How blockchain can create self-sovereign identities

4 min read
Man with black mask in studio
Image credit:

Who are you? Not in some existential sense, but as a social actor? Outside of your family and childhood friends, how can anyone know you are you? And what is the extent of that knowledge? Remember the 1995 Sandra Bullock film The Net? Turns out your social identity is propped up by a patchwork of outside influences. What’s more, it’s maintained and reinforced by such centralized institutions as the DMV, the Social Security Administration, and the U.S. Department of State.

It’s time to take our identity into our own hands.

At Blockchain Economic Forum in San Francisco this June, I had a chance to catch up to Vinny Lingham and discuss the identity verification solution provided by his blockchain company, Civic. As part of SOMA’s core team, I have a special interest in Civic: we’re integrating their protocol into our social marketplace.

Vinny demonstrated how Civic’s identity authenticator could be unlocked instantly with biometric data. Really slick. Gorgeous and intuitive UI/UX and already proven to work (we’ll get to the beer machine in a moment).

SOMA’s marketplace relies on blockchain-based ‘smart contracts’ to execute transactions between users. No central corporate entity processing payments and enforcing rules—or taking a large cut to cover overhead. All of which is really cool, but which also results in an open-ended system in which reputation is everything. With blockchain, reputation is forever, so a positive reputation—validated via a protocol like Civic—endows its owner with a lot of social capital.

We are the sum of our transactions

As social creatures, we are the sum total of our interactions with others. Financial transactions are the easiest interactions to track and record. The Big 3 credit agencies Equifax, Experian, and TransUnion use our financial transactions to assign us a score—known as our FICO score—that becomes a significant part of our social identity. This score affects the degree to which others deem us trustworthy—particularly when making large purchases like buying a house.

The problem with reliance on outsiders

There are serious problems with relying on credit agencies for our financial trustworthiness rating. Aside from the principle of abrogating control, there’s the little matter of data breaches, identity theft, and other problems associated with the leakage of our personal information.

For example, Equifax’s massive 2017 data breach affected nearly half of all U.S. citizens. Hackers accessed social security numbers, birthdates, driver’s licenses, credit card numbers, and other valuable personal information for more than two months before the breach was detected. Two. Months. Which makes you wonder: how many data breaches are occurring undetected as I write this?

It’s bad enough to give up control of your data to an outsider. It’s far worse if that outsider is unable to ensure the security of that data. And it’s not even the fault per se of the individual institution: incompetence is part and parcel of a world of big data to which everyone is trying to catch up. You might even say it’s inherent in the traditional model.

New possibilities through blockchain

Blockchain brings new opportunities to the field of identity management. It does so via the qualities of immutability and distributed access (anyone, anywhere in the world, can verify that information exists). Together, these enable a new paradigm of trustlessness: I don’t need to trust you, a stranger, because I trust the immutability of the blockchain.

Blockchain, however, is only as useful as it is accessible. In its most stripped-down incarnation—with little UX/UI development to enable ease-of-use—blockchain is definitely not a mainstream technology. How many people could ‘manage their identity’ on the bitcoin blockchain? An infinitesimal percentage of the population. It’s the equivalent of the early internet: someone must build the access points and make them easy enough for your grandma to use.

Identity management for the masses

This is where Civic comes in. The idea is to onboard enough institutional participants—banks, airlines, government agencies, restaurants, hotels, etc—that people can use their Civic app in place of more traditional forms of identification.

Parts of the tech are already available. Our phones have biometric scanners, and the ability to scan QR codes, but these functions are not connected to any blockchain protocol on their own. Civic provides the link. It uses the built-in biometrics and other smartphone hardware and software and connects those with the ability to write to the Ethereum blockchain.

A critical mass of institutional adoption will drive remaining institutions to accept Civic’s identification protocol to stay abreast of the new standard. A consumer will be able to use the Civic app to scan QR codes at the hotel check-in counter, the airport, and the restaurant. In each case, the respective computer system will recognize the individual and process them appropriately.

Similarly, online transactions will be completed with the app. A bank account will show a QR code on a person’s screen and require a phone scan with the Civic app. Same with an airline booking. All of which will be captured in the blockchain for the user’s history.

Zero-knowledge proofs

With so much sensitive info stored on a publicly-auditable ledger, aren’t folks more at risk of identity theft? Isn’t all this just aiding hackers and thieves? Not if the information is encrypted.

Zero-knowledge proof, or ZKP, is a concept involving need-to-know validation points. The idea is that information is encrypted on the blockchain and the individual holds the private key (in Civic’s case, via the app, which automatically decrypts it for the user). The owner of the private data chooses which bits to reveal, when, and to whom.

In the current identity validation model, we reveal way more than needed about ourselves. To enter a bar in the US, I need only verify that I’m over 21. By showing my drivers license, I’m forced to reveal much more. To qualify for a mortgage, I should really need only to verify my identity—that I am who I claim to be—and my income and employment, rather than the vast stack of documentation currently required. Not to mention how this financial intel like tax records and 401K savings is shared over unsecured email…

To demonstrate its utility with ZKPs, Civic revealed a beer-vending machine at Consensus 2018. Users scanned a QR code on the machine with their Civic app. The machine checked for one criterion—the user’s age—which the Civic protocol released. After verifying the owner was 21 or older, the machine would release a beer. While a bit gimmicky (though very cool—who doesn’t want free beer released by blockchain tech!), this demonstration is a significant milestone in identity management on the blockchain.

Identity management on the new marketplace

Blockchain-based peer-to-peer marketplaces are the future. Why? One word: profitability (for the seller and buyer, that is—not the marketplace per se). I’m not sure how much Amazon’s overhead is per year, but it’s not small. And guess who’s paying that? Sellers, mostly. And, since they have to price in their costs, buyers as well. Blockchain immutability, identity management solutions like Civic, and no-humans-needed smart contracts will allow the marketplace of the future to run on a skeleton crew.

With SOMA launching its pilot program in Q4 2019 and Civic integrated into our platform, the future is a lot closer than you think.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.