Why We Think Self-Sovereign ID Systems are the Future of Privacy Rights.
According to the Universal Declaration of Human Rights, all of us are endowed with the right to both sovereignty and privacy. But what do the words sovereignty and privacy actually mean to us in today’s world? What will they mean tomorrow? More and more of what makes us who we are is happening and being recorded online. In the wake of high-profile cyber attacks and just business as usual, our sensitive personal information is floating around web, spread around the globe in servers and databases, vulnerable to abuse.
In terms of digital identity, our rights to sovereignty and privacy have yet to be fully recognized in the digital age, because what happens with our data is almost completely out of our control. Initiatives such as the EU General Data Protection Regulation (GDPR) are working to restore some degree of privacy, but even this regulation takes for granted the currently dominant regime of data control and dissemination: a Balkanized patchwork of centralized servers, institutions, and governments — closed and proprietary systems that even under the GDPR’s proposed changes only give us limited control over how our data is used. Managing identifying information in this way creates multiple single points of failure, making it vulnerable to theft, fraud, and abuse.
This patchwork system is designed not with individual privacy and sovereignty in mind, but to further the interests of the centralized organizations that currently have control over our sensitive information, functioning according to incentives that often come into conflict with human rights and dignity. In this way, our identities are fragmented into a multitude of online personas stored on private servers all over the globe, often with sensitive and exploitable personal information. We have no ownership of our own identities, and our information is subject to hacks and institutional abuse. According to the Global Cyber Alliance, 421 billion personal records were hacked in 2016 alone, well before the high-profile Equifax breach, and by 2019, the cost of cybercrime is projected to reach $2 trillion.
Beyond the problem of data management, the current paradigm of how our identities are officially recognized by global institutions can be particularly harmful in cases of regimes that are repressive or antagonistic towards all or a portion of their citizenry, and in cases of conflict, displacement, and human trafficking. According to Freedom House, 2.6 billion people in 2017 (36% of the global population) had no say over how they were governed, with 49 countries lacking basic individual freedoms, and in 2016, UN statistics show that 65.6 million people were displaced by conflict and persecution. Identification documents are losable, forgeable, revocable, and exploitable, and many displaced people around the globe have no access to one at all, hindering their search for asylum and making them vulnerable to human trafficking, forced labor, and sexual exploitation.
This system is also detrimental to the organizations that attempt to aid and provide services to these vulnerable populations, complicating the delivery of aid and holding back the administration of sanctuary requests.
If we intend to meaningfully further the cause of individual sovereignty and privacy rights in the digital age, a person’s identity should not be the property of corrupt governments and profit-incentivized corporations. For initiatives like the GDPR to be successful, they must promote a transition to new systems and solutions. Decentralized technologies like blockchains, which are already being leveraged to revolutionize digital security, privacy, and value exchange, have the potential to place control of personal data back into the hands of individuals.
What is self-sovereign ID?
The concept of self-sovereign identity is a relatively new idea, having arisen primarily in the cryptography and decentralized technology communities in the last decade (see Christopher Allen’s influential summary). The primary goal of self-sovereign identity systems is to give people control over their own identities and personal data, allowing them to determine with whom and how they share identifying information. These systems invite us to redefine the concept of identity for the digital age, removing vulnerable centralized gatekeepers of private data and replacing them with immutable cryptographic protocol. Because these systems exist securely in the blockchain ‘cloud’, they can also eliminate the need to carry physical identification documents if adopted and accepted on a broad scale.
When a conflict arises between the needs of identifying parties and the rights of individual users, self-sovereign systems err on the side of the freedom and rights of the individual over the needs of external organizations and forces that may have malicious intent or incentives that do not align with the wellbeing of the individual. When designed with vulnerable populations in mind, self-sovereign identity systems can provide access to resources, rights, and economic opportunities, while also offering a degree of protection from abuses of power by corrupt regimes.
What does it have to do with blockchain?
While blockchain technology is most widely known as the basis for cryptocurrencies like Bitcoin, its decentralized, secure, trust-minimized nature opens up a host of additional potential applications, one of which is identity management. Proposals for self-sovereign identity systems typically rely on blockchains as their underlying technology.
Blockchains are censorship resistant and fraud resistant. They significantly reduce the need for trust between acting parties and promote individual empowerment. Self-sovereign identity systems built on the blockchain can also be designed in a way that separates sensitive personal data from the ID verification layer, thereby preventing exposure to third parties who may wish to abuse that information.
While the notion of self-sovereignty places individual privacy and agency first, these blockchain systems can also provide valuable benefits to third-party organizations and institutions by externalizing the burden of ID management, trust, and regulatory compliance.
When it comes to digital identity, Blockchains can be used by private for-profit companies in a way designed around their own commercial interests, for example giving people the ability to provide access to their personal data in exchange for certain benefits or payments from the company. If privacy is not a central feature of the design, blockchains can also be used in ways that allow for data exploitation and grant powerful surveillance capabilities to abusive regimes. Alternatively, by developing self-sovereign identity systems in an open-source way, we can place human rights and privacy at the center of the design architecture, of primary importance over for-profit incentives.
About the Zulu Republic Foundation
The Zulu Republic Foundation is a Swiss organization charged with managing the underlying technology of the Zulu Republic blockchain ecosystem. The foundation’s mission is to advance the development of decentralized technologies, to promote human rights and empowerment around the globe, and to reduce the global digital divide.
In support of this mission, the Zulu Republic Foundation is responsible for the following activity:
- Developing open-source distributed ledger technologies (DLT)
- Developing self-sovereign identity technologies (SSI)
- Creating and distributing educational content on the subjects of digital security, privacy, and blockchain technology.
- Maintaining and managing the ZTX token and reserve, and all Zulu Republic smart contracts.
- Incubating and seeding initiatives, businesses, and non-profit organizations that utilize ZTX and/or its underlying open-source technologies in their daily operations.
Currently the Zulu Republic Foundation is developing an ecosystem of platforms on the Ethereum blockchain, combining solutions for both self-sovereign identity (the Zulu Republic Passport) and economic agency (ZTX token and Zulu Pay financial platform). The Zulu Republic Passport will be offered completely free of charge.
Our goal in developing an ideal self-sovereign ID system is guided by the conviction that one’s ability to control their own identity and sensitive data is a fundamental human right. By working to design the systems of tomorrow with this conviction in mind, we aspire to help make the original vision of the internet as a liberating force a meaningful reality.