Categories
Crypto Guides

Can Blockchain Be A Potential Solution For Personal Data Leaks?

Introduction

Personal identity has been a matter of concern in this digital world. Wherever you go, you have to prove that you are indeed the person whom you claim you are if it is a physical world with some government-issued ids. Mostly all the banks in the world have to have the customary Know Your Customer (KYC)/Anti Money Laundering (AML) laws if you have to open a bank account. The government mandates this.

This process is very costly and time consuming for the banks but is of no personal benefit for the organization. If we have to log in to a website, we input our details or login using Google or Facebook account, given all our personal information to these websites. By this, we are entering our details into a server that we don’t have any control over. Which means they can do anything with our data.

All this process creates a lot of siloes of data, with different government or private organizations around the world. Most importantly, we never have control over what they can or cannot do with the data they collect.

Can Blockchain be a solution for our data?

Instead of giving access to our data to anyone and everyone as the government or organization demands to use their services, what if we create a central repository of data in a blockchain platform. Can this be a solution to secure our data? We can say it’s a yes.

Let us examine how using a Hyperledger Indy project which is a platform being developed for identity management.

Hyperledger Indy

Hyperledger Indy is a decentralized ledger platform for Identity Management. Works on the plenum platform, which is similar to smart contracts but tuned for verifying digital identity. Uses Redundant Byzantine Fault Tolerance as a consensus algorithm. Trust anchors play the role of miners and verify transactions in the platform.

Let us understand Hyperledger Indy using an example.

Let’s say Bob is required to apply for a job, and he needs an academic transcript for the same. Bob gets in touch with his university by creating a unique DID, Distributed Identifier using her public key. This DID verifiable by the trust anchors ascertaining that the request is indeed coming from Bob. If the trust anchors accept the transaction, then only a unique pairwise relationship is formed between Bob and the university. Hence Bob gets the academic transcript using this unique pairwise relationship using DID.

Bob applies for the job by creating a new DID with the company and produce his academic transcript. Again, a unique pairwise relationship is formed in this case because Bob doesn’t want his academic transcript to be leaked. Here the employer can verify the academic transcript with the university with Bob’s consent. But the information cannot be leaked with the same DID to some other employer or some other institution because the DID is already used, and Bob didn’t give his consent to share the information with anyone else. Trust anchors reject the transaction.

This is how unique pairwise relationships can be formed using DID’s and personal data can be protected without leaking the data with the owner’s consent.

Self-Sovereign Identity

A self-sovereign identity, i.e., a user should have complete control over his or her identity. If the user has self-control, then how to prove that the identity being shared is indeed true or not without any third-party intervention? Blockchain is the solution. A platform that is publicly available but individually confidential can be created with issuing authorities given permission to authenticate the identity.

Blockchain stores only cryptographic hash functions, and the concerned authorities can verify even without knowing that it is you who they are validating, they have to cross-check if they indeed issue the proof. If we have to submit an age proof, only age can be authenticated without giving away any other details. A project called Sovrin is already working on this type of identity management.

Blockchain is going to be the future for Identity Management. It has already been proven with the platforms described above.

Categories
Crypto Daily Topic

Blockchain and Identity: Here’s all there is to know

The ability to have control of our own identities has never been more pertinent than today. This is the internet age – and that has massive implications for our privacy, security, and autonomy over our own identities. Two issues emerge: that of populations not having an identity, as well as the implications of entrusting our identities with big and powerful organizations.

Recent research shows that a staggering 89% of consumers do believe that organizations are not doing enough to protect their data, while more than half of CEOs admit that consumers are not mistaken to think this. 

So how can we get past this stalemate? 

Blockchain technology has demonstrated its ability to change how things are done across industries. Can it also help with the thorny issue of identity management? The answer is yes, and an increasing number of platforms utilizing blockchain are emerging that aim to empower users with more control over their own identity. Also, a new concept – that of self-sovereignty- has emerged thanks to blockchain technology. 

We are going to look at what exactly identity is, explore the concept of self-sovereignty, and look at how blockchain can help us manage our identities better. We’ll also take a peek at some of the exciting organizations that are using blockchain to give users more autonomy and control over their identities.

What is Identity? 

Personal identity is a human right, according to article 8 of the UN’s Convention on the rights of the child. A person’s identity comprises: 

  • Their first and last name
  • Date of birth
  • Nationality  
  • An identifier, such as passport number, ID number, driving license, and so on. 

We cannot overemphasize the importance of having an identity. Without having a form of identification, one cannot access government services, own property, have a bank account, or be employed full-time. Without an identity, it’s so hard to participate in society because you cannot prove that you are who you say you are. 

Despite identity being so important, the current identity space is far from ideal. Data – such as passport number, social security numbers, and driving licenses is all stored in centralized servers by centralized organizations. This means three things: 

  • People can only get identities from centralized organizations
  • These centralized organizations can tamper with your identity data 
  • Identities are subject to theft

Let’s get a look at each of these:

1. Centralized Entities Giving Out Identities

Currently, centralized organizations have the power and the right to validate and issue identities to people. This system has left so many people in the world without an identity. According to the United Nations, 1.1 billion people in the world have no way to prove their identity. Due to this, these people have been left without access to basic financial services such as opening a bank account. This means that these people are excluded from the global financial system. As such, it is difficult for these people to escape the cycle of poverty. 

2. Data Mishandling

To participate in the current social media landscape, you need to create an identity. For instance, you need to create a Facebook account to use Facebook, just like you need to create an Instagram account to use Instagram. 

