Digital Identity is Essential for Online Privacy, But Who’s Leading the Pack in 2021?

As we live out more and more of our lives online, the need for a comprehensive digital identity solution is becoming more pressing, and for several good reasons. First, and perhaps the most significant driver from the individual perspective, is privacy.

The increasing shift to digital means users must leave electronic copies of sensitive paper documents like passports or identity cards littered across the internet. Furthermore, high profile data breaches have become so normalized, they barely break news headlines anymore. In one of the most recent instances to affect a high-profile firm, Spotify was forced to reset user passwords after it admitted that it had leaked customer data to its third-party business partners. The average user already has around 100 online account passwords to manage, creating a poor online experience with too much friction.

From the enterprise perspective, firms are also taking responsibility for significant swathes of user data. In many circumstances, it would be easier for them to navigate data protection legislation such as the EU GDPR were they not to collect it.

The answer to all this lies in equipping users with self-sovereign digital identities. The general idea is that individuals will hold all of their data in an online wallet and decide for themselves which parties have access. Although there are several approaches, using blockchain technology is a popular choice because it offers multiple advantages, including user privacy and control thanks to public-key encryption.

With the concept of digital health passports on the horizon following the rollout of the COVID-19 vaccine, there’s a powerful imperative to provide a suitable solution. Currently, there are several firms making significant strides in the area of blockchain-based digital identity. Here are a few of the frontrunners.

1. Concordium

Concordium is a brand-new, enterprise-grade blockchain platform set to launch on mainnet in early 2021. Unlike most public blockchains, which are predicated on the principles of pseudonymity, Concordium has integrated an identity layer connected to the real world.

When users create a Concordium account, they have to provide their ID or other credentials to an off-chain identity service provider. The provider then creates their on-chain digital identity, which makes use of zero-knowledge proofs. These proofs allow any two parties to interact with the ability to verify that the parties are identifiable but without revealing their actual credentials.

To put this into a real-world context, a merchant selling age-restricted products could confirm that a customer is of the appropriate age for a purchase, but the customer wouldn’t have to disclose their birth date.

A built-in compliance mechanism ensures an account can be identified if there’s a legal need to do so. The Concordium Foundation appoints a group called “anonymity revokers.” Upon receiving a legally valid order, the anonymity revoker can decrypt the user’s account, allowing the identity provider to reveal the off-chain credentials to the legal authorities. However, nobody except the identity provider ever handles the identifying documents, ensuring that the user can transact in total privacy for almost all everyday purposes.

Concordium is being developed by a team that includes heavyweights from business and academia. CEO Lone Fønss Scrøder holds senior executive positions at Volvo and IKEA, while founder Lars Seier Christensen founded investment bank Saxo in the 1990s.

2. Microsoft

Tech giant Microsoft is also leading the pack on digital identity, and perhaps surprisingly, is also championing a decentralized approach using blockchain as a foundation. Even more surprisingly, Microsoft opted to use the Bitcoin blockchain as an infrastructure layer for its digital ID.

The Identity Overlay Network (ION) is based on Microsoft’s blockchain-agnostic Sidetree protocol, designed to create scalable digital ID networks. The ION is designed to deliver digital ID solutions at scale while taking advantage of the security and decentralization of the Bitcoin network. The company launched a beta version of ION in June 2020.

Microsoft, along with Accenture, the Rockefeller Foundation, and vaccine alliance Gavi, is a founding member of the ID2020 Alliance dedicated to equipping everyone in the world with an identity. As the result of a collaboration with Microsoft on digital identities, payment behemoth Mastercard also joined ID2020 last year.

3. Elastos

Elastos is on a mission to build a decentralized internet of value, with the concept of self-sovereign digital identity at its core. When a user signs up for Elastos, they’re automatically assigned a digital ID to use with any application operating on the network.

Recently, Elastos confirmed that it had launched a privacy-centric messenger application called Hyper, which will soon be available for the Android and iOS operating systems. Whereas many existing messenger services harvest user data, Elastos assures users of total privacy. They can sign up using their Elastos digital ID, and messages are transmitted using the Elastos Carrier network of distributed nodes, meaning that user communications aren’t even stored on any servers.

The launch comes after the project also launched a decentralized, privacy-focused file storage solution for applications operating on the network.

