We’re bringing information and devices online at an unprecedented rate, raising one of the fundamental questions of our time: how do we represent ourselves in this digital world that we are creating? And more importantly, how do we secure our identity in a digital world?
We’ve heard about blockchain for currencies and smart contracts, a compelling and crucial application is in securing online identity.
For four billion years, the genetic code has been life’s data store- containing not only instructions for but also the lineage of all terrestrial life. Over the past few hundred thousand years, a new species has emerged, one that is rapidly and inexhaustibly producing huge volumes of data of their own: humans.
A brief history of humanity’s data affair
We have observed the world and made sense of it through language for as long as we’ve existed. Armed with the technologies we developed, we peered inside atoms and learned something about the behaviour of the fundamental particles including electrons and photons that we have found there. Developing capabilities to manipulate collections of these units of electricity and light has led to a series of technological revolutions that has had a fundamental impact on how we store, analyse and communicate information about our world.
The network of networks, the Internet, has evolved over time from a range of contributing developments by mathematicians, scientists and engineers. In each decade from the 1940s inventions included the transistor, the computer, computer networks, remote access to computing power, software and documents, and finally by the mid-1990s, commercial service providers ensured increasingly global connectivity. Near-instant text and audio-visual communication, and the emergence of social media and online services across industries, have vastly transformed our society in a remarkably short space of time.
The benefits of increased connectivity come with the associated risk around how the information that we create, communicate and store can be intercepted, sometimes with malicious intent. Cryptography is the ancient art of achieving confidentiality by transforming a message such that is only intelligible to someone in possession of a key. Since the emergence of the Internet, a multitude of algorithms for data security have been developed, and global standards for encryption protocols provide some level of communications security over our computer networks.
Just months after the financial crash of 2008, the first digital currency to employ cryptography to solve the problem of double-spending without the requirement for a central trusted third party was proposed. That currency was Bitcoin, now valued at over USD 100 billion, and one of over 1000 different crypto-currencies. The technology underlying this decentralised capability is a distributed ledger, or blockchain. Transactions are recorded in blocks that are linked and secured by cryptography, these records are verified and stored across a network making the ledger resistant to modification.
The really interesting part is that blockchain, this combination of capabilities in computing, connectivity and cryptography, has applications not only in the financial world, but in any transactional environment, including for a decentralised personal data management system that ensures users own and control their data.
Ups and downs: the risks of exponential data
As of this year, the digital world’s data content is estimated at billions of terabytes, or zettabytes, 90% of which has been created since 2016. Information is an increasingly valuable commodity, and its acquisition, analysis and trade plays an important role across industries. And with one quarter of the world’s population using Facebook every month in 2017, a lot of this data is personal.
The rise of social media has led to new conceptualisations and discussions around identity, as we build representations of ourselves online. On the other hand, information about ourselves that we did not intend to be shared or distributed is also contributing to our digital profiles. Any organisation with stores of personal data can be hacked, be negligent, or even sell this data to external parties for profit, resulting in outcomes that range from spam to identity theft.
In 2013 and 2014, three billion Yahoo! accounts were hacked in what was the highest-profile digital identity breach at the time. In South Africa, more than 30 million identity numbers and other associated financial information was leaked online only last year. Regulators have been swift in their response: personal data protection regulations such as the European GDPR or South African POPI Act carry severe penalties to companies who act recklessly or even negligently with personal data.
Stunning revelations surrounding Facebook’s sharing of up to 87 million members’ data to a third party in the service of the last US presidential election has caused shockwaves across the world, wiping $100-billion off its market capitalisation and leading some analysts to speculate around fines that could amount to $2-trillion – 100 times larger than the biggest corporate fine in history.
One definition of personal data is an economic asset generated by the identities and behaviours of individuals, and the monetisation potential of its (mis)use is astounding. Services like messaging, search and navigation may appear free to use, but they actually come at a cost: your personal data, or perhaps more aptly called your consumer data. Because as has been said, if you’re not paying, you’re not the customer; you’re the product. The question of how to verify, secure and manage identity and personal data online is more pertinent today than ever before.
The strongest link in the (block)chain
Identification provides a foundation for human rights. An estimated 1.1 billion people worldwide cannot officially prove their identity, and we simply don’t know how many of the world’s more than 200 million migrants, 21.3 million refugees, or 10 million stateless persons have some form of identification. The World Bank estimates that 78% of these unidentified people are from sub-Saharan Africa and Asia.
The recent Blockchain Africa Conference in Johannesburg brought together like-minded innovators. Global Consent, based in Cape Town, is one such local player doing exciting things in the identity space. Consent is developing a blockchain-based trust protocol to independently authenticate identity and selectively exchange personal information. Consent is also the first Sovrin steward in Africa. Sovrin is the world’s first publicly available distributed ledger dedicated to digital identity. The code base of Sovrin is part of the open source Hyperledger project, which is governed by the Linux Foundation and backed by corporates including SAP, IBM, NTT and Intel. The infrastructure for ensuring consensus, security and trust around identity transactions on the Sovrin network is provided by globally distributed stewards like Consent, who independently own and operate nodes on the network.
Blockchain has impressive applications in a transactional environment, in this context enabling individuals to own and control their identities online in a decentralised personal data management system where records are verified and stored across a network making the ledger resistant to modification. Like any network, the strength of a blockchain-enabled personal data management system depends in part on its size. And given the size of the problem of personal identification in Africa, both online and off, we can look forward to ongoing discussion and adoption of technologies like blockchain to meet this challenge going forward.
So … developments in computing, connectivity and cryptography, have resulted in blockchain, the technological confluence of the three, with exciting applications in identification and securing personal data online. However, we live in the physical world, and biometric data will need to support the initial registration of an individual on such a system. A candidate for advanced biometric identity verification is a naturally occurring structure, which could also be the future of data storage, with a remarkable 700 terabyte capacity per gram- the ultimate unique identifier.
This structure is the DNA molecule, and despite significant achievements like determining its structure and sequence, science continues to grapple with the computational complexity of understanding life. The role of large portions of determined sequences remain a complete mystery. Life, and in particular humanity, is arguably the most mysterious phenomenon we have ever encountered, and we have a long way to go in terms of fully understanding ourselves.
One thing we have arrived at is a solution to taking back ownership of our identities in the digital world we are creating, through the compelling application of blockchain in the digital identity space.
By Adriana Marais, Head of Innovation at SAP Africa