What happens when an organization does not own my identity anymore? This is a question that Darrell O’Donnell – founder at Continuum Loop Inc., currently CTO at CULedger, investor and advisor at several companies (including Tykn) – has been answering with his work in the Digital Identity space.
According to Darrell, holding a digital identity database inside an organization is a liability. It’s a huge expense in data management – unless you are Google or Facebook and have a financial incentive to host such a database – and the liability of having an “honey pot” of personal data that could be leaked, hacked or breached is tremendous. As seen, for example, with the Equifax case in which the personal information of 147 million people was exposed.
Self-Sovereign Identity – a model of identity management where users own and hold their own data – avoids the “honey pot” issue. There is no centralized database of identity to be breached. This is achieved through the use of blockchain technology.
Through the infrastructure of a blockchain, the verifying parties can immediately verify data that is shared. They do this by using data anchored in a blockchain to check the validity of the attestation and attesting party (such as the government) from which they can determine whether to validate the proof.
For example, when an identity owner presents a proof of their date-of-birth, rather than actually checking the truth of the date of birth itself, the verifying party will validate the government’s signature who issued and attested to this credential to then decide whether he trusts the government’s assessment about the accuracy of the data.
Leveraging blockchain technology establishes trust between the parties and guarantees the authenticity of the data and attestations, without actually storing any personal data on the blockchain.
“The solutions that resonate well with blockchain are in areas where there is no one truly in charge. In digital identity there is no one truly in charge. There are different players. Companies, governments, individuals. But their job is not to own the whole problem. When someone owns the whole problem there is no need for a blockchain. All it is is a slow database. But in situations where there is no central point of control, and there shouldn’t be a central point of control, then blockchain is ideal.” (Source)
If you’re an organization looking into Self-Sovereign Identity solutions, Darrell believes two important questions should be asked to every vendor:
– What can you tell me about how your Self-Sovereign Identity system is governed?
– What happens to my Self-Sovereign Identity if your company disappears?
These questions let you know if the system is using Self-Sovereign Identity or if it’s just a “polished version” of the old thing.
Be aware of these red flags in the answers: If there is no governance or governance is automated “in the code”, Darrell thinks you’re in for a “world of hurt”. Governance is such a complex matter that it is not yet possible to have it automated. Heavy governance is just as bad. “Identity requires some light human governance” (source). Also, if a digital identity depends on a vendor and it’s useless if the company disappears then it is not self-sovereign. “It’s just relatively open”. The user must own his identity.
“In 10 years nobody will care that the advent of self-sovereign identity created a seismic shift in both technology and the balance of power. What they will care about is that their lives have been improved. They won’t talk about privacy, security, and other things that we talk about.
And somebody, in 10 years, is going to say “Really? You let a big company control your identity and monitor everything you did? Why would you do that?”.” (Source)
We had the chance to ask Darrell a few questions:
What is the biggest myth or misconception about Digital Identity/SSI?
That regular people care about it – they don’t. The Identerati see how it solves problems but the preaching doesn’t help. The key message that needs to be heard is that it helps us act like we do in our non-digital lives – naturally establishing relationships with reasonable privacy. Under the hood it certainly is a better solution – but no ordinary person ever said (or thought) “geez I need a better digital identity.”
Specific roadblocks other people in your space should look out for (and how to overcome them)?
Similar to the earlier question, we expose far too much complexity, which makes decentralized identity/SSI unapproachable for most. Please don’t misunderstand me – I know that the digital identity space is incredibly detailed and there are important distinctions. My point is that if your business isn’t helping make the key decisions for your customers you’re not adding value. One of the changes that I made at CULedger, for example, was to take a multi-week effort down to a few hours for a developer. Our API has 2 main calls. That’s it. That’s all that is needed to get started. If you can get a developer productive with a couple of hours of work they will invest more time to go deeper. If the learning curve is measured in weeks or months you will only attract a miniscule audience.
If you had the chance to write something on all the boards in all the classrooms in the world, what would it be?
Learn how to learn. Your teacher is probably teaching you how to memorize…
In many many years, looking back to your life, what would make you feel you accomplished your mission?
I would like to think that there are people out there that have made more impact because of some small thing that I helped them with. Seeing a major shift to an internet that can be trusted more would be fantastic. Lately I have been looking at ways that I may be able to help out with a big impact with the climate emergency. I started my career in environmental engineering but was pulled into software – the landfill and wastewater treatment work wasn’t what I wanted.
One (or more) book(s) that greatly influenced you and why?
As a founder of multiple companies, The Hard Thing About Hard Things (Ben Horowitz) had a huge impact. Knowing that CEOs around the world are dealing with the same thing was incredibly impactful. CEOs have huge responsibility and they are alone – knowing, strangely, that there are others going through what feels like hell often was oddly comforting.
I keep returning to Abundance (Peter Diamandis) as a recommendation for the folks that I advise as well. It explains that the world is changing faster and faster because of the convergence of many things. We have a lot of hard work ahead of us to correct some extreme problems (climate) but there is hope.
Do you have a favourite victory/failure of yours?
I had a company that we had to wind up over a weekend. A key client (too many eggs in one basket) flipped a curveball at us and forced us to shut down. It was horrible. I had to lay off all of my team. Every one of them landed jobs within a couple of weeks with substantial raises. But every one of my direct reports told me over the next year that their time with me was by far the best thing that had ever happened in their career. It was hard to recover but awesome to see the impact. Years later I kept wondering if I should have left that business earlier but I know now that it happened at the right time. The lessons learned in that pressure cooker-style environment gave me a lot of tools that I didn’t realize were important for others.
In your field, or in life, what is the question that people should be asking more and they aren’t?
I’ll steal this one from Tim Ferriss – “what would this look like if it were easy?”
Bonus Question: Pineapple on pizza. Yes or no?
Good god no.
We, at Tykn, would like to thank Darrell O’Donnell for his time and for sharing his ideas and knowledge with us (not only in this interview but also as our advisor!). Thank you, Darrell! Be sure to follow his Twitter.
Tykn is a digital identity company. If you’re keen on reading more we suggest:
- – Interview with Daniel Hardman (Chief Architect at Evernym and Technical Ambassador at Hyperledger)
- – Interview with Elizabeth M. Renieris (Law and policy engineering consultant focused on the areas of digital identity, blockchain and data protection)
- – Interview with Stephen Curran (Technical Architect and DevOps Specialist on the Verifiable Organizations Network)
- – Interview with Kaliya Young (co-founder of the Internet Identity Workshop and author of the Domains of Identity)
- – Interview with Kim Hamilton Duffy (Co-chair of W3C Credentials Community Group and Architect of the Digital Academic Credentialing Infrastructure at MIT)
- – This Definitive Guide to Identity Management with Blockchain.
- – Interview with Tim Bouma (Senior Policy Analyst for Identity Management at the Treasury Board Secretariat of the Government of Canada).
- – Interview with David Lamers (Blockchain Specialist at Rabobank) about the bank’s research and Self-Sovereign Identity Initiatives.