Identity on the blockchain doesn’t need to be perfect, it just needs to be better than Yahoo
Updated: Aug 6, 2019
CryptoSlate, a very useful blockchain aggregation website, maintains a list of projects which specialize in digital identity or at least some elements of personal identity on the blockchain. At present there are no less than 28 such projects, the bulk of which emerged in 2018.
On the face of it, storing any personal information on a blockchain sounds like the most ill-advised thing one could do. A public, immutable, decentralized ledger should be no place to keep your name, date of birth, medical histories or anything that could be used to track you down and kidnap you for ransom. This information would be safer with a private enterprise following strict data protection laws in service of its customers, surely?
Well, as it happens those enterprises have a tendency to leak your information out like a sponge. The Irish Examiner compiled a list of the biggest data breaches of 2018, and it’s comprehensive: Google+, Marriott, MyFitnessPal, British Airways, Cathay Pacific, Dixon’s, Ticketmaster, Superdrug and Butlin’s. This means that your personal information was fairly safe in 2018, unless at any point you booked a flight, stayed in a hotel, went to a concert, had a jog, took some pills or bought a phone. Nobody used Google+, so there’s no need to include that.
This is exactly the crux of the issue — identity blockchains are proposing that blockchains with successful cryptography will be safer for the individual than private company servers based on decades old technology and lacklustre security, with no disincentives for allowing customer information to be breached. Certainly, that model is unsustainable. According to Quartz, in the 21 largest data breaches to date over 6.3 billion accounts have been hacked. Some of these have ruined lives — Adult Friend Finder and Ashley Madison hack victims will attest to that. If this continues to occur at the same pace, there won’t be a piece of information about us hidden from the net in 20 years.
With that considered, blockchain models of identity don’t need to be perfect, they just need to do better than the systems modern companies use to keep customer’s information unsafe. Assessing how close we are to that is difficult, mostly because of the different models the various projects employ. The biggest drawback on the face of it is not the permanent and public nature of blockchains, but the knowledge barrier and awkward requirements anyone with experience of even a Bitcoin wallet will appreciate. There are a considerable amount of people who lose their email passwords on a regular basis, and that is a single word of their choosing. The majority of the population is not going to memorize or protect their 256 bit private key or 24 seed words to log into a social media account or government service, and even if they could be convinced they will almost certainly lose them at some point.
On that subject, if one envisions a future where one’s entire identity is stored on the blockchain and controlled by them, this will have to include government services, with very few governments jumping at the opportunity to provide this. The Swiss city of Zug is a rare example, and not surprisingly as it is a hub for blockchain projects where some public services even accept Bitcoin for payments. Zug has rolled out an eID to all residents, who need only visit their city hall once to activate. The primary goal is to enable blockchain voting, which actually occurred in July last year. Of the 240 citizens registered at the time, 72 successfully voted using their eID and associated app. This is a tiny trial, but such are necessary before large scale attempts are rolled out.
Back to those 28 identity tokens: most are multipurpose blockchains with some identity elements, while there are a few smaller cap coins focusing only on identity — Civic, TheKey and SelfKey being three examples. All three allow individuals to prove their identity and allow service providers to perform KYC/AML processes, with government and business being their target user base. This is desirable even just in the blockchain space alone, given the number of ICO platforms with enormous databases of investor data, photographs and passport scans. Many such projects will not survive the bear market and close, leaving us to only speculate on what might happen to user data when that happens.
The big question remaining though is simple — will businesses and governments want to adopt blockchain identity systems at all? In the current climate, where businesses understand the value in extracting as much data from their customers as physically possible, perhaps not. Governments might — we know that some local governments in China are implementing this technology, but it is common for the country to experiment with such initiatives on a city level and a province level before more widespread adoption takes place. There is no ‘selective’ pressure to force companies or public services to discard legacy technologies as the medium of storing and retrieving personal data, although there almost certainly should be, and so the status quo remains likely to persist until the public suffers one breach too many.
Article by Byron Murphy, Editor at Viewnodes. Viewnodes helps clients establish and maintain masternodes for the currencies which currently support them. To contact us for information on our masternode services, please submit this contact form.