#SundayInterview. Sovereign identity or how to reclaim control over your personal data
In our identity system, governments and banks become attestation providers, rather than guardians of identity, by issuing verifiable claims about an individual, that the individual can then store and manage for themselves – says Alex Edelstein, marketing manager at uPort.com i Bithub.pl’s #SundayInterview.
What is sovereign identity and what’s the use of it?
Alex Edelstein: In its most basic sense, self-sovereign identity puts the user in control of their identity and the personal data associated with it, without relying on centralized service providers.
The current identity models treat user data as a product, with every digital service requiring the user to create an account, verify their identity, and store their data with the business rather than the user.
Businesses then monetize and exchange this data for their own gain. Time and again we have witnessed the consequences of this system, with the Equifax breach just the most recent instance of user data being compromised.
Self-sovereign identity aims to solve these problems by putting the user at the center of the identity system and giving the individual control over their identity and which third parties get to access it.
How long has this idea been around and how has blockchain influenced its development?
AE: Self-sovereign identity has been attempted in various ways in the past, eg PGP encryption, but the blockchain is the first technology with the potential to enable a truly self-sovereign identity system for everyone, not just the technologically sophisticated.
In the case of uPort, the public Ethereum blockchain enables any user to register an identifier and then amass a collection of data associated with that identifier, managed by the user. The identifier in this case is a smart contract that controlled by the user’s private keys, stored securely on the user’s smartphone. This puts the user in complete control over their identity and the data that is associated with it, as well as enables them to selectively disclose their personal data to other parties as they deem desirable.
Does sovereign identity technology rule out the intermediaries such as governments or banks? Who’s guaranteeing its legitimacy and who’s protecting our personal data?
AE: Self-sovereign identity does mean changing the role that intermediaries like governments and banks traditionally play from being the gatekeeper of a user’s identity to being an attestation provider.
In our identity system, governments and banks become attestation providers, rather than guardians of identity, by issuing verifiable claims about an individual, that the individual can then store and manage for themselves. By structuring the identity system in this manner, the user, not the government or bank, gets to own and manage their personal data, and can selectively disclose these attestations to others as they decide to.
There are quite a few blockchain-based projects dealing with identity management. Isn’t the main idea behind soverign identity to create a global system (of universal digital personal identities for multiple applications) in which everyone participates? Or maybe competing or parallel systems can be allowed?
AE: We don’t necessarily believe there should be a single identity provider, but rather there should be a shared, open, and standardized technology that the different providers adhere to. This is why we are working with the Decentralized Identity Foundation, alongside other identity startups as well as major companies like Microsoft and IBM. The goal of the DIF is to establish universal identity standards that ensure the interoperability of identity platforms across different blockchains. This kind of shared vision will better enable everyone to participate in a global self-sovereign identity system.
Interviewed by Przemyslaw Cwik