Welcome to New America, redesigned for what’s next.

A special message from New America’s CEO and President on our new look.

Read the Note

Close

fingerprint

The Nail Finds a Hammer

Table of Contents

Exploring Three Platforms Through the Principles

The features of a digital identity solution are obviously technical, and are often explained in jargon. To many stakeholders, therefore, the specific aspects of a platform can be overlooked if it is functional overall. For example, Aadhaar appears sufficient at a distance, but it has frequently suffered data leakages1 from its centralized servers.2 Yet correct solution design, including data storage, accessibility, and privacy, is critical if individuals are to safely and securely utilize a digital identity every day in the real world.

Our goal is to familiarize policymakers and other stakeholders within the international development space with effective solutions to their identity problems. Utilizing our adopted set of “Principles of Identity” as a framework, we now examine the design specifications of the aforementioned firms’ self-sovereign identity solutions. We aim to provide high-level overviews of the three platforms, comparing and contrasting their functionality.

Our methodology included desk research and interviews with company leadership and employees. To help ensure uniformity and impartiality, an identical and standardized set of questions was asked during interviews. General design question themes include platform architecture, governance, data storage, tokenization, key management, and biometrics. 3

1. Inclusion - Identity should be available to all

The three firms aim to maximize inclusion within their solutions through free access to basic services.

All claim to not discriminate against potential users due to ethnicity, gender, socioeconomic status, or language. However, their respective degrees of outreach to different audiences vary.

Everest strives to include the “Bottom of the Pyramid,”4—the “unbanked” and the “unverified"—within its solution.5 To accommodate for illiteracy and a lack of technological know-how, its platform will employ pictograms, biometric scans (in place of written passwords), and voice commands. Everest will also allow coaches—or “agents”—to guide users through any process.

Evernym, through Sovrin, wants to enable universal accessibility. The Sovrin white paper explicitly states that, “a global public utility for self-sovereign identity must meet the identity needs of everyone,” and that “the goal must be identity for all.”6 The firm, through a concept of “guardians”, will enable a person to manage an identity on behalf of a vulnerable individual or anyone else unable to manage their digital wallet.7

uPort, as part of ConsenSys, is more so configured to support people within the Ethereum community, and within the crypto-community generally. Nonetheless, the firm provided the example of red and green buttons as a cross-cultural and intuitive design feature that it is considering for use within its platform.

Everest and Evernym are noteworthy for two reasons. First, use of their dApps will not necessarily require smartphone ownership. Although studies do suggest that hardware penetration is increasing in the Global South, access in least developed countries is still a challenge (See Box 6 below).8 As our study is focused on the developing world, we believe that it is essential to account for individuals lacking sufficient resources. Everest, in particular, intends to ease enrollment, and therefore inclusion, through the use of paid “agents” owning smartphones.

Second, the ability for an “agent” or a “guardian” to ease interaction with an identity solution can help to ensure widespread inclusion and use. Even the most intuitive and user-friendly system may still be challenging for uneducated or illiterate individuals with limited technological exposure. Important tasks, such as accessing food subsidies, voting, or scheduling a medical appointment, may seem intimidating or even impossible no matter how “simple” a process has been designed to be.9

Box 6

Smartphones and the Developing World

The term “smartphone” refers to hardware that enables a user to connect and transfer data to an external network and/or the internet. Through decentralized applications, these gadgets essentially serve as entry/exit points to an SSI platform and its wider ecosystem.10

Most stakeholders within the space believe that users will usually access their self-sovereign identity via smartphones with internet connectivity. Recent statistics concerning mobile phone penetration and internet access throughout the developing world suggest that the implementation of SSI solutions is possible and will likely become easier with increased smartphone penetration.

  • According to the Pew Research Center, “the share of people who use the internet or own a smartphone continues to expand in the developing world.” Between 2013 and 2014, a median of 42 percent of respondents across 19 emerging and developing economies said they accessed the internet at least occasionally or owned a smartphone. By 2017, a median of 64 percent of respondents across these countries responded the same.
  • A 2017 report by the International Telecommunication Union indicated that the penetration rate for mobile subscriptions was at 98.7 percent in developing states. Even in least-developed nations, the penetration rate was at 70.4 percent and rising. The report suggested that there will soon be more than one subscription per person except in the world’s poorest countries.
  • The World Bank reports that “all regions of the world are gaining access to the internet and mobile phones, with mobile phones driving a great deal of the gains. In sub-Saharan Africa, more than 60 percent of individuals now have access to a mobile phone…mobile phones are superseding or preceding other communication methods as the technology of choice for individuals looking for greater interconnectedness.”
  • As a caveat, the World Bank 2016 World Development Report, Digital Dividends, cautions that, “despite the rapid spread of digital technologies, more than 800 million people lack mobile access worldwide (63 percent of them in the bottom 40 percent of the income distribution), and 4.3 billion lack internet access (49 percent in the bottom 40 percent). For every person connected to the internet in developing countries, almost three are not, and in some countries, 20 are not.”

Mobile phones are not identical to smartphones, but trends do suggest the trajectory of increasing smartphone penetration in the developing world in the coming years.11

2. Control - Users must control their own identities

Individuals, not technology companies or governments, must have ultimate control over their identities and related PII. Only users should be able to access, update, share, hide, or delete their personal data. No self-sovereign identity firm, or any other third party, should ever be able to revoke an identity. All three firms agree, but will enable an individual user to possess and control their self-sovereign identity through different methods.

The Everest solution will allow only a user to “unlock” their EverID Datagram. This will be accomplished via biometry—a faceprint and/or a fingerprint scan—and a PIN/password. Lacking smartphone ownership, a user will be able to control their data through an “agent device.”

Decentralized storage of private keys and personal data within the Everest solution will further ensure user control. Through the Identity Network Foundation (INF) supernode infrastructure,12 data will be stored in IPFS, spread across multiple data centers and various geographies.

Everest will further provide for the ability to recover control of an identity. Through provision of biometrics and successful completion of a “challenge process,” a user can regain command of their EverID Datagram on any Everest-enabled hardware device. We believe that this feature is especially pertinent to the developing world, as social upheaval, natural disasters, and large-scale population movements can easily result in the loss of a personal device.

