(Newswire.net — November 27, 2017) — Data recording doesn’t stop there. Quantitative and qualitative data about you are recorded on nearly everything you do for the rest of your life – schooling, work history, the products you buy, credit history, where you live, ad infinitum. A whole stratification of documents containing data about you becomes layered up over time, and it can become very confusing to figure out who has rights to which parts of your data, and who has control of the data that makes up you.
And then there’s the issue of trust. Who do you trust to have information about you and will others trust you with your information? It gets complicated.
It’s no secret that Equifax, who definitely doesn’t have a great track record with keeping people’s personal information secure[1], are part of Google’s SSL (Secure Sockets Layer) security protocol chain. In fact, Google goes so far as to state that it “will always use Equifax as its Root CA.”[2]
We trust Google with our personal information, but they’re free to share it with whoever they ‘trust’. The fact Google trusts Equifax is a little bit more than disconcerting. The only information they won’t share about you is ‘sensitive personal information’, which is, by their definition, “a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.”[3]
We gave them the right to do this. “By using our [Google’s] Services, you are agreeing to these terms. Please read them careful]’lly.”[4]
But, who actually reads these carefully?
Your identity, and who has access to that, has been one of the biggest areas for debate and exciting developments in blockchain-based applications. Companies such as SelfKey and Civic are at the cutting edge in this field and have developed platforms and services that address self-sovereign identity head on.
Agrello’s CEO, Hando Rand feels that “it is of utmost important to have a self-sovereign digital identity to make it possible for everyone to provide proof of identity without repeatedly going through excessive KYC procedures. Self-sovereign digital identity reduces malicious use of personal information and leaves complete control with the ‘owner’ of that identity. This requires that the security elements for the use of the identity are stored only in a place where the owner of the identity has sole control over it, not in a central database.”
Self-sovereign identity, simply put, is identity you own. You decide who has access to a piece of data about you and how they can use it. Think of it as a verification process.
For example, you’re on a night out, you order an alcoholic drink, and the bartender asks you for proof of you age. You show him your driver’s license. Essentially, you’re giving him too much information. He only needs to see your photo and your date of birth. However, your driver’s license contains much more information than that including your address, which he really doesn’t need to see. In fact, he doesn’t even need to know your date of birth, only that you are above the legal age for buying alcohol.
Like the bartender doesn’t need all the information you’ve provided, companies such as online retailers also don’t need that information. They only need to know that your identity documents are valid – that you are who you say you are, and that your payment information is valid. It’s the delivery company who is delivering your parcel who needs your address, not the retailer.
SelfKey is a digital identity management system that allows its users to own, control and manage their digital identity. ID attributes and documents are stored in user’s personal device, not in a SelfKey server and not on a blockchain. Users decide what, when and with whom securely share these ID attributes and documents, and nobody has access to them without user consent.
Since the whole system is decentralized, SelfKey can avoid Equifax-style data breaches, making it secure enough for high-level ID uses such as digital passports and citizenship through investment.
SelfKey’s Marketing Leader, Marc Gras, is quick to point out that, besides SelfKey, “there is no company providing an end-to-end digital identity system, where you can securely access your documents stored locally, verify and notarise them through an eNotary, and apply for products and services using a token.”
It’s not only management systems such as Selfkey that benefit from implementing blockchain-based self-sovereign identity solutions. For example, Agrello provides legally binding versions of smart contracts, ‘smart agreements’, that anyone can create using a simple drag-and-drop interface that requires no coding knowledge whatsoever.