Most of us associate identity either with something holistic, the being of a person or a thing or with something very tangible like a passport or driver’s license.
But actually, there is no one clear way to describe this concept that we call identity. Wikipedia alone describes 4 main categories under social science from personal conception to philosophy, all with multiple subcategories of what identity is. If one searches Google Scholar on identity, you’ll get almost 4,5 million hits of articles!
Although one has an identity as soon as a person is born or an object is created, your identity develops during your life cycle. Not only is your existence part of your identity, but also your preferences, your achievements such as diplomas and certificates, and last but not least, your reputation, which is an integral element of your being. This example does not only applied to human beings. When making a correct representation of our world, we give existence to all things we see or feel, meaning: the concept identity is not limited to people only but also counts for objects. During their lifecycle, their identity develops as well. Instead of a diploma, they might have gotten a sustainability certificate or a diploma.
Once a person or an object has an apparent initial identity, they can expand this with these additional claims. And based on this (basic of expended) identity, one can set other things into motion, by giving or retracting consent.
These three elements are the three essential elements that we’ll elaborate on later.
A crucial element of identity is the acknowledgment of identity by others. In the traditional verification process of identities, this was very much the role of governmental authorities or public institutions. When a human being is alive, one cannot deny the fact that they were born with basic identity elements like gender or skin color. But it takes a combination of formal and informal authorities to acknowledge various additional basic identity elements. Parents need to acknowledge the name, a hospital, or nurse to acknowledge the date of birth and often governmental authorities to register these basic identities. The less basic the identity elements, the more diverse are the institutions for verification. In the digital age, there are also more important identity elements, namely network, and reputation. Here we see a shift in traditional methods of acknowledgment of an identity. Reputation is no longer just a few recommendation letters from central authorities or companies but extended with the number of links you have on socials such as Linkedin, the number of likes you get on the content of your posts and the relevancy of the network that you have online.
As stated, with regards to identity, one can acknowledge multiple important elements. One element is a basic identity, being you as a person, your name, the place of birth, and your date of birth. All these elements are your primary identifiers. It will tell someone who you are but does not reveal any information about your skills, your reputation, your performances, and actions. This is the second element, your claims. In combination with your basic identity, you claim that you have additional features, being diplomas, a certain reputation, work experiences, tasks fulfilled, etc. These claims without a form of basis identity are of little use, but in combination with the identity, it creates value for the person or object. A third element related to identity is consent. This can be consent that you will allow certain information to be shared with third parties or the fact that you acknowledge that a certain movie indeed stars you and not an actor impersonating you. Again, without a relationship to basic identity, this consent is of not much value, but in combination can be very valuable. The first two, others will acknowledge the identity elements; in the latter, you allow others to use your information on your behalf.
Although we see a shift going on where we put more value in information by the masses, e.g., a lot of persons acknowledge one for being an expert in a certain field, then, in relation to the amount of (relevant) connections, this comes close to certainty that the fact might be true, most of the identities are linked to highly centralized institutions like government agencies, universities, notaries, various registries, etc. Although chances are relatively low, these centralized institutions can be fallible, meaning that once they stop existing or the original gets lost, it becomes tough to prove the basic identity of the claim.
Besides, proofs of the identities and claims often contain much privacy-sensitive information that is not necessary for the use of the proof of identity. If you want to buy an alcoholic drink, you don’t want to disclose all your personal information like social security number and residence, but just your age. But when you show your passport, all this information automatically disclosed to the receiver.
In many cases, the receiver even requires a copy of your identity certificate, being either a copy of your passport, diploma, etc. Once you hand over this information, there is no way to know for sure if the information is no longer accessible for the receiver. So when you withdraw your consent, you have to trust the other party in deleting the information. The question we need to ask ourselves is: do the companies deserve that trust, or do customers need to have the ability to be the owner of their information?
Challenges of identities in a digital age are in a lot of cases closely related to the challenges in the analog age. Although it is somewhat easier to create back-ups of the digital identity and thus creating a solution for the centralization risk, it comes with a risk as well as copying the identity becomes relatively more straightforward. This, in itself, creates a challenge. In the physical world, a person’s presence in itself proves its identity, but in the digital world, your presence can quite easily be faked. A challenge that we see coming up more with the rise of deep fakes. ‘At sight’ is no longer a guarantee. Not for identity, claim, nor consent. Besides the above, with a rise of a machine to machine communication and non-human decision making due to more and better IoT and AI implementations, identity is no longer just the area for natural persons or companies, but object identities like for example a passport for buildings, ships and devices will become exponentially important. As these devices can trigger processes, and their input can lead to automated decisions, audit trails and provenance will play a crucial role in the coming decade.