Evernym will store all personal data on the user’s smartphone. If desired, PII and a “recovery key” can also be encrypted and stored on the cloud. Control in the Evernym solution will also be enabled through biometry; but the Connect.Me dApp will use the default biometrics on a given smartphone.

The Evernym solution will provide a simple export/import option to recover a private key and therefore control of an SSI.13 While the firm did not provide details, exportation of a private key usually involves the creation of a file containing private key data and its transfer to a new or different wallet. An individual can generally import a private key into a digital wallet via a text file or QR code scanning.14

Tech savvy individuals may find this process relatively simple and straightforward. But a refugee is unlikely to carry along a text file containing Evernym private key data as they flee violence; a poor migrant worker may lack the resources and knowledge to manage their key in such a way. The aforementioned ability to backup both PII and a key in the cloud, as well as the potential to designate a “guardian,” may mitigate this concern in the developing world.

uPort stores private keys and PII on user smartphones, and does not necessitate the use of biometrics to enable control of a self-sovereign identity. An individual can use the standard biometric functions of a smartphone as an additional security layer, but the solution only necessitates provision of a PIN and a basic password for control. In general, uPort is concerned with the potential for biometrics to allow for identity correlation.15

uPort relies on a seed phrase to recover control of an identity.16 In regard to its target audience, it should be relatively easy for a member of the crypto-community to record a seed phrase for later use. Vulnerable individuals—such as IDPs, refugees, and persecuted minorities—in developing countries might encounter considerably greater obstacles in storing their own seed phrases for quick access.

Overall, user control of an identity will allow individuals to selectively update, share, hide and delete personal information. Decentralized and encrypted storage can also limit third-party access to data and should bolster privacy.17 For marginalized populations in the developing world especially, control over identity is crucial. Selective disclosure of PII can help to protect ethnic and religious minorities, women and children, migrants, and individuals diagnosed with infectious disease such as HIV from discrimination, abuse, and violence.

3. Access - Users must have access to their own data

Self-sovereign identity firms should endeavor to create easy enrollment in, and access to, their platforms. Indeed, all three will allow for self-enrollment within their solutions. At a minimum, an individual must input basic demographic and/or biometric data to satisfy enrollment requirements.

Enrollment and subsequent access will require interaction with hardware—typically a smartphone or tablet, or possibly a laptop—and internet connectivity (See Box 6 above). Reliance on these devices might compromise access in the developing world, but this could be mitigated via agents and/or public access centers. Additionally, hardware is constantly improving and becoming more affordable. Humanity continues to urbanize, and technological resources tend to be more readily available in cities.18

Everest will employ coaches—or “agents”—to help users without smartphones enroll and access its solution. Following user provision of biometrics to an “agent device,” pre-designated “agents” should be able to guide individuals through any process in the Everest platform. These “agents” will be compensated based on the subsequent economic activity of previously enrolled users.

This arrangement may become less necessary with increasing rates of smartphone ownership and accompanying technological literacy. But a network of Everest “agents,” employed to enroll and authenticate users without personal devices, would be especially helpful during and after chaotic population upheavals caused by conflict or natural disasters. Perhaps multiple Everest “agents” would be present in a refugee camp within such a scenario, allowing for continued access to self-sovereign identities.

Evernym, via Sovrin, will include a concept of “guardianship.” The feature will enable a trusted party to manage the identity of a vulnerable person. We believe that Evernym is prescient to allow for this possibility within its solution design. There will always be defenseless individuals in the world, such as sex-trafficked children, the elderly, refugees, or people who are ill. The Evernym decentralized application will allow pre-designated and responsible “guardians” to manage self-sovereign identities in the best interests of these groups.

uPort does not currently plan to utilize “agents” or “guardians” within its solution. But the firm does attempt to expand access by reducing reliance on a specific hardware device. uPort asserts that an individual smartphone, or any other device, is not part of a user’s decentralized identifier (DID)19 within its solution. This allows individuals to switch devices without the loss of an SSI, and protects against the loss or replacement of a device.

Box 7

Multiple Enrollments & DIDs

The platforms have significantly different opinions regarding if one person can or should have multiple identifiers on their platform. The debate becomes philosophical quickly and is beyond the scope of this paper.

  • During enrollment, Everest will cross-references a single-purpose database of encrypted and anonymized biometric data that flags attempts by existing users to create new accounts. The firm holds that one individual should only have one identity on their platform.
  • Evernym stated that organizations utilizing the Connect.Me dApp will be responsible for identifying and authenticating users before issuing credentials, and for enforcing any duplication requirements within their own “trust frameworks.” Of note, Evernym does enable the use of multiple decentralized identifiers on their platform (See “9. Minimization – Disclosure of identity information must be minimized” in this section).
  • uPort reviews previously enrolled phone numbers whenever a new user creates an identity. An individual could theoretically create a second identity through possession of a second phone number. But uPort maintains that it becomes harder to possess multiple IDs in relation to sensitive applications of the solution—such as KYC/AML—that require verifiable credentials issued by governments or employers.

4. Transparency - Systems and governance must be transparent

Transparent governance and open solution design should help individuals make informed decisions about their identities and PII. As demonstrated in Figure 2, we believe that a suitable model for an SSI ecosystem includes a platform, a private firms providing value-added services for that platform, and an independent foundation stewarding the platform.

