Blockchain, the secure distributed ledger technology first created to track bitcoin ownership, has taken on a number of new roles in recent years tracking anything of value from diamonds to real estate deeds to contracts. The blockchain offers the promise of a trusted record that can reduce fraud. Some industry experts say that over the coming years, it could be used to control identity information in a more secure fashion.

As we have seen, just last week with the massive Equifax hack, our personal information is highly vulnerable in online databases in their current form. The fact is that whenever we have to identify ourselves, we are forced to present a variety of information to prove we are who we say we are, whether that's to register for an online service, to cross a border or even prove you are old enough to drink at a bar.

The argument goes that if our identity were on the blockchain, it would give us more control over this information, and with proper applications allow us to present just the minimum amount of information a given party needs to identify us. That could be your date of birth at a bar, your credit score at a bank or a unique identifier to access an online service.

It's unclear if the blockchain can be that identity panacea that some have suggested, but there are a range of opinions on the matter.

Yes, it's happening

Of the experts we contacted, only one was fully enthusiastic about blockchain as an identity tool. Jerry Cuomo, IBM Fellow and VP of blockchain technologies, sees blockchain already having a big impact as people demand more control of their identities. He says that we are constantly being asked to share personal information to access places or information or to do business with companies -- and that each of these actions puts us at risk for identity theft. He believes the solution to this problem could lie on the blockchain.

"Imagine a world where you are in direct control of your personal information; a world where you can limit and control how much information you share while retaining the ability to transact in the world. This is self-sovereign identity, and it is already here. Blockchain is the underlying technology paving the path to self-sovereign identity through decentralized networks. It ensures privacy and trust, where transactions are secure, authenticated and verifiable and endorsed by relevant, permissioned participants," Cuomo explained. In fact , he says that he's already seeing businesses and governments beginning to establish and use these networks to meet citizen demand and deliver the promise of self-sovereign identity.

No, probably not

It sounds pretty good to hear Cuomo describe it, yet not everyone is enthusiastic as he is, seeing many obstacles to using the blockchain for identity purposes. Steve Wilson, an analyst at Constellation Research, who has studied the blockchain extensively has serious reservations about it as an identity management system.

"Identity is not going to move to the blockchain in any big way (not as we know it). Blockchains were designed to solve problems quite different from identity management (IDM). We need to remember that the classic blockchain is an elaborate system that allows total strangers to nevertheless exchange real value reliably. It works without identity and without trust. So it's simply illogical to think such a mechanism could have anything to offer identity," Wilson explained.

He adds, "The public blockchains deliberately and proudly shirk third parties, but in most cases, your identity is nothing without a third party who vouches for you in some way. Blockchain is great for some things, but it's not magic, and it just wasn't designed for the IDM problem space."

Eve Maler, who works at identity management firm ForgeRock, which landed an $88 million investment last week, also finds the possibility highly unlikely for a variety of practical reasons. "Identity will not move to the blockchain if this means personal data will be put on a public permissionless blockchain (distributed ledger technology in its purest form), as this is now widely considered bad practice," she said.

She added, "The "distributed nodes" element of the technology is valuable for architectures where trust in a central authority is difficult or undesirable to establish, but can be challenging where it is desirable to record sensitive information because of the increased attack surface (every node has a copy of everything) and resulting increased privacy considerations."

Continue reading