Credit union consortium CULedger will use IBM’s Hyperledger Fabric, in addition to several other blockchains it’s been working with.
CULedger, a consortium of credit unions in the U.S., and Evernym, developer of distributed ledger technology, have introduced a new DLT-based digital identity system.
The software, known as MyCUID, is billed as a way for credit union members to protect themselves from identity theft and fraud. The ledger will enable users to share only as much personal information as they need or want to in a given situation.
CULedger president and chief executive John Ainsworth said in a press release that the system would allow customers to “securely interact with their credit union,” continuing on to say:
“By giving individuals control over their personal identifiable information, MyCUID will create a truly secure and privacy-preserving flow of information to promote balance, fairness, diversity and competition in the digital economy.”
MyCUID operates through a person-to-person network of “distributed, private agents working in parallel with the distributed ledger,” according to the press release. This will help ensure that users’ identity records cannot be taken away from them.
If widely adopted, the software will enable credit unions worldwide to provide banking services to an estimated 2 billion people who currently lack access to financial institutions, said World Council of Credit Unions president Brian Branch in the press release.
CULedger is a nationwide consortium, having begun “in 2016 as an endeavor between CUNA, Mountain West Credit Union Association, and Best Innovation Group to develop a concept for a credit union system-wide permissioned distributed ledger platform,” according to the press release.
It’s been working with Evernym, which created the Sovrin protocol, since at least last year. Evernym is one of a number of startups seeking to use distributed ledger technology to create “self-sovereign” identities fully under users’ control.
The release of MyCUID appears to be the latest move in the consortium’s efforts to change how credit unions handle personal data, after forming a credit union service organization last year.
Piggy bank image via Shutterstock
The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at email@example.com.
Awareness of the serious drawbacks of centralized identity services is growing.
Spurred by the Equifax breach earlier this year, the problem isn’t relegated to the U.S. credit scoring company alone. In mid-October, a database leaked the personal information of more than 30 million South Africans (more than half the population). Further, searching “data breach” in Google news turns up a significant recent data breaches globally.
Yet, a new breed of entrepreneurs believes that by updating the underlying technology used by such services, consumer data can be better protected.
“This move to the cloud and greater digitization of government services has led to greater centralization,” said Brian Behlendorf, executive director of Hyperledger.
And if something isn’t done to distribute that data, the lead developer of one of the largest blockchain consortiums, one boasting membership from IBM, Baidu, Intel and more, believes breaches will continue.
This is the main reason Behlendorf believes stakeholders are more interested in exploring self-sovereign identity – a means of decentralizing identifying information so that the individual has control over their own data. The concept of a self-sovereign ID has “been percolating for awhile,” he said, but it wasn’t until the advent of distributed ledger technology that the notion started to feel somewhat attainable.
Behlendorf told CoinDesk:
“You’re using [distributed ledgers] simply to store addresses, pointers and hashes to data that is stored off-chain elsewhere. Recognition of that basic model is starting to become clear to the different organizations in [the identity] space.”
While it’s still early days, several stakeholders have taken the lead, with governments seeming most interested in utilizing blockchain technology to shape the future of identity management.
And that’s what’s perhaps most notable. Governments aren’t typically recognized as first movers, but some are proving responsive to a solution that might allow them to offload some of the risk of storing large silos of citizens’ data.
For instance, the state of Illinois, through the Illinois Blockchain Initiative (IBI), is exploring how it can implement blockchain technology in areas like land titles and birth certificates.
According to Jennifer O’Rourke, Illinois’ blockchain business liaison, “Moving to a model where you as an individual are responsible for your information as opposed to institutions carrying that responsibility was very interesting for us.”
In a birth certificates trial, Illinois partnered with blockchain firm Evernym, which uses the non-profit Sovrin Foundation’s blockchain.
“I think we’re starting to see a significant amount of momentum here, where the number of calls that we’re getting from our counterparts at both state and sovereign level to learn from the works that we have done has increased dramatically,” O’Rourke told CoinDesk, adding:
“It is clear that many people are focused on this in the government sector.”
The Brazilian government’s Ministry of Planning is also exploring a number of identity management use cases, recently piloting a program with ConsenSys’ uPort using the ethereum blockchain. And IBM – in the midst of an identity pilot with SecureKey and a number of Canadian banks – is seeing interest from government agencies as well.
