Posted on

IBM Makes Another Blockchain Identity Play With Health Data App

IBM’s blockchain division is widening its work in the nascent field of “self-sovereign identity” – technology designed to give individuals greater control over their personal data.

Announced today, the tech giant is working with Hu-manity.co, whose #My31 app just became available on iOS and Android mobile devices. The app’s name alludes to the idea that legal ownership of one’s data should by a “31st human right” in addition to the 30 already ratified by the United Nations.

It’s the latest in a series of similar projects IBM has been involved in. Others include SecureKey, a bank consortium building a digital ID system in Canada, and Sovrin, contributor of the Indy toolkit for Hyperledger-based blockchains.

As such, the partnership with Hu-manity is a strong signal that Big Blue sees long-term business value in this use case for distributed ledgers. Marie Wieck, the general manager of IBM Blockchain, told CoinDesk:

“Getting people’s permissioned rights on a blockchain will create a marketplace and entirely new economic business models as a result.”

Indeed, while Hu-manity’s app is consumer-facing, an enterprise version will be generally available to corporations starting in the healthcare industry in the first quarter of 2019, Wieck said.

“We tend to agree that data is the next natural resource and like a natural resource has to be mined responsibly in the same way,” she added. “Blockchain combined with the notion of rights to individual data, facilitates the distributed sharing of that information securely and at scale.”

Richie Etwaru, founder and CEO of Hu-manity, has a similarly expansive vision. Starting with the well-established market for health record data, he said he expects location data, search history and e-commerce habits will also be “owned” by users.

Upon claiming their data property rights, Hu-manity users receive a title of ownership, akin to a property deed. Thereafter their personal details, signature and photograph can be added in the form of a hash on the blockchain, along with things like the individual’s data-sharing preferences.

While the Hu-manity.co global consent ledger, which records the granting and revocation of permission to use someone’s data, is built on the IBM Blockchain Platform using Hyperledger Fabric, the two companies will also collaborate with Sovrin.

Data: The new oil?

Comparing the personal data humans produce to crude oil, Etwaru told CoinDesk, “The partnership with IBM enables private blockchain to create a direct relationship between the crude data provider – the human being – and the buyer of the refined data at the end of the supply chain.”

And in its refined form, personal data such as a patient’s health record changes hands for an average of around $400, Ewaru pointed out.

Yet regulations in the U.S. and beyond are very unspecific when it comes to personal data and can be interpreted in different ways, noted Etwaru.

Provided data has been masked, an organization may sell it for specific uses, which might often be for research as opposed to overtly commercial purposes. However, there could equally be an interpretation whereby an individual has the right to notify a corporation requesting them not sell data in the de-authorized format.

But wide adoption of an empowering data-sharing app, he said, would constitute a “call to action, and pool consensus around how laws should actually work,” Etwaru said.

And it’s not only the individual who stands to gain. Rather than walking on eggshells concerning people’s growing awareness of their privacy (or lack thereof), Etwaru said, corporations could have clarity and transparency by virtue of what describes as a “movement.”

“The end buyer could have better compliance posture if they use our data and we can figure out the economics between the individual and the buyer. The pharmaceutical industry has never really been offered an explicit consenting relationship with individuals before,” he said.

IBM’s Wieck added that large anonymous datasets can be noisy and inaccurate, but could be better relied upon to be clean using the blockchain app.   

“In clinical trials, there would be a way of tracking data and ensuring these are all real human beings and doing it at scale. Trust and transparency have been a challenge up until now,” she said.  

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

How to Make Public Blockchains Safe for Enterprise Use

Paul Brody is EY’s global innovation leader for blockchain. The views expressed are his own.


At the beginning of this year, I wrote a column predicting that companies would find the allure of public blockchains irresistible. While a world of private blockchains provides many enterprises, regulators and central banks with the comfort that there are accountable, centralized entities involved, these permissioned networks will never match the innovation or network effects that public, permissionless networks offer.