Everest plans to establish the Identity Network Foundation (INF) in December 2018. The INF will be a nonprofit organization and will govern the Everest ecosystem.20 As previously mentioned, INF board members must originate from an established NGO or international organization committed to socioeconomic development. Everest states that the INF “is designed to ensure transparency, neutrality, security and longevity of the Identity Network.”21

The Everest platform is based on two private and permissioned instances of the Ethereum blockchain.22 Everest believes that there is no need for the general public to access its technology through any mechanism other than the dApp or the software development kit/application programming interface (SDK/API).23 Everest utilizes Ethereum code specifically because “it is a proven, trusted open-source system which is built by a highly-engaged distributed organization and which has a vibrant developer community.”24

Evernym, and the Sovrin ecosystem, will be governed by the Sovrin Foundation, an international nonprofit organization. The Sovrin Foundation Board of Trustees consists of 13 individuals from around the world and is bounded by the Sovrin Trust Framework, a set of business, legal, and technical policies originally published in June 2017.25

Through the Sovrin Network, Evernym uses an open source, hybrid architecture that provides access in a permissioned ledger. The overlying identity system does not require permissioning; only the need to be cheap and fast.26 Any individual and/or organization will be allowed to enroll and create DIDs. But all nodes, and most importantly, validator nodes,27 will be managed by stewards. Organizations are invited by the Sovrin Foundation to become a steward, and must agree to act in accordance with the rules set out in the Sovrin Trust Framework.28

Responsible governance provided by the INF or the Sovrin Foundation, along with secure blockchain implementation, might help to prevent the misuse of digital identity and PII in the developing world. For example, in contrast to the poorly-defined legal framework surrounding official use of Aadhaar-related data,29 a limited, enforceable, transparent set of rules—such as the Sovrin Trust Framework—could mitigate against unwarranted data collection and location monitoring. Malicious actors might be prevented from tracking and targeting marginalized groups, ethnic, religious, or otherwise.30

The uPort platform, which was conceived as base infrastructure for projects requiring digital identity– does not have a governance model. Leadership has not declared an intention to create a foundation analogous to the INF or the Sovrin Foundation, yet we believe that such an entity is necessary if uPort aims to become a major player within the digital identity space. This independent organization could help to protect users’ interests and to ensure that all actors within the ecosystem behave accordingly.

uPort is based on the open source and public Ethereum blockchain, largely because it is relatively easy to create a wide range of decentralized applications using the technology. This choice noticeably introduces additional costs, as the public Ethereum blockchain requires expensive computational activity and Gas fees in order to add new transactions to the ledger.

Table 5: Blockchain Implementations of the Self-Sovereign Identity Firms

Self-Sovereign Identity Firm Blockchain Implementation Reasoning
Everest Permissioned Ethereum Blockchain - Privacy/protection of Everest technology - Trusted system backed by highly-engaged organization and active developer community
Evernym Hybrid Hyperledger Indy Blockchain - Public: anyone can use identity ledger - Permissioned: achieve trust in Sovrin as a global public utility{{273}}
uPort Public Ethereum Blockchain - A tool for dApps within Ethereum ecosystem

5. Persistence - Identities must be long-lived

A self-sovereign identity solution must last for decades, at least. An individual should possess an identity from birth until death. Each firm also recognizes the need for long-term persistence, although they have developed very different strategies for achieving this goal. These schemes are rooted in both foundational infrastructure and commercial/operational models.

At the core of the Everest solution are two private Ethereum-based blockchains: the EverChain, a blockchain-based transaction system, and the EverID blockchain, which includes a pointer to the storage location of the EverID Datagram on IPFS and a hash31 of the EverID Datagram for integrity checks.32 Everest supernodes, which host the two blockchains, will be operated by members of the Identity Network Foundation.

The two Everest blockchains will exist in parallel to the public Ethereum blockchain. The private and permissioned network will utilize independent software and hardware and Everest leadership maintains that their solution would be unaffected if the Ethereum mainnet were to suddenly disappear.33

Everest claims that its solution will reduce fraud and leakage, possibly saving significant sums for organizations globally, and that it will “make identity verification at scale more cost-effective than ever before.”34 Although these benefits, if realized, might lead to widespread adoption, the Everest business model also involves driving other economic activity within its ecosystem. The firm will charge entities for access to its multi-functional marketplace, and will levy small fees for specific user actions.35

Evernym will be based on the Sovrin Network, a purpose-built blockchain for self-sovereign identity. As of late July 2018, forty-one Sovrin stewards have commited to host network nodes in at least 12 countries.36 Evernym infrastructure for the Connect.Me dApp will be primarily hosted on the AWS.

We are cautiously optimistic regarding the persistence of Sovrin, despite the fact that the blockchain is single-purpose. By electing to make the software open source as Hyperledger Indy, Evernym has positioned the network for widespread adoption and has likely increased its odds of persisting.37 In addition, the Sovrin steward framework, with companies such as IBM, Cisco, and ATB signed on to operate nodes, suggests that the ecosystem has staying power.38

The Sovrin Foundation claims that the Sovrin Network can help to mitigate the enormous costs—hundreds of billions per year globally39—related to cybercrime and data breaches.40 The white paper specifically asserts that the Sovrin Network could reduce costs and increase efficiency in the major industries of: identity and access management; cybersecurity; regulatory technology; and data integration.41

For its part, Evernym maintains that its Connect.Me dApp will lower the costs and risks of identity verification. The firm will therefore sell its identity verification “toolkit”—which includes the Hyperledger Indy SDK, a user interface, and its mobile application—to institutions on a subscription basis.42 Evernym also plans to support the Sovrin Network through future products and services.

uPort, as part of ConsenSys, is dependent on the live, public Ethereum blockchain and views itself as an enabler of the ecosystem. But the uPort team does not host any servers. dApp developers must maintain the physical infrastructure of the platform instead.

The working assumption within its community is that Ethereum will persist.43 The platform is “generalized so that anyone can program it for their specific needs.”44 This versatility may very well incentivize widespread adoption of the technology. At present, Ethereum has a market cap exceeding $20 billion, over 1,900 decentralized applications, and scores of developers building upon it.45

uPort asserts that its foundational identity infrastructure will always be free to the user. Only entities need to pay Gas costs in order to validate credentials. Eventually, uPort would like to be utilized in an identity validation market, and anticipates requiring organizations to pay fees. The firm hopes to gain a better understanding of a holistic and viable business model as the underlying Ethereum platform evolves.46

Table 6: The Persistence of Self-Sovereign Identity Solutions

Self-Sovereign Identity Firm Ecosystem Business Model
Everest Private Ethereum Blockchains - INF Supernodes - Private chains - Unaffected by loss of Ethereum mainnet - Charge entities for access to multi-functional platform{{290}} - Levy small fees for specific user actions
Evernym Sovrin Network - Hyperledger Indy - Steward Framework including IBM, Cisco, and ATB - Sell identity verification “toolkit” to institutions on a subscription basis - Support Sovrin ecosystem through other products and services
uPort Ethereum - Utility of smart contracts and dApps - Engaged and growing community - Ecosystem valuation - Eventually aims to be utilized in an identity market and will require entities to pay a small access fee - Will gain better understanding of business model as Ethereum matures

Even given viable incentives for adoption, or sustainable business models, there is no guarantee that any solution will be utilized and/or exist in perpetuity.47 We remain confident but guarded about each. While unlikely, it is not impossible that a network could fail. The ability for users to transport their identity to another system is clearly crucial.

