Challenges and opportunities of identity in a digital age

16 January 2020 in Blockchain , Identity

Most of us associate identity either with something holistic, the being of a person or a thing or with something very tangible like a passport or driver’s license.
But actually, there is no one clear way to describe this concept that we call identity. Wikipedia alone describes 4 main categories under social science from personal conception to philosophy, all with multiple subcategories of what identity is. If one searches Google Scholar on identity, you’ll get almost 4,5 million hits of articles!

Although one has an identity as soon as a person is born or an object is created, your identity develops during your life cycle. Not only is your existence part of your identity, but also your preferences, your achievements such as diplomas and certificates, and last but not least, your reputation, which is an integral element of your being. This example does not only applied to human beings. When making a correct representation of our world, we give existence to all things we see or feel, meaning: the concept identity is not limited to people only but also counts for objects. During their lifecycle, their identity develops as well. Instead of a diploma, they might have gotten a sustainability certificate or a diploma.

Once a person or an object has an apparent initial identity, they can expand this with these additional claims. And based on this (basic of expended) identity, one can set other things into motion, by giving or retracting consent. 

These three elements are the three essential elements that we’ll elaborate on later.

  • (basic) Identity
  • Claim 
  • Consent 

Acknowledgment by others

A crucial element of identity is the acknowledgment of identity by others. In the traditional verification process of identities, this was very much the role of governmental authorities or public institutions. When a human being is alive, one cannot deny the fact that they were born with basic identity elements like gender or skin color. But it takes a combination of formal and informal authorities to acknowledge various additional basic identity elements. Parents need to acknowledge the name, a hospital, or nurse to acknowledge the date of birth and often governmental authorities to register these basic identities. The less basic the identity elements, the more diverse are the institutions for verification. In the digital age, there are also more important identity elements, namely network, and reputation. Here we see a shift in traditional methods of acknowledgment of an identity. Reputation is no longer just a few recommendation letters from central authorities or companies but extended with the number of links you have on socials such as Linkedin, the number of likes you get on the content of your posts and the relevancy of the network that you have online.

As stated, with regards to identity, one can acknowledge multiple important elements. One element is a basic identity, being you as a person, your name, the place of birth, and your date of birth. All these elements are your primary identifiers. It will tell someone who you are but does not reveal any information about your skills, your reputation, your performances, and actions. This is the second element, your claims. In combination with your basic identity, you claim that you have additional features, being diplomas, a certain reputation, work experiences, tasks fulfilled, etc. These claims without a form of basis identity are of little use, but in combination with the identity, it creates value for the person or object. A third element related to identity is consent. This can be consent that you will allow certain information to be shared with third parties or the fact that you acknowledge that a certain movie indeed stars you and not an actor impersonating you. Again, without a relationship to basic identity, this consent is of not much value, but in combination can be very valuable. The first two, others will acknowledge the identity elements; in the latter, you allow others to use your information on your behalf.

Challenges of current identities

Although we see a shift going on where we put more value in information by the masses, e.g., a lot of persons acknowledge one for being an expert in a certain field, then, in relation to the amount of (relevant) connections, this comes close to certainty that the fact might be true, most of the identities are linked to highly centralized institutions like government agencies, universities, notaries, various registries, etc. Although chances are relatively low, these centralized institutions can be fallible, meaning that once they stop existing or the original gets lost, it becomes tough to prove the basic identity of the claim.

Besides, proofs of the identities and claims often contain much privacy-sensitive information that is not necessary for the use of the proof of identity. If you want to buy an alcoholic drink, you don’t want to disclose all your personal information like social security number and residence, but just your age. But when you show your passport, all this information automatically disclosed to the receiver.

In many cases, the receiver even requires a copy of your identity certificate, being either a copy of your passport, diploma, etc. Once you hand over this information, there is no way to know for sure if the information is no longer accessible for the receiver. So when you withdraw your consent, you have to trust the other party in deleting the information. The question we need to ask ourselves is: do the companies deserve that trust, or do customers need to have the ability to be the owner of their information?

Challenges of identities in a digital age

Challenges of identities in a digital age are in a lot of cases closely related to the challenges in the analog age. Although it is somewhat easier to create back-ups of the digital identity and thus creating a solution for the centralization risk, it comes with a risk as well as copying the identity becomes relatively more straightforward. This, in itself, creates a challenge. In the physical world, a person’s presence in itself proves its identity, but in the digital world, your presence can quite easily be faked. A challenge that we see coming up more with the rise of deep fakes. ‘At sight’ is no longer a guarantee. Not for identity, claim, nor consent. Besides the above, with a rise of a machine to machine communication and non-human decision making due to more and better IoT and AI implementations, identity is no longer just the area for natural persons or companies, but object identities like for example a passport for buildings, ships and devices will become exponentially important. As these devices can trigger processes, and their input can lead to automated decisions, audit trails and provenance will play a crucial role in the coming decade.

The opportunities for new technologies

To face these challenges, the right implementation of new upcoming technologies like blockchain and IoT, in combination with traditional and new verification and authentication methods, will provide an answer to the challenges as stated above. By using blockchain technology, one can provide an answer to the centralization challenge of identity, the claim, and consent. 

