Can Blockchain Change the Face of Identify Management?
You’ve no doubt heard of Bitcoin: The distributed digital currency that that has grown to tens of billions in value in the past few years. Bitcoin has recently surpassed Justin Bieber in Google Search popularity, so I think it’s safe to say that $BTC is becoming a mainstream concept.
Dig a little deeper and you will understand that Bitcoin is an implementation of a “distributed ledger” that is called a blockchain. Rather than keeping critical records in a central database like almost every company does today, blockchains distribute the ledger information to many different computers. Then when a process requires information from the ledger, it asks all the connected machines to propose the answer. When a majority agree, they are rewarded for their efforts in the form of digital coins. If information on one machine was manipulated, the majority would still be trusted.
A couple of years after Bitcoin was released, some in the cryptocurrency community began to think about making the blockchain more powerful. Rather than just holding information, what if the blockchain could hold a program that executed when triggered? Developers released a new type of blockchain with a specialized programing language that could be used to write “smart contracts”. This new chain was called Ethereum. These smart-contracts have made it easier for teams to build applications that use these distributed network effects. Infact, these applications have a name (dApps) and sometimes even have their own digital coins (altcoins).
Regardless, today, blockchain aficionados think of Bitcoin and Ethereum as the two major public blockchains that should be considered for business functionality, and with this operating model, blockchains become an interesting architecture for managing identity.
Identity on the Blockchain
As much as you’d like to think you control your identity, you really don’t. Vast repositories of information about you are controlled by private companies that make money every time another company needs to validate who you are. Today, we have an identity ecosystem that requires thousands of organizations to pay these identity holders to perform some sort of “proofing” to validate that a user is who they claim to be:
- Your utility company may have validated your address.
- Your bank may have validated your payroll.
- Your hospital may have validated your birth.
- Your government may have validated your SSN.
- Your mortgage company may have validated you creditworthiness.
Each of these organizations have invested in due diligence in “know your customer” processes, and they each now have a piece of the total identity puzzle that is you. But each new credit check requires yet another set of validations, and in the end, your identity gets spread wider and wider into more centralized databases that can be hacked.
With blockchain, we can fundamentally change how management of identity takes place.
First let’s start with a radical premise - that you should own your identity information, and should be able to control who sees it - and even be compensated when your information is valued by someone else.
Now Imagine an app called MyID that you install on your phone for a small fee of $1.99. This app - tied to your phone becomes the trusted digital wallet of your identity. Using your biometrics, only you can access the app, and the biometrics data and the identity data all sit within your phone and are never transferred to a server elsewhere without your permission.
Once your app is installed, you go through an identity proofing process where you answer questions that allows MyID to validate who you are and issue a certification for each piece of identity that it validates. These certificates live in the blockchain and therefore can’t be altered, and the underlying data sits encrypted on your phone and also can’t be altered.
With this model, you have a favorable configuration for the consumer. They can share proof that MyID has validated their identity (tied with the device), or they can share the underlying identity data piecemeal as they see fit.
If a credit card company wants to issue you a credit card, they can request various data points, and may give you more credit or a lower rate if you provide more certified identity data.
If an online advertising company wants to better target advertisements to you based on your income, you can share your certified income level (but not your contact information) with them for a fee (payable to you) for a piece of every advertisement you look at - which can be managed on a different blockchain.
Large companies are not left out of this loop. If your mobile network operator already has identity data about you, they can contribute that information to you and can certify if. Now when a third party wants that info, both you and the MNO can get a cut of the fees with your permission.
With blockchain technology, we have the opportunity to reframe risks of identify theft, while also bringing stronger privacy and digital rights to end consumers. There are many reasons why this is the future architecture of identity - and consequently there are many reasons why incumbent organizations will do whatever they can to delay or prevent it from emerging.