Machine Economy Deep Dives: Digital Identity Part II

Will self-sovereign identities be the new normal?

written and researched by Franziska Heintel and Carolina Soto

In our previous article we set the ground by answering basic questions around identity. How do you identify someone or something? Why do we need identities? And, who issues them? We also explained how identities are evolving into being more trusted, more secure, more independent and interoperable, so to say, self-sovereign identities.

In this second article of the Machine Economy Deep Dive series on Digital Identity we will explore self-sovereign identities more in depth, introducing blockchain as one of the enabling decentralized technologies. On top of this, we will outline the potential of digital self-sovereign identities to improve the lives of millions of people in both developing and developed countries.

“Monotone photo” by Warren Wong on Unsplash

Self-sovereign identities are, for what we know now, the last step in the identity evolution. They will be the “State-of-the-art” of digital identities in the near future.

In order to get there and embrace “self-sovereign identity”, newly designed identity systems should consider building their architecture around the Ten Principles of Self-Sovereign Identity defined by Christopher Allen in “The path to self sovereign identity”.

These principles try to cover the basic requirements for a functioning self-sovereign identity. Adhering to them will enhance trust in the digital identity ecosystem for the benefit of citizens (users), governments and businesses.

In short, the above mentioned 10 principles are:

1. Existence: Users have an independent existence that is not wholly digital. Self-sovereign digital identities make some aspects of the user public and accessible, but remain tied to the existence of the user.
2. Control: Users must control their identities and have the ultimate authority on their identity. They must be able to update it and decide on its privacy.
3. Access: Users must have access to their own data and be able to easily retrieve all the claims and other data within their identity. With no hidden data or gatekeepers.
4. Transparency: Systems and algorithms, both in how they function and in how they are managed and updated, have to be open and transparent by design. Anyone should be able to know how they work.
5. Persistence: Identities should last forever, or at least as long as their holder wishes. This must not contradict a “right to be forgotten”; a user should be able to delete his identity if he wishes, and claims should be modified or removed over time. This requires a firm separation between an identity and its claims: they shouldn’t be tied forever.
6. Portability: Users must be able to transport their identities and not having to rely on third parties to hold this information — even if acting in the best interest of the user. This ensures the persistence and independence of a user’s identity.
7. Interoperability: Identities should be as widely cross-usable as possible. Instead of having multiple silo-ed identities, there must be one general identity that operates cross-(service)-borders.
8. Consent: Users must freely agree to the use of their identity. Sharing of data (claims) must be subject to deliberate consent from the user.
9. Minimization: Only the minimum amount of data should be disclosed to accomplish a task. For example, if only a minimum age is called for, then the exact age should not be disclosed, and if only an age is requested, then the more precise date of birth should not be disclosed.
10. Protection: The rights of individual users must be protected by always acting on the side of preserving the freedom and rights of the individual over the needs of the network.

Do you know who you are dealing with on the internet? Photo by Tom Sodoge on Unsplash

In this ideal case where everyone —and possibly everything? — holds a self-sovereign identity, data ownership and vendor independence are in their highest degree.

So far, so good. But, what is wrong with the current system? Why do we need self-sovereign identity solutions and how can they improve industry as well as private life?

What challenges can be overcome by using digital self-sovereign identities?

In general, digital identities have proven to broaden the users’ possibilities to participate in the increasingly digital world. Nonetheless, the use and definition of a digital identity can vary depending on the provider. As uPort’s lead engineer Pelle Braendgaard puts it:

“for governments, identity is a mechanism for taxing citizens and providing them benefits. In the case of large companies, they need to provide access control to their offices and systems for managing their employees and customers. For web 2.0 companies, Identity exists in the form of Facebook Connect, Google Login, or your good old email address. For fintech companies Identity is all about KYC. Ethereum dApps might just want to know your Ethereum address. For NGOs it’s about providing Identities to refugees and others without valid forms of identification.”

Following this idea, each person would eventually hold several identifications depending on the provider, and would not be in charge of his own data. Furthermore, privacy issues (e.g. government mass surveillance) and identity thefts (private information of 143 million consumer was breached from the EQUIFAX servers last year) remain a key problem of digital identities.

By using blockchain to provide self-sovereign identities, the power and ownership of data is shifted to the user with a more private, more secure and more useful identity that works independent of the context. Self-sovereign identity providers like Sovrin and uport promise to deliver these benefits by storing user information with the user, assuring trust with claims that can be issued and verified by trusted parties and between users, and guarantee privacy with a selective access to data.

