The key points in the development of a digital identity scheme are to ensure security and a frictionless UX.
The need for control over the management of personal data by users has led to the creation of digital wallets and the development of the cryptocurrency market, both systems based on decentralization. While consumers are willing to accept decentralized identity as a necessary milestone, the technology that makes it possible is still in its beginnings.
ecentralization isn’t a new concept, as it is the basis of file sharing applications that revolutionized our world over 20 years ago, for example Napster or Emule. In these applications, users could share their content and obtain the content of others directly from their computers, without the intervention of any organization or authority. Of course, this democratization of content brought with it a whole conflict over rights and freedoms that has reached our days, with on-demand streaming platforms established in the market, until a better formula emerges.
In 2009, the concept of decentralization took a leap forward with the appearance of Bitcoin, the first digital currency or cryptocurrency based on blockchain, without the governance of central banks or administrators. Distributed ownership came to the currency market, placing unprecedented power in the hands of the people. However, blockchains are not foolproof, as reflected in a report1 published by Sumsub, showing that cryptocurrency-related frauds doubled in 2022, when compared to the previous year.
In a context of digital identity, a culture of privacy is taking hold in which people understand that they must protect their privacy as much or more than in the physical world. Decentralization is a valuable opportunity for online users to shield their identity, deciding what information they share, when they share it and with whom they share it when accessing a service. By storing and distributing personal data from the actual devices, with complete control, it is a step away from traditional systems in which a third party managed the user’s credentials, and the user trustingly expected them to be kept in a secure location. Unfortunately, experience has demonstrated that the platforms in which consumers place their trust do not always carry out responsible storage, are exposed to risk and fraud, and trade on sensitive information. Decentralized governance is an (imperfect) barrier against fraudsters, who find a gold line in personal data.
The old pseudonym and password systems have created an unmanageable tangle difficult to manage, which the new decentralized governance solutions will not correct any time soon. In addition, not all users keep proper control over their own authentication mechanisms, which increases the risks.
The network confronts us with a reality: we are as many people as services we use. Knowing that, in order to access a job portal, an online gaming site or a profile on a social network, we only need a specific part of our personal information is relaxing, although there is still room for improvement in terms of transparency and communication on behalf of the platforms. Users should be informed from the start of how their personal data will be used and how the right of revocation is applied in practice. Ideally, access data should only serve to enable the execution of specific use cases and be deleted once this has happened. The breach of trust and regulatory pressure is forcing companies to address these issues. In most cases, organizations and service providers choose to strengthen their communication and try to store less information.
Placing governance in the hands of the user, making him responsible for decisions concerning his identity, does not solve all the problems in one single blow. When this identity is linked to cryptographic keys stored on a device, it will be essential to establish recovery methods if or when the device is lost or damaged. Moreover, fraudsters are relentless in deploying new techniques and perfecting social engineering maneuvers aimed at identity theft. The integrity of self-sovereign identity should not be taken for granted.
The near future is marked by tools such as digital wallets to help us manage our fragmented identity. Just as we make small money transfers with an app, we exchange credentials in handy, portable pills.
Participation in decentralized governance softens relations with banks, public administrations or health services, but consensus mechanisms do not work without a profound awareness of the consequences of such autonomy management.
1 Identity Fraud Report | Sumsub. 2022