However, distinct, one-off pilots will not be enough to create a truly “self-sovereign” digital identity. Coordination between all the organizations running these pilots will be needed. In the end, central authorities, public institutions, and private organizations will have to agree to accept these digital IDs as valid and to work together to create standards for interoperability. Technological solutions and UI/UX must continue to develop as well.
Social Coordination and Integration
Coordination is needed not just between the public-private sectors but also across institutional and geographic borders. Integration with legacy systems is important as well. For example, during the Harrison County pilot, paper copies of the blockchain ballots were created in order to scan the votes into the vote tabulators, since the votes were not automatically recorded into the election recording system⁶. This clearly defeats much of the purpose of the pilot. Major institutions recognize these issues and have created initiatives, alliances, and partnerships that aim to conduct research, fund pilot programs, set open standards, and enable multi-lateral collaboration and integration.
- The World Bank has created the ID4D initiative, which operates across the World Bank Group. ID4D consists of units working on digital development, social protection, health, financial inclusion, governance, gender, and legal issues. The initiative also focuses on integrating digital ID systems with civil registration (documenting life events such as birth, marriage, adoption, death, etc.) and vital statistics. ID4D also plans to launch the Mission Billion Challenge in November 2018, sponsored by the Omidyar Network, the Bill and Melinda Gates Foundation, and Australian Aid.
- The ID2020 Alliance is a public-private partnership dedicated to solving the challenges related to identity through technology and aims to “finance projects implementing secure, digital ID solutions, to set standards to facilitate interoperability, and to enable multi-stakeholder collaboration.” As part of the Alliance, last summer Microsoft collaborated with Accenture and Avanade to create a blockchain-based identity prototype on Microsoft Azure.⁷ This prototype was designed to be interoperable with existing identity systems so that personally identifiable information can reside “off chain.”
- The World Economic Forum also launched a shared Platform for Good Digital Identity at the Sustainable Development Impact Summit 2018 in New York this past September, with Omidyar Network committing a three-year grant to support the platform⁸.
- Evernym and the Sovrin Foundation have launched the Identity for Good Initiative, opening up Evernym’s Accelerator Programme to non-profit organizations. The hope is that with access to tools, technologies and expertise in decentralized identity models, these organizations will be better able to advance their missions.
- The Decentralized Identity Foundation is an engineering-driven organization working to create a “standards-based, decentralized identity ecosystem for people, organizations, apps, and devices” that ensures interoperability between all parties. DIF has a diverse range of members ranging from the Enterprise Ethereum Alliance and Hyperledger to IBM and Mastercard.
Acceptance of Validity
These digital identities will also need to be accepted as valid by state authorities in order to reach their full potential. Named “the most advanced digital society in the world” by Wired magazine, Estonia is one of the furthest along in this regard.
- e-Estonia: Through Estonia’s e-identity program, all citizens receive a secure digital ID card (powered by a blockchain-like infrastructure and utilizing 2048-bit public key encryption) that allows Estonians to access public, financial, and medical services, to pay taxes, vote, and get prescriptions online, to provide digital signatures, to drive, and to travel within the EU¹⁰. This digital ID card replaces most of the physical artifacts that one carries in their wallet, from driver’s licenses and passports to insurance cards and subway passes. The program runs on an open-source backbone called X-road, and utilizes K.S.I., developed by Guardtime. K.S.I. is also used by NATO and the US Department of Defense¹⁰. While Estonia’s solution still requires a physical artifact (physical digital ID card), this level of support from state authorities is what will be needed across nations for many of the above highlighted initiatives to succeed.
Key management is commonly cited as a challenge with digital identity systems that leverage blockchain technology. Obviously, if an individual has had difficulty holding on to their ID, they may also have issues holding on to their private keys. Some suggest that private keys could reside in a smart chip on a key fob or something resembling a credit card, or could be held in a secure enclave within one’s phone. This is the most secure option. However, if the item storing an individual’s private key is lost, stolen, or damaged, they will not be able to access their account. Alternatively, keys could be stored with a central authority, although that defeats much of the purpose since decentralization is compromised.
There are several ways to attempt to balance the tradeoffs between security and decentralization. The MyPass Austin system allows two additional verified users, such as a service worker or an emergency-care provider, to be added to a homeless individual’s account in the event that they lose their private key. Similarly, uPort has created an identity recovery mechanism that lets the user select people from their contact list and with a quorum of these contacts, connect their persistent ID to a new device. With uPort, transactions are sent from a mobile device (which stores a user’s private key) through a Controller Contract to a Proxy Contract (which is tied to a unique identifier) which then interacts with an Application Contract. The Controller Contract maintains a list of “recovery delegates,” and in the event that a user loses their private key, a quorum of delegate signatures would allow the user to connect a new device to a new private key. However, the user still maintains access to their records since the new device is linked to the persistent identifier held on the Proxy Contract (the 20-byte hexadecimal string defined as the address of the Proxy Contract.)