Everywhere we turn, it appears that our data is in demand, and that our information is controlled - not by us - but by businesses and authorities beyond our reach. From social media sites that mine our behavioral information, to companies that fail to protect our confidential details, we know our personal data is being exploited - so how do we take back control?
Some figures in the identity community would say the answer lies with self-sovereign identity (SSI). This approach has been championed by many as the future of secure, user-controlled identity.
Self-sovereign forms of ID allow people to hold their information within their own digital wallet rather than surrendering control to a centralized third party. This allows people to have control over their own data, enabling them to choose exactly who can see what, and ultimately ensuring better privacy and security.
However, despite this potential for privacy in SSI’s design, there are others in the identity community who feel that its approach to identity is limited and potentially harmful, because it often fails to take into account the broader, societal implications of identity systems.
SSI: The Solution to Our Pandemic Privacy Fears?
Throughout the COVID-19 pandemic, a range of digital technologies have been discussed for their potential to combat the spread of the virus and ease global lockdowns - including heightened biometric surveillance, contact tracing apps, and immunity certificates.
But along with the raft of proposed new technologies, we've seen questions raised about whether these data-intensive technologies are an appropriate solution to the COVID crisis.
Is it fair, or even safe, to ask people to give up their personal data in the name of public health? What sort of forces could we be unleashing by increasing centralized control over people's personal information? Could COVID technologies help to usher in a new era of state-sponsored surveillance?
Proponents of SSI argue that a decentralized approach could help us to find a fitting solution to the tensions between the data needs of public health officials and the individual's right to privacy.
Drummond Reed is Chief Trust Officer at Evernym, a software company which is part of the COVID-19 Credentials Initiative. He told Good ID that the pandemic worked to “suddenly and dramatically raise the visibility of SSI,” and that the ability to mitigate the impacts of the pandemic will cement SSI’s role in our futures.
The 300 members of the Initiative believe that one useful tool for mitigating the effects of the COVID crisis is verifiable credentials: secure, digital equivalents of physical ID such as a driver’s license or passport. These secure digital credentials would allow people to safely share their data while preserving privacy, as only the minimum required proof needs to be shared - for example, while proving their age, a user would not need to share their address.
Kaliya Young, also known as Identity Woman and an expert in decentralized identity, explains why this maintains privacy: “Individuals have their verifiable credentials in their digital wallet. And they present those verifiable credentials to verifiers and the verifiers look up on the ledger to find a decentralized identifier and public keys associated with the issuancer of that credential.
“That's a key privacy preserving design because no information about the subject of the credentials is on the ledger.”
In the context of the pandemic, this means that key health information such as test results could be shared without sacrificing any other personal details. Young notes that a company called MedCreds is currently active in using verifiable credentials to allow employees at a film studio to return to work by allowing them to safely share their coronavirus-free status.
And this potential use for SSI has led some to argue that the technology should be used to build immunity certificates on a society-wide scale, once a vaccine becomes available. In theory, these certificates would act as a digital passport, proving someone’s immunity to COVID-19, and therefore allowing those without the risk of catching or spreading the virus to return to work.
But while the public health potential promised by SSI in the age of COVID is of great excitement to many in the ID community, others are more skeptical.
Steve Wilson of Lockstep Consulting believes that an SSI infrastructure and immunity passports are a poor match, stating that there is a lot of “naive thinking” around SSI. He told Good ID that while SSI proponents’ approach to privacy is commendable, the privacy issues inherent in responses to COVID-19 can’t be solved with a new technical approach to identity.
He notes that, in many places, coronavirus is a notifiable disease. “If I test positive, a whole lot of things kick off, a lot of activities are triggered by that test result. And all of them are centralized.
“Technology people come riding in saying, ‘self sovereign identity, decentralized identities, privacy.’ It's just academic, because we've got hundreds of years of social practice about how to respond to a health emergency and what to do about privacy.”
Wilson contends that the privacy value inherent in SSI is secondary, because in the time of coronavirus, “privacy is a luxury.”
But some means of handling sensitive information are inherently more privacy preserving than others, as Young explains.
"There's been ideas floating that the way you manage vaccination is to literally build a giant database in the sky with the names of everybody who's gotten a vaccine, and potentially more PII [personally identifiable information] than just their names, their birthdate, their address etc.
“And then to go anywhere, you'd have to ping this giant database to see if your name is on the list. That seems like a really terrible idea.
“To me an important frame around thinking about SSI is: relative to what alternatives? Because the idea that for the next hundred years, all identity information will be managed in paper documents that you have to fax around is preposterous, right?
“Then the question is, how do we do it digitally, and in privacy preserving ways?”
Tech-Solutionism and Other Criticisms of SSI
But the criticisms of SSI go beyond the COVID context. There are some in the privacy community who argue that the technology is a ‘hammer looking for a nail’ - that is, a solution for a problem that doesn't exist.
