The Impact of Digital Identity
We all have a human right to identity, commencing the moment we are born, according to Article 8 of the UN’s Convention on the Rights of the Child. At its most surface level, identity consists of one’s first and last name, date of birth, nationality, and sometimes a national identifier such as a SSN — data points that are recorded on birth certificates, passports, and state issued IDs. The problem is, these forms of identification require the maintenance of physical artifacts in an increasingly digital world and are completely reliant upon the central authorities that issue and validate them. As a result, according to the UN, 1.1 billion people worldwide don’t have a way to claim ownership over their identity. Without a valid form of ID, one can’t own property, vote, receive government services, open a bank account, or find full-time employment. More importantly, without control over one’s identity, it is easy to become invisible, to be relegated to the role of spectator, unable to participate in society simply because one can’t prove that they are who they say they are.
How Can Blockchain Help?
Trustworthy digital identification has been “one of the main challenges facing the internet ever since it was invented, because none of the traditional, offline means of verifying that someone is who they say they are apply¹.” Furthermore, digital IDs can raise questions about central points of failure and surveillance states if these IDs are created, stored, and managed by a central authority.
Merely creating a digital identity is not sufficient, there are specific properties required for a digital identity to fulfill its potential and maximize its social impact. ID2020 has created a framework outlining the properties of a responsible digital ID. These criteria conveniently map to properties of blockchain technology, illustrating how blockchains can help create a better digital ID. Blockchain systems also reduce dependence on third-party intermediaries and can survive disasters that might wipe out or compromise more centralized record-keeping systems (including breaches.)
However, as expressed by BanQu founder Ashish Gadnis, “Identity on blockchain is old news. The real value of blockchain is its unmatched ability to create and secure an economic identity for the world’s billions living in extreme poverty today…..this is truly a revolutionary opportunity⁹.” In other words, blockchain technology doesn’t just allow for the creation of a better digital ID, but rather presents an opportunity to create a “self-sovereign” identity.
Validity
The need for a physical ID creates obstacles, which could be solved with blockchains, for two populations in particular.
1.) The Homeless Population
For the homeless population, digital identities registered on the blockchain could reduce the burden of maintaining physical copies of ID (which are easily lost, stolen, or ruined in inclement weather while homeless) and eliminate the need to procure duplicates (one usually needs a valid ID in order to replace a lost ID….) These digital IDs would not only allow users to quickly and easily verify their identities, allowing them to access more services, but would also build a profile of transactions that could be shared across service providers through a permissioned blockchain. This is a vast improvement over the current system which involves service providers relying on word of mouth as to an individual’s history or trying to piece together fragmented data from multiple, disparate agencies in an attempt to assemble an individual’s medical or financial history like a “jigsaw puzzle².”
- MyPass Austin: After participating in the 2018 Bloomberg Philanthropies’ Mayors Challenge, the City of Austin, Austin-Travis County EMS, and the Dell Medical School at the University of Texas are running an identity management test pilot targeted at the homeless population. MyPass Austin runs on a permissioned Ethereum based network utilizing software provided by BanQu, a blockchain-as-a-service company, and was piloted with 30 to 50 individuals who each possessed an SMS-enabled cell phone. BanQu is planning to roll out similar platforms in five more U.S. cities. After piloting the program for the last seven months, MyPass Austin now aims to provide every resident of the city “simple, secure and convenient” access to essential services, such as emergency care, employment programs, or housing².
2.) Refugees
The UN’s Sustainable Development Goals include target 16.9 which aims to “provide legal identity to all, including birth registration, by 2030.” However, there are >20M refugees worldwide, many of which no longer have access to their legal identities³. Not surprisingly, the UNHCR has been evaluating ways to use blockchain technology to aid refugees and to help them to regain the legal identities that they lost when forced to flee their homes.
- The UN and the WFP: The UN and the World Food Program (WFP) recently piloted a program, called Building Blocks, aimed at better tracking aid from the WFP. The U.N. agency launched the one-month pilot in May, involving 10,000 of the more than 50,000 inhabitants of Jordan’s Azraq camp. In this pilot, refugees accessed their accounts via biometric eye scans, allowing them to receive food. Following the initial pilot, the UN and the WFP aim to expand the pilot to reach +100,000 refugees across multiple camps in Jordan by the end of the year⁴. The initial Building Blocks pilot ran on a private, permissioned blockchain using the Parity Ethereum client with a Proof-of-Authority (PoA) consensus algorithm (more on related trade-offs below.) While Building Blocks was aimed more at tracking aid than creating digital identities per se, Caroline Rusten, head of U.N. Women’s humanitarian unit, has identified the potential of blockchain technology to improve identity management for refugees. Particularly, Rusten highlighted that “blockchain could be used to create a secure, paperless record of skills and education that refugees can carry with them, to which information can be added as they are on the move, [allowing] people to be appreciated for who they are and the qualifications they have and not just seen as refugees⁴.”