If the world of enterprise commerce remains committed to private networks, then they will have only substituted one intermediary (financial institutions) for another (software companies and hosting organizations). However, it is possible, and essential, to bring these two worlds together, and to do so on public, permissionless and decentralized networks.

In order for public networks to deliver on their promise, two key things must happen. First, regulators must provide a clear set of rules around how tokens, assets and smart contracts that exist on public blockchains will be assessed. And second, companies must implement these regulatory rules in the decentralized environment of the public networks.

The first of these is off and running. Regulators in the U.S., Europe and around the world are defining what is an asset, a currency or a security. It shouldn’t be expected that all regulators will come to precisely the same conclusions, but it does look like some early convergence is taking place: Utility Settlement Coins are being characterized as securities while cryptocurrencies are being treated more like currencies or assets.

One gap that we regard as particularly important going forward is how tokenized fiat currency will be regulated: If you have a $1 token on a public blockchain, and that is backed by one U.S. dollar in an escrow account, will that be a security or a currency and what rules might apply? So far, no regulator has specifically addressed this emerging category of blockchain tokens.

The second is that whatever the regulatory rules are, they must be implemented in tokens and smart contracts. In particular, it’s important that while the blockchain as a whole may be decentralized, a central bank should be able to issue and cancel its own currency on a blockchain and companies should be able to manage their own assets when they are tokenized.

Know your carton?

To illustrate how important this is, let’s come back to the question of how companies will do business with each other on public blockchain networks: The exchange of product or asset tokens for money tokens. Once a company starts to tokenize its inventories and assets and use those in contracts and financial services, they are disintermediating traditional financial entities. They are also, consequently, taking on some of the regulatory responsibilities of those intermediaries.

Tokens, if they have value, can be moved around as easily as money, for example. While a consumer packaged goods (CPG) company may never have had cause to think about this before, once they tokenize packages of detergent, those tokens have an effective exchange rate with real money and other goods that makes them perfectly suitable for any kind of deal, legal and otherwise. That means even CPG companies will become responsible for know-your-customer (KYC) and anti-money-laundering (AML) compliance.

Is this a deal-breaker for public networks and enterprises? No, it isn’t.

One of the great benefits of smart contracts and blockchain tokens is that they are programmable. Going forward, audit, KYC and AML regulations can and will be written into smart contracts and tokens. Combined with exchange controls and other checks, it will be possible to control how and when tokens are used on public blockchains without resorting to the centralization of the blockchain as a whole. This will even include canceling and issuing new tokens to handle theft and loss.

There are, no doubt, many who will mourn the end of public blockchains as systems wholly outside of regulatory control. For blockchains to deliver on their promise, this is inevitable, but how this happens matters a great deal.

If regulatory compliance is delivered through centralization, then there will be a great loss to innovation and we may see the dream of a re-decentralized internet die. I didn’t call my original paper on blockchain technology “Device democracy” for nothing. It’s my dream, too.

There is another option, however: regulatory compliance within a decentralized framework. An opt-in model based on voluntary agreement to smart contracts means that companies can use blockchains for business without embracing undue risk. But at the same time, individuals and startups can continue to pursue radical experiments without having to ask anyone for permission.

Hardhats image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Civic to Spend $43 Million In Tokens In Aggressive User Expansion

Like all crypto projects, Civic, the pioneering blockchain-powered identity startup, needs people, lots of people, using its platform.

And, according to Civic founder Vinny Lingham, while the technology is all in place for the system to work, it’s this network of users that the company is still struggling to achieve. In an effort to spur this adoption, Civic announced Wednesday that it will be paying for all identity checks for users and business partners from now until the end of the year.

Well, at least, $43 million worth.

All told, Civic is allocating 333 million of its total 1 billion supply of CVC tokens, a third of which it sold for $33 million in an initial coin offering (ICO) in June 2017. The tokens will be transferred to Civic to pay for the cost of the identity checks, serving to bootstrap growth and stress-test the protocol.

“We basically said we’re going to reserve a third of the tokens to drive network effects,” Lingham told CoinDesk.

