The changing face of digital identity

For hundreds of years, proof of your identity has been based on paper documents and plastic credentials issued by government agencies around the world. These credentials are static in nature, and based on a snapshot in time that is then deemed to persist for a period of years subsequently. But our world is changing. With identity theft becoming an almost daily occurrence and identity data becoming more dynamic, the need for better and more reliable ways to identify people is becoming an urgent requirement.

Your identity is becoming fully digital, not a digitised version of your paper documentation, but really digital, where your identity can be verified electronically in real-time by an authority. In this context, an authority is an organisation that issues you with the evidence of who you are.

It is our view that most organisations don’t want to bother you asking for ID and other documentation if there was an easier way to get it from a trusted source and they had your approval to do so. Capturing your approval is the critical step, which should be as simple and painless as possible. Once permission has been granted to an organisation, they will request an identity provider to verify who you are based on information they currently hold or that you have provided them. These trusted identity providers – government agencies, banks, telcos, utilities – will ensure that businesses are provided with the data and services they need, so they can do what they need to do quickly and efficiently in order to comply with regulations such as GDPR and Anti-Money Laundering (AML) rules. ….And do it without bothering you.

Self-sovereign identity and the authority of the user - is it sufficient?

Most people expect to be able to re-use some of their identity data held by government for their own purposes. The paradox is that most people want to be in control of their data, but they don’t want the inconvenience of managing it - ensuring that their personal data is accurate, that it is updated quickly when changes occur, that they keep a record of organisations that need to be updated when something changes, that they know how to protect their data, and that they know what to do when something goes wrong – are all examples of the tasks we need to perform to ensure our data is safe. The challenges of Personal Information Management (PIM) are significant and beyond the skill and appetite of most people. Instead, people expect their personal data to be managed as a service by one or more service providers. Such service providers are beginning to appear, but the safety and quality of their services and solutions vary widely.

Self-sovereign identity (SSI) is one of these services and there are many companies offering solutions today. SSI gives users the ability to attest that they are “something” e.g. over the age of 18 and have that attestation proven by a trusted third party without having to provide any more personal information than is absolutely necessary for the process in question. It centres around the desire to put the user in control of all their personal information which they store in their mobile phone or some other device which they own.

It is a significant improvement over the historic process of having to provide hard or soft copies of your most sensitive information but, in our view, it misses two key things. The first is legal accountability. Will SSI be legally permissible as evidence in court? Today, in order for evidence to be legally admissible, it must come directly from an authority which is defined in law. The second issue is more about how society will accept SSI and its ultimate adoption. It is our view that the process needs to be transparent to a user, but it does not require their active participation to manage their information. Users are quite happy to let others do this on their behalf provided they have been granted permission to do so. In other words, people will let business get on with it without their active involvement. It is a subtle but important difference.

Addressing the need for privacy and trust

Generally, people understand that they need a “strong” identity so that they can be confident that no one can impersonate them, and that they can use it to control the consent they give, or revoke, for the controlled use of specific personal data attributes. People, particularly consumers, want to harness this strong control and link it to their daily lives eg financial activities, particularly for consumer payments and potentially for high value transactions, including tax payments. This power to link things can deliver lots of benefits but equally can bring significant risks unless it is carefully managed. And this is where technologies like zero knowledge proofs (ZKP) can play a significant role.

ZKP is an advanced form of cryptography that is designed to provide the highest possible levels of privacy. Data is never exchanged or copied in the ZKP process of matching two pieces of information. It is our belief that ZKP will provide the critical link that the digital asset economy requires in order to establish a new foundation for public trust using blockchain technology. Our privacy technology underpins this new trust model, by guaranteeing that no personally identifiable information or private business data is ever recorded on a public blockchain. Using ZKP, we can make transactions that are recorded on a public blockchain fully anonymous and confidential.

However, it is also clear that total anonymity is not the way forward. We accept that there are legitimate reasons to allow financial regulators, tax officials, and law enforcement agencies to audit the financial ecosystem and that they should have the power to investigate wrongdoing, where there is reasonable cause for suspicion. When this is the case, we have the means to provide regulators with the capabilities they need to investigate asset transfers with appropriate judicial oversight.

With the clever combination of new technologies like ZKP and blockchains underpinning the world of digital identity, a whole new era of digital trust is most definitely within reach.

About Rob Leslie

Rob Leslie, founder & CEO of Sedicii, is a qualified engineer and World Economic Forum Technology Pioneer. Rob has a successful track record of establishing and growing businesses to considerable scale and was part of the original management team in Dell Japan that established and grew the business to almost 300 employees and USD 300 mln turnover in 4 years. He is a co-founder of Kyckr, which is listed on the Australian Stock Exchange since September 2016 and provides organisational identity services for KYC & AML services to banks and regulated financial institutions.

About Sedicii

In the world of regulated digital services, Sedicii delivers robust, efficient, and fast customer onboarding services in full compliance with the most stringent CDD, KYC, AML, and Data Privacy obligations. Sedicii’s Zero knowledge proof technology provides state-of-theart capability for real-time identity verification against trusted identity providers that is completely privacy preserving.