Digital Identity and the Blockchain

Self-sovereignty isn’t automatic; it must be explicitly architected into any blockchain-based social infrastructure.

Illustration by Joey Gao

Learning Machine has written and spoken publicly about the value and importance of self-sovereign digital identity, not only for the future of technology privacy, but for global citizenship. As the phrase “self-sovereign identity” has caught on over the past year, we have increasingly seen digital and blockchain-based identity solutions describe themselves as self-sovereign, when in fact they are not.

Part of this has to do with the conflation of “blockchain” with “self-sovereignty.” While it is true that the blockchain affords emancipatory potential never before known in human communities, it also creates opportunities for micro-control of human movement and transactions on an unprecedented scale. This is the double-edged sword of any new technology: it can be used to liberate or control. This is why using the blockchain, in and of itself, is not enough to guarantee human freedom and mobility. Rather, self-sovereignty must be explicitly architected into any blockchain-based social infrastructure.

The purpose of this post is survey the field of options and outline how Blockcerts, a claims-based approach to identity, has set the precedent for a mobile wallet (available for iOS and Android) that meets the most important umbrella criteria of digital self-sovereignty: recipient ownership and vendor independence.

  • Recipient ownership means that individuals control the private keys that allow them to demonstrate ownership of money or their digital records.
  • Vendor independence means that access, display, and verification do not rely on any particular vendor. When based on open-source standards, records can be migrated, shared, and verified independent of any vendor.

The combination of these two conditions is the only way to guarantee that important records are durable enough to be useful for a lifetime.

Vendors with Blockchain-based Products for Official Records

It’s difficult to capture every vendor related to this space, but overall the focus is on commercial products that use a public blockchain for anchoring official records. The following chart demonstrates how a sample of current product offerings generally provide solutions that fall into one of four categories: Proof of Existence, Vendor as Notary, Know Your Customer, and Digital Self-Sovereignty.

Sample as of July 2017

Rather than explain the exact relationship between each company, it’s more important to understand the four major categories.

Proof of Existence solutions use the blockchain as a time-stamping notary to guarantee that a particular document hasn’t changed since a particular point in time. These vendors typically use standard open-source approaches so that the blockchain is used for verification, without any ongoing vendor dependence. However, vendors in this quadrant aren’t encoding recipient’s public keys into documents, nor transmitting them to recipients — they are simply providing data verification. This means that document recipients cannot prove the unaltered document was issued to them. None of these vendors should be confused with identity claims for individuals.

Vendor as Notary solutions also provide proof of existence for data and position themselves as products to issue identity documents, like academic credentials. However, they do so in a format that is always dependent upon the vendor for access, hosting, and verification — they do not provide any sort of ownership for individual recipients. In effect, they are using the blockchain to support their vendor-centric approach to verification and stewardship of records.

Know Your Customer solutions typically do provide a mobile app that allows recipients demonstrate ownership of their verified data. While this creates efficiencies within a robust network of participating companies who want more efficient ways to validate customer data, this data is only useful to recipients within the perimeter of a vendor-controlled network. So, while recipient ownership is established, reliance on the vendor is absolute. KYC solutions are promising for many use cases, but shouldn’t be confused with solutions that provide verifiable claims that are useful everywhere.

Digital Self-Sovereignty solutions enable individuals to receive official records that are fully owned by the recipients, with no ongoing dependency upon a vendor for viewing, sharing, or verifying these records. This independence is achieved by three things working in combination:

  • Issuing records in a format based on open standards
  • Issuing records that include the public key of recipients
  • Holding records with an open-source container (i.e. a mobile app) that gives recipients control of their own private keys and continues to operate and survive beyond any particular vendor.

While a mobile app isn’t technically required, it is currently the most convenient way to generate private keys, send public keys to issuers, and hold digital records with the corresponding private key or decentralized identifier.

Learning Machine’s release of Blockcerts in 2016 included the first open-source mobile wallet to enable digital self-sovereignty. It was designed to be usable by any vendor who supports these values. In 2017, Learning Machine released the Android version and provided the first commercial product for issuing records that leverages the openness and convenience of the Blockcerts mobile app.

Images from the Google Play Store

More recently, ConsenSys has been developing a mobile app called uPort, an open-source wallet that is proving popular with Ethereum developers, and they will soon pair this app with features for organizations to issue credentials to recipients. While uPort functions a little differently from Blockcerts, both mobile apps are clear examples of what it means to empower individuals with verifiable claims, which comprise the underlying attributes of identity.

Most customer confusion comes from trying to differentiate between vendors that provide Vendor as Notary services and those that actually enable Digital Self-Sovereignty by providing verifiable claims that are also recipient owned. Simply time stamping records on the blockchain or creating a vendor-owned environment in which recipients can store their records does not empower individuals— they must be able to take their records with them anywhere, store them independently from any vendor or issuing institution, and prove that they own them. That is what digital self-sovereignty means in practice.

Other Initiatives Supporting Self-Sovereignty

Blockstack is another impressive project that allows people to own their data, starting with domain names. Blockstack wasn’t included on the chart above because they aren’t really a product for issuing official records, but they may become a foundational layer upon which new identity applications get built.

A different type of product also worth highlighting is Brave’s browser and their Basic Attention Token. This browser blocks all ads, but allows individuals to opt into receiving payments from advertisers in exchange for sharing some of their browsing data and allowing ads. While this isn’t a wallet to hold official records, the browser can be seen as another extension of self, and Brave’s implementation is another good example of how different initiatives can be driven by values that prioritize individual empowerment.

If you would like to join the technical conversations about digital identity, check out Rebooting Web of Trust and their events held around the world every year. If you are an issuer of official records, your community members (i.e. citizens, employees, students, etc.) deserve a solution that prioritizes their ownership and independence. We invite you to contact us to learn more about how you can provide these benefits for your recipients.