5 Answers From The UN Panel on Digital Identity
Held by the UNOPS and the Consulate General for the Kingdom of The Netherlands in New York, the Digital Identity panel was moderated by Sandra van Heukelom-Verhage from Pels Rijcken on September 26th 2018 and had the presence of five professionals — Olivier Rikken (AXVECO), Giulietta Marani (ICTU), Mariana Dahan (WIN), Jeroen van Megchelen (Ledger Leopard) and our very own Jimmy J.P. Snoek — who are exploring the possibilities of digital identity and blockchain. I selected one key answer from each of them.
Where are we in the topic of digital identities?
Regarding decentralised digital identities, we are completely at the beginning. Which is a pity because a lot of the use cases for blockchain highly depend on trustworthy digital identities.
Where can blockchain add value to this discussion?
The blockchain works in two steps. The first is adding the blockchain to the normal process. So, let me first have the ability to get the actual passport or the verified claim of the passport on your mobile phone and on the blockchain, and then we learn to work with it. Then we have the second step: implementing it completely decentralised. In our opinion you have to learn by doing.
If you take a look at the internet, for example, before the internet we centralised around databases. The internet came and the databases were decentralised. The next step is that we want to have insights on who is doing what with our data. And that is what blockchain is adding. With an immutable record that we can check.
— Jeroen van Megchelen (CTO, Ledger Leopard)
What if someone needs to change this immutable records? Like transgender people.
When you mix identity and blockchain and you get that immutability part people think “oh no, what if I have to change something?”. What about transgender people and what if they transition and they want to have their documents changed?
For one, it’s not compliant with any regulation right now. And two, it’s just an incredibly stupid idea because we don’t know where it is going. Imagine if we put all our Personal Identifiable Information on a ledger and in 20 years someone breaches that ledger. We’ll have Equifax times ten. That’s a horrible idea.
So where we want to move towards is having control over our own data. In a way where the only thing we put on a ledger are the pointers. Even if there were a breach you still can’t do anything with that data. With that, making revocations on a network is a lot simpler. Because you are not trying to change something that is inherently immutable.
What do governments need to assure for us to have this digital identity?
For now, the government should be the one that verifies identity. Because for a lot of people — I remember my parents using online banking for the first time — going digital was very scary. If you have your identity going digital it will be very scary too. In the beginning we will have to help people see what the possibilities are. Government could have a control in that.
We need a lot of examples that it can work and that it is safe.
What are the risks of having a digital identity database? How do we minimise the risks?
One of the biggest steps forward that we made in the past years was the awareness. When we started, I remember being one of the lonely voices talking about the importance of it, I think we did not realise at that time the complexity of the identityconcept in general.
And all of these risks were distant to us. We did not see them as being real and obvious. It was only after some high profile privacy and security breaches that happened and affected so many of us rather unexpectedly. Like Facebook and Cambridge Analytica’s scandal, the Equifax breach in the US, or in India, the biggest identity program, called Aadhaar, which is still today facing some security challenges.
I think we started to realise we needed to do things differently and try to look for solutions. Which is where blockchain came in as a potential solution. But it’s definitely not the only one.
In the end what we are trying to solve are big humanity challenges. Not just a single company’s agenda.
We just launched Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.