For Civic, every new user that’s had his or her identity verified on the platform makes it a little more attractive for the next company looking for an identity solution. In this way, Civic is creating incentives for more people to join.

Lingham has been thinking about the challenge of reaching critical mass since before his company conducted an ICO in 2017.

He told CoinDesk:

“Paypal got it right with the whole $10 free if you invite a friend and it nearly bankrupted the company. They managed to crack the chicken and egg problem doing it that way.”

Fortunately for Lingham, in the new world of crypto, it’s possible for a company to create their own money supply as long as the market sees future potential. So, Civic – being the only entity, currently, that provides the know-your-customer (KYC) verification within the system – will be paying itself in CVC tokens for the service.

Why now?

Civic has built up a lot of partners, companies and entrepreneurs that need to verify a user’s identity, the most well-known of which is Annheiser-Busch.

The two companies verified the identities of users at CoinDesk’s Consensus 2018 in New York City to distribute Budweiser beers from a vending machine to attendees of legal drinking age.

It also has a lot of partners in the crypto space, including ShapeShift, Hilo, 0x and the Chamber of Digital Commerce, according to its partners page, and it’s been able to enlist a lot of ICO projects who need to run KYC before selling tokens.

“We’re at the point now where the product is actually – we’ve tested it,” said Lingham. “A hundred companies have signed up to use Civic. It’s working.”

But it’s hoping that more will consider joining this year on the promise of saving a little money onboarding their customers.

And they’re preparing for that influx by investing in the future of the business.

For instance, the company also recently acquired the URL “identity.com,” the place that will eventually serve as the meeting place between companies that need KYC services and the ones that provide them. That part of the protocol hasn’t been rolled out yet, though.

Once Civic knows that its system is working with high volume, they will open up the platform to other verifiers.

When gone, sir?

So, how many identity verifications can $43 million pay for? The general average cost for identity verification is $2, Lingham said, but there’s a wide spread.

“We’re offering this for all our services, including the accredited investor test, which is like $60,” Lingham said.

So on its face, it could be feasible for the supply to max out before the year’s end. If in theory, the company ran out of all 333 million tokens before New Year’s Day, the promotion would stop early. Lingham argues, though, there’s really almost no chance this will happen.

“We don’t expect to use all the tokens in the next couple of months,” he said.

That’s because he argued, all those CVC transactions would register to the network as demand for the product. Then increased demand would drive up the price of the token, so each additional verification should cost slightly less in CVC terms.

While Lingham thinks the promotion will succeed in enticing more users, he expects to end the year with lots of tokens left in the reserve. If it came anywhere close to running out, though, the blockchain’s ability to handle all those transactions would present more of an issue.

“The bigger problem would be ethereum. It would make CryptoKitties look like a walk in the park,” Lingham said.

On Identity.com, “it’s literally just the verification you’re being charged for,” Lingham explained. Whereas, “the central identity vendors of the world, the credit bureaus, etc, they resell your information at a profit,” he argued.

If a new entrant comes into the space and offers consumers a different deal and it catches on, that’s something that could ripple out.

As Lingham put it:

“The number of big multibillion companies in this space right now, if we start putting margin pressure on them, we disrupt the whole industry.”

Fingerprint on keyboard image via Pexels (Creative Commons license)

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Online ID Control: Blockchain Platforms vs. Governments and Facebook

We’re living at a time of unprecedented concern over identity. Fears abound that our personal data is being abused by distant third-parties, while this data has become more valuable to us at a time when our identities and the identity politics we base around them have become more central to our lives. It’s in this context that blockchain technology has appeared, and while its application beyond cryptocurrencies is still limited, protecting our online identities and data more securely looks set to be one of its most central applications.

In its most basic outline, the use of blockchains in the area of securing personal data is simple: Our data is stored in encrypted form on a decentralized network, and we can grant other parties access to (some of) this data by the use of our private keys, in much the same way that using our keys allows us to send cryptocurrency to someone else. By virtue of this basic framework, blockchain tech promises to place control over our data back in our hands, at a time when Facebook and other technology giants have been abusing and misusing it. And seeing as how crypto-giants such as Coinbase have recently moved into the area of decentralized ID, it would seem that it already has strong backing and support within the cryptocurrency industry.

