Worried About Digital Identity
by Christine Martin
One of the critical elements of implementing a digital id system is its wide adoption by the general public. Still, from my research, I see that the general public is worried about digital identity, making me want to offer reassurance. I’m deep into digital id, working closely with one of the world’s leading experts. I acknowledge the potential issues, but I also see significant benefits. I’m part of international working groups developing digital id guidelines and frameworks. All to say, I know that organizations and people like me are working to protect us.
The Security of Our Identities
To begin with, I decided to take to Reddit and ask about digital identity concerns. I’m not a heavy Reddit user; I only joined in January, so I don’t typically get much attention. That said, I couldn’t have asked for a better reply to my first Reddit post. I knew I could answer it and hopefully ease the minds of anyone worried about digital identity.
If you are worried about the security of your identity, you would want to adopt a digital id. It can also be called self-sovereign or decentralized identity, but I’ll stick with digital id here.
The most basic explanation I can offer is that digital identity will be composed of separate packets of verifiable credentials, encrypted on your device. It will be like carrying around the entire contents of your physical wallet but securely encrypted. Offering your credentials will be verified via biometrics, similar to how your apple pay wallet works upon each use.
If you’re thinking about backup and recovery, please don’t at this point. First, let’s try to understand digital identity and I will cover backup and recovery in another post.
But if you are keen and don’t want to wait, check out Chapter 9.7 of Self-Sovereign Identity for a detailed overview of Backup and Recovery.
Your Identity is Compromised
You can download and install an app called REVOKE, where you enter your email and see how often your data has been subject to breaches. Subsequently, you will likely find out that your information has been subject to a data breach, and you didn’t even know about it. Companies like Bell Canada, HauteLook and MyFitnessPal are just a few that were compromised where my personal information was subject to a data breach. These companies can’t guarantee to keep your information safe. Facebook and Google have been subject to breaches. You don’t own, hold or control your data.
We need to take back accountability for our data. It’s not up to Facebook or Google; they’re not security companies. They favour us by offering backup and recovery options, but we pay the price. Essentially, they are claiming your data as their asset and making money.
After several consultations, the Ontario government will launch its digital id system this fall. In addition, Continuum Loop was heavily involved in these consultations, and we’re happy to see them come to fruition. We believe the Ontario government has been proactive in taking the necessary steps to implement an ethical digital identity system for all Ontarians.
Let’s look at the Ontario Government program.
Notice that “NOT stored in a central database” point. That is good because hackers are more tempted by large lists they can hit. Imagine getting a list of every Ontario resident – that’s attractive to hackers. Instead, your credentials exist only on your phone, protected by your phone’s security and more. A hacker must attack every mobile phone to get the complete list, and that’s hard to scale – and would take forever—more on that below.
The government’s involvement in digital id will be issuing verifiable digital credentials of the physical ones we already have. The government issues your Drivers License, Social Insurance Number, Birth Certificate etc. everything is already in their hands. Digital id will allow you to validate your id without sharing unnecessary information, like proving that you are over 18 without showing your birthdate. It’s that simple.
Digital id is not about the government taking control of your id or holding your credentials; it’s about taking back control. It’s about offering your data in a format that you will store and manage on your device. The concept of digital id revolves around increased security and holder accountability. You get to own, hold, and control your own identity.
Blockchain Technology and Framework
I can choose to attack an organization for millions of records or do it one by one – which is more challenging? And if I do it individually, how do I know the credential I crack will hold any value? Watch this short video explaining Distributed Ledger (Blockchain) Technology; I couldn’t explain it better. The very nature of this technology makes them immune to cyber-crimes. All the copies stored across the network would need to be attacked simultaneously for the attack to succeed. A hacker would have to 1. Get into your digital wallet, verify via biometrics and then 2. Crack a random credential and hope it has any value. How does the hacker even choose a valuable target? Blockchain technology makes it not worth it for the hackers anymore.
Governments and businesses alike are beginning to explore the potential of these systems, and many are taking steps to implement them. Systems that will work in harmony with each other and be beneficial for all, no matter your geolocation. The ID2020 alliance is spearheading this effort. They are a global coalition of public and private sectors working to provide an identity platform for all. Based on blockchain technology, this identity platform will allow for secure and verified digital identities. This framework will make it easier for people to travel and do business worldwide. As a result, they are making essential digital services more accessible. These systems are being developed and modelled to meet the eIDAS regulatory framework. This framework seeks to harmonize digital identity and trust services in the European economic area. Helping businesses, citizens, and authorities carry out secure and seamless electronic interactions.
Take Back Control
How many times have you scanned and emailed your driver’s license as proof of identification? That is neither convenient nor secure. Where does that copy of your driver’s licence end up within the organization? Did the recipient file it away in a locked cabinet? Was it saved on their computer? Did they need to know everything about you? e.g. your license number, height, weight, eye colour, etc.? Or did they just need to know you were over a certain age?
Digital identity will cut this out. You can instantly prove who you are without scanning or emailing anything. Just tap the “ok” button on your screen. That organization only gets the information they need, nothing else, nothing more. You can rest assured that organizations will not share your information with unauthorized employees or be subject to breaches.
In a world where our data is bought and sold without our consent, it’s more important than ever to control our identities. It’s time to regain control while becoming personally accountable for its security and recovery. We can protect our identities from theft and fraud, ensuring our personal information is safe and secure. With a digital identity, you’ll be able to rest assured that your data is safe and sound. It’s up to you.