Commentary: How Blockchain Could Put an End to Identity Theft – 评论:BoScBand如何终结身份盗窃



Frederic Kerrest

April 20, 2018

Frederic Kerrest 2018年4月20日

We lack control of our personal identities, and that’s a problem. Birthdates and home addresses have long been accessible through a quick Google search, but now a trip to the dark web will turn up the information many of us still hold precious: Social Security numbers, bank accounts, health insurance details, and whatever else a criminal may desire.

We got to this point because we consumers have historically favored convenience over privacy. Most of us don’t read the small print or do deep technical assessments before sharing information online. We don’t want to remember a different password for each account or re-enter credit card numbers every time we make an online purchase. Instead, we transferred ownership of the details that make us who we are, and as a result, we effectively put every company and government institution in the identity management business—whether they realized it or not.

But with the emergence of blockchain technology, the word privacy may regain its meaning. Blockchain’s ability to control information and avoid duplication means that self-sovereign identity, or the idea that individuals can control their personal data no matter where they are, could be a reality for the first time. For example, the Illinois Blockchain Initiative is managing a pilot program to put birth certificates on a blockchain. Their hope is to create self-sovereign, digital identities that can remain under a user’s control, capable of quick and secure validation without the need for a centralized repository.

The end of identity theft

Self-sovereign identity isn’t just a nice idea; it can put an end to many issues that impact consumer privacy, including, importantly, identity theft. Last year, 16.7 million people in the U.S. were victims of identify fraud, a 1.3-million-person jump since 2016. But these numbers only show half the story. Oftentimes, individuals have no idea that their digital identities have been compromised until they attempt to buy a home or take out a loan and find their financial lives in ruins.

Using a blockchain ledger to manage identities would make it extremely difficult for fraudsters to wreak havoc without leaving an obvious digital trail. Here’s how it works: Each block in the blockchain builds upon its predecessor, and the cryptographic nature of these blocks makes it hard to alter information stored in the existing blocks. The resulting record is immutable, meaning that changes to every single identifier associated with an individual must be logged. This system prevents malicious actions by data custodians, and ultimately makes identity theft more difficult to execute.

Putting individuals back in charge

A blockchain ledger’s immutable record is also what empowers individuals to take charge of all the information tied to their identity and ensure its accuracy over time. For example, since there isn’t a universally accepted digital equivalent for offline identity, such as a passport or a driver’s license, people are issued a unique set of identifiers for every single application they use. The result is a sprawling web of private information that end users struggle to keep track of, and organizations fail to keep secure thanks to inconsistent and lagging security postures.

But with blockchain-based Decentralized Identifiers (DiDs), individuals could regain complete control of their data. DiDs are basically a secret URL (which actually stands for Uniform Resource Locator) stored on a blockchain ledger, with each being assigned to the different parts of a user’s identity, such as their name, birthdate, and Social Security number. Using a digital wallet app on their smartphone or desktop, users have the power to temporarily grant access to the DiDs of their choosing. For example, when you sign up for a new app today, you typically have to share your name, email address, and other basic information. With DiDs, the process is faster and more secure. The app shows a QR code, you scan it, your digital wallet app automatically transfers your relevant DiDs over the blockchain, and the app grants access.

The changing parts of our identity, like phone numbers, job titles, and home addresses, further complicate individual privacy because it is possible for a single identifier to become associated with more than one person at different times. Think about all the details that must be updated if you get married and change your last name—you must change your passport, driver’s license, social media accounts, bank accounts, health insurance, etc.—the headache-inducing process takes months at least. DiDs empower individuals to swiftly update these details; when the DiD is updated, the services using your DiD automatically have the updated info. This process is much better than letting misinformation run free.

Caution: work in progress

Any transformational technology needs time to bake. For example, TCP/IP, the conceptual model and communications protocols behind the Internet we know today, was around for 30 years before it started disrupting legacy industries like retail and transportation.

The idea of self-sovereign identities on the blockchain is certainly promising, but there’s still a lot to figure out. There’s the issue of incentive: Why would incumbent businesses want to lose control of their customers’ identity data? Self-sovereign identities aren’t in enterprises’ best interest, so we’ll need a brand new player to build a blockchain ledger for identity.

There are other technical issues to overcome. First, is immutability really possible? In theory, a blockchain is immutable and would take the role of critical infrastructure, but this idea requires intensive testing before it can be trusted in the wild. We also need to determine how to securely and accurately connect individuals’ physical and digital identities. Blockchain only exists in the digital world and cannot guarantee the physical identity of the user, so this puts the burden on businesses to verify, link, and navigate the two.

These issues reinforce the need for strong privacy infrastructure. An integral piece of that is regulation; in the absence of legal precedent, the entities involved in a blockchain-based identity ecosystem would have to accept risk, uncertainty, and unbounded liability. We need a trusted entity to establish some legal and enforceable rules for how it will all work, infrastructure to bridge the physical and digital world, and the security groundwork to guarantee basic protections for consumers. If we can do these things, privacy will become standard, not a thing of the past.