However, as sound as this all is in principle, there are a variety of challenges — some technical, some commercial — that have to be overcome before blockchains can be used at scale to secure personal data. The companies working in this area are all approaching these problems from different angles, yet it would appear that in solving them, a (partial) departure from the ideals of ‘complete’ decentralization is necessary.

And even when the technical challenges are all surmounted, there will still be the issue of weaning people off platforms such as Facebook, which — thanks to the profits of centralization — can afford to offer the public an enticingly ‘free’ and polished service.

Control and privacy

Alastair Johnson, CEO and founder of e-commerce and ID platform Nuggets, Johnson understands the pitfalls of storing masses of ID data in centralized siloes all too well.

“Today, the reality is that individuals do not control their personal data in any meaningful way. On average, a person has personal data — in the form of payment card details, home addresses, email addresses, passwords and other personal details — spread over roughly 100 online accounts. They can access this data but they do not own it.”

By contrast, the use of blockchain tech grants newfound control to the user, who will be empowered to share their ID data only with the parties they approve. This is achieved primarily through the utilization of “decentralized identifiers” (DIDs), as explained by the Sovrin Foundation, which is building a blockchain platform aimed at providing individuals with “self-sovereign identity” (i.e. an ID they can take with them from platform to platform). As it notes in its white paper, “decentralized identifiers” (DIDs) not only encode information that identifies someone as, say, female, Asian, 35, and living in France, but they also circumvent the need for a centralized authority to verify ID claims.

“A DID is stored on a blockchain along with a DID document containing the public key for the DID, any other public credentials the identity owner wishes to disclose, and the network addresses for interaction. The identity owner controls the DID document by controlling the associated private key.”

In other words, a protocol for a suitable blockchain is created, users register their ID data on this blockchain, and then use their private keys to decrypt this data for chosen parties. This is the kind of system also employed by Nuggets, although in its case it’s referred to as “zero-knowledge storage,” since no one else knows what your data says about you. And it’s also the system being worked on by Coinbase, which on August 15 announced its acquisition of ID-focused startup Distributed Systems. Having purchased the San Francisco-based company for an undisclosed fee, it will now develop a decentralized login system for its own crypto-exchange platform that will enable users to retain ownership of their ID credentials.

“A decentralized identity will let you prove that you own an identity, or that you have a relationship with the Social Security Administration, without making a copy of that identity,” it wrote in its press release.

With such a setup, there’s little chance of a Cambridge Analytica-style scandal where data gets shared with unwanted groups or individuals, while it also grants unprecedented power to the individual user, who’s likely to be treated with much more respect by companies now that his data is in such scarce supply. As explained by Johnson, this provides a vast improvement over the current stage of affairs.

“[Personal data] is stored and controlled in a series of centralized databases controlled by institutions such as retailers, marketing companies, utility companies and data reporting companies. In order to make purchases online, individuals simply authorize these different bodies to connect the different pieces of information they hold in order to authorize a transaction.”

However, while the individual user is currently dependent on hundreds of different companies to store and transmit his/her data in order to gain access to the services, the introduction of blockchain technology completely reverses the balance of power. Johnson shares with Cointelegraph:

“Blockchain-based solutions flip this model on its head, so that individuals can store and control their data associated to a digital identity. It is not stored in the centralized databases of third party organizations, it can be stored on the blockchain in a decentralized network. With the individual controlling their data in this way, they are then in full control to ideally not have to share or store anything by using attestations, tokens or references and share it only if and when they choose to do so.”

Yet, this is only the tip of the iceberg, as using blockchain tech to confirm who we are furnishes many additional benefits beyond user control. For one, it heightens privacy, since with many of the platforms being proposed, our ID credentials won’t even be revealed to those parties and organizations requiring their verification.

