There may be a more realistic cure for digital ID woes
15 November, 2016
category: Corporate, Digital ID, Financial, Government
The fervor over Blockchain has reached a level I’ve never before witnessed in the identity and security market.
My Twitter and LinkedIn feeds provide a daily dose of how Blockchain will save the world – I’m not exaggerating – and change the way we do business.
In identity, the two basic models for Blockchain – or more accurately distributed ledger technology – put the individual at the center controlling every aspect of information given out. One has the individual doling out permission while the other acts as an attribute verification system – read our cover story to get the full rundown.
In theory these ideas are great. Enabling an individual to control of each piece of their data and who has access to it is a noble idea. If it is secure and simple to use, it could solve many of the problems with online identity.
But it’s not going to happen.
Not because the technology is out of reach, but because this level of user centricity would force online business models to be turned upside down. The fire hose of consumer data that marketers now receive would reduce to a trickle – only what consumers allow them to see.
While it may be true that this information would be of greater value to companies – because consumers are actually giving consent and expressing interest – marketers still want the fire hose. And they work with sales to bring the money in, so even if IT likes this solution they won’t get it funded.
This may prove to be a shortsighted decision on the part of companies. A user-centric model – whether employing Blockchain or another approach – puts the responsibility for data in the hands of the individual. If anything should be clear by late 2016, it’s that storing consumer data is a horrible idea. Enterprises are under almost constant attack and a breach has a massive, negative impact on a company’s reputation.
I’m not saying that distributed ledger technology is the answer to solve the problems with breaches, it’s largely untested and systems are yet to be stood up. There are a myriad of policy and technical issues that must be solved. And foremost, it would require fundamental change to the way most enterprises do identity.
A more realistic idea would be for more organizations to embrace federated identity systems that exist today. The groundwork already exists – think logging on with Facebook – but they are not yet privacy enhancing, secure or widespread.
But with some focused effort, these systems could be strengthened and linked to a high-assurance identity. Then granting the individual control over which attributes an organization can see would result in a solution that could rapidly address digital identity problems the U.S.
This might not be popular with those who think distributed ledger is the best thing since sliced bread, but it can solve a problem that exists now. The Blockchain crowd will argue that federated identity systems require an identity provider – someone at the center vouching for the individual – so the user is not really in control. But perhaps their vision of a fully decentralized model comes down the road, after the world gets comfortable with a more immediate and realistic first step.
I admire the wholly decentralized, user centric view of identity that Blockchain advocates promote, but much like Bernie Sanders and the idea of free college, I am not convinced that it’s realistic.
