Why self-sovereign identity matters
It’s one thing to identify yourself in person with an ID. Identifying yourself online? That’s a whole different story. Here’s what you need to know about digital identity, today — as well as why you should be super excited about the momentum surrounding the self sovereign identity (SSI) movement.
Table of contents:
In most cases in the real world, you can easily and reliably prove your identity by presenting your driver’s license, passport, or credit card. A police officer, bank clerk, or liquor vendor can clearly confirm your details by glancing over the document — or in higher security incidents, could further scan the document to guarantee authenticity. In all, the process only takes a moment and by the end of it, your ID is returned to you and back in your wallet.
It’s not an easy protocol to replicate online — when we’re only present as a digital entity.
On the internet, your digital identity represents you as a unique real-life person in a secure digital format. In fact, we likely have many different virtual identities across a spectrum of platforms and services. The hope is that all these disparate identities link back to the person they’re supposed to represent — in this case, the real you.
As more and more of our social interactions and economic transactions migrate to the digital realm, so too have the stakes increased — and with that, comes more sophisticated criminals and scammers. As the threat of cyber attacks and data breaches continues to balloon, it’s never been more critical to have a holistic comprehension of what exactly your digital identity is and the role it plays.
NOTE: While a digital identity can also represent entities like institutions or applications, for the purposes of this piece, we will only refer to digital identity in the context of personal identities.
1. Digital identity 101
One way to think about a digital identity is that it’s a digital representation of a real-life person’s set of identifying attributes.
That could mean personal information such as your date of birth, your home address, or your mother’s maiden name. Or it could mean a secret passcode, a photograph, or even facial biometric data.
Those identifying attributes are then organized in a way such that a software application is able to recognize and authenticate that you are the person you are claiming to be. In other words, a digital identity allows us to build trust online such that we can interact and transact much like we do in the real world.
I) A deeper dive on identifiable attributes
As our parents may have told us when we’re young, we’re all special and unique individuals.
Every human being has a specific name, birth date, demographic, and biometric profile. We also have various documentation linked to us — such as a social security number, government-issued ID, or passport, but also things like your insurance policies, medical records, or utility bills. And then online, we have email addresses and social media accounts.
All of these are identifiers that can be linked to you as a person. But there is another dimension of digital identity.
While navigating the internet, our activity — with or without our knowledge — is often tracked. (You’ve probably heard of or are familiar with the term “cookie.”) And because that activity can be linked to the identifies mentioned above (email, social accounts, etc.), our online behavior (or shadow data) can be traced back to us. That could mean the websites you browse, your search history, things you’ve downloaded, or even items purchased.
This kind of tracking allows platforms and services to deliver algorithmic content feeds, targeted ads, or in general, simply a more bespoke user experience. The downside, of course, includes not only malicious actors who might abuse that power but also the mere fact that we’re unwittingly contributing to an ever-growing database of personal behavioral records that we generally have little agency over.
II) On the internet, no one’s truly anonymous
Given all that sensitive and valuable personal data, companies wield immense responsibility when it comes to protecting their customers. In order to protect user privacy, firm’s will employ certain technological mechanisms and processes like tokenization and cryptography in order to “anonymize” their data sets. That way, PII is essentially scrubbed of any data that could link that info to the person at hand.
That’s a good start, but it’s not a full-proof solution. Would-be fraudsters could, with access to enough data, still connect the dots even if the data’s been scrubbed — allowing them to map out a relatively detailed profile of your digital activity and online history.
2. Understanding self-sovereign identity (SSI)
Self-sovereign identity (SSI), as a concept, dates back many years but as a movement has only started to build momentum more recently.
As its name suggests, a self-sovereign identity puts the users at the center and grants them sole ownership and exclusive administrative rights of their identities.
In other words, rather than having companies, governments, or online platforms manage and leverage (and monetize) the personal information linked to your identity, you control how your data serves you.
(We’ll be providing a more in-depth breakdown of SSI, exactly how it works, and the technical specifications behind it in a future piece.)
NOTE: Self-sovereign identities can also represent other entities, but for the purpose of this article, we will only refer to SSI in the context of personal identities.
I) Multiple channels, one autonomy
Whenever we log on, we engage with a countless variety of websites, platforms, and services. At each juncture, we rely on third-party points of entry or authorization to allow us to proceed, interact, or transact.
Along the way, these intermediaries also gain access and insight into our personal data and behavior and in many cases, become privy to information irrelevant for the necessary authorizations.
That’s the way the world works, today.
SSI, on the other hand, shifts that power back to the users, allowing us to authenticate and selectively attest only the required piece of identity information. In fact, it eliminates the need to share and expose personal data altogether for most situations — while providing users with the same access and the businesses the same level of trust (or greater) as traditional protocols.
With SSI, users are presented with a greater level of control and ownership, enhanced flexibility, and expanded flexibility.
And that’s just the beginning. A world built around SSI means that every individual will be empowered with their own globally accessible digital identity, providing everyone access to the modern economy — compared to the billions today who lack access even to a basic bank account.
3. The million-dollar question
Here’s the thing. Addressing the problem of digital identities is one of the looming challenges of our times. Your identity is your key to the modern world, allowing you to actively participate and engage with society and the global economy.
And fixing identity will set the tone for this next chapter that we’re entering into when it comes to the convergence of our digital and physical realities. It affects how we interact with our family, friends, and communities; how we receive and distribute information; and how we buy and sell goods and services.
It also sets new precedents and norms for how we move forward collectively — in how we deal with issues like financial inclusion, fake news and botnets, and even the outcome of our democratic elections.
Here’s what we should be thinking about:
- Rights: As users of online services and platforms, we have the right to the privacy and protection of our data, particularly personally identifiable information (PII). Preventive measures can go a long way and autonomy over our data could mitigate the cases of identity abuse.
- Responsibility: As members of societies, both offline and online, we share a responsibility to cultivate a safe environment where fraudsters cannot hide in anonymity and where new contacts or transactions can be attested for to ensure trust.
- Value: With a secure, reliable, and interoperable digital or self-sovereign identity, users can safely enter into interactions with a variety of businesses, organizations and other users. For service providers, organizations, banks, healthcare services, education institutions, to online platforms, news publishers and social media, smarter identity frameworks will enhance their ability to deliver better and more innovative products and services.
Because that’s the thing. Our digital identity is more than just a set of identifiers in digital format. It’s the building block for a modern society and economy. We owe it to ourselves and each other to get this right.
Join a growing trusted community and experience how trusted identity works for you.