6. Portability - Identity information and services must be transportable

It should be possible for the user to transport their identity and any related data from one platform to another, different platform. The wider community is aware of this necessity and is currently within the process of establishing open standards at forums such as the Decentralized Identity Foundation (DIF)48 and the World Wide Web Consortium (W3C).49 Due to this extensive collaboration, we expect that the transportation of a self-sovereign identity will be possible in the future.

The digital identity firms claim to account for portability within their solutions:

  • Everest is planning for the user to be able to transport their self-sovereign identity to another platform through use of DIF standards.
  • Evernym noted that the Sovrin Trust Framework states that, “the design, governance, and operation of the Sovrin Network shall provide Members with portability of their Public Data and Private Data to the greatest extent feasible consistent with the other principles herein.”
  • uPort leadership maintained that the transfer of an identity and any pertinent data to another service would be intuitive.

The use of open source code, open standards, and a standard process for private key recovery50 may reduce dependence on any single solution. But the actual process of transporting a self-sovereign identity from “solution A” to “solution B” remains unclear from available resources. One reason that firms will need to address interoperability is to be able to manage against vendor lock-in –people are not going to invest in an SSI solution if they are not able to get out at a later date.

7. Interoperability - Identities should be as widely usable as possible

The digital identity space is becoming increasingly competitive, and it is far from clear if any particular platform will experience widespread and predominant adoption in the future. As the community expands, solutions must be able to communicate with each other at scale. Governments and large organizations will greatly value the ability to choose a distinct SSI solution and still be able to communicate quickly and efficiently with entities that decided to adopt a different platform.

Although Kaliya Young recently observed that there is still a significant amount of work to be done regarding interoperability, important stakeholders are coordinating with one another to build a broad, interoperable ecosystem.51 This is still clearly an evolving arena, but the digital identity firms within this report have signaled use of common technical standards:

  • Everest stated that its solution will be able to interoperate with existing systems over its API or Conduit System, and with other SSI solutions based on DIF standards.
  • Evernym, as well as the larger Sovrin ecosystem, will adhere to emerging DIF and W3C standards, as well as a communication protocol derived from the open source Hyperledger Indy project.
  • uPort shared that it is an active member of the W3C, and that its architecture complies with accepted Ethereum, smart contract, and verifiable credential standards.

Significant attention has been directed towards the interoperability of decentralized identifiers, or DIDs. According to Michiel Mulders, a blockchain developer at TheLedger,52 a DID is “nothing more than a scheme with several attributes that uniquely identifies a person, object, or organization.”53 DIDs are fully owned and controlled by the “DID subject,” independent from any centralized registry, identity provider, or certificate authority. Additionally, every DID is cryptographically secured by a private key managed by the owner. 54

Markus Sabadello, CEO of the digital identity and personal data company Danube Tech, notes that “DIDs are an important innovation because they give us the ability to establish digital identifiers that are persistent, secure, and globally resolvable.”55 And because the technology is based on an open standard, any self-sovereign identity vendor can create a “DID method,” defining how DIDs are written and read on their particular blockchain.56

Everest currently perceives the use of DIDs as unnecessary within its solution. Leadership does view the principle of interoperability as important within the SSI space, but does not believe that the DID protocol has reached an adequate level of sophistication for adoption at present. Everest does not want to risk the security of PII through interoperability at this moment.57

In contrast, the Evernym solution will utilize multiple, pseudonymous DIDs in order to prevent identity correlation (See “9. Minimization – Disclosure of identity information must be minimized” in this section). A unique DID will be created for every new connection between individuals, and also for every new relationship between an individual and organization, within the Sovrin Network.

uPort also incorporates the decentralized identifier into its solution. The firm critically does not use multiple DIDs, however. uPort considers the extensive writing of data on to the Ethereum ledger to be too expensive to do so.

The Decentralized Identity Foundation is currently developing a “Universal Resolver” to enable communication between DIDs situated within different solutions. This software58 will retrieve information, such as the “DID method,” public key, and service endpoint, of a particular decentralized identifier, allowing for the more widespread formation of relationships, transactions, data sharing, and messaging. Both Evernym and uPort decentralized identifiers are included in the initial phase of this project.59

Box 8

Scaling of the Self-Sovereign Identity Solutions

A self-sovereign identity solution may experience millions of data writes, data reads, and transactions each day given interoperability and worldwide expansion. The Everest target population includes 1.1 billion people without a verifiable identity, 2.6 billion people without a bank account, and 5 billion people without a smartphone.60 The Sovrin Foundation aims to create a global public utility for self-sovereign identity that meets the needs of everyone; its whitepaper explicitly mentions the 1.1 billion people worldwide without a legal identity.61

Blockchain technology has already suffered from issues related to scalability and transaction times.62 Although a number of resolutions have been proposed and/or are in development,63 it is critical for digital identity firms to account for scalability:

  • Everest asserts that its EverID blockchain will ensure that user validation is quick and cost-effective, as it will cost only a few USD cents per validation. The firm states that EverChain, its private and permissioned transaction blockchain, will be able to handle a volume of billions of transactions a month—with the ability to scale to trillions—utilizing the Proof-of-Authority consensus mechanism.
  • Evernym did not express much concern regarding scalability, as the company stated that the majority of user connections within its Connect.Me dApp are pairwise and/or peer-to-peer, and do not require interaction with the Sovrin public ledger. Still, the Sovrin Foundation is aware of potential issues related to scalability once the Sovrin Network goes live. The Sovrin whitepaper reads:

