Digital Identity – A Gateway to All Other Use Cases

IndraStra Global

Digital Identity – A Gateway to All Other Use Cases

By Benno Ferrarini, Julie Maupin, and Marthe Hinojales
via Asian Development Bank

Digital Identity – A Gateway to All Other Use Cases

Image Attribute: IndraStra Creatives

Every aspect of human development rests upon the bedrock of trusted identity. Without a verifiable identity of some kind, it is impossible to open a bank account, start a business, conclude a legally binding contract, access essential government services, obtain educational credentials, or conduct just about any other imaginable type of economic or social activity on a broader scale.[1] State authorities attempt to fill this gap by issuing official identities to natural and legal persons falling within their jurisdiction. They do so by issuing written documents such as birth certificates and citizen identification (ID) numbers, which can in turn be used to obtain both locally recognized identity-related documents (identity cards, driver’s licenses, marriage certificates, tax ID numbers, business licenses, etc.) and globally recognized ones (e.g., passports). This process works better in some states than others. Today, around 1.1 billion people worldwide—particularly in rural Africa and Asia—still lack legal identities (World Bank 2017). It was for this reason that the United Nations (UN) in 2015 made the provision of legal identities for all, including birth registrations, an explicit focus of its revised Sustainable Development Goals (UN SDGS 2017).[2]

But even once legal identities have been issued, the question of how to keep official records continuously up-to-date remains problematic. A never-ending string of ordinary events can necessitate the alteration, suspension, or revocation of legal identities and the various entitlements associated with them. Births, deaths, marriages, name changes, declarations of court-determined legal incapacity, bankruptcy or insolvency, and many other events can alter the legal rights and duties attached to a particular identity. Even economically advanced ‘good governance’ states have long struggled to find ways of making their many disparate recordkeeping systems talk to one another such that all records are kept current.

This lack of inter-registry communication impedes global development efforts by making it extremely expensive and time-consuming for transacting parties to verify one another’s legally recognized identities and entitlements. This is as true of local transactions as it is of global ones. For instance, a simple contract for the sale of a parcel of land by one neighbor to another requires the verification of both parties’ identities and their legal capacity to contract, as well as a verification of the seller’s current ownership entitlement to the land. To take a cross-border example, a large international financial transfer requires the verification of the sending and receiving parties’ identities, a confirmation of the mutual recognition of those identities by the different countries in question, and a confirmation that neither of them is prohibited under any national or international regulation from transferring money internationally (e.g., by reason of being on a terrorism or money laundering watch list). Similarly, in relation to DLT-based trade finance further described below, the global diffusion of a company identifier system will facilitate the risk assessment and ownership tracking necessary for smaller companies in developing countries to be granted access to finance and the global economy.

Benefits


Distributed ledger technologies offer a technical solution to this complex problem for the first time in history, and on a global scale. Numerous globally focused startups, including Sovrin, Netki, uPort , Civic and others, are building DLT solutions for real-time self-sovereign digital identity management. The concept of self-sovereign identity could herald radical changes in global economic organization by turning the data collection practices and revenue models of many existing internet-era businesses on their heads.[3] More importantly, within the international development context, it promises to enable billions of currently excluded persons to integrate into the global finance and commerce systems. As described in the 2016 Caribou Digital/Omidyar paper:

Open, decentralized systems enable individuals to fully own and manage their own identities, leading to the idea of “self-sovereign” identity systems. These systems use combinations of distributed ledger and encryption technology to create immutable identity records. The individual creates an identity “container” that allows them to accept attributes or credentials from any number of organizations, including the state, in a networked ecosystem that is open to any organization to participate (e.g., to issue credentials). Each organization can decide whether to trust credentials in the container based on which organization verified or attested to them; in other words, a mortgage company may accept a credential issued by a leading global bank, but not one issued by a local bank. Importantly, this model does not require a state-based credential to be initiated (the state credential can be added at a later time, or not at all), which removes a barrier to adoption.

The flexibility and modularity of the self-sovereign identity approach make it ideal for adoption in developing country contexts where there are significant gaps in official state recordkeeping. In fact, those gaps might make it easier for developing countries to adopt such solutions than more developed ones, where large sunk investments in traditional recordkeeping systems often create institutional path-dependencies and high transition costs.

An example of a development-focused start-up using self-sovereign identity as an anchor for its work is Taqanu, which describes itself as “a bank for refugees and for people without a fixed address.” Taqanu takes advantage of the fact that, while many refugees don’t have identity documents, many do have phones. It allows refugees to sign up to have their social media data compiled and analyzed in a way that makes it possible for regulated banks to verify the refugees’ identities to a sufficient degree of probability to offer them basic banking services—even if they can’t provide a government-issued birth certificate, passport, or other recognized national identity document.

Providing financial system access to excluded populations is one of the most important developmental use cases of DLTs, and further examples are presented in the following sections. For present purposes, the Taqanu example illustrates that the creation of verifiable digital identities is a gateway issue for pretty much every possible DLT use case. Without them, users of DLT solutions could never trust that their counterparties to a transaction: (i) are who they claim to be, and (ii) are entitled to carry out the intended transaction. Digital identity is, therefore, the key to the success of all other DLT use cases. This renders investment in self-sovereign identity infrastructure a necessary prerequisite for every other type of development assistance for which DLT solutions might be explored.