Validity and Voting
Creating a digital ID with blockchain technology could also allow for greater voter participation. Blockchain systems have the potential to create an electronic voting system that allows for auditing while preserving anonymity of an individual’s votes and that prevents record tampering. That means people could securely vote from mobile phones, which could increase voter participation and reduce obstacles for those attempting to vote by absentee ballots from overseas.
- Zug, Switzerland: Zug recently conducted an e-voting pilot as part of a wider initiative to create a single electronic identity for its citizens. In 2017, the city of Zug began creating digital IDs for its citizens, which can be accessed by downloading the Uport mobile app and registering their Uport ID on the Ethereum blockchain. Zug then used this system to run a small scale trial (72 out of 240 potential participants chose to participate¹²) of e-voting between June 25 and July 1 of this past year. Polling information and residents’ IDs were stored on the Ethereum blockchain. The e-voting system was developed by Luxoft, a software company based in Zug, in partnership with the city and the department of computer science at the Lucerne University of Applied Sciences⁵.
- West Virginia: In May, West Virginia partnered with technology firm Voatz to pilot a mobile voting app for deployed voters in two counties. Following a successful audit, the pilot will be offered to eligible voters across 55 counties and a mobile voting pilot will be expanded to absentee ballots for overseas military service members⁶. The mobile-voting app requires one to take a photo of their ID and film a short video of themselves moving their eyes. This essentially ties facial recognition to a private key, allowing for voter verification via mobile phone. Nearly 140 West Virginians living abroad in 29 countries voted via mobile device in the recent U.S. midterm elections¹³.
- Nasdaq: In partnership with Chain, Nasdaq launched a blockchain-based e-voting PoC with four web-based user interfaces in Estonia, in the context of shareholder votes.
In addition to the pilots and projects outlined above, blockchain digital identity pilots have taken place in Dubai (ObjectTech), Malta, Moldova (digital ID for anti-trafficking), Antwerp, Finland (MONI), and other countries across the globe.
Challenges
However, distinct, one-off pilots will not be enough to create a truly “self-sovereign” digital identity. Coordination between all the organizations running these pilots will be needed. In the end, central authorities, public institutions, and private organizations will have to agree to accept these digital IDs as valid and to work together to create standards for interoperability. Technological solutions and UI/UX must continue to develop as well.
Social Coordination and Integration
Coordination is needed not just between the public-private sectors but also across institutional and geographic borders. Integration with legacy systems is important as well. For example, during the Harrison County pilot, paper copies of the blockchain ballots were created in order to scan the votes into the vote tabulators, since the votes were not automatically recorded into the election recording system⁶. This clearly defeats much of the purpose of the pilot. Major institutions recognize these issues and have created initiatives, alliances, and partnerships that aim to conduct research, fund pilot programs, set open standards, and enable multi-lateral collaboration and integration.
- The World Bank has created the ID4D initiative, which operates across the World Bank Group. ID4D consists of units working on digital development, social protection, health, financial inclusion, governance, gender, and legal issues. The initiative also focuses on integrating digital ID systems with civil registration (documenting life events such as birth, marriage, adoption, death, etc.) and vital statistics. ID4D also plans to launch the Mission Billion Challenge in November 2018, sponsored by the Omidyar Network, the Bill and Melinda Gates Foundation, and Australian Aid.
- The ID2020 Alliance is a public-private partnership dedicated to solving the challenges related to identity through technology and aims to “finance projects implementing secure, digital ID solutions, to set standards to facilitate interoperability, and to enable multi-stakeholder collaboration.” As part of the Alliance, last summer Microsoft collaborated with Accenture and Avanade to create a blockchain-based identity prototype on Microsoft Azure.⁷ This prototype was designed to be interoperable with existing identity systems so that personally identifiable information can reside “off chain.”
- The World Economic Forum also launched a shared Platform for Good Digital Identity at the Sustainable Development Impact Summit 2018 in New York this past September, with Omidyar Network committing a three-year grant to support the platform⁸.
- Evernym and the Sovrin Foundation have launched the Identity for Good Initiative, opening up Evernym’s Accelerator Programme to non-profit organizations. The hope is that with access to tools, technologies and expertise in decentralized identity models, these organizations will be better able to advance their missions.
- The Decentralized Identity Foundation is an engineering-driven organization working to create a “standards-based, decentralized identity ecosystem for people, organizations, apps, and devices” that ensures interoperability between all parties. DIF has a diverse range of members ranging from the Enterprise Ethereum Alliance and Hyperledger to IBM and Mastercard.
Acceptance of Validity
These digital identities will also need to be accepted as valid by state authorities in order to reach their full potential. Named “the most advanced digital society in the world” by Wired magazine, Estonia is one of the furthest along in this regard.
