Owning My Identity: An Individual Freedom Right

“Privacy isn’t about something to hide. Privacy is about something to protect. And that’s who you are. That’s what you believe in. That’s who you want to become. Privacy is the right to the self. Privacy is what gives you the ability to share with the world who you are on your own terms.” Edward Snowden

Freedom is the most precious asset we possess as human beings, the right to self determination of our decisions and desires without subjugation by another person or entity is something we deem a basic human right.

At the very heart of this individual freedom lies control over our personal identity data.

Our personal identity is our imprint, it is what sets us apart from the billions of other human beings on this planet and it is an essential characteristic that affirms who we are in comparison to others.

Our unique identity is reflected in the personal information that is attributed to us alone, such our names, date of birth, nationality, address, numbers, fingerprints and other fundamentals that allow us to identify ourselves officially and prove that we are who we say we are.

These key components of our existence are managed in centralized identity databases & systems that are currently paper based and nationality driven.

But we live in a society that is increasingly global and digital. As so many aspects of our lives are now driven by the internet and the online world there is an increasing necessity for a digital identity, that moves with the fast pace of technology rather than relying on the antiquated systems of the status quo.

Who Owns Our Digital Identity?

Our digital identity is something that must always be verified. To prove who we are in the digital space, we continue to use paper-based identity documents that need to be scanned for use online.

These paper-based identity documents are stored in giant, vulnerable and centralized databases owned by private companies, delegating the ownership and responsibility of our most important private data to third parties who are in some cases, selling on this data for their own personal gain.

One of the main elements of individual freedoms is the right to control one’s own identity, but this information is currently being used and traded without our consent and we are disenfranchised from the control of arguably one of the most valuable assets we have as a human being.

There is undoubtedly a pressing and apparent need for change. Fortunately, with the dawn of technological innovations, in particular Blockchain, a new democratic and efficient approach to identity ownership and management processes has been launched.

New technologies like Blockchain allow us a chance to escape from the legacy of systems of old, paper-based documents controlled by private companies, and move into a private, secure and transparent by design system that respects our individual freedoms.

This new model is known as Self Sovereign Identity. Meaning to have a single, self-owned source for our identity and personal data that we as individuals control.

Why is this so important NOW?

Cyber Attacks

The Equifax data breach, where the personal data and documents of up to 143 million people may have been compromised, was one of the largest identity data breaches in history and highlighted the vulnerability of centralized databases. This breach crystallizes the need for a different approach to the mass storage of sensitive data & questions the prudence of continuing to collect large amounts of data in one place.

But it’s not only Equifax who face these kind of breaches. These types of leaks are now commonplace. Every week a new case comes to light: India’s Aadhar system, Uber, Yahoo, JP Morgan Chase, Orbitz, MyFitnessPal or the Panama and Paradise Papers….the list goes on and on.

In some instances, the citizens of entire countries (such as Sweden) have suffered potentially devastating personal data breaches.

It is clear that the manner in which our data is stored, in the aforementioned centralized databases, make them an extremely attractive target for hackers and identity theft.

Data Is The New Oil

There are many online applications and platforms that are deemed ‘Free’ to use, but they come with a hidden price.

We don’t pay them with money, but we pay with something much more valuable, our identity, our data and our privacy.

Data has become the oil of the digital era.

Think of Amazon, Apple, Facebook and Microsoft, the five technology giants. The five most valuable listed companies in the world. Much of that value lies in the huge amount of data that we are consciously or unconsciously granting them.

This is a double-edged sword.

On the one hand through Artificial Intelligence (AI) we can receive a more personalized and customer-oriented service, it can capture our needs more accurately and offer an optimized service to fulfill them.

On the other hand, controlling such vast amounts of data gives them far too much power over our identities and who has access to them.

The most recent scandal of Facebook and Cambridge Analytic where the data of 80 million people was leaked and used to try to influence their vote in the US election, illustrates the endemic issue of data breaches & violation of our personal information.

There is an imperative need for a Self Sovereign Identity approach that allows individuals to control their personal data and decide for what purpose and to whom it should be shared. It is clear that the major companies who have been controlling our data up until now cannot be trusted.

Regulations

The entry into force of the Data Protection Act of the European Union, known as GDPR, seeks to protect personal data and the way in which organizations process, store and finally, destroy this data when it is no longer required.

The law hopes to offer the individual greater control over how companies can use their information and has granted them these specific rights:

Right to be informed

Right to access

Right to rectification

Right to be erased (or right to be forgotten)

Right to restrict processing

Right to data portability

Right to object

Right to make decisions and create automatic profiles

The EU establishes very strict rules that govern what will happen if access to personal data is violated and the consequences that organizations will suffer if they do not comply.

If an organization or processor violates a condition, the penalties are very high: they can reach up to 10 million Euros or 2% of the global sales volume of the company.

EU regulators are at the global forefront of developing legislation that protects the identity owner. As a result, for the companies concerned, holding European citizen data can now turn into more of a liability than an asset.

Companies are now facing a high price of increasing costs to store and protect user data, as well as performing KYC checks on people who have been screened several times already. This is highly inefficient across business and country lines.

A Self Sovereign Identity approach will help organizations to leverage existing KYC verified data and be compliant with data protection laws, giving to individuals by default the right to access, rectify, erase and make decisions about their data and identity.

