• TIPLPR

DECENTRALISED IDENTIFIERS AND BLOCKCHAIN: THE FUTURE OF DIGITAL IDENTITIES?

Background

As the online presence of internet users is constantly on the rise, it has resulted in the creation of their digital identities. Digital identity is a well-created profile uniquely representing information of a user and acts as a means of identification in the cyberspace. Personal data, credentials, traces that the users leave behind either advertently or inadvertently while interacting with a multitude of websites and applications lead to the creation of such identities.The kind of information that gets stored ranges from usernames and passwords, date of birth, driver’s license number to online purchasing history, financial records and more. The existing identity management systems are centralised, which means that digital identities are almost always provided, owned and controlled by third parties. Such a centralized system results in storage of this personal data on servers of the issuing entity which poses a serious threat of data breach and identity theft. Therefore,an emerging framework which is known as ‘Decentralised Identifier’ can overhaul the system of digital identities so that the users can gain control over their data in the cyberspace.

Blockchain and Decentralised Identifiers

A decentralised identifier (“DID”) is a globally unique identifier that does not require a centralised registration authority. DIDs put users at the centre by enabling them to generate unlimited identifiers after signing up themselves. This eliminates the need of third parties as DID either uses a distributed ledger technology of user’s choice or completely shifts the control of identities to its owners which are known as Self-Sovereign Identities. DIDs can be created by any entity including organisations and companies.

Blockchain though not necessarily required, acts as a brilliant solution for varied aspects of DIDs. DIDs can be registered with decentralized networks like blockchain. The user who is the subject of DID, stores personal data and credentials in a digital format on the DID document. Thereafter, the authenticity of such data is verified through multiple nodes of a blockchain creating a verifiable record of the subject’s identity.Digital signatures, biometrics and other cryptographic techniques like public and private keys are used to prove the association of the DID subject with the identifier itself, removing the possibility of data tampering or fake identities.Any relying party or service provider’s services can be accessed after using the private key to verify the proof of control or ownership of a DID.

Application of DIDs

DIDs save time, optimise cost, require minimal effort and also aid regulators to monitor fraudulent activities.Hence, they can be used in multiple ways to overcome the challenges posed by physical IDs. Blockchain backed digital identity systems are capable to reduce the dangers associated with storing sensitive data in centralized databases allowing users to exercise better control of their personal information.It is easier to verify the source of a DID but difficult to hack the stored information which considerably reduces the chances of identity fraud and data tampering making it more reliable than traditional systems of identification.

Due to the many benefits of DIDs, they have shown to have several applications in the physical world. Firstly, DIDs will particularly prove beneficial for those who are homeless or refugees as they have to maintain physical documents which are easily lost, stolen or ruined. Storing such documents in a digital format with easy and exclusive access to them will reduce their burden of carrying it around. Moreover, blockchain-based identity solutions will facilitate the creation of a portable and user-friendly model which will also allow people crossing borders to access more services without any obstacles. In the long run, DIDs will see further growth and will be put to use in an individual’s day to day activities like online shopping, voting or getting a land registered. It will also allow users to pay taxes or open a bank account with a single click, access health care instantly and keep a safe record of one’s medical history. This will allow an individual to access online services without constantly signing up and one will be able to archive documents in an encrypted manner without resorting to unprotected cloud services.

Overall, use of DIDs will prevent the creation of unwanted digital records or storage of user’s data in unsafe databases.Unlocking its full potential will lead to the curation of new business models and completely revolutionise the business ecosystem. However, it is important to understand that it is the state who will have the authority to issue licenses, passports, voter registration cards etc., and DIDs will only act as a means to access the digitalised version of these credentials for a more impactful use.

Recent Developments

Blockchain backed Identities have become a platform of choice for multiple organisations across countries. Let’s look at a few existing projects:

1- Since 1997, Estonia has been working on digital society and years later launched a state-issued digital identity card backed by blockchain. It is one of the most developed identity systems in the world which uses digital signatures to allow access to all e-services both in the public and private sector including travel Id card, national health insurance card, voting card, maintenance of medical records, payment of taxes and more.The card guarantees extra security for the e-residents, who can access Estonian digital services at any time independent of location.

2- West Virginia also offered the option of casting votes using a decentralised blockchain-technology to the US citizens.

3- “ID2020” is a global alliance across governments, public, private and non-government organizations to accelerate the process of assigning a digital identity to those who are incapable of accessing it. To address this goal, blockchain-based solutions, interoperability across multiple geographies and connectivity for existing frameworks are being worked out. ID2020 also promotes ethical practices to ensure the protection of individuals.

4- UN and the World Food Program recently launched a program called Building Blocks to improve identity management of refugees of Jordan’s Azraq camp. This is to enable disbursement of money to the beneficiaries for buying food with minimum hassle. Moreover, the program aims to create a secure, paperless information record of the refugees using the Ethereum blockchain.

Challenges:

DIDs backed by blockchain has many uses, however, there are technological and legal challenges to them that are being debated internationally. Firstly, DIDs are prone to synthetic identities which involves combining valid information from different individuals to create a new fake identity. These IDs are capable of tricking new systems into recognizing the fake ones as authentic. Moreover, there is a threat of ‘51 per cent attack’ which although rare, has the potential to reorganize a blockchain and change its records. This problem is particularly concerning in public blockchains, where anyone can join the process of verifying and validating blocks. Fortunately, private blockchains can reduce the likelihood of such attacks. Next, ensuring that the user claiming the identity is in fact the rightful owner cannot always be faultless. The process is imperfect and might result in the misuse of user’s data. DIDs will also face issues with respect to accessibility, use of DIDs is not entirely an easy process and lack of knowledge on the blockchain will restrict it to those who are computer literate. A major legal challenge being faced by DIDs is ensuring compliance with all applicable regulations and laws, in particular data protection laws. This especially concerns the use of blockchain technology to store and delete data in a lawful manner.

Conclusion and Suggestions:

It can be concluded that DIDs and blockchain are technologies which hold immense potential; however, they still have a long way to go before they can garner the attention of a large number of users around the world.To make the process easier, the author has the following suggestions:

1- The blockchain technology doesn’t have legal backing in multiple jurisdictions including India. It is also believed to be incompatible with privacy laws. Hence, the regulators must take considerable steps to lay down laws or regulations governing the blockchain technology. This will ensure the security of user’s data and make the platform more legitimate.

2- All the risks associated with blockchain technology must be identified and adequately dealt with so as to form a viable legal structure. This includes issues with respect to accountability, cyber-attacks and safety of users.

3- The government should explore the untapped potential that DIDs hold and keep an eye out on emerging trends. It must also take steps to promote the use of DIDs for varied initiatives in future.

These steps will not only safeguard the interests of the stakeholders but will also give much-needed legitimacy to use of blockchain technology.


Title Image Source: Outsourcing-pharma


This post has been authored by Pravi Jain, a fourth-year law student at National Law Institute University, Bhopal.