This gives these centralized organizations power over our identities. Think of it – we’re giving these organizations our identities, which they’re using to create identity silos.

We have seen what happens when we trust organizations with our data. The 2016 Facebook and Cambridge Analytica scandal is an excellent example of how powerful organizations can abuse user data. 

What was the Facebook Cambridge Analytica scandal?

The scandal involved Cambridge Analytica getting their hands on Facebook user data. The data that was leaked included public profiles, birthdays, city of residence, and page likes. For some users, things like a timeline, a news feed, and private messages were accessed. Around 87 million people were victims of this data breach – 70.6 million users being from the US.

The kind of data collected was detailed enough to enable Cambridge Analytica to create psychographic profiles. Psychographic profiles are a psychological mapping of people based on demographics. Using these psychographic profiles, Cambridge Analytica was able to curate political messages in favor of certain political leanings. These messages were then targeted at people, helping to sway populations for certain political candidates in the US, the UK, and Mexico. 

3. Identity theft

Identity theft is another issue with the current identity setup. For example, someone can steal your identity to use it to take out a loan using your credit card. A prominent example of this is the Bari Nessel case in San Diego, California. Bari Nessel would employ people and, in the process, obtain their personal information. She used the information of one employee to take out huge amounts of loans using their credit card. 

Another case, with more dire consequences this time, is that of Equifax, a US-based credit reporting company that was hacked in 2017. Through the hack, the data of half the US population was stolen, including names, birthdays, residential addresses, social security numbers, etc. 

What Did This Attack Reveal?

First of all, we don’t really have control over our data. We trust third-party companies to keep it secure for us, but seeing as they are centralized platforms – they have a single point of failure, meaning one attack is enough to breach the privacy of millions. 

Also, it’s hard to know if the company knew they were under attack but chose not to inform users nevertheless. So, there is also the issue of lack of transparency. 

What Lessons Can We Learn From This?

  • Centralized entities can issue identities to only who they want, and when they want
  • We trust third parties to secure our personal information
  • These third parties are not fail-safe 
  • Some third parties can be downright shady with the way they handle our data

Incorporating the blockchain into identity management would solve all these problems. Let’s take a quick look at what blockchain technology is. 

What Is Blockchain Technology?

Blockchain is a technology that was first brought to life by Satoshi Nakamoto in 2008. A blockchain consists of a distributed ledger with timestamped transactions. Distributed means that the ledger is controlled by thousands of computers all over the world. Each ledger has blocks of data that are linked to each other using cryptography. Blockchain has three very special features: 

  • Decentralized – the data is not controlled or owned by any one single authority
  • Immutable – once data is recorded on the blockchain it cannot be deleted or interfered with in any way
  • Transparent – anyone can see all data that has been entered on the blockchain

So how will blockchain solve the current identity management issues?

  • It will be impossible to replicate data – Blockchain can make it impossible for more than one person to claim the same identity. The same way it prevents double-spending of coins is the same way it will prevent the replication of identity details.
  • It will be hard to tamper with personal information – Blockchain can make it impossible to steal or hack personal information.
  • It will be hard to tamper with data information management processes – Blockchain can make the identity management processes trustless. This means removing human emotions, intentions, or negligence from the equation.

Self-Sovereign Identity 

Self-sovereign identity is the concept or idea that people should own and control their own identity. Blockchain can enable and facilitate self-sovereign identity. 

Blockchain would promote self -sovereign identity by facilitating the following characteristics: 

  • Minimalistic – availing only the amount of data needed for a particular task
  • Resilient – identity will not be censored or deleted 
  • Persistent – it will be impossible to take somebody’s identity from them 
  • Portable – it will be possible to access your identifying information from anywhere in the world 
  • Consent – your identifying information will be used only when you agree to it

More Power to Users 

Blockchain can also give people more choices on how to manage their personal information. 

Through the blockchain, individuals can:

i) Manage multiple identities

This means that an individual can have different identities with different personas for different types of contexts – for example, having different identities for the workplace, for friends, for family, and so on. Blockchain can facilitate all these different identities and give a key to each of these identities. This means the user has the discretion to use any persona they like – in different types of situations.

ii) Authenticate their identities anonymously

Blockchain can help users deploy anonymous authentication to ensure maximum security. This means that users can anonymously use uniquely identifying attributes to identify themselves in a given situation.

Projects Working On Blockchain-based Digital Identity

Several exciting projects are currently working to solve the current identity management problem using blockchain-based solutions. 

  • Sovrin: This is a non-profit organization that aims to enable individuals to achieve self- sovereign digital identity. Sovrin provides users with a secure and private network for individuals to manage and share their verifiable identity credentials. 
  • Civic: Civic provides a blockchain-based protocol on which users can manage their digital identities better. On the platform, users can create their virtual identities and keep them together with other personal information.
  • uPort: Created by the blockchain solutions company ConsenSys, uPort is a self-sovereign identity protocol that runs on Ethereum. The platform consists of smart contracts developer tools and a mobile app. Users can create a personal identity through smart contracts and secure it with the key in the mobile app. Even if your device is lost, you can still recover your identity credentials.

Closing Thoughts

The current digital management system is, to put it mildly, broken. Blockchain can fix this. Blockchain-based identification would afford us more security, more transparency, and more control over our identities. Blockchain can also bring more equality in the world by helping millions of people without an identity to get one. This way, they can play a bigger part in their societies and access their rightful services just like everyone else. 

Already, several blockchain-based projects have taken the mantle in this regard. Let’s wait and see how they will shape the space.