We’ve probably all been the victim of a data breach or hack at some point in our lives, but what happens to your personal information after it’s been stolen? In this article we take a look at what criminals do with your personal data.
Introduction to Blockchain Identity Management
Identity theft has one of the fastest growing crime rates.
Identity theft has one of the fastest growing crime rates in the world. 30% of US consumers were affected by a data breach in 2017, and the amount stolen hit $16.8 billion in that calendar year. That represents a 30% increase from 2016, and with one of history’s largest data breaches just behind us, that percentage is sure to increase even further for 2018. It is clear that the old ways of managing our digital identity have become redundant.
Luckily a solution is already at hand.
The invention of blockchain technology by Satoshi Nakamoto heralded a new wave of innovation from individuals and companies able to see its huge potential. In a world constantly undergoing rapid and fundamental change, the opportunities provided by a decentralized, trustless ledger are still awe-inspiring.
In this blog post we will discuss how your identity is managed today, and why identity management is one of the most compelling use-cases for blockchain technology. But before we get into that, let’s take a step back and explain what a blockchain really is.
What is a blockchain?
In its simplest form, a blockchain is a digital record of transactions performed with its native token. That’s it! Pretty simple right?
The cool part, is that this record is incorruptible and decentralized. This means nobody can feasibly change it to their benefit, and it stands as a true version of history.
Additionally, it allows for transactions to be performed with (mostly) minimal fees. Anyone who has ever made an international wire transfer for example, will know the sting of paying a $20 fee on a $100 transfer. Using bitcoin or most other blockchain-powered cryptocurrencies, you only pay a fraction of those fees.
The final significant advantage of blockchain v1.0 is that all transactions are public. Of course, the blockchain doesn’t broadcast your name to the world, but instead only your public wallet address.
The great benefit of this approach, is that there can be a much higher level of accountability. If you think of your local government, it is impossible to tell where and how your taxes are being spent. Using blockchain technology, literally every expense would be publicly visible, significantly improving our ability to hold the state accountable.
Clearly blockchain technology in this simple form already has a whole host of advantages that make it a compelling innovation, and one of the most important of the 21st century.
At this point you might be wondering, how an incorruptible and public record of transactions can help you manage your identity.
What is blockchain v2.0?
Born in 1994, Vitalik Buterin has already established himself as one of the luminaries of the blockchain space. Along with a number of visionary developers, Buterin managed to take bitcoin’s blockchain and make it smart.
More specifically, they re-built the blockchain, making it turing-complete and allowing developers to build applications on top of it. As a result, Ethereum not only has smart contract functionality, but enables the creation of proprietary ERC20 tokens. KEY – SelfKey’s native utility token – is an ERC20 asset for example.
Identity management on the blockchain
The need for a blockchain based identity management system is particularly noticeable in the internet age. 4.5 billion records have already been exposed in 2018, and new data breaches seem to be announced on a daily basis. Facebook, Google, and Amazon are three multi-billion dollar companies that have failed to keep vast amounts of customer data safe in 2018.
Even if corporations manage to keep our data safe, we still lose ownership over our identity. Despite the internet becoming an intrinsic part of human daily life, there is no adequate way of sharing our data without it being misused. Indeed, due dates, voice recordings, and passport numbers are just a few of the data points which are often collected and made available for the sole purpose of driving additional revenue.
Clearly our current approach to identity management is broken. Instead, a blockchain-based digital identity solution could focus on three key challenges: security, privacy and usability.
Our current solutions to these challenges are imperfect at best. Establishing a digital identity in 2018 still relies on identity documents, driver’s licenses, and even passports. As a result, people who have lost their documents due to war, or natural disaster often find themselves unable to secure even the most basic necessities. The pioneering work done in Jordan is certainly a step in the right direction, but there is still a lot of room for growth.
As of today, there is still no adequate system for securing either online authentication of our personal identities or of our digital identities. Blockchain technology may offer a way to solve this problem without the need for a trusted, central authority. More specifically, individuals and businesses could store and authenticate their identity on the blockchain, giving them greater control over who has their personal information and how they access it.
By using a decentralized, open-source blockchain and combining it with an identity management, we could create a digital ID, which would act as an incorruptible watermark. This watermark could be used to verify an identity for any transaction in real time.
Once such a digital ID has been created, it could be used to verify an identity for any service, dispensing with the need for clumsy and unreliable password/email combinations.
How is an identity typically verified?
An identity is verified by performing an identity transaction. This typically involves three parties. The first is the person or business being identified (IO). Next, we have the identity Claim Issuer (CI), and finally there is the third party.
The identity transaction begins with the identity owner making a claim, such as “my name is Michael Scott”. The CI then checks the claim and provides an attestation to the third party. The third party can then use that information to provide or deny access to its services.
In this setup, all three parties have to struggle with the paper driven and centralized system of identity management.
Additionally, the identity owner gives up his personal data and effectively loses ownership. A classic example of this came in 2013, when it became known that an identity thief was paying the credit reporting agency Experian thousands of dollars a month to access the information of over 200 million people. The thief then resold the personal data to the highest bidder.
Worryingly, businesses operating unethically is not even the biggest threat to your digital identity. Instead, we really have to worry about data storage systems which rely on poorly protected, centralized servers holding millions of data points. These are to hackers what lights are to moths. The more data is being stored, the more attractive it becomes as a target for malicious actors. Once under attack, most businesses suffer a breach and the identity owner becomes vulnerable to identity theft.
The way we do things now is clearly broken. What is the solution?
The SelfKey Identity Wallet is a free identity solution for Windows, Linux and Mac. Get yours today!
Own, store and share your data securely
Our idea is simple: that you alone can control and manage your digital identity – a concept known as Self-Sovereign IDentity (SSID). The SelfKey White Paper goes into great detail, but for this blog post it suffices to say that this approach is our best chance at tackling the three key challenges outlined earlier: security, privacy and usability.
This is achieved by combining blockchain technology and an identity management solution like SelfKey. More specifically, the SelfKey Identity Wallet can be used to create a SelfKey ID – an encrypted, digital watermark attached to your identity. The Wallet and your ID are stored on your local device, meaning that even if SelfKey’s database was breached, Wallet users would be completely unaffected.
Instead of storing your digital identity on a centralized server, it is stored on the Ethereum blockchain and only you control the private key to access your information. Nobody else is able to see or access data without your permission.
Not only does this give you an unprecedented level of control over your data, but it also removes the need for time-intensive identity verification. Instead, once the SelfKey ecosystem is complete, you will be able to register and login to services with the click of a button without losing control of your digital identity.
You can download the wallet and create your SelfKey ID for free. Try it here.