William Mougayar is a Toronto-based entrepreneur, investor and advisor to Consensus 2016, CoinDesk's flagship conference. He is also the author of the upcoming book, The Business Blockchain.
Here, he discusses the consumer, business and ethical challenges facing blockchain entrepreneurs seeking to innovate with identity applications.
The vision of blockchain-based identity promises to empower users to be in complete control of their identity.
This promise could lead to easy, single or seamless sign-ons that zigzag Internet users straight through the maze of entry and access points to unlock personal information, access services and transact digital assets.
Yet, despite the incredible amount of innovation and creativity exhibited by the various startups and technology companies, I’m worried that a multiplicity of options might end-up fragmenting user acceptance and pushing us further away from a critical mass of user adoption.
In its simplest form, the blockchain can be used to uniquely authenticate your identification, in irrefutable and immutable ways, because your "keys" are your identity. But, what happens if you need several keys instead of just one, because every service you use requires a different one?
Imagine if you had five keys to your house, and depending on the day, or the entry point you'd need to use a different one. Or, if you had five different homes in different parts of the world, you would certainly come up with a way to keep your keys. It's definitely possible, but burdensome.
Online, we are already challenged by keeping track of multiple passwords in our heads, or in notes, and we’re always worried about getting hacked potentially, or forgetting them.
I would expect that blockchain-assisted identity and access solutions can help us arrive at better solutions than the current ones.
In the blockchain world, I see various approaches that are addressing identity and personal security, including granting us access to data and services. Some require new hardware solutions, others are software-based, and some integrate with business-to-business solutions.
They can be broken down as follows:
Hardware. The analogy is similar to showing a passport, or other government-issued identity card, such as driver's license. That card gives us access to travel, or authorizes us to drive a car. On the blockchain, some of these solutions are also combining biometric data to add to the authentication mix. Examples include startups like ShoCard and Case.
Software. The closest analogy is the current OAuth-based identifications we routinely perform on the Web when signing to websites using our Facebook, Twitter or Google IDs. But with blockchain solutions, the roles are reversed: You self-register your identity first, and then you link to your social accounts. Netki, OneName, BitID and Identifi are some startups working in this area.
Integration-first. Whereas the first two approaches generally start with the consumer, this segment starts by figuring out the integration requirements with existing business solutions. Companies interested in this approach are Cambridge Blockchain, Trunomi, uPort, Tradle and Ripple.
But, when it comes to the implementation and evolution of blockchain solutions, there are a few issues and questions that arise.
For example, it remains unclear which applications will drive these new forms of identity representations.
In the Facebook and Google world, specific applications (eg social media, or documents access) drives our usage. But on the blockchain, most identity solutions providers are rushing to deliver solutions before bolting them onto applications.
Key questions for these applications include:
- Can a blockchain solution become our "digital passport" as it is already becoming our digital wallet?
- What does portability really mean in the context of identity?
- What is the role of the smartphone?
- What is the role of zero-knowledge technology to protect the confidentiality of transactions and the privacy of individuals?
- Will users be willing to self-manage the complexity that comes with higher levels of security rules and access levels?
On the business side, questions pertain to how such services should be offered while respecting the role of regulators.
Key questions for these participants are:
- Can the average user be trusted to self-manage access to their data with the same ease as protecting one’s own property at home?
- Could we configure information access in more granular way, so that peer-to-peer security rules can supplant firewall-based solutions?
- Do we need new types of certificate authorities to provide stamps of approvals on these identity systems?
- What happens if we lose our secured card or private keys?
- What is the relationship with current know your customer (KYC) practices, and will these new identity solutions provide a more secure layer for facilitating anti-money laundering (AML) and counter-terrorism types of activities?
- Will this drive more consumer or business applications?
Changing habits is one of the biggest hurdles to technology adoption, and this area is no different. We don’t know yet if a full move to digital identities would invite some abuse, or decrease friction, and increase total user engagement.
We should ask ourselves:
- Does this open-up the market to promote financial inclusion, or does it raise the adoption bar higher?
- How about the impact of transaction history on our reputation? Will rating our online reputation become the new consumer credit score equivalent?
- Is anonymity a good thing, or can that moniker be abused to achieve malicious goals?
- Is the separation of data and identity a good thing? Does it create multiple pseudo identities and personas ad nauseam?
These issues and subjects will be discussed during an upcoming panel session at Consensus 2016, including revealing the latest practical use cases around identity and security layers that are connected to the blockchain.
Fingerprint image via Shutterstock
Disclaimer: The views expressed in this article are those of the author and do not necessarily represent the views of, and should not be attributed to, CoinDesk.