This is enabled via the use of zero-knowledge proofs (ZKPs), a cryptographic method that can prove a claim without actually sharing the data (‘knowledge’) through which the claim is proven. ZKPs are being implemented by Sovrin and are also planned for use by such startups as Civic, Verif-y, and Blockpass. By using them, these companies will make the process of ID verification simpler and more efficient, while opening up the possibility of storing biometric ID on the blockchain. They’ll spare organizations that verify our IDs the headache of having to securely store personal data after validating it, which in turn eliminates a potential vulnerability, given that these organizations would have normally kept any data they received on a centralized database.

And while not all decentralized identity platforms will employ ZKPs, others will still make use of functionally similar methods. For example, SelfKey harnesses a technique it describes as “data minimization,” which “allows the identity owner to provide as little amount of information as possible to satisfy the relying party or verifier.” This sidesteps the need to develop advanced technologies such as ZKPs, although it raises questions as to what is meant by ‘minimal.’ SelfKey writes that “claims can be signed in a way whereby one could choose to disclose only a minimum of information.” But without a more formal specification of “minimum” and “choose,” it’s conceivable that such functional approximations of ZKPs might end up revealing more data than some users would want.

Security

Aside from providing greater user control and privacy, blockchain-based platforms for verifying ID are more secure than their centralized counterparts. This is because, being distributed among multiple nodes, they won’t suffer from having a single point of failure like traditional ID systems — e.g. government databases, social networks. As such, one or two nodes of a blockchain can become inactive and users will still be able to use it, while the encryption involved prevents any publicly available data from being gleaned for sensitive info.

By removing the single point of failure, decentralized ID platforms make a large, Yahoo! style hack nigh-on impossible. Instead of being able to penetrate a centralized database that houses all user information in a single location, attackers will have to obtain the private keys for every individual on a one-by-one basis, something which is extremely unlikely in practice. Alastair Johnson agrees:

“The major benefit of a decentralized ledger of personal data over a centralized database is the security against hackers that it provides. We’re all familiar with the major data breaches that have occurred in recent years, such as that at Equifax in 2017. These centralized databases act like magnets to hackers who often only need to take advantage of a single vulnerability to either take them down or extract data from them.”

By contrast, decentralized ledgers aren’t so sensitive to cyberattacks. “The hijacking of a single node will not disrupt the ongoing functioning of the ledger, as the other nodes can continue to operate without the compromised node’s involvement and the network requires consensus to prove the blocks.”

Security is part of the reason why the Indian government, for example, is turning to blockchain for its AADHAAR database — the world’s biggest biometric ID system, containing the records of over one billion people – as the country has been the victim of repeated hackings over the past year.

With such a revamped platform, there will be a variety of security benefits. The transparency and immutability of blockchains would mean that users are able to see when their data has been accessed and by whom, thereby providing a deterrent to any would-be hacker. Similarly, this transparency and immutability can be violated only in the unlikely event that a bad actor assumes control of 51 percent of the blockchain’s nodes, which in theory would enable to access data and then erase the corresponding records of this illegitimate access.

AADHAAR currently isn’t blockchain-based, while a comparable project from the government in Dubai to use blockchain-based ID at the international airport is still under construction. However, one government-led ID system than does use distributed ledger technology (DLT) right now is in Estonia. Its KSI (Keyless Signature Infrastructure) Blockchain forms the backbone of various e-services, including e-Health Record system, e-Prescription database, e-Law and e-Court systems, e-Police data, e-Banking, e-Business Register and e-Land Registry.

Once again, the use of the KSI Blockchain provides greater transparency than previous systems, since it detects when user data has been accessed and when it has been changed. And as the e-Estonia FAQ explains, it’s much quicker than traditional platforms in detecting misuses of data:

“[It] currently takes organizations […] about seven months to detect breaches and manipulations of electronic data. With blockchain [solutions] like the one Estonia is using, these breaches and manipulations can be detected immediately.”

