Welcome to New America, redesigned for what’s next.

A special message from New America’s CEO and President on our new look.

Read the Note

Close

fingerprint

The Nail Finds a Hammer

Table of Contents

The Case for Self-Sovereign Identity

The Problems With Identity Today

The way that identity and personal data are handled is fundamentally broken. We see at least four issues with how identity and personal data are managed today. Societally, we lack a coherent approach to regulating the handling of personal data. Users share and generate far too much data—both personally identifiable information (PII)1 and metadata, or “data exhaust”—without a way to manage it. Private companies, by storing an increasing amount of PII, are taking on an increasing level of risk. Solution architects are recreating the wheel, instead of flying over the treacherous terrain we have just described.

Society: Data does not have to be property to be protected. Elizabeth Renieris and Dazza Greenwood recently argued that treating data as property may be an insufficient legal framework for protecting our digital identities. Instead of trying to secure our privacy by applying property law to personal data, they suggest that some sensitive information may qualify for protection under human rights law. As such, they point out:

constitutional and international human rights laws protect our personhood, they also protect things that are property-like or exhibit property-like characteristics. The Fourth Amendment of the U.S. Constitution provides “the right of the people to be secure in their persons” but also their “houses, papers, and effects."2

The implications of this are significant and we encourage the reader to consider their work. Simply put, if their position is correct, regulators will have a powerful legal tool that does not require overhauling our property laws.

Users: We are creating too much data, both from oversharing and from “data exhaust,” but have no way to manage it. A common example of oversharing is entering a bar, which requires patrons to prove that they are above the legal drinking age.3 This is usually accomplished by presenting a state-issued driver’s license to the bouncer, which displays the customer’s date of birth. Yet an individual needlessly shares an exact birthdate for binary information: Is the person over or under the age of 21? Worse, sharing a driver’s license exposes other PII that is irrelevant to the identity transaction taking place, such as the bearer’s full name, home address, and status as an organ donor. Similar examples are sharing full credit histories, household income, and assets with a department store for a modest line of credit. One has to ask if sharing this information is necessary, and if so, what rules govern their future use of that data? Can they keep it? Can they resell it? Are they profiling their customers with it? More importantly, once this data is shared, how is it possible to know where it has gone or how it has been used?

As troubling as these questions are, issues around “data exhaust” are potentially more concerning. "Data exhaust" has been described as the “evil twin brother” of big data. It is the trail of cookies, session logs, and other metadata created during online activity.4 While this data is useful to firms for improving the user experience, it can also be used to develop profiles and individual-specific insights that compromise any reasonable definition of privacy. Unlike oversharing, users are often unaware of the amount of data they are leaving behind and the ways in which it can be used.5

Companies: Directly managing identity databases is risky. As companies and NGOs collect large amounts of information on their employees or the populations they serve, these organizations assume the responsibility of protecting that data. That burden is significant legally, financially, ethically, and socially:

  • Legally: The EU General Data Protection Regulation (GDPR) went into force on May 25, 2018. This far-reaching regulation imposes significant penalties on entities if they manage personal data in ways that are legally deemed as irresponsible.
  • Financially: Software maintenance, routine updates, server hosting, and the archiving of data are a nontrivial cost for companies and NGOs.
  • Ethically: The Harvard Humanitarian Initiative released a report entitled Signal Code in January 2017 that describes the increasing volume of digital information humanitarian organizations are now handling and the responsibilities that data management entails.
  • Socially: Everyone—employees, refugees, or social media users—is increasingly aware that their data is valuable and should/will be reluctant to share valuable data if there is no assurance that it will be well guarded.

Solution architects: We have too much functional identity and too little foundational identity. Many identity solutions are functional in design. A functional identity is used solely for a narrowly defined purpose. For example, a medical insurance card is used to access health care and a voter ID card serves the purpose of conducting a vote.6

A foundational identity, on the other hand, is multi-purpose, allowing access to multiple services or applications. Various national ID card systems or university ID cards, for example, could be classified as foundational.7 SSI provides a way through the complexity of a centralized foundational ID, gives the individual a way to manage multiple credentials from multiple sources, and provides a user-centric platform that can in effect become the ultimate foundational identity—one solution that can be applied in most, if not all, use cases.

For all of these reasons, we see identity as broken, which is why we are excited about digital identity in the form of SSI.

