Blockchain To The Rescue Creating A ‘New Future’ For Digital Identities
The turn of the 21st century brought excitement as the Internet started evolving into the network that we know today as more companies finally grasped the level of innovation and before fully exploiting the web’s potential. In the years since, everything from communication to finance to entertainment has largely migrated online.
Most importantly, individuals are spending more time connected than ever before – either through smartphones and mobile devices – or from their desktops and laptop computers.
Even so, this sea change of innovation brings with it a dark undercurrent. As technology advanced and allowed for faster and safer communication, hackers and other cybercriminals have been busy finding better ways around these systems.
Now while figures do vary as to the exact extent of cybercrime, according to the Official 2017 Annual Cybercrime Report from Cybersecurity Ventures published this October, it will cost the world $6 trillion annually by 2021 – up from $3 trillion in 2015.
One of the major vulnerabilities today is the use of traditional passwords and similar methods to protect users’ identities online. While newer methods offer better security, these solutions have been proven time and again to be fairly effective at best, but risk terrible breaches in the worst-case scenario.
However, the introduction of Blockchain-based identification mechanisms to security problems could offer an interesting solution.
The use of so-called self-sovereign ID, a form of identification that is unalterable and almost completely secure, could change the way individuals use and access their identities and sensitive data online.
In addition to Blockchain’s inherent security benefits, self-sovereign ID shows potential as a tool that could drive substantial innovation across several sectors.
As to the global market for Personal ID credentials to highlight matters, it was valued at $8.7 billion in 2016, and according to a report by Smithers Pirahas been forecast to reach $9.7 billion by 2021. The increase in market growth equals a global compound annual growth rate (CAGR) over the 5 years of 2%. Asia represents more than 60% of the global market for personal ID.
Separately, a forecast from Research & Markets early last year indicated that the identity & access management market would grow from $8.09 billion in 2016 to $14.82 billion by 2021, at a CAGR of 12.9% between 2016 and 2021.
Cracks Show In The Wall
The current standards for cybersecurity and identity protection have been in place essentially since the Internet became publicly available. Passwords, and more recently 2-factor authentication (2FA), proved to be more than enough for decades. That said, the rate at which hacking attacks occur has skyrocketed in recent years, and passwords are increasingly an unsafe mechanism to protect users’ identities online.
A recent study conducted by a cybersecurity firm Preempt revealed that a whopping 1 in 5 enterprise professionals use passwords weak enough to be hacked easily. Even worse, roughly 7% use ‘extremely weak’ credentials such as ‘123456’.
More concerning is that even stronger passwords can still be cracked with relative ease by experienced hackers. Even 2FA, which has been hailed as a silver bullet for password security, displays mixed results.
While in theory the system offers more robust protection, its implementation across the web is uneven at best, and in many cases weak enough that an enterprising criminal could circumvent it with little difficulty.
Other measures such as biometrics have proven more successful, yet are still too expensive or impractical to be deemed universal solutions. In the end, users’ identities and sensitive online data is protected by a wall that over the past decade has started to show significant cracks.
Blockchain has been hailed for several reasons, including how its architecture makes it inherently safer than traditional centralized networks. Protection from DDoS (Distributed Denial of Service) attacks and network hacks is incredibly useful, but its applicability for individual users is murkier.
Still, the technology has allowed for a creative solution to the problem of protecting and proving a person’s identity more efficiently – self-sovereign ID. The idea of a digital identity has several potential benefits, and strengthening it with Blockchain makes it a more fungible and realistic possibility.
Self-sovereign ID is a digital identification – much like an offline solution like a driving license or passport – that users can present online, without requiring passwords or other verification, to certify their identity.
Most importantly, this digital ID could collect all the small bits of a user’s identity floating online like social security information, medical records, social media credentials, and use a single key that is stored on Blockchain’s ledger. This enables users to keep their information private, simply sharing a public key generated on the ledger that can verify their identity.
This new paradigm could have several applications and change how users control both their personal data and their identities online according industry protagonists.
