Bruce Schneier, Blockchain and Self-Sovereign Identities

Ivan Basart
Feb 11, 2019 · 5 min read

In case you don’t know who Bruce Schneier is, he is one of the security gurus of the last decades. For those of us who have been working in this industry, he is a key reference. For this reason, he has caused a big stir with his recent opinion published in WIRED, where he states “there is no good reason to trust blockchain technology”.

When you read the article in detail, you realize that his arguments and his criticism are mainly focused on public blockchains (aka permissionless distributed ledgers) and cryptocurrencies, but he extends the statement to all kind of blockchains.

I was a bit shocked with such a radical statement coming from him. In 2016, Bruce Schneier participated in a Blockchain Workshop in Nairobi where he gave a keynote. The video of the talk is here and I would highly recommend you watching it. Using mainly the same arguments that he lays out in his article at WIRED, he arrives to a different conclusion. In his own words “blockchain has a certain value in some scenarios but it is not a panacea”. If I had the chance to talk with Bruce, I would ask him what made him change his mind.

I am more aligned with the Schneier’s 2016 opinion than with his 2019 one. Although there is a lot of hype around Blockchain, it does provide value-add that can be applied in different areas. One of them is Digital Identity, where very promising work is being done.

Blockchain Hype

The hype around Blockchain has been one of Blockchain’s main enemies. Weird initiatives like WhopperCoin or ICOs sponsored by Paris Hilton did not help the technology. I’ve been at events where some entrepreneurs said they planned to use Blockchain for no matter what, only to attract investors. In many cases, Blockchain seemed to be “a solution in search of a problem”.

Lately, this is changing. We are entering into a “crypto winter”. Cryptocurrency prices have taken a sharp fall (I hope nobody else will sell the house to buy bitcoins), many ICOs have been a failure, and regulations are trying to put some fences in this space.

Some people think that we’re reaching the end of the Blockchain era, but in my opinion, we are just at the beginning. Once the noise and the hype are over, more real and valuable work will be developed with this technology.

Self-Sovereign Identities

Against this ocean of Blockchain hype, there are some promising projects. The work being performed around Self-Sovereign Identities (SSI) is an example. SSI is a term that was coined by Christopher Allen, another respected “security guru”.

It is a disrupting paradigm whereby individuals create their own Identity, control all the information (claims) related to it, and decide which part of it they share and with whom in every single moment.

The backbone of SSI is based on Blockchain, as the concept of decentralized Identities is completely aligned with the Blockchain distributed model of trust.

In his publication at WIRED, Schneier is very critic with the model of trust of Blockchain. He states that Blockchain shifts the trust from institutions to technology and that this shift creates new problems. For instance, if your credit card is hacked probably you will get your money back as the Bank has mechanisms to detect that, insurances come into play and so on. If your Bitcoin wallet gets hacked, you have lost your money. When we analyze a system’s trust, it is important to point out that whilst security is something quite objective that is somehow measurable, trust is a very complex concept, and in many cases is subjective (Liars and Outliers is a great book that covers these issues).

In the realm of identity, trust is held by Governments in the physical world. They issue credentials to their citizens. But not all governments around the world are trustworthy parties, and countries could eventually disappear. This means that more than 1 billion people currently live without any officially recognized identity, as stated by, an organization that is trying to resolve this problem using SSI.

In the realm of digital identity, countries have tried to issue digital identity credentials, but those initiatives have been cumbersome and have not met expectations in most cases. The result is that nowadays our digital identity providers are parties like Facebook or Google, whose main business is to sell people’s information. In this context, shifting trust to a new scenario seems quite necessary.

The problem with digital identity is not new and there have been many attempts to solve it. Actually, many of the concepts of SSI come from PGP (designed in 1981). I remember 10 years ago, when I worked at a Certification Authority, that Privilege Management Infrastructure addressed that problem with Certificate Attributes, a very similar approach, and technology to SSI. And there are other big initiatives, like Mobile Connect, trying to solve the same problem.

So the question is why now, why SSI, and why with Blockchain?

In the end, Blockchain is just a piece of the puzzle (actually most of the “magic” of SSI happens off-chain) because it is not just about technology, it is about creating a new ecosystem of trust. But blockchain was the earthquake that made the snowball get started.

Validated ID

Thoughts on Self-Sovereign Identity, Blockchain, and…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store