Continuum Loop

Worried About Digital Identity?

The Security of Our Identities

by Christine Martin

 

One of the critical elements of implementing a digital id system is its wide adoption by the general public. Still, from my research in the world of decentralized identity, I see that the general public is hesitant to adopt, which made me want to offer reassurance. I’m deep into digital id, working closely with one of the world’s leading experts. I acknowledge the potential issues, but I also see significant benefits. I’m part of international working groups developing digital id guidelines and frameworks. I know that organizations and people like me are working to protect us. 

I decided to take to Reddit and ask about digital identity concerns. I’m not a heavy Reddit user; I only joined in January, so I don’t typically get much attention, but I couldn’t have asked for a better reply to my first Reddit post. I knew I could answer it and hopefully ease some concerns.

If you are worried about the security of your identity, you would want to adopt a digital id; it can also be called self-sovereign or decentralized identity, but I’ll stick with digital id here.

The most basic explanation I can offer is that separate packets of verifiable credentials will be encrypted on your device, and these will make up your digital id. It will be like carrying around the entire contents of your physical wallet but securely encrypted. Offering your credentials will be verified via biometrics, similar to how your apple pay wallet works upon each use.

If you’re thinking about backup and recovery, please don’t at this point. Let’s try to understand digital identity first. I will cover the backup and recovery in another post. 

If you are keen and don’t want to wait, check out Chapter 9.7 of Self-Sovereign Identity for a detailed overview of Backup and Recovery.

Your Identity is Compromised

 

You can download and install an app called REVOKE, where you enter your email and see how often your data has been subject to breaches. You will likely find out that your information has been subject to a data breach, and you didn’t even know about it. Companies like Bell CanadaHauteLook and MyFitnessPal are just a few that were compromised where my personal information was subject to a data breach. These companies can’t guarantee to keep your information safe. Facebook and Google have been subject to breaches, and every other website where you create a user-id holds your data online somewhere. You don’t own, hold or control your data. 

We need to take back accountability for our data. It’s not up to Facebook or Google; they’re not security companies. These organizations do us a favour by offering backup and recovery options, but we pay the price. Furthermore, they are claiming your data as their asset and making money.

 

Government Involvement

 

After several rounds of consultations, the Ontario government will launch its digital id system this fall. Continuum Loop was heavily involved in these consultations, and we’re happy to see them come to fruition. We believe the Ontario government has been proactive in taking the necessary steps to implement an ethical digital identity system for all Ontarians.

Let’s look at the Ontario Government program.

Notice that “NOT stored in a central database” point. This is good because hackers are more tempted by large lists that they can hit. Imagine getting a list of every Ontario resident – that’s attractive to hackers. Instead, your credentials exist only on your phone, protected by your phone’s security and more. Now a hacker has to attack every phone to get the complete list. That’s hard to scale – and would take forever. More on that below…

The government’s involvement in digital id will be issuing verifiable digital credentials of the physical ones we already have. The government issues your Drivers License, Social Insurance Number, Birth Certificate etc. everything is already in their hands. The digital id will allow you to validate your id without sharing unnecessary information, like proving that you are over 18 without showing your actual birthdate. It’s that simple.

Digital id is not about the government taking control of your id or holding your credentials; it’s about taking back control. It’s about offering your data in a verifiable credential format that you will store and manage on your device. The whole concept of digital id revolves around increased security and holder accountability. You get to own, hold, and control your own identity.  

 

Blockchain Technology and Framework

 

I can choose to attack an organization for millions of records or do it one by one – which is more challenging? And if I do it one by one, how do I know the credential I crack will hold any value? Watch this short video explaining Distributed Ledger (Blockchain) Technology; I couldn’t explain it better. The very nature of this technology makes them immune to cyber-crimes since all the copies stored across the network would need to be attacked simultaneously for the attack to be successful. A hacker would have to 1. Get into your digital wallet, verify via biometrics and then 2. Crack a random credential and hope it has any value. How does the hacker even choose a valuable target? Blockchain technology makes it not worth it for the hackers anymore.

Steps are being taken all around the globe to implement digital id systems that will work in harmony with each other and be beneficial for all, no matter your geolocation. The ID2020 alliance is spearheading this effort. They are a global coalition of public and private sectors working to provide an identity platform for all. This identity platform will be based on blockchain technology and allow for secure, verified digital identities. This framework will make it easier for people to travel and do business worldwide and make essential digital services more accessible. These systems are being developed and modelled to meet the eIDAS regulatory framework. This framework seeks to harmonize digital identity and trust services in the European economic area while helping businesses, citizens, and authorities carry out secure and seamless electronic interactions.

 

Take Back Control

 

How many times have you scanned and emailed your driver’s license as proof of identification? That is neither convenient nor secure. Where does that copy of your driver’s licence end up within the organization? Did the recipient file it away in a locked cabinet? Was it saved on their computer? Did they need to know everything about you – your license number, height, weight, eye colour, etc. – or did they just need to know you were over a certain age? Digital identity will cut this out. You can instantly prove who you are without scanning or emailing anything. Just tap the “ok” button on your screen. That organization only gets the information they need, nothing else, nothing more. You won’t have to worry about your information being shared within the organization by unauthorized employees or subject to breaches. 

In a world where our data is bought and sold without our consent, it’s more important than ever to control our identities. It’s time to take back control while becoming personally accountable for its security and recovery. We can protect our identities from theft and fraud, ensuring that our personal information is safe and secure. With a digital identity, you’ll be able to rest assured that your data is safe and sound. It’s up to you

Visit our blog to learn more about decentralized identity, and subscribe to our newsletter for updates.

%d bloggers like this: