“Put it on the blockchain” is seen by some as the cure for all manner of ills. This is understandable—a shared ledger that shows transactions chronologically and publicly has the potential to put an end to many different types of fraud and corruption, and to bring transparency to what has previously been opaque.
It’s also become a bit of a joke. With the possibility of an immediate jump in valuation simply by announcing a pivot to blockchain, many companies have leapt upon this bandwagon—proposing blockchain for copyright, blockchain for music distribution, blockchain smartphones… and blockchain for identity.
The case for blockchain identity
The problem that some see with current models of identity are caused by being centralised, and a distributed ledger solves this.
For example, the data breach that hit Equifax exposed the social security numbers of over 146 million people, and the addresses of nearly 100 million. Equifax made a tempting target for criminals as it had a huge store of personal data on its servers. Once its security was breached, all of those details were there for the taking. Our personal details, therefore, are vulnerable when stored in a central location.
A public blockchain offers an alternative. By handing over our details to every company and organisation that asks for it, we have put them in the business of identity management and have tasked them with protecting our data. The ideal scenario is that people will be able to use “self-sovereign” digital identities with no central repository that can be broken into.
Through a distributed ledger, the arguments goes, we are not only able to better control the information stored on us, but also present the minimum information required by an organisation. As an example, if you’re lucky enough to have retained your youthful looks and must prove your age to a bouncer outside a nightclub, that bouncer doesn’t need all of the information on your driver’s license, just your date of birth and your photo. Everything else is irrelevant, yet we hand it over as part of an identity document. A public blockchain would enable people to provide just the information that’s necessary in any context, whether that’s age, address, or maybe the right to vote or access to public services.
A blockchain would also record every transaction. If a fraudster uses this data, it leaves a digital trail that cannot be erased. Rather than finding out that your identity has been compromised when credit card companies and banks no longer want your business thanks to years of debt you had no idea existed, issues can be identified far more quickly.
Identity seems, on the face of it, to be an obvious use case for blockchain—a way to protect people’s identity while also giving them control and providing a trail that can be used to uncover misuse.
But creating this system faces a few roadblocks that are likely to be insurmountable.
The impossible dream
One advantage of a public distributed ledger for identity is that no one owns it, meaning that no one would be able to control it. That no one owns it is also a disadvantage, so what’s the business case for it? Why should any one company set it up?
Setting up an identity blockchain will take a great deal of time and effort, not just in getting the technology right, but in the marketing necessary to ensure that it’s widely used. An identity system needs to be universal and trusted to be truly useful. It would need buy-in from both consumers and businesses to get traction and reach an acceptance “tipping point”. This is likely to require far more time and effort than creating the technology.
An equivalent level of trust would be that afforded to website certificate authorities. These must meet detailed criteria to be accepted by browsers and operating system. Once accepted, they can issue certificates that are trusted by browsers. There are a relatively small number of authorised certificate authorities, and the service they provide is invaluable in creating an internet that can be trusted. These authorities are profit-making, charging for certificates as their business model. A blockchain for identity has no such business model.
Without a business model, the question remains: why? What’s the motivation for the organisation that’s creating this system, whether that’s a government or an enterprise, and to make it freely available to everyone—as a public blockchain would demand?
Creating something, and making it freely available to all, isn’t without precedent. Technology companies have been known to make parts of the code they have created open source so as to encourage collaboration. Canonical, for instance, has built on open source software to create its Ubuntu operating system. It offers this for free, while providing services and support for those using it to make money. Then there are organisations such as the Wikimedia Foundation, relying on donations, nagging users to keep Wikipedia running. Over the years Wikipedia has built up its reputation and is broadly trusted and so can attract donors willing to keep this resource running. A new identity blockchain would not be able to enjoy the slow rise to prominence—it would either thrive or die.
Self-sovereign identity, as achieved through a blockchain, is an impossible dream for the moment. It needs either a business willing to invest money that would not help it become more competitive in the market, or for someone to create a viable business model.
As the advantages to blockchain identity rely on their being no business model—anyone can access it given permission, and no central repository of data—we’re unlikely to see a public identity blockchain any time soon.
James DeBello, CEO of Mitek
Image Credit: Zapp2Photo / Shutterstock