Not only are breaches capable of being detected immediately or quickly on a blockchain-based ID system, but they’re more likely to be detected more quickly than with a centralized platform due to their public and continuous access to scrutiny from a wide range of armchair experts and professionals alike, as highlighted by PolySwarm CTO Paul Makowski in a December blog post on decentralized threat intelligence:

“Geographically diverse security experts proficient at reverse engineering or capable of providing unique insight will be able to exercise their knowledge from the comfort of their own home or wherever (and whenever) they choose to work.”

Standardization, interoperability

At the present moment in history, the world’s digital identity systems are siloed off from each other, separated in a way that forces people to create new accounts and new data for virtually every digital service they use. This causes personal data to proliferate to dangerous levels, making data breaches and cybercrime much likelier. For instance, the cost of identity theft reached $106 billion in the United States alone between 2011 and 2017, at a time when the average consumer has a staggering 118 online accounts (at least in the United Kingdom, where data was available).

Blockchain-based digital ID systems offer a way out of this. While most chains are currently cut off from each other, standards for sovereign digital identity are being devised by the Digital Identity Foundation (DIF) and the World Wide Web Consortium (W3C). Similarly, a number of startups are building interoperability platforms connecting separate blockchains together, including Polkadot, Cosmos and Aion. By working to achieve an ecosystem in which the standards of one identity platform are accepted by all other platforms that require ID verification, such organizations could dramatically reduce the amount of personal data people need to produce. Instead, users would create an account with one blockchain-based ID service, which they’ll then use to register with a host of other services and systems.

INFOGRAPHICS

Never Stop Marketing CEO Jeremy Epstein said in a December blog:

“Interoperability standards free up capital and time to drive value. What’s more, it offers the possibility to pool security (making the whole system more robust against attack) and enable trust-free transactions across chains.”

Blockchain interoperability is still a nascent field, and different organizations are pursuing different approaches to it. However, to take one example, Polkadot is aiming to achieve interoperability via its “heterogeneous multi-chain,” which has three fundamental components. These are “parachains,” which are in fact the individual blockchains being linked together, “bridges” that connect each parachain to the Polkadot network, and then the Polkadot network itself, which is a “relay chain” of the various parachains being connected.

Other routes to interoperability diverges from this, with Cosmos achieving inter-chain communication via use of the Tendermint consensus algorithm, and with the Aion network monetizing interchain transactions. However, assuming that an interoperability platform receives universal adoption within the blockchain ecosystem, users would find that they’ll have to register their personal data only once. From then on, they’ll be able to provide other platforms with ID attestations securely and quickly, all without having to reveal any of their data to the companies and services they use.

Scaling toward a new kind of blockchain

The benefits promised by blockchain-based ID systems — control, security and standardization — are all appealing, yet questions remain as to how feasible such systems are and how long we’ll have to wait for them to be released in fully functioning form. Added to this, there’s also the worry that — for all the improvements offered by blockchains — as a society we may still remain wedded to ‘traditional’ online services and the organizations responsible for them, which may actively resist the adoption of decentralized platforms that enable us to keep data to ourselves.

Unsurprisingly, the biggest issue with regard to feasibility is that of scalability, so often the achilles heal of many a crypto-based project. Given that an ID service should — by definition — be able to serve millions of people, any blockchain that forms the basis of such a service has to be significantly scalable. Yet, so far the most popular blockchain for decentralized applications (DApps) — Ethereum — was almost brought down by a popular video game last year, CryptoKitties. This is why most of the platforms mentioned above aren’t built on any of the most well-known blockchains, but rather on proprietary ledgers, some of which don’t meet the conventional definition of a decentralized blockchain.

For example, Enigma is a “decentralized computation platform” that has been designed for use with identity verification, among other things. As described in its white paper, it solves the scalability problem by delegating all “intensive computations to an off-chain network.” This network also stores all the user data, while the blockchain itself merely stores “references” to this data. In other words, Enigma’s platform isn’t really a blockchain — and while its off-chain network is still distributed (although each node sees separate parts of the overall data), this isn’t decentralization in the way that, say, the Bitcoin blockchain is.