Global Economy and Mobility

Sectors such as finance, production and trade have experienced an internationalization phenomenon. Companies are now increasingly operating in different territories throughout the world rather than just their home base.

Increasing economic globalization, information accessibility, reduction of transport costs, and all the technological advances of the previous decades have propagated a huge increase in global mobility and access to foreign markets.

People have an increasingly global outlook and are very willing to relocate to other parts of the planet. This has led to the rise of lifestyle preferences and terms such as ‘Digital Nomad’ to describe an increase in the expatriate population from first world countries.

This added to the more traditional waves of migration and the establishment of more robust and demanding identification processes have revealed a great problem suffered by immigrants; how they will prove and verify their identities.

Self Sovereign Identity provides individuals with a more reliable and secure way to transact, access job opportunities, financial services, commerce or medical services, internationally without borders.

Self Sovereign Identity

Self Sovereign Identity consists of granting individuals and organizations control and full ownership of their identity while providing a secure and reliable source to prove and verify these identities.

The concept is based on 10 principles:

Existence Each identity should have an independent existence. Any Self Sovereign Identity is derived from a proof of life and should exist beyond any one national system.

Control Users always maintain complete control of their identities. The user is the ultimate authority on their own identity & how it is used.

Access Users should have access to their own data at all times.

Transparency Systems and algorithms should be transparent and open source, in both how they function and in how they are managed and updated.

Persistence Identities are persistent and long-lived. Private keys may be lost, and might need to be rotated and data might need to be changed, but the identity will persist and remain.

Portability All information should be transportable and not held by a single third-party entity.

Consent Identity owners must consent to any transfer or use of their data.

Minimization When data is disclosed, that disclosure should involve the minimum amount of data necessary to accomplish the task at hand.

Protection over the freedoms and rights of the individuals over the needs of the network.

Interoperability between identity systems. Identity information should be widely available crossing international boundaries to create global identities, without compromising user control in the process.

Self Sovereign Identity returns ownership to it’s rightful owners; the individual, using decentralization and cryptography.

Identity owners are empowered to make their own decisions with regard to what, when and to whom they share their identity at all times. They are the master of their own data and can achieve the highest level of privacy, sharing only the information essential to carry out a transaction and nothing more.

How It Works

Instead of storing a large number of identity documents and attributes in a central repository solely controlled by a private company vulnerable to cyber-attacks, personal data and documents are stored locally on the device of each identity owner.

Each identity owner is responsible for protecting his own identity.

Blockchain technology allows us to prove our identity using decentralized and verified credentials, called Verified Claims.

Verified Claims are identity attributes that only contain a specific aspect of your identity which is verified, signed by a qualified certifier, and cryptographically hashed and anchored on the blockchain. Sharing this claim, you can prove different identity attributes without requiring to share the actual ID document.

Blockchain allows us to store and timestamp these certifiers’ signatures in an encrypted and decentralized manner. Verified Claims signed on the Blockchain cannot be tampered with, and as such are reliable asset to authenticate your identity.

Bank managers, lawyers, notaries public, utility companies & government agencies, among others can act as qualified certifiers and sign on the blockchain that a given identity claim, as for instance, your name, or your age or your address, is in fact true.

Currently, if you want to prove that you are of legal age or that you are of a particular nationality to apply for a service, you must show your identity document which reveals much more information than is necessary to give.

The Verified Claims standard adds a greater level of privacy, allowing you to prove an identity attribute without having to share your identity document, which may contain much more information than needed to carry out a given transaction and can be stolen.

In turn, entities relying on customers’ identity, will be able to identify clients in a faster and more reliable way, with no need to store large amounts of identity documents and the risks that it would entail.

SelfKey, A Bridge Between The Present and Future

SelfKey aims to act as a bridge between where we are currently in terms of regulations and the Promised Land of what’s possible with technology and the direction it is moving in.

Current regulations demand relying parties to store identity documents of their clients, with no control for us, the individuals.

While we are working to move to a completely document-less approach, this isn’t a short-term practical reality.

The SelfKey works with current requirements of scanned, certified, documents and data, including electronic document notarizations — as well as having the ability to enable and power blockchain-based verified claims.

In this way, we propose our infrastructure can be a system which is currently compliant, but is also compatible with more advanced Self Sovereign Identity technology.

We have a powerful vision and purpose as an organization.

SelfKey, has a zero-knowledge policy. We do not store, nor have access to any information of the identity owners that use the SelfKey Identity Wallet. Identity owners own their identity at all times and their data is stored locally on their machines.

SelfKey is enabling a fully Self-Sovereign Identity system in parallel with the traditional approach, accomplishing two main objectives:

Provide utility to the Identity Wallet in line with current regulations from day one. Users will be able to access hundreds of products and services with their reusable SelfKey ID, which allows for a quick and painless KYC processes.

Build a foundation for regulatory acceptance of the most advanced identity technology such as Verified Claims and DID specs, proving to regulators its feasibility and advantages over traditional identity systems as a much safer, more efficient method of sharing data.

The purpose of SelfKey is to enhance our individual freedom rights and privacy related to our digital identity. To be truly free, it is ourselves and ourselves alone that should truly own our identities.