Digital Identity Today is Broken — But We Can Fix It

Image credit: Tara Tan (@taratan)
Digital Identity Today is Broken — But We Can Fix It
Dan Elitzer
12 

 

Six Companies Defining the Future of Identity

The ways we create and manage our identities in our increasingly digital world are broken. We have separate credentials for nearly every service we interact with, but often reuse the same simple passwords, leaving ourselves vulnerable. Our credentials and sensitive data are then stored in databases with thousands or millions of other users, creating attractive targets for hacking and theft.

We experience all of the problems of fragmented, siloed identity systems — yet reap none of its promised benefits, such as increased privacy or diffused risk. In the cases where we do have relatively secure, integrated identities to which we attach lots of personal information, these identities are in reality owned by massive companies, like Google or Facebook, who can revoke our access at any time.

There are better paths to follow. It is possible to create a future where our identities are more secure, easier to use, and under our control. Here are six companies laying the groundwork for that future:

Averon

You know how when we create accounts for certain apps or services — especially sensitive ones relating to money — we’re asked to enter our phone number? Then, they send us an SMS with a string of numbers (a one-time passcode) that we enter to confirm that’s really our phone number? That’s called “2-Factor Authentication”. It’s good from a security standpoint but it can also lead to frustration or just giving up altogether.

Enter Averon. They’ve done integrations with all the mobile phone networks in the US, so the whole verification process can be done automatically and instantly in the background, without any action required from the user. As a straight replacement for traditional SMS-based one-time passwords, it’s already a no-brainer. Should they manage to deliver this paradigm in some adjacent areas, it’s really going to blow folks away.

Blockstack

Blockstack empowers users to create and manage our own identities from our own devices. In fact, Blockstack’s vision goes far beyond just identity: they’re trying to re-invent the Web itself around decentralized applications, putting us back in control of our data and providing better security, privacy, and reliability for our digital activities.

Leave aside any philosophical or ideological ideals around why people should be able to own and control their digital identities; user-owned identity is a desirable model for many businesses — especially in the financial and healthcare industries — where possession of personally identifiable information (PII) can become a liability rather than an asset.

Think about all the hacks we’re seeing of various large companies and government agencies every other week. Blockstack enables a future where data thefts are both less attractive to hackers and also less damaging to companies and their customers, because sensitive data is stored under the control of each individual rather than in centralized repositories.

Civic

Social Security Numbers are horrifically insecure, acting as both username and password in many settings, and being collected and stored by nearly every employer, financial institution, telecom company, or healthcare provider with which we interact. Our SSNs are virtually guaranteed to be stolen at some point. So what can we do about it? Insert Civic.

Civic’s initial product is an identity theft protection service, similar to LifeLock or ProtectMyID but at a much lower cost (the basic plans is free, a more full-featured standard plan is only a few dollars per month). Civic also takes this a step further, building out a fraud prevention network, where partners like banks or telecoms check with Civic before putting in a request to one of the credit reporting bureaus. Civic then pushes an alert to your phone, giving you a chance to approve valid requests or proactively block fraudulent ones — it’s like adding two-factor authentication to your SSN.

Like Blockstack, Civic also has a bigger vision that includes letting users independently interact with various services using a verified digital identity registered on a blockchain.

DataCoup

Every website we visit, video we watch, and purchase we make is being tracked by a variety of companies who then sell our digital profiles to a variety of advertisers. Even our internet service providers (ISPs), through whom all our data flows, have been cleared to sell our web browsing history without our consent. What is most concerning isn’t necessarily that this data is being collected, but that it’s being done without our permission, without our control over who it’s shared with, and without our receiving anything in return.

DataCoup is trying to put us back in control of our data, letting us collect it from the social and financial apps we already use, then allowing us to sell access to it as part of an anonymized data set. We get more control and compensation; advertisers and researchers get more complete profiles to work with. The transparent, consensual, and mutually-beneficial exchange of personal data is a welcome alternative to the unilateral privacy-violating tracking done by creepy ad-tech companies.

Enigma

Enigma is like a B2B version of DataCoup, using advanced cryptographic techniques. Instead of selling access to anonymized data sets, Enigma makes it possible to allow certain analyses to be run directly on encrypted data, without worrying that the data might then be stolen or passed along to other parties without the owner’s consent.