Something similar could be said for other ‘blockchain-based’ ID platforms: Estonia’s KSI Blockchain isn’t a full-fledged blockchain that uses asymmetric key cryptography, but rather a Merkle tree-based ledger. Meanwhile, the Sovrin network achieves consensus via a limited set of “validator nodes,” arguably making it less decentralized than certain other blockchains. Together, what such tradeoffs reveal is that, if an ID platform is to be scalable (and also private), it needs to be less distributed in certain areas — and arguably less secure as a result. But more importantly, from a practical viewpoint, it also needs to redefine and adapt just what a ‘blockchain’ is, since the most familiar chains currently aren’t up to the task of securing and communicating our personal data on a massive scale.

Vested interests

This is why even the most advanced projects have roadmaps that extend beyond 2020, since a viable ID platform requires a new kind of distributed ledger that squares the need for cryptographic transparency with the need for individual privacy. And even if any of the platforms above reach this goal anytime soon, they will have another massive hurdle to clear: the dominance of existing arbiters of identity, including social media giants like Facebook, as well as national governments.

Governmental initiatives

For instance, the U.K. and Australian governments have been investing millions in building their own centralized ID verification systems in recent years, making it unlikely that they’ll easily give way to a decentralized alternative. Likewise, the idea of Facebook overhauling itself with a truly decentralized platform — where users keep their personal data a secret — is, well, frankly unthinkable, seeing as how the social network reaps billions in annual profit from selling our data to the highest bidder. It’s also widely used to identify people online, so it’s unlikely that it will give up its dominance to blockchain-based platforms easily.

That said, a small number of national and state-based governments (e.g., Singapore, Illinois) have been trialling blockchain-based ID systems. In addition, figures within the burgeoning crypto-ID industry are hopeful that public and private organizations alike will either be forced to decentralize or will fall by the wayside.

“When you operate a centralized system that provides your organization with control and allows you to benefit from this position, it’s understandable that you might be resistant to change,” says Alastair Johnson. “But when there is a penalty if this information is breached in the form of fines, loss of share price and cost of recovering the situation and all the PR damage that comes with a breach, businesses will start to see that the model has to fundamentally change.”

A key driver of this change could be public sentiment, which has already been shifting in the wake of the Facebook-Cambridge Analytica scandal. “The blockchain provides clear benefits for customers in terms of control over personal data and digital identities and I expect the public recognition of this to move from an early adopter cohort to an early majority in the near future,” Johnson says. “From the other side, I expect organizations that have already experienced breaches in their centralized databases to be amongst the most willing to adopt blockchain-based solutions, as they seek to rebuild trust with consumers.”

It could be argued that slick, free-to-use, ad-based services such as Facebook will always be more attractive to the average user — a view strengthened by the fact that Facebook reported a 13 percent year-on-year increase of users in April, despite its recent loss of younger users in the wake of the aforementioned data harvesting scandal. However, Johnson believes that a gradual sea-change in attitudes is underway.

“The ‘Delete Facebook’ movement is one sign of change, as is the continuing scrutiny that the tech giant is being put under by American and European authorities. People are starting to wake up to the fact that their personal data is valuable. Not only could blockchain help them to monetize it for themselves, it will also eradicate the kinds of costly personal data loses that I have experienced myself.”

And even if blockchain technology is still largely unproven outside the domain of cryptocurrencies, it will start winning converts as soon as it demonstrates its superiority to previous systems when it comes to privacy and security.

“Right now, there may be hesitation to adopt decentralized platforms, but its common sense that personal information should be owned and controlled by the person, and because of this it will prevail.”

Posted on

Capital One Seeks Blockchain Patent for 'Collaborative' Authentication Tool

U.S. banking giant Capital One is working on using blockchain technology to usher in more convenient and secure user authentication methods for instances such as banking security.

In a continuation of a patent application submitted to the U.S. Patent and Trademark Office (USPTO) back in June 2017, Capital One sets out a blockchain system that will receive, store and retrieve encrypted user authentication data, according to a filing released Thursday.

The proposed idea is described as “a distributed, non-reputable record of authentication interactions” that allows users to authenticate themselves across multiple institutions, but limits how much personal information is shared between them.