The Evolution of Digital Identity

Christopher Allen described four stages of digital identity in 2016.8 In Phase One, a single and centralized authority controls the system. For example, the Internet Corporation for Assigned Names and Numbers (ICANN) is the lone administrator—and source of truth—for domain name servers online.9 Within Phase Two, a federated solution, such as Microsoft Passport, allows users to utilize the same identity on multiple sites. A powerful institution, however, is usually at the center of the federation. Through Phase Three, there is a modicum of respect for consent concerning disclosure of PII across interoperable and user-friendly platforms, but final ownership and control of user-centric identities remain with the registering entity, such as Facebook, the Google G Suite, or OpenID. Phase Four is self-sovereign identity, requiring that users be in full control of their digital identities and are the sole managers of their PII—there is no central authority.10

Table 1: Christopher Allen’s “Evolution of Identity” and Updated Examples

Phase of Evolution Summary Example
Phase One: Centralized Identity Administrative control by a single authority or hierarchy [ICANN](https://http://www.icann.org/)
Phase Two: Federated Identity Administrative control by multiple, federated authorities [Microsoft Passport](https://news.microsoft.com/1999/10/11/microsoft-passport-streamlining-commerce-and-communication-on-the-web/)
Phase Three: User-Centric Identity Individual or administrative control across multiple authorities without requiring a federating authority [Facebook, Google G Suite, OpenID](https://http://www.youtube.com/watch?v=Oy5F9h5JqEU&t=44s)
Phase Four: Self-Sovereign Identity Individual control across any number of authorities [Platforms](https://everest.org/) [Within](https://http://www.evernym.com/) [Report](https://http://www.uport.me/)

SSI provides users with full control over the administration and use of their identities.11 One criterion that serves as a “litmus test” for SSI is whether a user’s identity can be revoked or deleted by the platform provider or any other third party. If this outcome is possible, the identity scheme is at best user-centric.12

Creation and Use of a Self-Sovereign Identity

A user can create a self-sovereign identity on a given platform through a process known as enrollment. To be precise, the user is creating a public identifier that they control via a public/private key pair. The identity can be enriched over time as valid claims are added to it by credible third parties. Data input may include basic demographic and contact information, likely a full name, phone number, and email. Biometric information, such as a set of fingerprints or a face scan, may also be added depending on the platform in question. After the creation of this baseline identity, a user can compile a number of credentials, distributed by various issuing authorities. These initial credentials, such as a driver’s license, a passport, or a diploma, will be incorporated into the individuals SSI wallet.13

A credential is a set of one or more claims provided by an issuer—a known and trusted real-world entity.14Anticipated issuers include banks, universities, hospitals, and governments, among numerous others. Within an SSI ecosystem, these established entities can provide credentials that are easily verifiable and tamper-resistant through digital signatures.15

As an individual user accumulates more verifiable credentials, their self-sovereign identity becomes more robust. In the future, a substantial SSI might include a digital driver’s license provided by the State of Maryland, a digital passport issued by the U.S. Federal government, and a digital diploma signed by Georgetown University. Furthermore, activities like paying taxes or credit card bills on time can also be recorded in an SSI wallet. Users will be able to disclose these verifiable credentials, or parts of them, as well as transaction histories, at their discretion. Furthermore, since the data sits in users’ wallets, their approval will be required if their information needs to be accessed.

Equipped with a self-sovereign identity, a user can return to their local bar and present the verifiable credential that “I am over the age of 21” (derived from the digital driver’s license) in a secure manner. Through algorithms known as zero-knowledge proofs (ZKPs), the user can validate that they are of the legal drinking age without sharing underlying or secondary data. The bouncer simply learns that the individual is older than 21, without viewing their date of birth or any other PII contained within the digital license. At that point the bar would have a record that the person associated with this wallet (which can be verified biometrically) is over 21, but would not have any other information.

Table 2: Selected Definitions of Self-Sovereign Identity Terminology

Term Definition
Claim An assertion made about an identity
Credential Set of one or more claims provided by an issuer --a known and trusted entity
Verifiable Credential A tamper-resistant and digitally-signed credential with clear authorship. Provided by an issuer --a known and trusted entity
Issuer A known and trusted entity that issues credentials about one or more identities
Presentation Process of sharing data derived from one or more credentials, issued by one or more issuers, with another entity

Source: "Verified Credentials Data Model 1.0,” World Wide Web Consortium (W3C).

Why the Time for Self-Sovereign Identity Has Come

We have traditionally kept identity data in centralized databases, which were the only technical option. Now that distributed ledger technology is becoming available and affordable, however, SSI projects are developing rapidly. As noted by Phil Windley, chair of the Sovrin Foundation, self-sovereign identity is now possible thanks to the development of distributed ledger technology (DLT). There is no central authority within the SSI model and no central database storing PII. DLT is ideal for SSI platforms because it enables secure enrollment, data storage, validation of credentials, and the recording of transactions without the need for a principal administrator.16 Now that implementation of self-sovereign identity is feasible, there is a choice to be made. Bob Reid, of Everest, describes that choice as “either [data control] goes to individuals or it goes to major institutions that will mine our data.”17

