Globalization has brought sweeping changes to the availability of goods and services to a consumer. Previous methods of identity verification (prior to the 1980’s) required waiting in long lines at a government office, as overworked clerks sifted through dozens of dilapidated legal documents detailing one’s personal information, education, house, family members, and more. But the advent of the Internet has allowed us to send everything from credit card applications to citizenship requests fully virtually. Much of the identity verification process is now automated.

Yet there exists a dark underbelly to the world of personal data storage. While we feel comforted by the existence of dozens of security features that shield our personal data from hackers, data leaks are bound to happen. And as hackers are increasingly equipped with sophisticated data breaching techniques, data leaks are becoming more common. It’s not a matter of if, but when.

The solution to data security isn’t to encrust cryptography features with more firewalls. The system of identity verification needs to be reformed from the bottom-up. And the solution is radically paradoxical: expose your information for the whole world to see.

This seems ridiculous, but once again, the world of blockchain offers an innovative way to interface your information to the world. Decentralized Digital Identifiers (DID) allow users to decrypt only the necessary information to a merchant for a transaction to take place, through a system of transfer that’s backed by the full faith and support of the government.

DID sounds like an abstract, serendipitous panacea to a data security problem plaguing even the largest organizations for decades. But an example best highlights its feasibility. Suppose Sally wants to apply for a high-rewards credit card at her local bank, but they’re asking for her passport as proof of her age. She’s reluctant to send her passport because of the bank’s lack of security features. This is where DID steps in.

Throughout the whole identity process, Sally’s passport stays on her personal computer; the bank never stores it in their central servers. This allows selective exposure, or the ability to choose which data she sends to the bank. Since the bank is simply checking whether she’s above 18 years old, she needs to send nothing else—not even her actual age. This is what’s known by computer scientists as a Boolean value: whether something is true (Is Sally above 18?) can be stored as one of two values (true or false).

But since she’s not sending her validated passport to the bank, how do they verify the validity of her age? A centralized organization, such as the US Department of State, can act as a Trust Service Provider (TSP) in this identity verification process.

Behind the scenes, Sally’s data is stored in a cryptographic data structure called a Merkle tree. Akin to a tree, it stores encrypted versions of bits of her personal data (hashes) at the “leaves” (e.g. name, DOB, address, etc.), and it stores a cryptographic signature by a TSP at its root. The signature and identity of the TSP are stored on the blockchain. Simply put, her data is validated by the government, but it’s not stored by the government or any other central entity. In fact, anyone can access her personal data on her personal device, but it’s a meaningless encrypted series of random characters. And the icing on the cake? Her identity on the blockchain can be hidden behind a pseudonym. So, while her name might be Sally Williams, any hackers will think the user’s name is Bob.

Traditional systems of identity verification had to constantly worry about malicious actors breaking into their treasure trove of data. But now, this treasure trove is distributed among billions of devices. Since personal data is decentralized through DID, a hacker would now have to devote their whole life to stealing the identity of Bob (who is actually Sally). Identity theft just became a billion times more difficult. ∎

Sources:

SelfKey Authors. Why Decentralized Identifiers Are Changing The Future of the Internet, Identity and Finance. 11 Apr. 2019.

Pettey, Christy. “The Beginner’s Guide to Decentralized Identity.” Smarter With Gartner, Gartner, Inc., 28 June 2018.

Konashevych, Oleksii. “Will Blockchain Stop Personal Data Leaks?Cointelegraph, Cointelegraph, 13 Sept. 2019.

W3C Authors. “Decentralized Identifiers (DIDs) v1.0.W3C, W3C, 25 June 2020.