In effect, the method retrieves identification data on a user when they commence the authentication process (assuming the user has a profile set up). The system will authenticate or reject the user based on the received authentication information, but the user data itself is kept securely on the blockchain.

The claimed invention is said to potentially reduce “time and resource burdens” for institutions when on-boarding new clientele. Furthermore, the filing adds, it would be a boon for users that may “resent” having to repeatedly authenticate themselves as they move between different institutions.

Thus, Capital One says, both institutions and clients “may therefore benefit from a collaborative authentication system that handles authentication interactions for multiple institutions.”

One business-focused use case for the invention is stated as fulfilling “statutory or regulatory requirements, such as ‘Know Your Customer’ requirements,” which most financial institutions around the world are legally mandated to abide by to reduce the risk of money laundering.

Capital One image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Coinbase to Pursue Decentralized Form of Identification Following Acquisition

Cryptocurrency exchange and wallet service Coinbase has acquired San Francisco-based startup Distributed Systems Inc., which works on decentralized identity solutions, according to an August 15 announcement.

In the blog post, B Byrne, project manager for Identity at Coinbase, said Distributed Systems will help the exchange work on new ways to validate and verify identity within its plans to develop an open financial system. The blog post says:

Blockchain technology that powers cryptocurrencies offers a new way to let us all be “verified” everywhere we go on the internet, feeling safer about our interactions with others and opening the door to the experiences that require trust.”

In the blog post, Byrne describes a type of identity wherein users retain control over their private information, without having to give a copy away. Citing the example of a Social Security Number, Byrne says that every time one is asked to provide it, the recipient now has a version of that information, which “has exactly the same power as the original.”

With the new acquisition, Byrne says Coinbase will work toward a decentralized identity that will “let you prove that you own an identity, or that you have a relationship with the Social Security Administration, without making a copy of that identity.”

Byrne further stated that Coinbase needs to be “deliberate about how and where we apply this technology,” considering anonymity, privacy, and other sensitive data issues.

According to TechCrunch, Distributed Systems was incorporated in 2015 with a focus on developing an identity standard for dApps called the Clear Protocol. Last year, the startup reportedly raised a $1.7 million seed round led by venture capital fund Floodgate.

The company was considering raising a $4 million to $8 million round this summer, but the team began negotiations about investment with Coinbase, which resulted in the acquisition.

Coinbase has previously acquired companies in order to expand its services. In June, the exchange acquired securities dealer Keystone Capital Corp. in addition to Venovate Marketplace, Inc., and Digital Wealth LLC in order to become a fully regulated broker dealer with the U.S. Securities and Exchange Commission. The acquisition could help Coinbase extend its offerings and subsequently expand into non-crypto financial products.

Posted on

Coinbase Acquires Digital Identity Startup Distributed Systems

Coinbase has acquired Distributed Systems, a San Francisco-based digital identity startup, the company announced Wednesday.

Distributed Systems has already been working on “decentralized identity solutions,” Coinbase Identity project manager B Byrne wrote in a blog post. The startup’s five-person team will join a unit within Coinbase that is dedicated to developing digital identity solutions.

Blockchain can help individuals maintain complete control over their digital identities, ensuring that their personal information remains safe, Byrne said. He went on to write that this could apply to Social Security Numbers for Americans by adding protections for users, as an example.

Byrne argued:

“Every time you want to prove who you are with your SSN, you need to give away a copy of it. That copy has exactly the same power as the original, so when there’s a data breach with copies of your data it puts your identity at risk. A decentralized identity will let you prove that you own an identity, or that you have a relationship with the Social Security Administration, without making a copy of that identity.”

“If you stretch your imagination a little further, you can imagine this applying to your photos, social media posts and maybe one day your passport too,” he added.

That being said, Coinbase appears to be in no hurry to implement digital identity tools. Byrne wrote that the exchange will be “deliberate about how and where we apply this technology.”

The exchange will need to consider issues around anonymity, privacy and the immutability of a blockchain as part of its exploration of the technology, he said.

Coinbase image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.