieved in public services. Please join the discussion here on Medium or on our Reddit.