Why could blockchain technology play an important role in identity management? Interview with Rouven Heck from uPort by Helge Michael from main incubator
Rouven Heck is working at Consensys, a leading company for blockchain technology founded by Joseph Lubin (Co-founder of Ethereum). At Consensys, Rouven is head of product development of the uPort Digital Identity solution platform.
Rouven, why could blockchain technology play an important role in identity management?
The Economist called blockchain the ‚trust machine‘. Trust is key for an identity management system and with the availability of public blockchains this trust infrastructure can be made available to everyone. In combination with increasing access to secure devices/chips and internet connectivity, we can build a self-sovereign identity system that gives the control back to the people/individuals – away from 3rd parties.
At a basic level, the blockchain enables a user to self-register an identity without reliance or interference from a third-party. The user can now sign any type of transaction or message with his private keys, and everyone can validate the correctness by checking the blockchain.
Recently, a lot of companies are aiming to develop identity and authentication products and services. What is the reason for the strong interest in this topic?
Digitalization is happening in almost every business and in recent years, personal data has become one of the biggest economic assets. The more people are using digital services, the more data that gets gathered. This raises many concerns, including identity theft, data breaches, etc., meaning the need for a strong identity solution is increasingly important.
With the increase in digitalization comes an increase in complexity around authentication. Today, everyone is managing dozens of accounts with username/password or using federated identity systems like Facebook or Google, which leads to a trade off between security & user experience (e.g. the same password for many services, a central place to store all of them or remembering 100 different passwords), or privacy & user experience (every login with Facebook provides more information about you and your behavior to a company which makes billions in profit selling this information).
Identity is a much broader, global issue e.g. many refugees who lack access to proper identification, or other 1.1 billion people worldwide who have no way to identify themselves in a reliable way. Without identity people have hardly any chance to participate in our society – i.e. no access to financial services, insurance, and limited ability to receive aid distribution.
What exactly is a digital identity and how can a digital identity change people’s life?
I would simply define digital identity as a collection of information about a person, device, or entity consolidated into a digital representation. This usually requires an identifier with a set of attributes & attestations that allows a user to establish some form of reputation, a requirement to build the trust need to safely interact with other identities.
I assume hardly anyone could imagine a life without the internet. Almost every transaction/interaction online requires some type of digital identity, even if it’s not explicitly obvious. Digital identity is already part of everyone’s life and will only become more important with every new digital service people use.
Could you please explain what the uPort Digital Identity is?
A uPort identity consists firstly of a permanent identifier that is rooted in the Ethereum blockchain and secondly of a collection of data or credentials associated with an identity. The identifier is a address that refers to a smart contract, which is controlled by the user with a private key. Being in full control of the private key, the identifier and all it’s associated information makes the identity self-sovereign, rather than subject to 3rd party interference.
uPort’s mobile application allows a user-friendly way to manage private keys and associate data. It allows the users to login to sites seamlessly and securely without a 3rd party. It ultimately gives the user control of their data; only the user (who holds their private keys) can selectively disclose data to other trusted parties.
uPort is built on top of Ethereum, the largest 2.0 blockchain in the world. Why could blockchain technology play an important role in identity management?
Blockchains can provide the required trust such that nobody else can delete, control or censor my identity. We use Ethereum because it provides the security of a large ecosystem in combination with Smart Contract capabilities to allow user-friendly and secure key management. In a self-sovereign system only the user has control, but what happens if the user loses his phone or pin? There is no hotline or company to call, therefore we are building recovery logic into smart contracts to ensure that the user is always in control of their identity.
What happens in case of identity thefts if there is no central counterparty?
First of all it’s important to note that identity theft will be very different in decentralized identity system. E.g. after the recent hack from Equifax the information available is likely sufficient to perform identity thefts in a large number of systems for millions of people.
In a decentralized system, there are multiple ways to protect or quickly recover if someone would be able to get access to your identity. In the current model, static data like birthday, mothers maiden name or social security numbers are used to protect accounts – once leaked this data cannot be revoked and are weak links in today’s system. However, if you have to use a private key signature for every interaction, it only requires you to replace a compromised private key once and the security is established again.