Elastos was founded by Rong Chen, one of the World Wide Web’s original creators and a former executive at Microsoft. He left big tech with the idea of developing Elastos as an open-source, decentralized version of the internet that puts the user in control. The Elastos Foundation recently joined the World Economic Forum as part of its efforts to bring ethical standards to data collection.

This list is far from exhaustive. Other projects and firms, such as Civic and Accenture, are also developing digital identity solutions based on blockchain. Still others, such as DocuSign and KYC Chain, are looking at more specific ways to ease the general growing pains of digital transactions from the user and enterprise perspective.

Therefore, it seems unlikely in the end that there will be “one digital identity to rule them all.” However, even incremental steps in enhancing user privacy and reducing the administration involved in access rights and data management will be a vast improvement over the status quo.

10 thoughts on “Digital Identity is Essential for Online Privacy, But Who’s Leading the Pack in 2021?”

  1. That's a good one. My wife likes to keep cash around the house, and I keep telling her to put it in the bank. What if the house burns down? I do have a quantity of gold and silver that I inherited when my mom passed, but if the house burns down it'll be recoverable. Paper money; not so much.

    Reply
  2. I took some cash out of the bank at the beginning of 2020 in case there was any disruption of banking services (who knew, back then, what was going to happen).

    So far the only thing I've been able to spend it on is buying second hand bicycle parts from some guy in his back yard. I've still got most of it.

    Reply
  3. Governments dont resist putting your personal information in public databases; They do just that all the time, albeit unintentionally.

    —Drake

    Reply
  4. Given the scale of the problem – billions of people, and maybe trillions of devices if identity of IoT devices is needed – no single blockchain or even a few hundred could handle it. Worse in the future.

    Also, identity is too important to entrust to a single commercial or governmental entity. It calls for an open source standard implementing an extremely distributed but universal database. (Governments will resist this, of course.)

    Each individual using the identity service should need to implement a redundant fragment of the overall database on a personal or trusted shared device. That way, the average data comm and processing load per individual device would average only a bit more than the average individual's (or device's) usage.

    Not sure how much data has to be stored per ID. Maybe 10KB per ID, allowing each fragment to store ~10K identities? That's enough for adequate redundancy, with ~10K fragments containing each unique identity record. Essentially all IDs would always be available (barring an EMP or massive CME event with all our devices inadequately protected – we REALLY need to address that before it bites our civilization HARD).

    Reply
  5. Here in Sweden there is already a fully developed solution in use called BankID. This is purely national and is used by all banks, authorities etc. It's available on mobile phones and computers. The computer solution has a card and a USB card reader for extra security. The Swish instant payment system that everyone uses here is also integrated with BankID (free instant micro transactions with phone).

    This is used by everyone for many years and it's hard to imagine anyone switching to something else for domestic use. If Sweden is any clue, there will be a difference between national and international solutions. Authorities will want a domestic system for now. The main driver is the motivation to being able to monitor economic transactions and tax the citizens. Thus, the authorities ally with the banks and provide convenient tech for free to ensure widespread adoption. In Sweden, cash is now almost gone for real world use.

    Reply
  6. Wow, some people just can't let go of the blockchain hype…

    That said, ZK-SNARKS as a method to provide confirmation without revealing data, the core crytptography being heavily researched for zero-knowledge based cryptocrurrencies with strong privacy like z-cash and friends, is a thing, and ZK stuff is independent of blockchain tech in theory.

    An argument could be made that a blockchain-analog for storing password vault wallets might be valid, due to the low update frequency of passwords covering for the low transaction rate of said blockchain. But that doesn't cover the economics of the blockchain hosting. Essentially several identity providers would have to host the whole blockchain (well, the most recent wallets of the vast majority of users) to cover decentralization distribution, but who pays for that how? How does one pay for updating your password vault wallet and distributing it into the system? How would one do that anonymously, or reasonably pseudoanonymously? These are hard problems that blockchain doesn't necessarily solve, and may in fact make it harder to do so.

    We still don't really have a proper centralized digital government ID in many places, and that is a much simpler problem space that is served with government controlled PKI CA's and smartcard physical/digital hybrid IDs. A more similar problem space would the push towards universal digital health records, which has onerous access complexity issues.

    Reply

Leave a Comment