In our ever-evolving intelligence era, data is increasingly the new form of currency. Intelligence enterprise has been centred around using data to automate and simplify processes but is now also emerging as a profitable way to advertise and target consumers. The current digital landscape has increasingly become one where personal data is exploited for financial gain.
Identity management has evolved from physical documentation to current forms of verification in which we need to provide identity to every website we visit. This varies from a site using a cookie to remember us to setting up a login and password for different websites. That’s thousands and thousands of different networks with different aspects of your personal data. Oftentimes we have to provide ‘real-world’ documentation to verify our identity online.
The Exploitation of Data
Different digital networks store our information on their databases, making it ripe for commercial exploitation and hacking. Data is controlled, circulated and manipulated by big tech companies like Facebook and Google and then sold off to advertisers.
More terrifyingly, data has been harnessed as a form of political intelligence that is accumulated and used to manipulate your views and vote. Facebook has been embroiled in the Cambridge Analytica scandal, where 50 million Facebook users’ personal data was allegedly harvested without their consent. This allowed Cambridge Analytica to develop an algorithm that targeted US voters during the 2016 election.
Although social media operates under the guise of being ‘free’, it’s become clear that while social media networks may not require any monetary contribution, we pay through the exploitation of our personal data. This has rightly outraged people around the world as the precarious nature of data-harvesting continues to emerge. This makes digital data an area ripe for disruption.
Blockchain as the Solution
There is a growing call for data control and autonomy and for good reason. The decentralised technology of Blockchain presents an infrastructural shift that will greatly transform and repair the digital economy. The notion of self-sovereign identity is a way to make the digital economy more inclusive and equal.
The concept of SSI would mean that for the first time, we would be the custodians of our own personal data. Taking control of our data would mean that we could choose who could obtain our data and once and for all determine how much it’s worth.
Self-Sovereign Identity (SSI) refers to the idea of individuals or organisations having sole ownership of their digital and analogue identities. This would empower the user with complete control over how personal data is shared and used. Personal data would ,therefore, be completely secure as the identity holder would only divulge the necessary data for any given transaction or interaction.
To understand how an SSI system would work, we first need to characterise the function of identity and the processes by which it is declared and verified. Claims, proofs and attestations are the defining features of identity:
- A claim is an assentation made by a person or business such as “my name is”
- A proof functions as a document that verifies your claim like a licence or birth certificate
- An attestation is a third-party substantiation of your claim, like the tax department verifying your record of previous employment or a university confirming your enrolment
The SSI model seeks to resolve the trust issues that come with identity management. In this approach, a user can store all their identity-related data on their own device. An SSI begins as a number that is exclusive to the individual. This private key can then associate with public keys on all identity-related matters.
From this basis, the user can then make identity claims which a Trusted Provider can then validate and sign off on. Identity-holders can ,therefore, allow others the right to see and authenticate their claim without having access to the original information or non-related data. In simple terms, an SSI model refers to a system whereby our identities are verifiable and visible to others without anyone actually being able to see or know what the information is. This is where the SSI model ends itself to Zero-Knowledge Proofs (ZKP).
Integrating an SSI system with ZKP would allow individuals to have complete data autonomy. ZKP is a verification method which includes statements about personal knowledge. The certifying party can prove that something is true to the other party, that being the verifying party. No other additional information is needed to complete this data exchange.
So how do you know that the information being provided is authentic? The identity ‘proof’ uses a cryptographic hash function that confirms beyond any doubt that the identity claim is accurate.
How It Works
So what would this model look like? How would it apply to our everyday activities and interactions? Well, a relevant example would be a Trusted Provider using the SSI system to verify that a person is over 18 years of age. The Trusted Provider may use a driver’s license to do this, so only this information would be obtained by the service provider or website. No other identifying information would be needed.
In the case of professional networks, a business may search a database for a candidate that meets their requirements and then pay a fee via a smart contract for their details. This would simplify the hiring process and eliminate the need for third-party recruiters.
This model could only function on a decentralised, human-readable ID system that has the security capacity to manage it. Blockchain technology provides a transparent, immutable platform on which public information can be stored and transferred between relevant parties. In this system, a ZKP protocol would allow individuals to feed a hashed value to verifies such as banks, hospitals and governmental bodies.
This system of verification will increase consumer confidence when it comes to digital transactions and the potential for data theft and exploitation. It would also eliminate the need for various third-parties to have access to your identifying information.
When it comes to profiting off the data you decide to share, there may be a possibility to exchange and share your personal information in exchange for a reward or financial reimbursement. When individuals are charged with the responsibility of their own data, the possibilities for data exchange and transactions increase.
It’s not that much of a stretch to say that as the conceptions of SSI are realised, individuals may be assigned their own digital identities as soon as they are born.