If you image every person, organization, or thing needs a collection of DIDs—one for every relationship they have—then it is easy to imagine that there could be trillions of DIDs in a globalized decentralized identity system…to overcome this hurdle, the Sovrin Network is designed to use two rings of nodes: a ring of validator nodes to accept write transactions, and a much larger ring of observer nodes running read-only copies of the blockchain to process read requests.64

  • The Ethereum community currently recognizes that scalability is an issue, largely because the public Ethereum blockchain only processes about 15 transactions per second. Developers are actively attempting to solve the problem, and uPort recently shared a resolution for its platform:

Instead of registering one or multiple smart contracts on the blockchain, all [a user] must do now is create an Ethereum key pair…since no transaction is needed, [an identity] is strictly speaking anchored on the blockchain rather than created on the blockchain…the process is so rapid and seamless that millions of identities could be created in a single day…this means [uPort] can finally support very large-scale applications, such as national identity projects65 (See “10. Protection – Users’ right to privacy must be protected).

8. Consent - Users must agree to the use of their identity or data

The recent creation of massive and centralized databases by firms, such as Facebook and Equifax, and by governments, such as India with Aadhaar, has resulted in controversial and often unauthorized use of personal data.66 Digital identity firms should prevent misuse of personally identifiable information by requiring organizations to ask for explicit and repeated permission to access, utilize, and share user data.

Everest will require user biometry to access a EverID Datagram and any related data. PII will not be able to be accessed and shared otherwise. The firm even plans to incorporate “proof-of-aliveness” tests within its biometric system in order to prevent replay attacks.67

The Evernym Connect.Me dApp will necessitate user biometrics in nearly all circumstances to access a particular identity and its associated information. Individuals will also be obligated to provide biometric data to create peer-to-peer communication channels with other people and organizations; to accept credentials from an issuer; and to share credentials.

uPort stated that PII within its solution can never be accessed without explicit permission from the user. Any and all data requests are displayed in a clear and concise format for approval or rejection.

In most cases, nearly all adult users should be able to express consent when using a self-sovereign identity solution. But we believe that self-sovereign identity should be provided from birth to death. Infants and younger children will not be able to understand requests and give consent for a third party to access their personal data.

As the Everest solution is designed to provide a self-sovereign identity across a human lifespan, the firm plans to enroll minors and associate them with their parents who have custody of them.

Evernym, through the Sovrin Trust Framework, ensures that adults will be able to operate in a “guardianship” capacity for identity owners who cannot manage their own SSI, including minors.68

uPort does not explicitly claim to provide self-sovereign identity for a complete lifetime. This feature is likely unnecessary, as the decentralized application is largely designed for use by the Ethereum community. Leadership nevertheless claimed their intention to include a function for the management of others’ digital identities in a future version of its dApp.

The need for privacy and the ability to consent to, or deny, the sharing of PII is increasingly recognized as a right throughout the industrialized world, as demonstrated by the 2018 EU General Data Protection Regulation and the 2018 California Consumer Privacy Act.69 This ability to safeguard sensitive personal information is also vital for vulnerable groups.

For example, a recent UNHCR initiative collected the biometric data of Rohingya refugees in order to more effectively distribute humanitarian aid; but the agency also shared this information with the Bangladesh Government. This intimate information has been used to control refugee movements in Bangladesh as a result. Worse, “the fear for the Rohingya is that this biometrically-enabled control system could be used to send them back to Myanmar.”70 Hundreds of thousands of lives are threatened, as Rohingya PII may be given to Myanmar officials during the repatriation process. A government accused by the United Nations of a “textbook example of ethnic cleansing”71 could soon possess their targets’ most sensitive data.72 Self-sovereign identity, adequately incorporating the principle of consent, could mitigate similar dangers in the future.

9. Minimization - Disclosure of identity information must be minimized

Identity correlation and subsequent fraud have recently proliferated throughout the developing world.73 A self-sovereign identity solution should lessen the real-world identification of users. A 2013 Scientific Reports article notes that “re-identification” of an individual only requires a few seemingly unrelated fragments of information;74 minimization of data exposure is therefore crucial.

Everest asserts that there will be no method to correlate biometric data with an underlying EverID Datagram within its solution. In addition, the Everest system will not be exposed to open data traffic because it will be private and permissioned. The firm will protect user information through a “layers of the onion” approach, requiring any individual to complete unique challenges in order to progressively access more sensitive data.75

By way of comparison, Evernym connections within the Sovrin Network will be associated with a “pairwise-pseudonymous identifier,” or a unique DID for every relationship. As explained in the Sovrin white paper:

Imagine that when you open a new account with an online merchant, instead of giving them a credit card number or phone number, you gave them a DID created just for them. They could still use this DID to contact you about your order, or to charge you a monthly subscription, but not for anything else. If the merchant suffered a breach and your DID were compromised in any way, you would just cancel it and give them a new one—without affecting any other relationship…Not only can the criminal not use it anywhere else, but the moment either you or the merchant detects a problem, you simply can change the DID. The giant data breaches we are experiencing today, like Equifax and Yahoo, would become a relic of the past.76

uPort is aware that public blockchains such as Ethereum are available for all to read and analyze. Malicious actors might then be able to track public data and public actions back to a common identity.77 The firm conceals all transactions within its solution using Secure Hash Algorithms 2/3,78 as they believe that hashing can help to prevent identity correlation.

Of note, uPort suggests that, “one simple improvement is for identity systems and wallets to promote the use of application-specific accounts.” This design feature “makes it much more difficult to track a single user across the applications they use just by analyzing the blockchain.”79

Perhaps the most substantial difference related to the principle of minimization is the use of zero-knowledge proofs (ZKPs):

  • Both Everest and Evernym will attempt to further reduce the risk of identity correlation utilizing ZKPs.
  • uPort does not, believing that the technology is immature, computationally intensive, slow, and expensive.

