The massive password heists keeping coming, and one thing is certain: the way we prove our identities online is in need of a major upgrade. A growing chorus of technologists and entrepreneurs is convinced that the key to revolutionizing digital identity can be found in the same technology that runs cryptocurrencies.
This piece first appeared in our new twice-weekly newsletter, Chain Letter, which covers the world of blockchain and cryptocurrencies. Sign up here – it’s free!
Their bet is that we are on the verge of a fundamental shift—away from a model in which our valuable digital identities are managed by companies, banks, governments, and other central authorities to one in which this information is kept on a decentralized ledger, or blockchain, under the full control of individuals. Advocates say systems like Bitcoin, which uses cryptography and a network of computers to facilitate the secure exchange of digital coins without a middleman, can do something similar for identity credentials. (For more: “What Bitcoin Is, and Why It Matters” and “Why Bitcoin Could Be Much More Than a Currency”)
Blockchain technology can eliminate the need for companies and other organizations to maintain centralized repositories of identifying information, and users can gain permanent control over who can access their data (hence “self-sovereign”), says Drummond Reed, chief trust officer at Evernym, a startup that’s developing a blockchain network specifically for managing digital identities.
Self-sovereign identity systems rely on public-key cryptography, the same kind that blockchain networks use to validate transactions. Although it’s been around for decades, the technology has thus far proved difficult to implement for consumer applications. But the popularity of cryptocurrencies has inspired fresh commercial interest in making it more user-friendly.
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The “wallet” applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials.
The idea might already be catching on, at least with governments. The state of Illinois recently partnered with Evernym to create self-sovereign birth certificates for babies born in the state. This month, the city of Zug, Switzerland, launched a project in collaboration with uPort, a startup whose identity management system relies on the Ethereum blockchain, to provide self-sovereign IDs to its citizens. Brazil’s government is also experimenting with uPort’s technology.
But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: “The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate.”