By creating Self Sovereign Identities:

  • People will become more in control over their own identities, which will not only be tied to specific fixed templates and not prone to single entity failure. 
  • One can easily share precisely that piece of information that one wants to share due to the decentralization and claim structure. 
  • Personal claims can even be tied to actions performed that can automatically be rewarded by instant payments based on the kind of claim.

But maybe the most exciting opportunities are the consent solutions that are being created. By using smart contract functionality tied to the identity, one can give consent to look at certain data for a certain period, but also retract that consent at will. In this way, one can not only share the right information but also for the right amount of time! Once the consent is retracted, others cannot access the information anymore.

With these emerging technologies, one would be able to counter even more complex challenges like deep fakes. It is already possible to create a digital fingerprint of a website with an embedded video where, if the website is altered in any way, one can automatically see that the content was tampered with, assuring the authenticity of the site. But if this website would contain a video of a certain person and gives their consent, which they can retract themselves, the effect of the combination of the two would immediately be that as soon as the video or the website would be tampered with, which will be proven by the authenticity solution, that the person can retract their consent and thus everyone can automatically see that they might deal with a deep fake.

Interesting to see is that this also creates significant opportunities with regards to object identities. Where identity registration in some cases is already in place, claims of those objects are at best scattered and take an awful lot of time to figure out. Claims, in this case, can be the right sustainability certificates or proof of maintenance. In this case, one can create an object passport in the form of a smart contract where the owner of the object can only fill in certain claims, but other claims, e.g., maintenance, can only be filled in by the designated maintenance person. Once the object is handed over to another party, the owner of the object will be changed in the passport, but all the other claims will stay intact, including the whole history and audit trail. This will create added value through higher levels of transparency and e.g., way lower costs in due diligence procedures on that object as there is a clear, complete history of the object through that passport.

But be aware of the silver bullet syndrome

At first glance, this sounds like the solution for many challenges we might face in the coming years. But one must be very aware of thinking that the technology in itself provides the answer to all problems. For many reasons, this is not the case.

For starters, any personally identifiable information should not be stored on technology like a blockchain. Once stored, it is extremely hard to delete it. Your data design should be as such that consent of derivatives of consent is arranged, but the data and content in itself should be stored ‘off-chain’. Also, verification of the original input is of the utmost importance. Yes, we might be less dependent on traditional instances to verify parts of our identity, but in a lot of cases, we will still need governmental or semi-governmental institutions to ‘one-time verify’ a claim made by the identity holder. The difference will be that one won’t have to go back to the original verifier every time they want to prove their claim.

Also, the new solutions will have to fit existing processes. It is a utopia to think that these kinds of solutions will change the world overnight. Extreme change takes time, and often if not always, a long hybrid period where old and new solutions will co-exist.

And not only in theory

To end with a positive note, the described solutions are no longer a faraway view or only existing in PowerPoint. There are more and more solutions out there, and many of them also passing the proof of concept phase.

Most solutions at the moment are being developed or can be found in personal identity. From Sovrin creating a network for SSI’s, to the SSI project by the Dutch Blockchain Coalition to decentralized birth certificates solutions, to identity-solutions based on reputation. Some can be found in personal claims where either people can claim certain elements like diplomas but also prove certain things, like proving if one is in debt to the government to prevent further increasing fines, without revealing their detailed debt so they can preserve their privacy. Literally a case we have built for a Dutch government agency. A few are active in personal consent. One of the solutions that we have implemented in this regards is in providing consent to share personal (health) data for a certain time period with a third party, which not only saves cost and preserves the privacy of the users, but also saves valuable time, up to several minutes in an emergency call.

As stated, equally interesting is the identity solutions of companies and objects. Company consent will create many opportunities with regard to increased administrative efficiency. We do see a few solutions being created in this regard in the market, although the amount is still limited.

Object identity and claims are a bit more widespread. Especially in the supply-chain sector and in the real estate, we see multiple solutions being developed and also already in production. With Ledger Leopard, we created object passports for buildings, for hoses, for roofs, and facades.

In the coming weeks, we will elaborate more on the various challenges and opportunities with regards to identity and will show you through videos and webinars some of our solutions together with our clients.

Read more
22 March 2021 in Identity , Webinar

The New Identity Standard – Self Sovereign Identity Webinar #11

Self-Sovereign Identity ensures that users immediately become owners of their own data and gives them the option to share this data without a third party’s intervention. Jacob Boersma of the Dutch Blockchain Coalition (DBC): “At SSI, people are central. SSI is a form of identity verification that allows the end-user (citizen, consumer, customer) to determine …

Read the full story
Webinar Self Sovereign Identity
21 January 2021 in Blockchain , Identity

From the autopilot to a self-sovereign mentality

According to Erik Erikson, identity is a feeling one experiences according to their being. Developing a sense of “being” is essential for people that want to operate autonomously in the world. But no matter how dynamic and changeable an identity can be, the concept of identity is mainly about realizing that certain things remain the same, …

Read the full story
The new identity standard

Contact Transform your business today

We are driven by creating experiences that deliver results for your business and for your consumers