To face these challenges, the right implementation of new upcoming technologies like blockchain and IoT, in combination with traditional and new verification and authentication methods, will provide an answer to the challenges as stated above. By using blockchain technology, one can provide an answer to the centralization challenge of identity, the claim, and consent.
By creating Self Sovereign Identities:
But maybe the most exciting opportunities are the consent solutions that are being created. By using smart contract functionality tied to the identity, one can give consent to look at certain data for a certain period, but also retract that consent at will. In this way, one can not only share the right information but also for the right amount of time! Once the consent is retracted, others cannot access the information anymore.
With these emerging technologies, one would be able to counter even more complex challenges like deep fakes. It is already possible to create a digital fingerprint of a website with an embedded video where, if the website is altered in any way, one can automatically see that the content was tampered with, assuring the authenticity of the site. But if this website would contain a video of a certain person and gives their consent, which they can retract themselves, the effect of the combination of the two would immediately be that as soon as the video or the website would be tampered with, which will be proven by the authenticity solution, that the person can retract their consent and thus everyone can automatically see that they might deal with a deep fake.
Interesting to see is that this also creates significant opportunities with regards to object identities. Where identity registration in some cases is already in place, claims of those objects are at best scattered and take an awful lot of time to figure out. Claims, in this case, can be the right sustainability certificates or proof of maintenance. In this case, one can create an object passport in the form of a smart contract where the owner of the object can only fill in certain claims, but other claims, e.g., maintenance, can only be filled in by the designated maintenance person. Once the object is handed over to another party, the owner of the object will be changed in the passport, but all the other claims will stay intact, including the whole history and audit trail. This will create added value through higher levels of transparency and e.g., way lower costs in due diligence procedures on that object as there is a clear, complete history of the object through that passport.
At first glance, this sounds like the solution for many challenges we might face in the coming years. But one must be very aware of thinking that the technology in itself provides the answer to all problems. For many reasons, this is not the case.
For starters, any personally identifiable information should not be stored on technology like a blockchain. Once stored, it is extremely hard to delete it. Your data design should be as such that consent of derivatives of consent is arranged, but the data and content in itself should be stored ‘off-chain’. Also, verification of the original input is of the utmost importance. Yes, we might be less dependent on traditional instances to verify parts of our identity, but in a lot of cases, we will still need governmental or semi-governmental institutions to ‘one-time verify’ a claim made by the identity holder. The difference will be that one won’t have to go back to the original verifier every time they want to prove their claim.
Also, the new solutions will have to fit existing processes. It is a utopia to think that these kinds of solutions will change the world overnight. Extreme change takes time, and often if not always, a long hybrid period where old and new solutions will co-exist.
To end with a positive note, the described solutions are no longer a faraway view or only existing in PowerPoint. There are more and more solutions out there, and many of them also passing the proof of concept phase.
Most solutions at the moment are being developed or can be found in personal identity. From Sovrin creating a network for SSI’s, to the SSI project by the Dutch Blockchain Coalition to decentralized birth certificates solutions, to identity-solutions based on reputation. Some can be found in personal claims where either people can claim certain elements like diplomas but also prove certain things, like proving if one is in debt to the government to prevent further increasing fines, without revealing their detailed debt so they can preserve their privacy. Literally a case we have built for a Dutch government agency. A few are active in personal consent. One of the solutions that we have implemented in this regards is in providing consent to share personal (health) data for a certain time period with a third party, which not only saves cost and preserves the privacy of the users, but also saves valuable time, up to several minutes in an emergency call.
As stated, equally interesting is the identity solutions of companies and objects. Company consent will create many opportunities with regard to increased administrative efficiency. We do see a few solutions being created in this regard in the market, although the amount is still limited.
Object identity and claims are a bit more widespread. Especially in the supply-chain sector and in the real estate, we see multiple solutions being developed and also already in production. With Ledger Leopard, we created object passports for buildings, for hoses, for roofs, and facades.
In the coming weeks, we will elaborate more on the various challenges and opportunities with regards to identity and will show you through videos and webinars some of our solutions together with our clients.
A way to prevent the spread of contamination among nations was to cut off all international flights. This specific measure could have been a considerable measure, wasn’t it be that it had come too late as the virus had already reached European countries. With Italy as the first victim, the arrival of the virus in …Read the full story
How is this going to work out in real life? A sad, however very relevant, example is the entrepreneur who is directly affected by government measures to combat the corona crisis and who see their turnover vanish. Many entrepreneurs and associations, such as restaurants, cafes, and sports clubs, will have less demand or must close …Read the full story
We are driven by creating experiences that deliver results for your business and for your consumers