Can your digital identity be safe from the next major breach without blockchain?
Today, your “identity” is comprised of 100s of records stored with individual organizations like banks, government entities, credit reporting agencies, medical providers, financial institutions, and even social media sites you’ve granted access to. Until this point, as an individual in a digital-first society, we’ve grown to accept the fact that we have little to no control over what information is out there and how it’s used. Government entities like the National Institute of Standards and Technology (NIST) or National Security Agency (NSA) for better or worse are setting standards for how to protect our identities, but only so much can be done by centralized authorities.
Siloed Collections of Personal Data are Prone to Inevitable Attack
These collections of your personally identifiable data are stored in the individual companies databases linked by unique identifiers ranging in levels of security like your social security number, email address, or phone number. All of which are susceptible to being stolen leading to identity fraud by mal actors which we’ve experienced more and more over the past few years through notable attacks like the Equifax hack of 2017 that resulted in millions of users personally identifiable data like social security numbers and credit cards to be released into the wild.
Because our information is stored in its entirety in siloed collections of information, there is a tremendous amount of duplicated data stored across disparate databases with unlimited opportunities for malicious parties to obtain and use your information for malpractice. Every account on a website, application for a credit card, or trip to a doctor’s office, you are exposing more and more sensitive information related to your identity. Access to this information makes it incredibly easy for a mal actor to impersonate your digital self with just a few pieces of publicly available information.
Until more recently, with the evolution of blockchain technology, usernames and passwords were the only accepted way to protect personally identifiable information. However, the username/password solution is becoming less and less feasible every day as individuals create hundreds of online accounts likely reusing username and password combinations across a multitude of sites. This inherently reduces the effectiveness of passwords, as a breach to a network then means a hacker has access to every other site where you use that same information.
A Decentralized Identity Stored on the Blockchain
Decentralized technology opens doors to potential solutions to these problems. The IBM Hyperledger Foundation on Blockchain states that “blockchain is a shared, distributed ledger that facilitates the process of recording transactions and tracking assets in a network. An asset can be a tangible — a house, a car, fiat currency, land — or intangible like intellectual property, such as patents, copyrights, or branding (Or your personal identity). Virtually anything of value can be tracked and traded on a blockchain network, reducing risk and cutting costs for all involved.”
Blockchain is a secure record of information distributed around the world on participating nodes (computers) on the network. Events are impossible to fake, secured by cryptography (public and private key pairs), every addition to a blockchain is verified by multiple parties in the network enforcing that participants verify, audit and agree what transactions are added to the blockchain (consensus).
Blockchain enables a single source of decentralized truth immune to hackers attacking a single point failure.
Because a blockchain is distributed among a variety of participants, there is no single point of failure for hackers to attack. No centralized “official” copy of data exists as a single truth, if an individual node were to be attacked, any fraudulent data added to the network would be found and immediately rejected by the other parties in the network.
Real World Applications of Blockchain to Store Personal Identity
Civic is one of the largest decentralized platforms for verifying an individuals identity with blockchain technology providing an all encompassing solution for finance, ecommerce, e-signatures, medical records, and social profiles.Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.
On Civic, an identity transaction is a voluntary information exchange between a user and the Identity Requestor. This gives the user total control over their own data. This can be high level like your name, address, or occupation, or incredibly specific like your social security number, medical records, or sequenced DNA. The Civic Secure Identity Platform (SIP) securely shares only validated data with accepted identity requestors as defined by the individual owning the data. The Civic platform allows for real-time authentication of personal identity data verified by Civic or a Civic Identity Partner, such as a government entity, financial institution, or employer.
One Singular Collection of Cryptographically Secure Data
Storing your personal information is an incredibly impactful use case for blockchain technology. Picturing your identity a singular collection of cryptographically secured data on a “permissioned” blockchain means that you as the user have complete control over of your data can grant permission to access specific pertinent information from the blockchain to a requesting organization.
For example, when you sign up for a new credit card, the credit card company needs to validate certain information about yourself. Today, you fill out paper forms, submit things online, and wait to hear back if the information submitted was received and acceptable. With blockchain, when a credit agency requests information from you, you grant them a specific revocable permission to only the exact information they need rather than writing things down on paper, sharing information verbally, or granting blanket digital access to anything available online. This not only reduces the amount of personal information floating around, it enables you to ensure that the individual who is giving out the information is absolutely the individual who owns the information and not some malicious third party who just happens to know something about the to be victim of identity fraud.
Furthermore, a permissioned blockchain establishes a method of security through which even having personally identifiable information is not enough to make a compromised breach. Even the Civic platform, with third-party authenticated identity data, Civic cannot be compelled by a foreign government or criminal organization to invalidate identity data. Not only that, but it becomes globally compatible where users can store and share their own identity anywhere in the world.
The Future of Identity on the Blockchain
Blockchain technology is still in its early years and there are of course immense challenges ahead in fully replacing our antiquated systems of identity management with modern technology. Robust and cryptographically secure blockchain programming is a muse, but user-friendly simplistic interfaces, regulatory oversight, and consensus standards must be set before widespread adoption is possible.
As industry leaders and advocates drive blockchain forward through the future, we’re reminded how far we’ve come and the future of where we’re going. The purely financial incentive for institutions to clearly store and transact with their customer’s data will save substantially on the bottom line. Liability caused by increased security vulnerability will pressure larger enterprises to adopt more modern technology to keep their customers’ data safe. As the technology matures, solutions will evolve and I truly believe the best applications for blockchain are still to come.
— Jay Chang, Partner & Head of Product Innovation at Sidebench
Jay is a Partner & Head of Product Innovation at Sidebench, an LA-based Corporate Innovation Lab, and an advisor to the USC Blackstone Launchpad Incubator. He’s also an avid foodie, chef, & Instagrammer publishing as@BehindTheKnife on Instagram. At Sidebench, he’s worked with enterprise companies like Red Bull, Pabst Blue Ribbon, Sony, NBC, Cedars Sinai, Oakley, Facebook, and Andreessen Horowitz. Jay graduated from the University of Southern California with a BS in Business Entrepreneurship focused on technical entrepreneurship and marketing. Throughout his multidisciplinary product focused professional career, he’s developed a deep understanding of user first experiences and business case driven approach to technology consulting.