“We’ve gotten interest from the U.S. and other countries that want to do something similar so we’re in discussions now with interested parties in those regions on how can expand what we’re doing,” Adam Gunther, director of blockchain identity offerings at IBM, said.
Hurdles for adoption
But with that interest also comes concern.
Many blockchain-based ID systems rely on decentralized identifiers (DIDs), which hold unique metadata that proves ownership of a particular ID. So, in Illinois’ birth certificate proof-of-concept, the actual birth certificate does not get stored on the blockchain, and the DIDs are meaningless outside one interaction.
And there aren’t yet standards for use case, which makes these kinds of frameworks even more complex to understand and utilize.
IBM’s Gunther believes DIDs need to be standardized in case of loss or theft. The reason? So they work more similarly to the way credit cards do, where consumers are able to call up a company responsible for safeguarding the data to see if it has been stolen.
“Then the damage someone can do with that is much less significant,” he said. “We need that same type of identity standard.”
Another concern is that, with an ever-increasing number of blockchains, a stakeholder chooses the one that doesn’t get the most traction in the end. Here, groups are also working on standards, in an effort to make blockchain ID systems interoperable.
“I don’t believe we will have only one blockchain platform used by the government in Brazil,” said Vinicius de Faria Silva, coordinator-general of the division within the country’s Ministry of Planning responsible for its blockchain work.
He continued, “Of course, there are a lot of questions, a lot of doubts, I don’t think [the concerns are] about security, much more about how to use this technology, how to implement the solutions and how this will grow throughout time.”
Yet, some of these questions could be answered by new regulations.
Behlendorf is hoping Europe’s General Data Protection Regulation (GDPR) will be a catalyst for greater adoption of blockchain-based self-sovereign ID systems.
“It’s far easier to meet the GDPR requirements when you’re collecting data from individuals and … minimizing data you store,” he said. “You’re keeping the consumer informed about that data, giving them a chance to inspect it, correct it, that sort of thing.”
Behlendorf also sees a kind of chicken-and-egg problem in the space. “Who would adopt it with enough distribution for it to be worth people moving to?” he asks.
Regulation, as it has in the past with financial services technology, could spur a resolution. But many, including Evernym’s chief trust officer Drummond Reed, remain optimistic.
Reed told CoinDesk:
“This is going to be like the adoption of the web. It didn’t happen overnight, but it’s going to be inevitable.”
Digital fingerprint image via Shutterstock
The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Interested in offering your expertise or insights to our reporting? Contact us at firstname.lastname@example.org.
The state of Illinois has begun work on a new blockchain pilot focused on the digitization of birth certificates.
Working with blockchain identity startup Evernym, the tools being designed would, if put into production, allow parents and doctors present at the time of birth to officially log the birth on a permissioned blockchain.
But the project, which forms part of the state’s broader blockchain efforts, is about more than just birth certificates.
According to Jennifer O’Rourke, who serves as Illinois’ blockchain business liaison, the platform being designed could ultimately lead to a broader identity tool-set that a person can use over the years.
O’Rourke told CoinDesk:
“In this pilot, businesses and governments would be able to verify and authenticate a citizen’s identity by requesting encrypted access to verifiable claims.”
Within the proposed framework, existing government agencies would be able to verify a person’s registration information at birth, then cryptographically sign data related to a person’s name, date of birth, blood type, and other details.
That information is expected to be stored on a tamper-proof distributed ledger that would only be accessible with consent from a legal guardian – up until the age that the person becomes a legal adult.
At this early stage in the pilot development, efforts are being focused on creating a user interface that parents and doctors can use to digitize the birth certificate, as well as enabling other back-office processes that come into place.
The tools being developed build on work done by a task force within the World Wide Web Consortium (W3C), according to a statement.
O’Rourke expects the pilot to be completed in “the near term,” with a formal announcement scheduled to be made next month at the MyData2017 Conference in Helsinki, Finland.
“We’re going to start with that child, then we want to make sure that we capture that information for the parent, and also for the doctor as well,” said O’Rourke, explaining what she believes is the end-value of moving the data to a blockchain:
“Those input points should not be static or paper-based.”
Newborn image via Shutterstock
The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at [email protected].