Like other design principles, data minimization is particularly helpful to marginalized groups. Ethnic and/or religious minorities could adopt a self-sovereign identity solution without fear that their personal data could be used to identify and persecute them. Refugees could access humanitarian aid without fear of being added to a centralized list. Citizens subject to a volatile political systems could vote for an opposition party without fear of repercussions. SSI may allow individuals to assert their rights while also protecting their privacy.

10. Protection - Users’ right to privacy must be protected

Recent data management scandals, along with many companies’ self-proclaimed prerogative to collect PII, have amplified demands for better protection of users’ right to privacy.80 In order to better serve their users, digital identity firms must incorporate “privacy-by-design” into solutions:

  • Everest plainly states “that privacy is a human right” within its whitepaper.
  • Evernym will incorporate “privacy-by-design” into its solution, as the Sovrin Trust Framework declares that, “the design, governance, and operation of the Sovrin Network shall follow the principles of Privacy by Design to provide Members with privacy for their Sovrin Identities and Private Data.”
  • uPort specifically acknowledges the need for privacy in the description of its platform.

Cryptographic key management is vital for user protection in any self-sovereign identity solution. A user’s public key is accessible for anyone to use; it encrypts data. A private key decrypts data into readable information.81 Basically, whoever or whatever “owns” the key pair has access to the related data.82 If a private key is not stored within a secure and well-managed location, it can be stolen, allowing hackers and/or criminals to decrypt data, read messages, and possibly control an identity.83

Everest will store a user’s private key within their EverID Datagram. The system will manage this key, and a user will be required to present their biometric data and enter a PIN in order to gain access to their private key. Everest will write encrypted public keys on to EverChain, its private transaction system.

The Evernym Connect.Me dApp will directly issue private and public keys, which will then be stored on the user’s personal device. The solution will write DIDs—and not public keys—on to the Sovrin ledger. Public keys will instead be written to the associated DID documents84 of identity owners.

The uPort decentralized application issues cryptographic keys, and the private key is stored on the user’s personal device. The solution writes public keys directly on to the public Ethereum blockchain to serve as a decentralized identifier.

Table 8: Key Management

Self-Sovereign Identity Firm Writes on a Blockchain Private Key Storage
Everest Encrypted public keys on Everchain, its private transaction blockchain Stored within EverID Datagram and protected by biometry and PINs/passwords
Evernym DIDs on Sovrin ledger Personal device
uPort Public keys on public Ethereum blockchain Personal device

The protection of users’ right to privacy is already necessary in the developing world. In Africa and Asia, less than 40 percent of countries have passed legislation to secure data protection and privacy.85 Most prominently, India currently does not have any comprehensive national law protecting personal security through privacy.86 As a result, some argue, there are relatively weak and ill-defined protections dictating the use of Aadhaar data.87

