Identity + Blockchain: What, me worry?
June 11, 2018
by Gifford Hesketh, Chief Strategy Officer
At first, the concepts of Decentralized Identifiers (DIDs) and other approaches to digital self-sovereignty are appealing. If you start thinking about what a mature deployment would look like, however, there are a lot of little things to worry about.
The positive view goes like this: we could use blockchain/distributed-ledger technology to store our important data (such as financial and healthcare records) and only let others gain access to exactly what we allow. This method would replace the current approach where banks, healthcare providers, credit bureaus, and government offices store whatever they want using systems that may somehow be accessed without our consent.
The underlying technology does indeed prevent people from modifying the data. On the other hand, mistakes become permanent. This recalls a recent news story about a woman who paid to have her new son’s name, Kevin, tattooed on her forearm. Unfortunately, the result turned out to be Kelvin. The woman side-stepped the problem by changing her son’s name, but that is not always going to be an option for data we want to store.
There are ways of handling un-changeable (“immutable”) data. We can, for example, just store a new record to invalidate the old one, but this feels a little wasteful. Storage may be cheap and getting cheaper, but the nature of a secure distributed ledger means that it takes a lot of energy (i.e. electricity) to maintain. Current forecasts for bitcoin energy consumption project it to require more electrical power within our lifetimes than everything else combined. How can that be cost-effective?
Also, to keep our data secure, we need to manage the complicated digital keys that protect that security. One thing the world has discovered about secrets is that they are hard to manage. For example, conservative estimates put the value of bitcoin lost due to mismanaged secrets at many millions of dollars. This is money that is slipping through our hands. Is this the right kind of platform to use for our private data?
Some people also worry about the prospects of quantum computing making our existing security obsolete. A reasonable counter-argument is that the means for protecting data will advance commensurately. Even if this is true, the fact that old records remain forever means that their security cannot be updated, so they lose protection over time. This is poor system design.
There are other issues like “51%” attacks, software bugs (already responsible for hundreds of millions of dollars in cryptocurrency losses), and vulnerability to network or power failures, but there is a much bigger problem with identity on the blockchain.
How can we trust the data?
If we all manage our own data, how do we know that the parties to an exchange of information or assets are who they say they are? Some proposed schemes have a concept like a notary to “certify” identities. How can we trust a notary? What happens if someone gains access to a notary’s keys?
What about synthetic identities (where a person “creates” an identity using fraudulent information). Blockchain, a system designed to avoid centralized oversight, is a perfect mechanism for institutionalizing synthetic identities.
The whole distributed concept seems to fall apart if you think about trying to audit the integrity of a transaction, especially in a system at planetary scale.
The Internet learned this lesson already
The idea for a “web of trust” goes back to at least 1992 as an alternative to the certificate authority (CA) centralized trust model. The original concept of the web of trust could have been better at validating actual identities, but only if everyone had perfect integrity. How much can you really trust an acquaintance of an acquaintance of an acquaintance?
The web of trust proved impractical, and the CA model is what we use every day to protect our banking transactions and everything else we do using secure HTTP. Secure HTTP only guards against eavesdropping, though; it does not guarantee that the server at www.example.com is whatever entity you expect it to be. In other words, a CA validates identifiers not identities. An identity is a real-world person or organization. An identifier is a name or number that refers to an identity.
It seems obvious when put this way, but trust only works in a small, close network. Trust does not work if it is spread too thin or if the relationships are too complicated to verify. Internet users trust a small set of browsers. Those browsers trust a small number of certificate authorities. Certificate authorities verify very simple assertions about the ability to manage Internet addresses like www.example.com or user@example.com.
Distributed, decentralized, and/or self-sovereign identities do not solve the fundamental problem of guaranteeing identity. They create identifiers that are harder to trust, because there is no way to trust the identities.
Learn more about our approach to blockchain + identity that mitigates worry: https://tascet.com/super-token/.