Founded by MIT alums and built on technology developed in the MIT Media Lab, Enigma does something called secure multi-party computation and does it an order of magnitude more efficiently than previous approaches. This makes it possible for Company A to allow Company B to conduct certain types of analysis on Company A’s data, without Company B ever having unencrypted access to the data itself. Data privacy: delivered.

Tierion

It’s hard to say we really control our own identities if the data associated with them can’t be trusted. Tierion provides tools to link identity attestations and other data to a blockchain, so that their integrity can be proven without the involvement of a third party.

How does this work? At a high level, Tierion lets companies make a single entry on a public blockchain to “notarize” as many pieces of data as they want, then generate receipts that can be given to users or auditors to let them verify the existence and integrity of any specific data point.

While most businesses are going to want to use Tierion’s API to get up and running quickly and painlessly, everything is built on top of an open standard called ChainPoint, largely designed by Tierion’s founders. That means that you don’t have to worry about vendor lock-in or Tierion going out of business, because anyone will still be able to independently create and validate proofs adhering to this standard.

*****

We believe these companies are among those leading the way toward a positive and inspiring future for identity. To propel innovation in this space even faster, we’ve invited all of them to participate in Mosaic, a digital identity lab we’re launching out of IDEO CoLab.

By working together, we’re going to help them apply their products and technologies to some of the thorniest identity issues raised by leading designers, technologists, and corporate innovators, who we’ll be announcing in the coming weeks. If you’d like to join us on this journey and build with these companies, get in touch.

Together, we’re going to move towards building more usable, secure, and human-centered identity systems. Watch this space.

 


Dan Elitzer

Dan Elitzer

Blockchain and Digital Identity Lead at IDEO coLAB

Blockchain solutions for supply chain and identity issues

Blockchain solutions for supply chain and identity issues
  • Date: Monday, April 10, 2017
  • Time: 6:30 PM to 9:00 PM
  • Place:  Rise New York, 43 West 23rd Street, New York, NY

Our speakers will share their experience in working with blockchain technology and it’s potential to solve supply chain and identity based humanitarian problems. Following their presentations there will be a brainstorming session focused on defining further what the meet-up aims to achieve by coming together. Continue reading “Blockchain solutions for supply chain and identity issues”

Memo from Davos: We have a trust problem. Personal responsibility and Ethereum are the solutions.

Memo from Davos: We have a trust problem. Personal responsibility and Ethereum are the solutions.
Andrew Keys
19 JAN 2017  ConsenSys
IN _____ WE TRUST

I had the privilege of attending Richard Edelman’s Trust Barometer speech at the World Economic Forum.

Richard was one of the most eloquent speakers I encountered at WEF. He presented the annual Edelman “Trust Barometer” report, based from an online survey composed of 33,000+ respondents in 28 countries. The report paints a relatively dark picture of our world’s global affairs; the title of the document, An Implosion of Trust, says it all.

Some grim facts from the report:

  • Trust in “institutions” defined as governments, corporations, NGO’s and media have all declined in 2016 to trust “lows” that are similar to those during the 2008/2009 financial crisis (without a precipitous event this year, like we had in ‘08).
  • 85% of survey respondents indicated they believe that the aforementioned institutions do not have their best interests in mind, and that they don’t trust in “the system”.
  • Governments are distrusted in 75% of countries.

Richard’s presentation was followed by a panel where ideas were discussed for solutions to rebuild this trust.

At this point, I began to bifurcate “trust” into two broad categories: personal trust and (smart) contractual trust, as I believe there are 2 distinct aspects of the same word.

Personal Trust

Dear CEO, Prime Minister, President et al,

Have you screwed me lately? Will you screw me again? Do you even care? How are you going to fix it? How am I supposed to trust after you’ve already screwed me?

Sincerely,

the rest of us

I purposely pose these questions in crude layman’s terms as this is how the “rest” of the 99.9% of the population, who didn’t attend the World Economic Forum to strategize on improvements for Earth, while over-eating appetizers and drinking champagne are thinking.

Why is trust so low in governments, corporations, NGO’s, and media?

