Pros and Cons of Self-Sovereign Identity — Part 2 (The Cons and What To Do About Them)

There are many positive and valuable benefits to self-sovereign identity, which we’ve covered in a prior post (click here). And in fact, the benefits make pursuing blockchain-based identity incredibly worthwhile for both individuals and enterprises. But let’s not pretend that there are no downsides. There are tradeoffs to everything, and often very positive changes also bring some not-so-positive consquences. In this post, let’s discuss the cons of self-sovereign identity and what can be done to mitigate them.

More personal responsibility for security:

Consider how much time, money, and technology that companies deploy to secure their data — only to continuously suffer hacks, malware, and ransomware. Now think about shifting that security responsibility from companies to yourself. Most people are ill-equipped to deal with this on their own. This can possibly lead to users not knowing for months or years later that their data were breached or otherwise compromised. The good news is that you’ll remember from the pros piece that distributing and decentralizing stored identity data actually makes it harder for hackers because they have to hack everyone individually. Blockchain identity vendors are also looking at this, as well, so users will have to learn to understand the security options of the different vendors in order to pick the best fit.

Short-to-mid-term interoperability and data transfer pains:

Not everyone will use the same identity platform or app, especially in the early days as new identity platforms are getting announced every day. This means that someone who has accounts with two different banks will be asked to download and use two different identity apps, for example. Or that the identity app you’ve chosen isn’t recognized by a vendor you’d like to work with. But this is a temporary problem. As the market evolves, a few key players will take leadership positions and also standards will evolve to make data transfer and interoperability seamless. It’s not going to happen very soon, but it will happen.

Time and complexity in deciding who gets your data:

The advent of GDPR in Europe unleashed a flood of emails from corporations asking individuals to opt-in to having their data used and stored. And while the power to stop a company or other player from having your data is critical, GDPR showed that it’s not an insignificant time investment to go through all of the consent emails to understand what the company wants to do with you data and then decide if you agree or not. Then consider revoking consent even if you previously agreed. Now, as self-sovereign identity gives you the power to do this routinely, it also creates an environment where you need to decide regularly about consent. You might even find yourself frustrated with trying to remember which companies have what data about you and if you want them to still have it. You’ll need to be more proactive and organized in managing consent. Over time, identity apps vendors will figure out how to streamline this process for users, but the effort still won’t go down to zero. And while the effort can be considered a con, keep in mind that the greater benefit is the control over personal data so this is a tradeoff worth making.

There still will be data middlemen:

A big benefit of blockchain and decentralized systems in general is that they have the power to remove middlemen from power, instead building trust among peers in the network. However, while some middlemen will be removed, it’s very likely that others will get created. Consider, for example, a popular use case of self-sovereign identity: the ability for you to profit directly from your data instead of letting companies like Facebook and Google sell your data. Monetizing your own data seems like a great idea, but how will companies know where to find you to ask to buy that data? And where will you post your willingness to sell some of your data? Likely marketplaces that act as search engines and aggregators will pop up to fill these needs. Marketplaces are middlemen. But in this case, the profit is shared with the peers in the network and the marketplace offers a valuable service.

The tradeoffs of self-sovereign identity aren’t insignificant. However, they are addressable and can be minimized over time. But it’s important to consider them early when selecting identity platforms, as each platform addresses each of these tradeoffs differently and to different degrees. Individuals and companies should evaluate their tolerance for each of these when looking for blockchain-based identity solutions and ask about these issues in discussions with the solutions vendors.