WHY THIS MATTERS IN BRIEF
- You lost control of your online information, and your online identity, almost a decade ago, but now companies are using new technologies to help you regain control of it
The Sovrin Foundation, a non profit organisation who’s building a range of online “Self-Sovereign Identity” and management tools using blockchain and a mix of other distributed ledger inspired technologies, has announced that it’s been accepted into the Hyperledger Indy project, run by the Linux Foundation, and at the root of all this is the “problem of identity” which I see as two fold.
Firstly there are the two billion people in the world, especially in the developing world, who have no way to prove who they are, meaning have limited to no access to credit, insurance, or services, and secondly, the fact that none of us have control of our own online identities, has vexed, and angered people for years.
I for one know how much of a prickly issue this is because when I raise the topic of privacy – online and offline – during my talks everyone in the audience becomes really animated… then they go back to sleep again.
The result of all of this is that now we have flocks of well meaning developers homing in on the topic, and on the one hand some are trying to solve the first problem, such as the blockchain ID2020 project, and now, on the other we have companies like the Sovrin Foundation and others.
In many cases many of the companies facing off against the second problem see new, emerging technologies as a way to scoop up all the scraps of an individual’s online identity, consolidate them and put them under the individual’s control.
Control my own identity you ask? Why yes… amazing I know!
Today, we lack that control, and while many people say that we surrendered it I argue that we had no option, and no alternative, because the systems to help us control and protect our own identities online simply didn’t, and still doesn’t exist. And unless something is done about it, and quickly, as companies start acquiring the capabilities to pull images, secrets and streaming movies straight from our heads, and track us in real time using global satellite networks, and much more besides, things will only get worse in the future as companies capture even more pertinent and personal information about us.
Look at it this way – while I’m sure you and I could have a long conversation about today’s rubbish state of affairs and the lack of privacy, which I think one day itself might be sold as a “luxury” service by the way, the fact of the matter remains that if you slammed your fist on the table, yelled “Damn it! I’m going to take back control of my identity!” you couldn’t.
Off you go – see how far you get. I’ll sit here twiddling my thumbs.
The state of affairs has gotten so bad if fact that now the very companies who are most responsible for scraping and piecing together our online identities and behaviours, such as Amazon, Facebook, Google and Twitter are now slowly turning into the world’s standard “identity verifiers” across most domains, the examples of which are all around you.
Want to log in and leave a comment? Just sign in with your Twitter account. Want a loan? Let’s run a contextual analysis of all the information on your Facebook profile – your comments, your photos, your circle of friends, likes and at least 450 other major data points. And so on.
The problem with all this of course is that if these companies disappear, which in some cases, let’s face it, is unlikely, then so does your identity. But in addition to that, if the information any of these companies hold on you, or the people in your circle, is incorrect then you could suddenly find your mortgage application is declined. Even worse, it’s unlikely you’ll ever know the real reason why – and it could all be because you posted a photo of you burning fake money on Facebook which the banks analytics system thought was real….
These systems are getting that accurate, and going that deep… don’t under estimate them. Does your Facebook profile always show you smoking and eating burgers? Get ready for your health insurance to increase…
The upshot of all of this is that things are starting to get messy and the person that this is all going to affect? Well, that’s you.
This is where the Sovrin Foundation comes in. According to Phil Windley, the chair of the Sovrin Foundation, the best way to fix all this is to use distributed ledger technology to make something that looks more like what we have offline.
“In the physical world I go to my pharmacy and they ask for my driver’s license to prove I’m over 18 and I supply it to them. They don’t have to have a direct connection to the Department of Motor Vehicles. They don’t have to have any kind of API integration to make that work. Because I am the conveyer of this verifiable claim called a driver’s license. That hasn’t been possible on the internet and Sovrin makes that possible,” says Windley.
In this alternate view, it is the individual now who possesses all the pieces of their identity, which ranges from mundane testimonials about what your favourite movie is, mine is Terminator, obviously, although my Facebook profile says it’s Tangled… which is definitely isn’t, to critical information like your age and date of birth.
In Sovrin, these facts about you, or pointers for where to find these facts, would all reside on a distributed public ledger which you alone had the authority to access and share. Other entities, however, could modify your claim by signing off on them with a cryptographic key, thereby adding weight and credibility to the pieces of your identity.
For example, you may have an identity on the Sovrin network which specifies your driver’s license number and that information might be signed by your state’s DMV.
Sovrin’s system is a ledger that is replicated over multiple nodes that all coordinate to make updates and police the system and which together make up the Sovrin network, and the nodes are invite only, meaning that the ledger is public, but permissioned. As a result, Sovrin functions without the participation of miners, which makes it less expensive and less energy hungry than your typical open Blockchain platform.
Windley says that he envisions the first applications coming from the financial sector. Banks could participate as node operators to maintain the ledger and provide it as the repository for their customers’ identities. If given permission by the customer, multiple banks could access this information in a single place in order to comply with Know-Your-Customer (KYC) regulations.
By joining Hyperledger Indy, Sovrin is donating all of its code and getting back developer power in return, and there are currently, fortunately for us, lots of other groups working to build out self-sovereign identity systems.
Bitnation, for example, began using the blockchain to issue its own nation state-independent version of a passport in 2014, and that project now resides on the Ethereum network which also supports another identity management tool called uPort. Meanwhile, another company, Civic is building out a similar project using Bitcoin but Windley doesn’t necessarily see them as competition.
“I believe that there won’t be a single identity solution; there’s going to be multiples,” he says, “we’re going to live in a world with multiple identity systems because they have different properties and [meet] different needs.”
It’s time for you to take back control of yourself, and for yourself. Good luck, whoever you are – and don’t forget to log in to my site using Twitter just so I know it’s you…