Primarily, most people do not feel like they have insight into the decision making processes of these institutions. Citizens suspect that governments are not deploying their resources appropriately or in order to serve their best interests. It seems like all their tax money vanishes, goes into a giant pool, and then is spent by nameless bureaucrats on projects whose results those taxpaying citizens believe they never see. Governments can be corrupt, with officials siphoning off resources for their own purposes or business interests. Corrupt officials benefit from traditional, nontransparent governance systems whereby they can conceal the flow of money and the provenance of decisions and actions.

Humanitarian aid encounters similar problems, despite, often, the best of intentions. While humanitarian aid organizations are crucial to a world that extends a hand to the poor and disadvantaged, potential donors see media reports about aid organizations misusing funds, or disaster-stricken countries claiming such organizations did not really help them in their time of crisis. In the current system, it is near-impossible for donors to get clear information about how every dollar (or other unit of currency) is being spent. Non-transparency in humanitarian aid gives rise to skepticism about the effectiveness of even the best aid organizations, compromising their ability to gain the trust of donors and beneficiaries.

With so many conversations going on about “fake news”, trust in media has never seemed lower. Distribution platforms for news can make it difficult to distinguish news from reputable sources from news purveyed in order to get “clicks” by content farms with little interest in factual accuracy. The bar has never been lower for new media sites to spring up and distribute content, while audiences seem not to care, or not to be able to distinguish, between reputable and non-reputable sources, undermining general confidence in the institution of media, which can be an important pillar of democracy. If each of us operates with an entirely different picture of what’s going on in the world, what basis do we have to come together and negotiate? To find solutions together for any kind of global problems?

Corporations are often thought in the context of profit-only or profit-first which breeds mistrust.

(Smart) Contractual Trust

Enter Ethereum: The world trust machine

By far, the most spoken about technology in Davos was blockchain and I believe it is due to the aforementioned global implosion of trust. As I posed in this year’s blockchain predictions, the key question asked in 2017, will be How much should we pay to trust each other?

Just as the “institutions” thought they had it rough, another layer of complexity is coming faster than a freight train: Ethereum, the global decentralized trust machine. Ethereum, in my opinion, is the next generation of the internet, or Earth’s veridical (defined: vəˈridək(ə)l /adjective: truthful) computer, which I spoke about in Davos, yesterday.

Ethereum is a blockchain-based, general purpose distributed computing platform, employing smart contract functionality. It employs the Ethereum Virtual Machine and Solidity to execute peer-to-peer agreements. This technology facilitates more efficient and secure transactions without centralized intermediation. Once terms are agreed upon, both assets are in place, they are tokenized, and exchanged by a process called an atomic swap where the trade is the settlement.

Rather than using Microsoft Word, pen, paper, attorneys, auditors, and notaries, our agreements will be codified. The banks are beginning understand this paradigm and are also building Ethereum based smart contract automation processes, as evidenced by J.P. Morgan’s creation and open-sourcing of Quorum.

For those who haven’t read a technical or non-technical introduction to Ethereum, here is an example of what would typically cost a corporation millions of dollars in fees to intermediaries, transcribed into less than 100 lines of smart contract (pseudo) code for the issuance of a public offering or crowdfunding of shares in a corporation.

contract Crowdsale {

struct Owner
uint sharesOwned
uint sellPrice
uint forSale

mapping (address => Owner) ownersRegistry

function CrowdSale (uint shares, uint price, unit retain)
ownersRegistry[msg.sender].sharesOwned = shares
ownersRegistry[msg.sender].sellPrice = price
ownersRegistry[msg.sender].forSales = shares — retain

function purchase (address owner, uint quantity)
owner.send (msg.value)
ownersRegistry[owner].sharedOwned —
ownersRegistry[owner].forSale —
ownersRegistry[msg.sender]sharesOwned++.

function sell (uint price, uint quantity)
ownersRegistry[msg.sender].sellPrice = price
ownersRegistry [msg.sender].forSale += quantity

}

It is early days, and there will surely be the need of attorneys, auditors, and regulators to learn, educate and facilitate smart contracts, but the process will become much more automated, intermediaries will be removed and the cost of trust will plummet.

If you think this is radically far away, Overstock.com has already used Ethereum based smart contract technology to facilitate a public offering.

Who are you? Trusting Digital Identity

The foundation of blockchain based trust, is through digital identity systems, such as uPort.

