A recent report lays out how blockchain technology could reshape digital identity systems in the European Union. Blockchain-based self-sovereign identities can enable users to own, control, and access their data at all times.
The European Union Blockchain Observatory & Forum has published a report called “Blockchain and Digital Identity.” The report concludes that current digital identity systems are fragmented and lack security and interoperability and points out ways to improve the current system. Blockchain technology could play a key role.
Status quo: Fragmented, insecure and lack of interoperability
“There are persistent and increasingly serious problems with the way digital identity works,” states the report. The main cause for these problems is the fact that digital identities are almost always provided by third-parties – often private companies – that have their own self-interest.
Each of these third-party providers only captures a part of the ID-relevant data, instead of one holistic digital identity. For example, health insurance companies collect user’s health data, banks capture financial data, governments store identity documents and drivers licenses – but there is no entity that stores, manages, and controls all data.
Thus, in the current centralized system, data are generally under the control of entities external to the individual they refer to. In the decentralized system, the user is in control of his/her own data, which removes the need for third-party data-aggregation.
Being able to control and access identity data on a secure blockchain leads to greater efficiency as users can access their data at all times and grant others access to it whenever needed. That’s especially important in the case that data gets stolen or destroyed. How can a Syrian refugee prove the ownership of his house, his professional certification, and educational records, once he returns home? If it was stored on a secure blockchain, that would be easy.
Use case blockchain: streamlining the identity lifecycle
According to the report, blockchain enables the creation of a Self-Sovereign-Identity (SSI), in which the user owns and controls the data. Stefaan Verhulst, the co-founder of the Governance Laboratory (GovLab) at New York University, explains that identity is more than just storing documents on a blockchain.
The “identity lifecycle” also includes processes of provisioning, authentication, administration, authorization, and auditing. “Each stage has its own unique challenges today, each of which may or may not be addressed by mobilizing relevant blockchain attributes,” says Verhulst.
He adds that blockchain technology can solve some but not all of the challenges during the identity lifecycle. Verhulst sees the most potential of blockchain in the authorization and auditing stages as well as providing more user-control and security. That has “implications for human rights, national security, voting, and financial services, among many other topic areas,” he says.
Any blockchain-based system could hardly be a standalone solution, but it would have to be integrated with existing identity frameworks where governments are the sole issuers of an official identity. Otherwise, users may have access and control over all their data, but nobody guarantees that said data is officially recognized. This official and universally accepted recognition, however, is needed for an SSI-system to work on a national level and across the EU.
Current regulatory environment leaves “open questions”
Currently, digital identity in the EU is mainly governed by the Electronic Identification, Authentication and Trust Services Regulation (eIDAS) and the General Data Protection Regulation (GDPR).
The report by the EU Blockchain Observatory & Forum says the current legislation leaves “open regulatory questions” – in particular regarding blockchain-based signatures and timestamps under eIDAS.
Ott Vatter, managing director of Estonia’s e-Residency program, says, “If the highest standard of signature can be created using time-stamped blockchain technology, this would unlock a truly decentralized way of exchanging documents and data in the EU.”
Thus, while the report points out how blockchain technology can improve digital ID, many of those suggestions might be challenging to achieve in the current regulatory environment. Thus, the EU needs to come to a pan-European consensus clarifying which of the current issues around ID it wants to tackle. Eventually, existing regulations need to be amended to enable the effective use of the technology.
Multiple projects are working on blockchain-based ID initiatives
The report recommends to consider using “smaller cities as an excellent testing ground for decentralized identity frameworks.” That’s already happening. In Switzerland, the canton of Schaffhausen has implemented a blockchain-based e-identity and e-government platform, together with Swiss startup Procivis. The project is called eID+ and enables citizens to register with Schaffhausen’s public office and then access public services directly via a mobile app.
On a larger scale, the Sovrin Foundation aims at creating a digital identity system that enables users to carry their own lifelong verifiable digital credentials, including their government IDs, driver licenses, ownership documents, educational records, and more. The individual identity holder can access and use their credentials on the Sovrin Network whenever and however they please, and the data is secure of third-party manipulation.
Hence, what’s recommended in the report is already happening today. But the EU needs to adjust the legal framework and national governments, as well as supranational institutions, need to work together with private sector initiatives to integrate systems and create an interoperable pan-European SSI-network. The technology is there, blockchain can make it happen and several projects have proven it already. What’s missing is the regulations that allow a solution of bigger scale.