Frederic Kerrest is the cofounder and COO of Okta.

我们缺乏对我们个人身份的控制,这是个问题。生日和家庭地址已经可以通过一个快速的谷歌搜索,但现在对暗网的旅程将把信息我们许多人仍然持有贵:社会安全号码,银行帐户,医疗保险的细节,和任何其他犯罪可能的欲望。到了这一点,因为我们的消费者历来青睐便利的隐私权。我们大多数人不读小字或做深入的技术评估在网上分享信息。我们不想记住每个帐户的一个不同的密码或输入信用卡号码进行网上购物,每一次。相反,我们转移的细节,使我们我们是谁的所有权,并作为一个结果,我们有效地把每一个公司和政府机构在身份管理的企业是否意识到它或不。但随着blockchain技术的出现,文字的隐私可能恢复其意义。blockchain的控制能力信息和避免重复意味着自主权的身份,或个人的想法,可以控制自己的个人数据,无论他们在哪里,可能是第一次现实。例如,伊利诺斯是主动管理blockchain试点放在blockchain的出生证明。他们希望创造的自主权,数字身份可以保持用户的控制下,能够快速、安全的集中存储库不需要验证。身份盗窃的自主权的身份不只是一个好主意的结束;它可以结束的影响,消费者的隐私权,包括重要的许多问题,身份盗窃。去年,在美国1670万人身份欺诈的受害者,一个1.3-million-person跳自2016。但这些数字只显示了一半。通常情况下,人们不知道他们的数字身份已被泄露,直到他们试图购买一家或银行贷款,在废墟中找到他们的财务生活。使用blockchain分类管理的身份将使骗子肆虐而不留下明显的数字踪迹非常困难。下面是它的工作原理:在blockchain块建立在其前身,这些区块加密性质使得它很难改变存储在现有的信息块。由此产生的记录是不可变的,这意味着每一个标识符与个人有关的变化必须登录。通过数据管理系统可以防止恶意行为,并最终使身份盗窃更难以执行。把个人在收取blockchain莱杰的一成不变的记录又是什么使人们采取所有的信息与他们的身份负责并保证其准确度。例如,由于没有一个公认的数字相当于离线身份,如护照或驾照,人们发出一套独特的标识符为每一个应用程序使用。其结果是一个庞大的Web用户私人信息,很难跟踪,并组织未能保持安全由于不一致和滞后的安全姿势。但基于分散的标识符(DIDS),blockchain个人可以恢复他们的数据完整性控制。分布式入侵检测系统基本上是一个秘密的URL(实际上是统一资源定位器)存储在blockchain分类,每个被分配到一个用户的身份的不同部分,如姓名,出生日期,社会安全号码。使用数字钱包应用程序在他们的智能手机或桌面,用户有权暂时授予访问他们选择的分布式入侵检测系统。例如,当你签署了今天一个新的应用程序,通常你需要分享你的姓名,电子邮件地址,和其他基本信息。随着DIDS,进程更快,更安全。应用程序显示一个QR码,你审视它,你的数字钱包应用程序自动将您的有关DiDs在blockchain,和应用程序授予访问权限。我们身份的变化部分,如电话号码、职称、和家庭地址,更复杂的个人隐私,因为单个标识符成为不同时代的多人相关的可能。想想所有的细节,必须更新,如果你结婚了,改变了你的姓,你必须改变你的护照、驾照、社交媒体账户、银行账户、健康保险等头疼的过程需要几个月的时间至少。DIDS赋予个人迅速更新这些细节;当没有更新,用你做自动更新的信息服务。这个过程比让信息自由奔跑。注意:工作进展的任何变革性的技术需要时间来烤。例如,TCP / IP,概念模型和通信协议的互联网背后我们今天知道的,是在30年前就开始破坏像零售和运输的传统行业。在blockchain自主权身份的想法肯定是有前途的,但还是有很多想。有激励的问题:为什么现任企业想失去他们的客户身份资料的控制?自主权的身份不是企业的最大利益,所以我们需要一个全新的球员身份构建blockchain分类。还有其他需要克服的技术问题。第一,真的是不可能的吗?在理论上,blockchain是永恒的,将关键基础设施的作用,但这一想法需要大量的测试才可以在野外的信任。我们还需要确定如何安全地连接个人的物理和数字身份。blockchain只存在于数字世界,无法保证用户的物理身份,所以这使得企业的负担来验证、链接和导航两。这些问题需要加强私密性强的基础设施。整体块,调节;在法律先例的情况下,参与一个基于身份的生态blockchain实体必须接受风险,不确定性和无限责任。我们需要一个可信的实体建立法律和执行的规则,它将如何工作,基础设施跨越物理和数字世界,和安全基础保障消费者的基本保障。如果我们能做到这些事情,隐私将成为标准,不是过去的事。Frederic Kerrest是OktA的合伙人兼首席运营官。


Commentary: How Blockchain Could Put an End to Identity Theft - 评论:BoScBand如何终结身份盗窃

You May Like