Decentralized identity can be the technology cure for COVID-19.
Will the cure for coronavirus, and the potential pandemics of the near future, mean a fundamental loss of privacy and the emergance of a super-serveillance state? Many fear so, as mass testing, tracking, and tracing become urgent and necessary to re-starting economies. A slew of concerned news stories converge on a seemingly inevitable “trade-off between privacy and public health.”
The good news is that we have a vaccine for loss of privacy. It’s been developed over a decade, and it’s already being used in projects around the world.
It’s called decentralized identity.
The problem with our current system of centralized identity
Decentralized identity is built on new technologies and processes, some of which you’ve probably heard about, like blockchain, and some of which you probably haven’t, like DIDs, public and private keys, and zero-knowledge proofs. The bottom line is that all of these enable us to move from a world where identity is analogue (offline, we have to physically give someone a card or document to prove something about ourselves) and centralized (online, we have to create a login, password, and profile in someone’s database) to a world where identity is digital and decentralized.
This is a good thing.
- Think about all the documents and records your bank requests if you want to get a mortgage.
- Think about the hassle of sending physical copies of your transcripts, certificates, or degrees.
- Think about the gazillion passwords you need to function online—and how businesses and corporations struggle to keep your data from being hacked.
- Think about the expensive nightmare that businesses and organizations face trying to verify who you are and then trying to keep that verification data from being hacked.
- Think about all the regulation that’s going to punish businesses and organizations for mishandling your data.
And—as this is being written during a global pandemic—think about the actual danger of sharing physical ID or using a touch screen. Think about the myriad aspects of daily business that depend on physical document exchanges.
This way of handling identity, verifying that you and I are really who we say we are, and sharing our data isn’t working. Most people know it’s not working. And Covid-19 has arrived like gasoline to a dumpster fire.
Decentralized identity extinguishes all these problems.
But what do we mean by decentralized? Explanations of the technology tend to quickly get bogged down in lots of new terminology and concepts, so let’s start with the basics.
How do you prove you are you?
From the moment of birth, we, typically, get a series of documents to prove who we are:
- Birth certificates
- Social security numbers
- Driver’s licenses
We also accumulate documents that expand our identity:
- Bank accounts and cards
- Loans, mortgages, rental agreements, utility bills, and so on.
These are all trusted because we trust the processes that create them and the institutions that issue them.
Online, these documents have to be copied—the details extracted—and all the solidity and security of the offline world melts away. We can’t physically show up to give our credit card details and show our photo ID to prove that’s our name on the credit card. Instead, it’s a giant game of trust and risk mitigation, as we share personal identifying information over and over again to prove who we are. Instead of a watermark or some physical security device to ensure authenticity, we’re asked for more and more personal information in the hope that more triangulates into sufficient proof.
What we need is a system that gives the digital versions of all these analogue pieces of identity a uniqueness that only we can share—and where institutions can verify that someone they trust has given them to us.
Blockchain transforms identity
This is where a blockchain comes in. Think of it as a virtual ledger for creating a permanent, unalterable record of something. This information can be replicated across the ledger where it can be read, but it can’t be altered or stolen.
- What if all the things we use to prove our identities had a digital proof that’s issued and anchored on a blockchain?
- What if we could use an app to share those proofs of identity—or just select bits of information that these IDs contain, like our age?
- What if the people we share this information with could check all these claims using what was written on the blockchain by trusted issuers?
This is decentralization. We don’t have to go through an intermediary organization or company like Facebook or Google, to prove who we are. Yes, we still have to trust the institutions that issue the IDs in the first place. But we can use all kinds of information to prove who we are—and it’s up to others whether they accept those “identity claims” or not.
Cryptography is the second critical move
We want people to be able to verify things about us, but we don’t necessarily want them to hold onto this information, or copy it, or share it with others. So, instead of sharing our actual information, we share an encrypted proof that that information exists—a cross check.
That’s what a blockchain allows us to do.
Each cross check is uniquely encrypted. If you went to 10 different online stores and bought something in each of them each cross check would be as if you used a different credit card. The retailers are not relying on the numbers or the expiration date or the special code on the back to determine whether that card has been issued to you. Instead, they can verify all these things by verifying that you are the owner of the card—and that a bank trusted all your other IDs to give you that card.
As long as the retailer trusts the digital credential issued by your state’s motor vehicle administration or passport office or your bank– bingo! Know-your-customer is radically simplified. Compliance with data protection regulation stops being an expensive, confusing burden.
From blockchain to distributed ledger to trust
What will this mean in practice?
- No need for profiles.
- No more logins or passwords.
- No storing your details in a database.
It could be as simple as presenting a QR code on your mobile device. Not for nothing did Forrester Research describe decentralized identity as a “win-win” for consumers and businesses.
The second way in which this system is “decentralized” is that the blockchain is distributed. No single company or entity owns the ledger. Instead, it is hosted on a series of independent computer nodes whose owners agree to a shared set of rules governing its operation. There are many different kinds of public and private ledgers but the underlying point to all of them is that trust is distributed. To run the ledger, there has to be consensus among all the nodes, which means the more nodes there are, the more robust and trustworthy the network.
In practical terms, decentralized identity means that a retailer or official doesn’t need to physically touch your driver’s license or credit card in order to inspect its authenticity. And, correspondingly, we don’t need to hand over plastic cards or exchange papers or use a touch screen ever again. Contactless transactions become secure because they will be backed by a process of cryptographic cross checking.
Decentralized identity and the Coronavirus
In terms of our current predicament, think about the much-discussed idea of immunity passports as a way of bringing the world back to life. A decentralized identity system would mean that proving your immunity anywhere in the world would require only the minimum amount of information to prove you have been vaccinated or have antibodies (a proof issued by a hospital or health authority) and say a photo to enter a venue, go to work, or travel. You wouldn’t have to go through an intermediary like Facebook or Google, where this—and other personal data could be held.
Or you could share whether you have contracted COVID-19 to those you have been in physical proximity without disclosing your name. Contact tracing applications could use a digital credential stored in your smartphone that can be securely exchanged with everyone you come into contact with but you get to choose exactly what information is read. In other words, you can help fight the pandemic by sharing your location data, or your health status, and still feel safe knowing that there is no way to tie it to your name. Your data will not be owned or stored in a centralized database controlled by a big tech giant.
Decentralized identity enables us to create all sorts of solutions to problems that require sharing data while preserving privacy. It’s a new kind of freedom for individuals.
We’d like to hear more from you about how decentralized identity can be used for good—or how we can help you implement digital identity for contact tracing.