For pure identification reasons, a self-sovereign ID could quickly replace the myriad documents people use daily – be it licenses, passports, Social Security cards, medical insurance cards – with a single key that can be matched against an immutable ledger.
Governments could take advantage of this for voting identification, as well as to provide a variety of public services and satisfy bureaucratic needs. Already, companies such as Civic are working to find voting applications for self-sovereign ID, with some promising results.
Others such as VALID are focused exclusively on offering users better control over their identity and private data online. The Swiss-based foundation is creating a platform that grants users full control over their online information, including demographic data and personal documentation.
At its core is a user-controlled digital identity solution allowing people to transact online securely and seamlessly, while safeguarding all their sensitive personal data. More importantly, it takes the power to monetize this data away from companies that can put users at risk, and instead returns this control to individuals.
VALID, which is headed by CEO and founder Daniel Gasteiger, an entrepreneur with over 20 years of managing director level banking experience at Credit Suisse and UBS in London and Zurich, enables users to utilize their ID to log in to platforms. It can also sell their information in a safe and anonymous way – their personally identifying information such as names and social security details are not included – to be used for research or marketing purposes.
Data Protection Regulation
All this comes against the backdrop of a new European privacy regulation called the General Data Protection Regulation (GDPR), which is scheduled to come into force in May 2018. This will apply to all businesses selling to and storing personal information about residents in Europe, including companies located on other continents.
Under GDPR, individuals will have the right to gain confirmation from companies as to whether or not personal data about them is being processed, where and for what purpose(s). Add to that they will have the right to a copy of their personal data being stored and processed – free of charge – in an electronic format.
GDPR has wide ramifications and repercussions on the way businesses throughout Europe and quite possibly beyond, in terms of how they handle data and their accountability for the process.
Highlighting the initial spillover of this regulation from Europe to other jurisdictions, recent guidance issued by the Office of the Australian Information Commissioner has stipulated that from May 2018, Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviors of individuals in the EU.
A statement in a whitepaper from VALID, which outlined their project ambitions and details their forthcoming token sale read: “While GDPR does create challenges for some businesses, it also creates opportunities. Companies that employ innovative, privacy-respecting ways of reaching out to customers, beyond mere legal compliance, are likely to build deeper trust and retain more customers than those that do not.”
As individuals continue to increase their time spent using digital media, advertisers continue to increase their advertising budgets into digital channels. But while digital advertising is fast growing it is beset by inefficiencies and abuse. Moreover, ad fraud created by internet bots in 2016 had been expected to have cost advertisers $7.2 billion (2015: $6.3 billion). Hardly small fry.
According the Interactive Advertising Bureau, marketers spent $72.5 billion on digital advertising last year – up 22% from 2015 – as Google and Facebook once again booked the lion’s share of net new revenues.
In the United States, the digital advertising industry is projected to continue to experience remarkable growth through 2021 to reach almost $100 billion in annual revenue, with mobile and social advertising becoming the top destinations (the latter expected to double in size to $30.8 billion by 2021).
A Safer, Better Way
The idea behind self-sovereign ID is touted as being revolutionary. Giving users full control over their identities in a much safer way is a worthy ambition. However, the technology is still in its nascent stages and will no doubt require a careful watch to thrive.
While it could change how we interact both online and offline, it still requires mass adoption both by users, merchants, governments and others. The issue is one of standardization and determining how self-sovereign ID will be recognized across borders.
Even so, the future looks bright. As the password and identity verification status quo proves increasingly inefficient at tackling vulnerabilities, is argued that Blockchain technologies have shown a new path that delivers significantly less risk alongside far greater upside.
With the sector gaining momentum and more companies attempting to create new ways to deploy self-sovereign ID, users will find better mechanisms to control their identities, no matter where they are located.
Follow Roger, an ex-FT writer who has penned various investment stories, on Twitter @AitkenRL, LinkedIn, Forbes, Google+. He won a State Street Institutional Press award in 2015.