- e-Estonia: Through Estonia’s e-identity program, all citizens receive a secure digital ID card (powered by a blockchain-like infrastructure and utilizing 2048-bit public key encryption) that allows Estonians to access public, financial, and medical services, to pay taxes, vote, and get prescriptions online, to provide digital signatures, to drive, and to travel within the EU¹⁰. This digital ID card replaces most of the physical artifacts that one carries in their wallet, from driver’s licenses and passports to insurance cards and subway passes, and can also be stored on and accessed from a smartphone. The program runs on an open-source backbone called X-road, and utilizes K.S.I., developed by Guardtime. K.S.I. is also used by NATO and the US Department of Defense¹⁰. This level of support from state authorities is what will be needed across nations for many of the above highlighted initiatives to succeed.
Key Management
Key management is commonly cited as a challenge with digital identity systems that leverage blockchain technology. Obviously, if an individual has had difficulty holding on to their ID, they may also have issues holding on to their private keys. Some suggest that private keys could reside in a smart chip on a key fob or something resembling a credit card, or could be held in a secure enclave within one’s phone. This is the most secure option. However, if the item storing an individual’s private key is lost, stolen, or damaged, they will not be able to access their account. Alternatively, keys could be stored with a central authority, although that defeats much of the purpose since decentralization is compromised.
There are several ways to attempt to balance the tradeoffs between security and decentralization. The MyPass Austin system allows two additional verified users, such as a service worker or an emergency-care provider, to be added to a homeless individual’s account in the event that they lose their private key. Similarly, uPort has created an identity recovery mechanism that lets the user select people from their contact list and with a quorum of these contacts, connect their persistent ID to a new device. With uPort, transactions are sent from a mobile device (which stores a user’s private key) through a Controller Contract to a Proxy Contract (which is tied to a unique identifier) which then interacts with an Application Contract. The Controller Contract maintains a list of “recovery delegates,” and in the event that a user loses their private key, a quorum of delegate signatures would allow the user to connect a new device to a new private key. However, the user still maintains access to their records since the new device is linked to the persistent identifier held on the Proxy Contract (the 20-byte hexadecimal string defined as the address of the Proxy Contract.)
Data Privacy
A useful digital ID necessarily includes sensitive information such as personal identifiers and medical records, and oftentimes requires a private key to be tied to biometric data in order to prevent the creation of multiple or fraudulent accounts. The MyPass team realized that people “have major concerns about the use of biometrics” and is looking for secure alternatives, including requiring participants to use a combination of a QR code and password in the future². Regulatory compliance (HIPAA, etc.) will also need to be taken into account when these systems are designed. David Dill, a professor emeritus of computer science at Stanford University and founder of the nonprofit Verified Voting, points out that while blockchain technology solves some problems related to e-voting, it “doesn’t deal with authenticating the voters before the election … or the security problems on the voters’ devices⁶.”
The Typical Trilemma
The digital identity use case faces the same trade-offs between scalability, decentralization, and privacy present in many other blockchain use cases. Many of these pilots have chosen to sacrifice some degree of decentralization to ensure better privacy and security. Most of these pilots are being run on permissioned blockchains, utilizing smart contracts to further control access to and preserve confidentiality of sensitive data. Building Blocks initially launched on a public blockchain but ran into scalability issues, finding the public version to be “too slow and too expensive¹⁴.” The ability to scale is also a challenge when considering the viability of e-voting on a national level. Depending on assumptions about platform, txn/s, and how many votes would be included per block, it could take up to two weeks to process a nationwide election with 60% voter participation in the U.S.¹¹ However, using multiple, region-based blockchains could address this issue in the short term while longer term scalability solutions are more fully developed.
For more information on the current limitations of blockchain technology in these use cases, and others, I highly recommend that you check out Building Blockchain Utopia: The Challenges Blockchain Faces Today.
When one regains control over their identity, they can begin to reclaim control over their life. As part of a solution requiring coordination and participation from a wide variety of institutions, nations, and organizations, blockchain technology can help individuals to reclaim this control. While blockchain technology can create dramatic improvements in digital identity, as acknowledged by Yoshiyuki Yamamoto of the U.N., “It can’t be done overnight, we are still at a very early stage⁴.”
References
2.) https://decryptmedia.com/2018/10/01/mypass-helps-down-and-out-in-austin/
5.) https://www.coindesk.com/crypto-valley-declares-blockchain-voting-trial-a-success/
7.) https://blogs.microsoft.com/blog/2018/01/22/partnering-for-a-path-to-digital-identity/
9.) https://hackernoon.com/reimagining-identity-with-blockchain-ab2663bbb04e
11.) https://etd.ohiolink.edu/!etd.send_file?accession=csu1537541901444046&disposition=inline
14.) https://www.technologyreview.com/s/610806/inside-the-jordan-refugee-camp-that-runs-on-blockchain/