Citations
  1. Data leakage refers to the “unauthorized transfer of classified information from a computer or data center to the outside world” (“data leakage,” PC Magazine, accessed September 21, 2018, source).
  2. Interview with Kaliya Young (July 3, 2018). See also, Tech2 News Staff, “Aadhaar Faces Yet Another Data Leak Allowing Access to Personal Data to “All” Enrolled in the system: Report,” Firstpost.
  3. The information below is derived from interviews and written answers provided by company leadership and employees of the three firms unless cited otherwise. We are grateful for their time and insights.
  4. The “Bottom of the Pyramid” is a socio-economic concept grouping together the world's poorest citizens –billions of people. A member of the “Bottom of the Pyramid” lives on less than $2.50 a day and is excluded from the modernity of globalized societies, including consumption patterns and access to organized financial services (“Definition of bottom of the pyramid (BOP),” ft.com/lexicon, Financial Times, accessed September 26, 2018, lexicon.ft.com/Term?term=bottom-of-the-pyramid-(bop)).
  5. Reid and Wittmean, Everest Whitepaper, 3.
  6. Sovrin: A Protocol and Token, Sovrin Foundation, 18 (underline and bold in original).
  7. Of note, jurisdiction-specific legislation and organizational bylaws will most likely need to be updated to account for “agent” responsibilities and “guardianship.”
  8. See Poushter, Bishop, and Chwe, “Social Media Use Continues to Rise in Developing Countries but Plateaus Across Developed Ones.”
  9. Savita Bailur, Bryan Pon, and Emrys Schoemaker, Identities: New Practices in a Connected Age, Caribou Digital, 2017, source, accessed July 8, 2018.
  10. “Edge Device,” Techopedia, accessed August 23, 2018, source; Margaret Rouse and Jessica Scarpati, “Definition: edge device,” WhatIs.com, TechTarget, last updated December 2017, searchnetworking.techtarget.com/definition/edge-device, accessed August 23, 2018.
  11. Brad Witteman and Mike Kail, of Everest, noted that implementation of their solution was possible on feature phones –or “dumbphones”– through the use of multimedia messaging service (MMS) and standard built-in cameras. However, they cautioned that the global use of feature phones may diminish over the next few years, as relatively cheaper smartphones –such as Android devices costing less than USD $75 and possibly less than USD $25– may soon be available on the market (interview with Brad Witteman and Mike Kail, Chief Technology Officer, Everest (September 27, 2018)).
  12. Everest infrastructure will operate on a series of “supernodes” within the larger network. These supernodes will host the various software services and servers required to create and operate the Identity Network (Reid and Witteman, EverID Whitepaper, 20).
  13. At the time of writing, the Evernym social key recovery feature has been designed, but is not deployed. Evernym will provide another option –offline key recovery (comment from Elizabeth Renieris (July 27, 2018)). Offline key recovery might involve the use of a “paper wallet,” or a physical document containing all of the data necessary to generate a private key online. It could also involve a “hardware wallet,” which generally looks like a USB stick and holds private keys electronically. A “hardware wallet” usually connects to a computer via a USB port, enabling the upload of a private key online (EW, “An introduction to cryptocurrency wallet.”).
  14. “How to Import and Export Bitcoin Private Keys,” Bitcoin.com, August 8, 2017, source, accessed June 28, 2018.
  15. Interview with Robby Greenfield (May 18, 2018).
  16. A seed phrase is essentially a multi-word password. For example, uPort utilizes a 12-word seed phrase. This list of words stores all the information needed to recover a wallet. Digital wallet software will typically generate a seed phrase and instruct the user to write it down on paper. If the user’s computer breaks or if their hard drive becomes corrupted, they can re-download the same wallet software, and use the paper backup to recover the wallet (“Seed phrase,” Bitcoin Wiki, last updated August 2, 2018, en.bitcoin.it/wiki/Seed_phrase, accessed September 21, 2018).
  17. Bailur, Pon, and Schoemaker, Identities.
  18. Gregory Scruggs, “‘Everything we’ve heard about global urbanization turns out to be wrong’ – researchers,” place, July 10, 2018, source, accessed July 10, 2018.
  19. A decentralized identifier (DID) is a globally unique identifier that does not require a centralized registration authority because it is registered with distributed ledger technology or any other form of a decentralized network (“Decentralized Identifiers (DID) v0.10,” W3C Community Group, May 31, 2018, w3c-ccg.github.io/did-spec/, accessed June 21, 2018). Every public key can now have its own address, or DID, through blockchain technology (Sovrin: A Protocol and Token, Sovrin Foundation, 10).
  20. “Road map,” Everest.
  21. Reid and Witteman, Everest Whitepaper, 9.
  22. Ibid., 20.
  23. A software development kit (SDK) is a set of tools used for developing applications. SDKs usually include APIs, sample code, and documentation (“Software Development Kit,” Techopedia, accessed July 19, 2018, source). An application programming interface (API) is code that allows two software programs to communicate with each other (Margaret Rouse, Tom Nolle, and Thomas Li, “Definition: application program interface,” WhatIs.com, TechTarget, last updated April 2017, searchmicroservices.techtarget.com/definition/application-program-interface-API, accessed June 21, 2018).
  24. Reid and Witteman, Everest Whitepaper, 41.
  25. See Sovrin Provisional Trust Framework, Sovrin Foundation Board of Trustees, June 28, 2017, sovrin.org/wp-content/uploads/2018/03/Sovrin-Provisional-Trust-Framework-2017-06-28.pdf.
  26. Sovrin: A Protocol and Token, Sovrin Foundation, 16.
  27. A validator node will validate and write new transactions to the Sovrin ledger (Sovrin Provisional Trust Framework, Sovrin Foundation Board of Trustees, 19).
  28. Sovrin Provisional Trust Framework, Sovrin Foundation Board of Trustees, 18-19.
  29. Mitchell Baker and Ankit Gadgil, “Aadhaar isn’t progress –it’s dystopian,” Business Standard, last updated May 25, 2017, source, accessed July 10, 2018.
  30. See Thomas, “Tagged, tracked and in danger.”
  31. A hash function is a type of cryptographic security measure that produces a hash value –a unique number at fixed length– to evaluate the integrity of data, authenticate control, and provide other security measures. If data is altered, the hash value changes. A data object’s integrity may be evaluated by comparing past and present hashes (“Cryptographic Hash Function,” Techopedia, accessed June 26, 2018, source).
  32. Reid and Witteman, Everest Whitepaper, 3, 18.
  33. Interview with Brad Witteman (September 27, 2018).
  34. “Everest One Pager,” Everest, accessed September 27, 2018, everest.org/wp-content/uploads/2018/09/Everest-One-pager-September-2018-v2-1.pdf.
  35. Reid and Witteman, Everest Whitepaper, 23-27.
  36. See “Stewards,” Sovrin, accessed June 25, 2018, sovrin.org/stewards/. Of note, Elizabeth Renieris mentioned that the number of Sovrin stewards is continuously growing. At the time of her review on July 27, 2018, the number was 41.
  37. See Maria Korolov, “Open source software security challenges persist,” CSO, April 2, 2018, source, accessed September 21, 2018.
  38. “Stewards,” Sovrin Foundation, accessed August 24, 2018, sovrin.org/stewards/.
  39. Luke Graham, “Cybercrime costs the global economy $450 billion: CEO,” CNBC, February 7, 2017, source, accessed September 27, 2018.
  40. Sovrin: A Protocol and Token, Sovrin Foundation, 25.
  41. Ibid.