A self-sovereign identity solution can be adapted for a wide range of use cases, including subsidies, banking, microfinance, healthcare, and land administration. The interoperability and flexibility of SSI can also help to prevent the creation of identity “silos” designed for a specific purpose, such as for subsidies in a refugee camp. A single-purpose digital identity solution often places an unnecessary burden on marginalized populations; it is another password to remember, another card to safeguard, a new bureaucratic system to worry about.18

Widespread adoption of an advanced technical solution in the Global South may be challenging, but it is not impossible. Both mobile phone penetration and internet access are increasing in many developing countries (See Box 6 below).19 Thoughtfully-designed digital solutions—those which do not impose administrative and financial burdens or require a high level of technological know-how in the end user— can now attain widespread adoption in emerging economies. Examples include M-Pesa, which allows for the transfer of funds via text message, in Kenya and Tanzania, and WhatsApp, a messaging service with over 200 million users in India.20

We believe that self-sovereign identity will be widely adopted due to: 1. social realities, as everyday life is increasingly digital and existing systems leave their users vulnerable; 2. the development of enabling technologies, such as DLT and smartphones; and 3. growing capacity for adoption of new technologies in the developing world. Various firms are already working with governments and other stakeholders to develop and implement SSI solutions. To borrow a quote from the Evernym homepage: “Self-sovereign identity: now that it’s possible, it’s inevitable.”21

Box 1

The ID2020 Alliance Manifesto

Shortly before we finalized this report, and well after the previous section was completed, the ID2020 Alliance22 published the following manifesto.23 Points one through eight align with the case that we have just laid out. Point 10 mentions pilot projects; the first two were announced at the ID2020 Summit in New York, on September 14, 2018. One is the Everest project mentioned in the paper below.

  1. The ability to prove one’s identity is a fundamental and universal human right.
  2. We live in a digital era. Individuals need a trusted, verifiable way to prove who they are, both in the physical world and online.
  3. Over 1 billion people worldwide are unable to prove their identity through any recognized means. As such, they are without the protection of law, and are unable to access basic services, participate as a citizen or voter, or transact in the modern economy. Most of those affected are children and adolescents, and many are refugees, forcibly displaced, or stateless persons.
  4. For some, including refugees, the stateless, and other marginalized groups, reliance on national identification systems isn’t possible. This may be due to exclusion, inaccessibility, or risk, or because the credentials they do hold are not broadly recognized. While we support efforts to expand access to national identity programs, we believe it is imperative to complement such efforts by providing an alternative to individuals lacking safe and reliable access to state-based systems.
  5. We believe that individuals must have control over their own digital identities, including how personal data is collected, used, and shared. Everyone should be able to assert their identity across institutional and national borders, and across time. Privacy, portability, and persistence are necessary for digital identity to meaningfully empower and protect individuals.
  6. Digital identity carries significant risk if not thoughtfully designed and carefully implemented. We do not underestimate the risks of data misuse and abuse, particularly when digital identity systems are designed as large, centralized databases.
  7. Technical design can mitigate some of the risks of digital identity. Emerging technology—for example, cryptographically secure, decentralized systems —could provide greater privacy protection for users, while also allowing for portability and verifiability. But widespread agreement on principles, technical design patterns, and interoperability standards is needed for decentralized digital identities to be trusted and recognized.
  8. This “better” model of digital identity will not emerge spontaneously. In order for digital identities to be broadly trusted and recognized, we need sustained and transparent collaboration aligned around these shared principles, along with supporting regulatory and policy frameworks.
  9. ID2020 Alliance partners jointly define functional requirements, influencing the course of technical innovation and providing a route to technical interoperability, and therefore trust and recognition.
  10. The ID2020 Alliance recognizes that taking these ideas to scale requires a robust evidence base, which will inform advocacy and policy. As such, ID2020 Alliance-supported pilots are designed around a common monitoring and evaluation framework.

We humbly recognize that this is no easy task, but we see urgency as a moral imperative. This is why we have set ambitious targets and why we hold ourselves to account.

