Why is having a digital identity important? It simply puts data back in the hands of users. Here are some startling facts about a world without digital identity:
- I have no choice but to share many elements of my identity to interact and shop online, which, frankly, is unavoidable if you want to function in our modern day world,
- Currently, I cannot monetize my personal information with the online platforms that store my personal information,
- However, those same platforms do not hesitate to sell my data to whomever is willing to pay for it, and I never see a cent,
- My data is most likely stored unencrypted in highly vulnerable centralized repositories offering single points of failure (a common denominator in all data breaches since 2018…),
Ironically, the last bullet point actually makes the storing of my personal information one of their biggest liabilities.
To summarize, I am not able to monetize my own personal information, which is a really valuable asset. Also, by virtue of participation in modern day commercial interactions, I am forced to allow third parties to monetize...all the while knowing it’s at risk of being stolen at any moment. Actually, there is nothing I can do to prevent it all from happening. This truly feels dystopian, because at the end of the day isn’t data the key to everyone’s privacy and identity?
Digital identity in a nutshell
The alternative is called Digital identity. By definition, digital identity enables you and me to maintain full control over our privacy, as well as decide how and what data we want to share. In other words, digital identity enables us to monetize our personal information ourselves, while eliminating the risk of large data breaches that infringe on our privacy.
Digital identity addresses five crucial points that on paper sound absolutely normal but, in reality, are never in effect. A user should:
- Be able to fully own his or her personal digital identity.
- Be able to monetize his or her own data.
- Be able to choose which data to share with other parties, and trust that their data is not sold to other parties without consent.
- Have the ability to isolate himself or herself from data breaches.
- Be able to revoke access to trusted third parties and have proof that it has been deleted from their servers.
The data that pertains to a user identity is stored encrypted in the blockchain. Blockchain technology actually offers unique characteristics that solve problems of trust and make it a great fit for identity solutions, because blockchain is immutable (once a data is written, it cannot be altered in any way), decentralized (no central authority controls the data, so there is no single point of failure or someone who can override a transaction) and the data is stored encrypted.
An example of digital identity use-case
Digital identity is already a reality. Passwordless authentication solutions that leverage the digital identity model allow users to share with consent just the information required to authenticate, so they can access a system or an application.
But let’s take a look at a very simple use case. To buy a bottle of wine at the store, you may sometimes be asked to show your driver’s license to prove you’re at least twenty-one, since your date of birth is verified on the government-issued document. However, the problem with showing this piece of identification is that it displays much more personal information than what is required to buy the wine. The person running the cash register doesn’t need to see your name nor your address, for example. It’s a privacy issue and potentially a security issue as well. With a decentralized identity-based solution, this is how the process would be handled: With a smartphone, the client would scan a QR code presented at the cash register. The client would then authenticate with biometrics and once the authentication successful, would receive a notification asking for his or her consent regarding sharing whether he or she is twenty-one. If approved, then a YES or NO message would get displayed on the cash register screen.
Stay awake… Mark 13:35-36
When asked about decentralized logins, Mark Zuckerberg said a fully distributed system raises the question of consent and how people can really know that they’re giving consent to an institution. He added, “In some ways, it’s a lot easier to regulate and hold accountable larger companies.” Because this Mark knows something about larger companies being held accountable…like Facebook, right?