How can digital self-sovereign identities solve identity problems of developing nations?

According to the latest World Bank data, there are estimated 1.1 billion people around the world who can’t prove who they are, as they lack an officially recognized document that identifies them. Among these are refugees, stateless and forcibly displaced people whose lack of identification deprives them from fundamental rights, protection, and access to basic services (government, healthcare, financial, telecommunications, legal aid, etc).

Blockchain has the potential of leapfrogging identity solutions by using the lack of existing infrastructure as an opportunity to adopt the most advanced methods. For instance, children born in conflict zones or refugee camps have limited chances to get in a central government registration system and usually remain unregistered. Initiatives like Tykn are tackling this issue by providing a BaaS (Blockchain-as-a-service) solution to NGOs who are present in these conflict areas. Another initiative, the IDbox, aims to even give people the ability to prove their unique identity with a unique Blockchain record only by using an ordinary mobile phone (no internet connection needed). This can

“help gaining access to fundamental human rights, government services, micro-finance and micro-insurance.” (IDbox website)

Solutions like these have the potential of building an accessible and verifiable ID system, which can ease KYC processes and expand the possibilities of previously “invisible” people to use financial services. This is also applicable for accessing health services where the availability of medical data and other personal data (e.g. nationality) can help identify people who are entitled to specific health benefits and services (e.g. insurance, vaccination programs, etc.)

“Spooky woman behind the curtain” by Steinar Engeland on Unsplash

Digital identities play a role in gender equality too. In some countries like Pakistan and Malawi, women are less likely to have a personal ID than men because of social, cultural and economic barriers. For these women, not having an identity can deprive them from claiming their rights over assets and access public and private services.

There is no “perfect” solution for a holistic digital (self-sovereign) identity management yet, but there are many ambitious initiatives striving for it.

In summary, we see huge potential in new identity solutions for both developed countries:

• increase in user convenience (fewer data silos)
• privacy
• user-owned content
• efficiency increase
• trustless trust

as well as for developing countries:

• better enforcement of basic human rights
• equality
• access to online services like finance and insurance

We are excited about this new era of identity arising and want to support the development of those solutions through strategic investments in this space. Stay tuned for our next article in which we will elaborate more on use cases and the blockchain ecosystem tackling identity problems.

Find out more about self-sovereign identities and how the identity + blockchain ecosystem is taking shape in the Part III of our Digital Identity Deep Dive series soon!

✨ Last but not least, thanks for great thoughts, inspiration, content and data go to… (aka sources — check these out for further reading, too!):

• Allen, C. (2016, April 25). The Path to Self-Sovereign Identity. Retrieved from http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html
• GSMA; World Bank Group; Security Identity Alliance. 2016. Digital Identity : Towards Shared Principles for Public and Private Sector Cooperation. World Bank, Washington, DC. © World Bank. https://openknowledge.worldbank.org/handle/10986/24920 License: CC BY 3.0 IGO.
• The World Bank. (2016, March 1). Making the invisible billion more visible: the power of digital identification. Retrieved from https://blogs.worldbank.org/ic4d/making-invisible-billion-more-visible-power-digital-identification
• The World Bank. (2017, October 12). 1.1 Billion ‘Invisible? People without ID are Priority for new High Level Advisory Council on Identification for Development. Retrieved from http://www.worldbank.org/en/news/press-release/2017/10/12/11-billion-invisible-people-without-id-are-priority-for-new-high-level-advisory-council-on-identification-for-development
• World Economic Forum. (2018, January). The Known Traveller — Unlocking the potential of digital identity for secure and seamless travel. Retrieved from http://www3.weforum.org/docs/WEF_The_Known_Traveller_Digital_Identity_Concept.pdf?utm_content=buffer23462&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
• World Economic Forum. (2018, January 25). Digital Identity — Why It Matters and Why It’s Important We Get It Right. Retrieved from https://www.weforum.org/press/2018/01/digital-identity-why-it-matters-and-why-it-s-important-we-get-it-right/

👏🏼 If you enjoyed reading this piece leave us a clap or comment below. We are curious to hear your thoughts!

🤖 We are the machine economy team of the innogy Innovation Hub and believe in a future that is decentralized and enabled by machine-to-machine transactions.

💌 This is only the beginning! There will be more “deep dives” in future, so make sure to follow our Medium channel to stay updated. See you soon!

💡If you are a startup working in the field of digital self-sovereign identities or are just curious about the topic, feel free to contact us!

andreacarolina.soto@innogy.com