Implementing a society-wide identity system could easily raise issues around exclusion and exploitation. Many identity solutions designed by companies are app-based, limiting their reach to those who own a smartphone and excluding those who don’t.
When an ID system becomes mandatory for participation in society - from accessing vital services to proving COVID immunity - this becomes a huge problem for those without access, infringing people’s rights and exacerbating social inequalities.
Tom Fisher of Privacy International explains that, as with other kinds of ID systems, we must analyze whether these systems - regardless of whether they’ve been engineered to preserve privacy - will cause harm in practice.
“We've got to remember that the situation where we're asked to show an ID or share data, it is often a situation where there's a great power differential between the people involved. It could be an employer, a landlord, or the police.
He notes that the fact that SSI permanently and immutably links a person’s identity - with all of the changes, contradictions, and vulnerabilities that this encompasses - with a single digital identity also poses problems.
“People change their names, and sometimes it's very sensitive indeed to record that there's even been a change. So there's a risk to groups like trans people, as well as people changing their identities after escaping abusive relationships.”
However, there are many who disagree with the idea of SSI being based on a “single digital identity”. Reed explains: "the goal of the decentralized SSI identity model is for individuals to have as many digital identities as they need in the different contexts in which they live, work, and have relationships—and for only the individual to be in control of what correlation (if any) is possible across those contexts."
Ultimately, while putting privacy at the forefront of technological solutions is a worthy goal, there are many other elements to consider when implementing an identity system. We must examine the social implications of ID systems in full - only then can we determine whether they are necessary for the situation at hand.
Looking Ahead: The Future of SSI
So when we consider the potential benefits and the criticisms of SSI, what might we expect for the future of this much-discussed technology?
Wilson argues that beyond the focus on sovereign identity and owning our data, an important part of what SSI can offer is portability - being able to move your data from one place to another. This is one of the qualities of SSI that could be integral to future discussions about identity, regardless of whether we think of it as self-sovereign or not. This, in addition to the security features, is what makes SSI so compelling.
“No new technology is fully proven to be safe until it's been deployed at scale for multiple years,” said Reed. “But the cryptography used by the core components of the leading implementations of SSI (e.g. Hyperledger, Ethereum) are all standard, widely-used algorithms that have been extensively vetted.
“Furthermore, the architecture of a properly-designed SSI stack (i.e. all the components put together) is a dramatically stronger security and privacy architecture than existing Internet identity and data sharing solutions.”
For proponents of SSI, this approach will come to be invaluable to our digital lives. According to Reed, SSI “is a new layer of digital trust infrastructure for the Internet that is designed to become as integral a part of using the Internet as the Web has become.
However, Fisher contends that establishing a new ID system is risky if we aren’t prepared for what could go wrong: “The challenge of designing ID systems is that they need to be designed for the long-term: a generation or longer. Using relatively new and untested technologies creates risks.
“If the vulnerabilities or technical flaws emerge, what is our protection? Could we just end up with a useless string of numbers where our ID used to be?”
But many in the identity community are clear about the benefits SSI can offer. Reed comments: "Implemented correctly—with the right privacy-preserving technologies and the right governance frameworks—it can bring about massive improvements over the status quo of our current centralized and federated identity systems, not to mention our cybersecurity woes."
Reed notes that this is the reason that interoperable internet-scale digital trust infrastructure—inspired by the SSI identity model—is now being developed by the Trust over IP Foundation, hosted by the Linux Foundation. Launched in May of this year, the ToIP Foundation has grown from 27 founding member companies to over 125 member companies in just five months.
Meanwhile Lucy Yang, co-chair of the COVID-19 Credentials Initiative, explains that the coalition’s intention is to provide expertise and resources to those seeking to use SSI for good.
“We need to educate, most importantly, the right groups of people first so they can provide us the necessary feedback to ensure the well-intended actors eventually become good actors and the leading forces in the ecosystem,” she said.
Ultimately, like many other digital technologies, SSI is a tool that has the potential for both benefit and harm; and, at least in the case of public health and pandemic response, the technology could potentially create more problems than it solves in terms of exacerbating social inequalities.
“Technology is only an enabler used by people to solve complicated issues. Knowing that there are always good actors and bad actors, we need to be cognizant of what's going on in the ecosystem and highlight the work of good actors,” says Yang.
Privacy and data protection must be at the heart of any identity system. But beyond the promises of the tech itself, we must continually monitor what SSI is being used for, and consider what kind of world it can help to build.
We must ensure all identity systems are not just impressive techno-solutions, but forms of Good ID that empower and protect everyone.
This article was updated on October 9th 2020 to reflect additional comments and points made by Drummond Reed, Kaliya Young, and Lucy Yang.