Citations
  1. Personally identifiable information “means information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information” (Legal Information Institute, “2 CFR 200.79 – Personally Identifiable Information (PII),” Cornell Law School, accessed August 28, 2018, source).
  2. Elizabeth Renieris and Dazza Greenwood, “Do we really want to “sell” ourselves? The rise of a property law paradigm for personal data ownership.,” Medium (blog), September 23, 2018, medium.com/@hackylawyER/do-we-really-want-to-sell-ourselves-the-risks-of-a-property-law-paradigm-for-data-ownership-b217e42edffa, accessed October 1, 2018.
  3. See Jem Matzan, “Leaving Your Identity at the Bar,” Pacific Standard, June 9, 2008, psmag.com/economics/leaving-your-identity-at-the-bar-4502, accessed September 25, 2018.
  4. Katherine Noyes, “5 things you need to know about data exhaust,” PCWorld, May 13, 2016, source, accessed October 1, 2018.
  5. For an extreme take on data exhaust, see Dr. Jeremy Bailenson’s op-ed “Protecting Nonverbal Data Tracked in Virtual Reality” about what is collected during virtual reality sessions. While not the direct focus of this paper, it speaks to the issue of how technology is racing beyond our appreciation of what is being gathered about us (Jeremy Bailenson, “Protecting Nonverbal Data Tracked in Virtual Reality,” JAMA Pediatrics 172, no. 10 (October 2018), source).
  6. Social Protection and Labor Team, PMT-based social registries: Integrating social registry with ID systems, World Bank Group, accessed August 30, 2018, source.
  7. Ibid.
  8. In a recent report, Identity in a Digital World: A new chapter in the social contract, the World Economic Forum lays out a progression of three “System Archetypes” for digital identity: centralized, federated and decentralized. This essentially collapses Allen’s phase two and three into one “federated” bucket, while giving SSI a light touch with the term decentralized. It is curious that the WEF did not name or further explore SSI, but perhaps their framework is better suited for the current moment, while Allen’s is helpful to appreciate how we arrived here (Identity in a Digital World: A new chapter in the social contract, World Economic Forum, September 2018, www3.weforum.org/docs/WEF_INSIGHT_REPORT_Digital%20Identity.pdf, accessed September 24, 2018).
  9. As an aside, see “Home,” Handshake, accessed September 21, 2018, source.
  10. Christopher Allen, “The Path to Self-Sovereign Identity,” Life With Alacrity (blog), April 25, 2016, source, accessed April 25, 2018.
  11. Allen, “The Path to Self-Sovereign Identity.”
  12. Ibid.
  13. Comment from Kaliya Young (September 22, 2018).
  14. “Verified Credentials Data Model 1.0: Expressing verifiable information on the web (W3C Editor’s Draft 28 August 2018),” World Wide Web Consortium (W3C), August 28, 2018, w3c.github.io/vc-data-model/#introduction, accessed August 28, 2018.
  15. A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. The digital equivalent of a handwritten signature or stamped seal, but offering more security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide added insurances of evidence to origin, identity, and status of an electronic document, transaction, or message, as well as acknowledging informed consent by the signer (Margaret Rouse and Michael Cobb, “Definition: digital signature,” WhatIs.com, TechTarget, lasted updated November 2014, searchsecurity.techtarget.com/definition/digital-signature, accessed August 29, 2018).
  16. Phillip Windley, “How blockchain makes self-sovereign identities possible,” Computerworld, January 10, 2018, source.
  17. Russ Juskalian, “Inside the Jordan refugee camp that runs on blockchain,” MIT Technology Review, April 12, 2018, source, accessed August 29, 2019.
  18. “The Problem,” Evernym, accessed September 25, 2018, source.
  19. Jacob Poushter, Caldwell Bishop, and Hanyu Chwe, “Social Media Use Continues to Rise in Developing Countries but Plateaus Across Developed Ones,” Pew Research Center, June 19, 2018, source, accessed September 18, 2018.
  20. Daniel Staesser, “The Emergence of Mobile Apps in Developing Countries,” The Blog (blog), The Borgen Project, April 13, 2018, borgenproject.org/emergence-mobile-apps-in-developing-countries/, accessed September 4, 2018; Suparna Dutt D’Cunha, “WhatsApp, Already India’s Favorite Chat App, Wants To Be Its Leader In Digital Payments, Too,” Forbes, February 9, 2018, source, accessed September 4, 2018.
  21. “Home,” Evernym, accessed September 6, 2018, source.
  22. The ID2020 Alliance describes itself as “an innovative public-private partnership committed to improving lives through digital identity. The Alliance brings together multinational institutions, nonprofits, philanthropy, business, and governments to set the technical standards for a safe, secure, and interoperable digital identity that is owned and controlled by the user. It funds high-impact pilot projects that bring digital identity to vulnerable populations, and uses the data generated to find scalable solutions and inform public policy. Partners include Accenture, FHI360, Gavi, the Vaccine Alliance, Hyperledger, IDEO.org, iRespond, Kiva, Mercy Corps, Microsoft, Simprints, and United Nations ICC” (“Our Manifesto,” Medium (blog), ID2020, September 14, 2018, medium.com/@id2020/our-manifesto-78c6969ca960, accessed September 17, 2018).
  23. See “Our Manifesto,” ID2020.

Close

The Case for Self-Sovereign Identity

View as PDF

Table of Contents

Close

The Nail Finds a Hammer