Could Blockchain Technology Help Avoid Another Cambridge Analytica?

The role of centralized internet giants as “digital identity brokers” is under fire.

While users worry about privacy, tech giants (like Facebook and Google) primarily focus on generating profits and satisfying shareholders.

These companies make money by collecting, selling, and analyzing user data, primarily on behalf of advertisers. In 2017, Facebook brought in about $40B in advertising revenue — a figure that represents almost 20% of the global online ad market, and is expected to grow in coming years.

As these companies collect data, there’s an ever-present risk of misuse of personal information — as most recently highlighted by the Cambridge Analytica and Facebook scandal.  

“Federated identity,” in which a single credential is used to sign in across the web, is starting to gain traction. Facebook, Google, and Twitter already offer “social sign-in,” which makes it easier for users to sign in with pre-existing digital credentials.

While this can offer users a more seamless experience, this process also puts more power in the hands of these internet giants acting as identity brokers, and gives them even more data.

How blockchain could shift control back to users

Users want to own their digital identities in a way that maintains privacy and permits only certain organizations or individuals to access, store, analyze, or share personal data. At the same time, enterprises need to identify and authenticate customers, while building a profitable data moat and complying with user privacy regulations. 

In a perfect world, identity management might look something like this:

• Personal and unique to the user
• Persistent and living with the user from life to death
• Portable and accessible anywhere
• Private, with only the user giving permission to use or view personal data

A blockchain is a type of distributed database that allows untrusted parties to agree about a shared digital history, without a middleman.

If the shared digital history in question were an identity management system — or a database of identifying information — it might shift power and control toward the user and away from the enterprise.

There are two schools of thought around applying blockchain technology to identity:

1. User-controlled identity

First is using a blockchain for user-controlled identity. A user-controlled identity is similar to a social media account: no pre-existing identity credentials (like a driver’s license or birth certificate) are required to create one. 

A blockchain-based account could then be used across the internet, and moreover, a user could grant and revoke access to his or her information on a case-by-case basis. 

A number of companies and organizations are working on this kind of solution, including Sovrin, uPort, and Blockstack.

Sovrin is a nonprofit that governs a distributed identity network as a public utility. Its parent organization, Evernym, is developing enterprise solutions on top of Sovrin, including one focused on credit unions. Evernym has raised $7M to date.

Another solution comes from uPort, which offers a mobile wallet built on top of the Ethereum public blockchain. The wallet will allow users to control access to their identity and tokens. Currently uPort is working with the city of Zug (in Switzerland) to register identities on the Ethereum blockchain.

Finally, Blockstack aims to reimagine internet privacy, with identity as the foundation. Users will be able to control their identities, issuing and revoking access on a case-by-case basis. The company has raised $57M in combined ICO and VC financing.

2. identity attestation

The second school of thought focuses on identity attestation. Unlike user-controlled identity, attestation would mean verifying pre-existing credentials (like a driver’s license or birth certificate), and then tying that information to the rightful owner on a blockchain. This effectively creates a decentralized database for traditional forms of identification.

Companies working under this school of thought include SecureKey, Civic, and ID2020.

SecureKey is launching a product called Verified.me to help banks prove user identification, and is working with IBM to build a digital identity network for Canadian banks. The company provides services beyond blockchain-focused solutions and has raised $73M.

Civic is another high-profile company working in this area, enabling users to share and manage their verified identity data via a blockchain. This allows users to provide multi-factor authentication without a username or password. The company has raised $36M in equity and ICO financing.

Lastly, ID2020 is building a platform that will help register the identities of citizens in developing countries on a distributed ledger. ID2020 hopes to piggyback on existing systems — like immunization programs — to register users, and is working with Microsoft, Accenture, and others to accomplish this goal.

Current challenges to blockchain-based identification

There are two major issues with blockchain and identity (besides other broader issues with blockchain technology).

The first is that many governments and organizations don’t want it. A blockchain might cut governments and corporations out of identity management, shifting the balance of power toward the user.

This could take control out of the hands of governments and cause digital identity brokers to lose money.

The second problem is that centralized platforms are still better than their blockchain technology counterparts, and users don’t care enough about privacy to swallow the switching costs.

In other words, users care about network effects — meaning they’re most interested in which digital identity will give them the widest recognition and highest value. While data privacy and identity portability would be ideal, users might not want to switch to blockchains with limited network effects.

Moreover, blockchain technology solves a very specific problem, and only makes sense when a third party isn’t trusted to administer the record. The question then becomes: would a government or corporation ever agree to relinquish that control?

For many organizations and corporations, distributed ledger technology is a better alternative.

If a trusted third party could administer the ledger (to some degree), then users might regain some power — while corporations still maintain much of their control.

Still, there are problems with governments or corporations managing a distributed database that acts as the single source for identity credentials — especially if it’s distributed and universally agreed upon as a “source of truth.”

Like India’s Aadhaar or China’s “social credit” system, a centrally administered distributed ledger could turn dystopian very quickly, with governments or organizations manipulating the system.

Where digital identity is headed next

There are three main areas where blockchain technology and identity are getting lots of attention:

1. Putting national, state-sponsored identity on a blockchain
2. Identifying things (and not just people)
3. Building a new internet, with a focus on user control and privacy

Regarding national identity on a blockchain, projects out of Estonia and Illinois offer the first signs of what state-sponsored identity on a blockchain might look like. Estonia is using distributed ledger technology to modernize the country’s data registries, while Illinois is using Evernym (mentioned above) to put birth registrations on a blockchain.

Then there’s the identity of things. The idea behind this is fairly straightforward: if people can be identified, so can things.

In that vein, a number of companies are using blockchain for identifying and tracking objects in a supply chain. Everledger, for example, is using a blockchain to trace diamonds throughout the supply chain, and is already tracking 1.6M diamonds this way.

Finally, identity could offer a way to change how users interact with the internet. In this vein, Orchid, which has raised almost $5M in funding, looks to create an internet free of surveillance. Orchid acts like a decentralized Tor, with users buying and selling excess bandwidth in a marketplace, ensuring privacy.

The future of blockchain technology and identity is both scary and exciting, and with potential to affect individuals and enterprises alike.

If distributed ledgers are incorporated into existing centralized systems, it could make them more effective, giving more power to their administrators.

At the same time, projects like Orchid and Blockstack demonstrate how blockchain technology could fundamentally reshape the internet, and ultimately return power to the user.