We are living in the age when your personal information is a valuable asset, given by you freely and used by others without your acknowledgment.
It is farmed by masses, shared and sold for a maximum gain by companies. How can we change the way we share our identities so they will belong to us and we will know exactly who knows how much about us? We discuss the emerging technologies that can do just that.
Blockchain and SSI
Before we dig in, let’s establish important concepts regarding how identities or personal data travel between entities. For that let’s wrap our heads around these three things: claims, proofs, attestations.
“Hello my name is John Smith, I would like to open a bank account.”
Opening a bank account, ordering an item on the internet, buying a share, selling your car, etc. For all these things you need to utilize a part of your personal information. It can be your age, eligibility, credit score, marriage status, other accounts, ownership, disabilities...
Claims are basically making assertions. A statement like this is a claim: I am over 18 years old, I am married or I own 200 stocks of company A.
Proofs are evidence for the claims made. They can be your identification document, bank account details, company’s registration documents.
Attestations are in the simplest witnesses form. It is a validation from an Authority.
John Smith would need his ID to show the bank in order to open an account. This ID has to confirm that he is eligible to open an account. Also, this ID has to be produced and verified by the related authority.
So what is the problem with our personal information?
Labor: In general, proofs are raw information. They can be an image, a photocopy, a hard copy, a plastic card containing more information than actually needed. Raw information needs to be read, copied, scanned and relevant data must be extracted from them.
Flexibility: Information is organic. People get older, they get married, they change addresses, companies relocate, etc. Each time a detail in the sets of our personal information changes, we need to manually update relevant parties. Basically, tell them that we are not the same with their records anymore.
Ask any bride who got married to a foreigner, she will tell you all the hassle she had to endure to add/change a new surname to her IDs, passports, banks, phone companies, etc.
Mutability: Most of the forms of proofs are subjects to be faked, or forged. This requires another set of verification processes, like notarizations. Extra time and money.
Monetization: In the world of internet, cryptocurrencies, Facebook and Google, we are all giving out our own personal information freely. The collected data is invaluable for marketing companies, development companies, even governments are interested in such big data. To be able to apply whatever filter they can imagine to the masses and categorize us based on our likes, based on our freely given answers about our personal lives.
Europe is one step ahead in this game. After the data leak scandals of global social media platforms, EU pushed a General Data Protection Regulation which was implemented this May, urging companies to take responsibility for the collected information, and how they are maintained.
Facebook has more than two billion users for example. It is not a bad idea to ask for a little responsibility.
Search requests, in general, can give out our deepest secrets. According to the former researcher of big data in Google Seth Stephens-Davidowitz:
"The data is the serum of truth. If you ask in the U.S: "Are you racist?" Everyone will say: "No, I'm definitely not a racist." But in Google, millions of Americans every year look for racist jokes on the web," he explained.
So what options are there?
There are some centralized options which are acting like a vault of data.
If any part of the information is changed, the user just informs this vault and vault pushes the change to all relevant parties. It seems like an ideal solution, isn’t it?
Being a centralized data vault is the same as to paint a target to your back in a war zone. Hackers would love to get their hands on such places. Since it is carrying all the necessary information, a single hack, a single mistake can lead to disasters. There is also the problem of maintaining such a large volume of information efficiently.
Enter SSI (Self-Sovereign Identity)
Simply, SSI adds encryption to your personal information and how it is traded between entities.
SSI is an application, a program solution for this and here is how it works:
- The user has a Public key (a complex numbers and letters, a sophisticated password) and a Private key.
- The user sends his Public key along with his Proof to the relevant Authority to get an Attestment.
- Authority validates the proof and signs the Attestment
- Received Attestment will be stored in the application from now on
- After this, the user can present his Public Key with his Claim to any entity, which now has embedded Attestations.
- The User has control on every piece of information, Claim, Proof, and Attestment.
So far so good but still no cigar, because someone or something needs to manage all the coordination between related parties. Something immutable and decentralized would be great, like blockchain.
Blockchain was the missing link in the whole process.
SSI can cooperate with blockchain to look up identifiers without a centralized data vault.
It looks like pieces are coming together for our future identities.
Blockchain and SSI might create a safer way for us to exchange our information. Along the way costs will be saved, profits will be made, but we might decide if that company can know how many friends we have.
Subscribe to our Telegram channel to stay up to date on the latest crypto and blockchain news.