  42. Comment from Elizabeth Renieris (September 20, 2018).
  43. Everest leadership also asserts that the INF is designed to “safeguard the independence, transparency, security and longevity of the network so that it exists for humanity forever” (Reid and Witteman, EverID Whitepaper, 44).
  44. Noam Levenson, “Beyond Bitcoin: Why Ethereum Could Change the World,” Medium (blog), November 30, 2017, medium.com/blockchain-for-grandma/beyond-bitcoin-why-ethereum-could-change-the-world-1b24a8ba1aef, accessed July 11, 2018.
  45. “Ethereum (ETH),” CoinMarketCap, accessed September 24, 2018, coinmarketcap.com/currencies/ethereum/; “Explore Decentralized Applications,” State of the DApps, accessed September 24, 2018, /source; Joseph Young, “Ethereum Co-Founder: We Have the Most Active Developer Community, Optimistic Price Indicator,” CoinJournal, December 18, 2017, coinjournal.net/ethereum-co-founder-active-developer-community-optimistic-price-indicator/, accessed September 24, 2018.
  46. Interview with Paul Kohlhaas (May 23, 2018).
  47. Of note, the distributed character of DLT does mitigate against a single point of failure. As long as at least two nodes are active, a blockchain ecosystem will persist.
  48. The Decentralized Identity Foundation (DIF) is a consortium dedicated to “building an open source decentralized identity ecosystem for people, organizations, apps, and devices.” The pillars of this proposed ecosystem are “decentralized identities anchored by blockchain IDs linked to zero-trust databases that are universally discoverable” (“Home,” Decentralized Identity Foundation, accessed June 26, 2018, identity.foundation/).
  49. The World Wide Web Consortium (W3C) is an international community that develops open standards to ensure the long-term growth of the web (“Home,” World Wide Web Consortium (W3C), accessed June 26, 2018, source).
  50. As stated above, exportation of a private key usually involves the creation of a file containing private key data and its transfer to a new or different wallet. An individual can generally import a private key into a digital wallet via a text file or QR code scanning.
  51. Interview with Kaliya Young (August 24, 2018).
  52. See “Home,” TheLedger, accessed October 1, 2018, theledger.be/.
  53. Michiel Mulders, “Decentralized Identifiers – the internet’s “missing identity layer,” Coin Intelligence, January 28, 2018, source, accessed October 1, 2018.
  54. Ibid.
  55. Mulders, “Decentralized Identifiers.”
  56. Sovrin: A Protocol and Token, Sovrin Foundation, 10.
  57. Interview with Brad Witteman and Mike Kail (September 27, 2018).
  58. “Universal Identifier,” Decentralized Identity Foundation, accessed September 24, 2018, uniresolver.io/.
  59. Sabadello, “A Universal Resolver for self-sovereign identifiers.”
  60. “Everest One Pager,” Everest.
  61. Sovrin: A Protocol and Token, Sovrin Foundation, 18.
  62. Reuben Jackson, “Scalability is Blockchain’s Biggest Problem But it Can Be Solved,” CryptoSlate, August 10, 2018, cryptoslate.com/scalability-is-blockchains-biggest-problem-but-it-can-be-resolved/, accessed October 1, 2018.
  63. “Blockchain Scalability: The Issues, and Proposed Solutions,” Medium (blog), BitRewards, April 25, 2018, medium.com/@bitrewards/blockchain-scalability-the-issues-and-proposed-solutions-2ec2c7ac98f0, accessed October 1, 2018.
  64. Sovrin: A Protocol and Token, Sovrin Foundation. 17.
  65. Braendgaard, “Next Generation uPort Identity App released.”
  66. “About VON,” Verifiable Organization Network, accessed July 16, 2018, von.pathfinder.gov.bc.ca/aboutvon/; Baker and Gadgil, “Aadhaar isn’t progress – it’s dystopian.”
  67. A replay attack occurs if and when an attacker detects a data transmission and fraudulently has it delayed or repeated. Participants are fooled into believing that their transmission was successfully completed. Replay attacks help attackers gain access to a network, gain information not easily accessible otherwise, or complete a duplicate transaction (“Replay Attack,” Techopedia, accessed June 27, 2018, source).
  68. Sovrin Provisional Trust Framework, Sovrin Foundation Board of Trustees, 3.
  69. Tony Romm, “California legislators just adopted tough new privacy rules targeting Facebook, Google, and other tech giants,” Washington Post, June 28, 2018, source, accessed September 28, 2018.
  70. Thomas, “Tagged, tracked and in danger: how the Rohingya got caught in the UN’s risky biometric database.”
  71. James Griffiths, “UN calls for genocide tribunal over Rohingya crisis,” CNN, September 18, 2018, source, accessed September 25, 2018.
  72. Thomas, “Tagged, tracked and in danger: how the Rohingya got caught in the UN’s risky biometric database.”
  73. Dell Cameron, “Identity Theft Is Exploding in Developing Countries,” Gizmodo, May 3, 2018, gizmodo.com/identity-theft-is-exploding-in-developing-countries-1825745097, accessed July 17, 2018.
  74. Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen, and Vincent D. Blondel, “Unique in the Crowd: The privacy bounds of human mobility,” Scientific Reports 3 (March 25, 2013), 2.
  75. Comment from Mike Kail (September 18, 2018).
  76. Sovrin: A Protocol and Token, Sovrin Foundation, 21.
  77. Michael Sena, “Privacy Preserving Identity System for Ethereum dApps,” Medium (blog), uPort, April 26, 2018, medium.com/uport/privacy-preserving-identity-system-for-ethereum-dapps-a3352d1a93e8, accessed September 28, 2018.
  78. Secure Hash Algorithms (SHAs) are part of new encryption standards. All Secure Hash Algorithms (SHAs) are related to the general functions of hash encryption that shield data. SHA-2 and SHA-3 are top-level secure hash algorithms, developed through crowdsourcing and part of new encryption standards (“Secure Hash Algorithms (SHA),” Techopedia, accessed June 26, 2018, source).
  79. Sena, “Privacy Preserving Identity System for Ethereum dApps.”
  80. “What if people were paid for their data?,” The Economist.
  81. Christoffer Olausson, “Importance of key management,” Symantec Connect, January 9, 2014, source, accessed July 18, 2018.
  82. George Crump, “Why is Encryption Key Ownership So Important?,” StorageSwiss, May 16, 2017, storageswiss.com/2017/05/16/why-is-encryption-key-ownership-so-important/, accessed July 18, 2018.
  83. Olausson, “Importance of key management.”
  84. A DID document is a digital document, usually stored in an universally accessible location, that often includes: a timestamp of when it was created; a cryptographic proof that the DID document is valid; a list of cryptographic public keys; a list of ways that the DID can be used to authenticate; and a list of services where the DID can be used (Adam Powers, “Understanding Decentralized IDs (DIDs),” Medium (blog), July 2, 2018, medium.com/@adam_14796/understanding-decentralized-ids-dids-839798b91809, accessed September 28, 2018.
  85. “Data Protection and Privacy Legislation Worldwide,” United Nations Conference on Trade and Development, April 1, 2018, unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom-Data-Protection-Laws.aspx, accessed July 18, 2018.
  86. Baker and Gadgil, “Aadhaar isn’t progress – it’s dystopian.”
  87. See Ananya Bhattacharya, “Companies can’t ask for Aadhaar anymore –or can they?,” Quartz India, September 27, 2018, qz.com/india/1402827/supreme-court-verdict-can-companies-ask-for-aadhaar-anymore/, accessed September 28, 2018; and “Government may bring legal backing for private companies to use Aadhaar,” The Economist Times, September 27, 2018, economictimes.indiatimes.com/news/economy/policy/government-may-bring-legal-backing-for-private-companies-to-use-aadhaar/articleshow/65973597.cms, accessed September 28, 2018.

Close

Exploring Three Platforms Through the Principles

View as PDF

Table of Contents

Close

The Nail Finds a Hammer