Individuals, institutions, and other groups, in order to access Ethereum, need a public-private cryptographic key pairing, which becomes their blockchain identity. As, say, an individual interacts with various financial institutions, businesses, government agencies, etc., he or she accrues reputational attributes as attestations that are permanently, immutably, and transparently connected to that person’s blockchain-based identity.

A government agency can have a blockchain-based identity, and so can all the individuals working in that agency who are authorized to make certain kinds of decisions or verify certain types of documents or deals. With a blockchain-based governance system, it is far easier to track how errors came about, perform an audit on a system as a whole, and provide transparency to citizens on decision-making.

Blockchain-based identity, that collects reputational attributes, could be applied to media outlets and individual journalists in a way that allows end users to rate the veracity of statements and reporting, and to flag malicious reporting and factual inaccuracies back to the community. Individuals can build reputation for themselves within such a system such that an experienced journalist at a top-tier, fact-driven outlet with an excellent blockchain-based reputation can vote on the quality of another news article and have her vote more highly weighted than other votes that don’t have strong reputations.

In terms of humanitarian aid, blockchain-based tools are on the way that will allow donors and funders to track how every bit of ether (or fiat currency) is spent on their platforms. Benefactory and WeiFund are two such projects that enable transparent tracking of fund use by funders and donors. Restoring confidence in humanitarian aid and other models of development funding through tracking and transparency is essential to building a world where people who want to help are enabled to do so.

Blockchain-based reputation means that we can dislocate our trust from centralized bodies of individual people — bodies that are subject to human errors, accidents, hacking, indecision, and even corruption — and replace it with trust in shared source of truth resources that are logical and code based, that no human being can manipulate in order to serve their interests. Moving trust to blockchains allows societies to unlock almost boundless meta-efficiencies, to communicate, and work together more seamlessly.

Currently 2.5 billion people worldwide are “unbanked”, which means they are essentially locked out of the global financial system, without access to the resources they would need to secure a loan, have a credit score that shows their financial history, and create a binding contract necessary to doing work or starting a business. With blockchain-based identity and reputation, no centralized services are necessary in order to perform these functions; just a blockchain-based history of good financial behavior, and other positive signals from reputational attributes connected to an individual’s identity. Even beyond the unbanked, smart contracts will allow business and financial activities between actors who never before were able to create value, unlocking enormous potential economic growth.

There is no reason why, using Ethereum, a potential donor in the United States could not give a small business loan in ether to a person in a developing country that they have never met before. Using transparent and secure blockchain-based funding and governance tools, combined with blockchain-based identity that accrues reputational attributes through attestations, this scenario is entirely possible. It could move forward without needing processing by any kind of centralized body.

Touché. But can we trust the blockchain?

After the Edelman Trust Barometer was published, Phil Gomes of Edelman subsequently produced a work titled Hacking Trust: 2017 Edelman Trust Barometer and Blockchain in which over 1/3rd (10 of the 28) of the countries survey respondents trusted “blockchain technology” more than “cloud technology” even though I believe core blockchain technologies are in their 1st inning and cloud is in it’s 5th inning.

This is where blockchain technologists have a responsibility to educate, collaborate, and elucidate the proper use cases for this technology, for the good of everyone in “the system” including citizens, regulators and institutions of Earth.

We may have lost trust in each other, and in many of our human institutions. This loss is unfortunate, and it is felt here at Davos, and across the globe. But blockchain presents us with a unique opportunity to replace that trust and restore it, providing citizens, media, organizations, and agencies with a basis to come to the table again, make decisions together, and heal from the crises in trust that we face today.

Onwards and upwards,

AK

Much thanks to Amanda Gutterman for her contributions to this piece

World Economic Forum FinTech Working Group
Bankers playing with emojis
Patrick Byrne, CEO of Overstock.com
Sam Cassatt, Chief Strategy Officer, ConsenSys
Vanessa Grellett, Executive Director, ConsenSys
The view from the Swedish Lunch over Davos
Vlad Zamfir, Ethereum Foundation, Proof of Stake research lead

Like this piece? Sign up herefor our weekly newsletter.

Disclaimer: The views expressed by the author above do not necessarily represent the views of Consensus Systems LLC DBA Consensys. ConsenSys is a decentralized community with ConsenSys Media being a platform for members to freely express their diverse ideas and perspectives. To learn more about ConsenSys and Ethereum, please visit our website.