Risks and Implementation Challenges


In order for its benefits to be realized, advocates of self-sovereign identity posit that three core requirements must be met:

(i) Security—the identity information must be kept secure,

(ii) Controllability—the user must be in control of who can see and access their data, and

(iii) Portability—the user must be able to use their identity data wherever they want and not be tied to a single provider (Tobin and Reed 2017)

Many of the leading actors in this space are cooperating under the auspices of the Decentralized Identity Foundation to make this vision a reality.[4] While the broader vision is shared, however, key implementation details have yet to be agreed upon. For example, the security pillar requires the use of cryptographically secure methods of protecting users’ data. Most digital identity service providers today use cryptographic functions based on elliptic curves whose security robustness has been thoroughly vetted within the context of contemporary processing environments. But cryptographers warn these functions will most likely prove vulnerable to hacking with the advent of quantum computing, which may no longer be very far away (The Japan Times 2017).

To guard against this risk, all information stored in a user’s digital identity wallet should ideally be stored in a quantum-proof way. This is theoretically feasible using known cryptographic techniques [5]. However, building these into a self-sovereign identity wallet in a user-friendly manner—such that the user does not need any technical knowledge to keep his/her data secure—poses nontrivial design challenges. Addressing these will require systematic adherence to user-centered design principles together with comprehensive beta testing of design features in developing country environments in advance of any live deployment of the technology.

The portability pillar also constitutes a risk at present due to the fact that many of the leading firms in the self-sovereign identity race are building their solutions for a specific DLT, e.g. the Bitcoin or Ethereum blockchains. But data portability requires platform neutrality if it is to mean anything in practice. Digital identity solutions that are open source and platform agnostic (capable of being used across multiple distributed ledgers) may be more likely to deliver high performance at lower cost to users in the long run. There is a risk that hype factors associated with the current popularity of particular blockchains may lead development funders to commission digital identity ‘proof of concepts’ tied to those specific blockchains, even if the structural design features of the blockchain in question are not well suited to the long-term success of the project at hand. To mitigate this risk, development funders should adopt a policy of publishing public tenders for all DLT-based proof of concepts—including those whose financial implications would ordinarily place them below the usual budget threshold for a mandatory public tender call. This can help prevent situations that may lead to lock-in effects.

In addition to these technical risks, the mounting evidence makes clear that digital identity efforts can only assist with the achievement of concrete development objectives if properly situated within a broader reform agenda. Past policy interventions were often premised on the assumption that broader access to birth certificates, for example, would lead to human rights protection and a fairer distribution of resources and opportunities. A 2007 Asian Development Bank (ADB) study tested this assumption directly by investigating whether improved access to some form of legal identity improved the livelihoods of the poor by helping them obtain services, benefits, and other rights (Vandenabeele and Lao 2007). Based on fieldwork in Bangladesh, Cambodia, and Nepal, it found that the actual benefits from owning a legal identity are limited by the obstacles encountered in individual country circumstances, and more generally by weak institutions and widespread corruption. In other words, the provision of legal identity must be linked to the delivery of essential services relevant to people’s livelihoods in order to have a real-world impact.

Selecting which essential services should be linked to a potential self-sovereign digital identity initiative is also an important policy decision. For example, primary education funding in Nepal premised on the introduction of registration laws and legal identity requirements was found to exclude women and minorities most in need of assistance, because these groups faced the highest barriers to obtaining birth certificates in the first place. Program design should, therefore, take into account the risk that introducing a legal identity regime may limit the range of project beneficiaries. For some essential services, superior development outcomes may be reached by providing them to everyone, with or without identity.[6]

Last but not least, poor governance, weak institutions, corruption, and resource constraints fundamentally weaken the state’s capacity to enforce laws intended to protect citizens’ rights. The provision of legal identity makes little difference in such contexts without complementary reforms in these areas. Although self-sovereign identity systems can fill the void left by a weak state in a circumscribed area of application, its benefits cannot expand without an appropriate enabling environment. Put differently, legal identity and the technologies underlying it are important facilitating tools, but they cannot substitute for development policy as such.

Download the ADB economics working paper series No: 533 (in pdf): 

"Distributed Ledger Technologies for Developing Asia | Publication | December 2017"

About the Authors:

Dr. Benno Ferrarini is a senior economist at the Economic Research and Regional Cooperation Department (ERCD), Asian Development Bank (ADB).

Dr. Julie Maupin is a senior researcher at the Max-Planck Institute for Comparative Public Law and International Law in Heidelberg, Germany. She is also a senior fellow at the UCL Centre for Blockchain Technologies (London) and the Centre for International Governance Innovation (Waterloo), and is an advisor to the IOTA Foundation (Berlin).

Marthe Hinojales is an economics officer at the ERCD, ADB. 

Copyright: 

This article is an excerpt taken from a working paper authored by Dr. Benno Ferrarini, Dr. Julie Maupin, and Marthe Hinojales and published by Asian Development Bank under the title - "Distributed Ledger Technologies for Developing Asia | Publication | December 2017" and it is licensed under a Creative Commons Attribution 3.0 IGO License provided by the original publisher.

Endnotes:

[1] In traditional systems, identity was a straightforward matter of community recognition. People transacted with those whom they knew and trusted. While such models worked well on a local level, they proved incapable of establishing trust among parties wishing to transact beyond their immediate communities. 

[2] In particular, UN Sustainable Development Goal target 16.9 states: “By 2030, provide legal identity for all, including birth registration.” 

[3] Companies like Google, Amazon, Facebook, and Apple—whose revenue models depend upon monetizing the large volumes of data collected from their users—will need to find new ways of generating revenue if users become empowered to decide on a granular level which data they share, with whom, and for what specific purposes.

[4] A good source of information on potential partners for building such a solution is the Decentralized Identity Foundation (http://identity.foundation/). Solutions that are open source and platform agnostic (capable of being used across multiple distributed ledgers, as opposed to tied specifically to one particular blockchain) are probably more likely to deliver high performance at low cost to the users in the long run. 

[5] For a lay description, see Wikipedia. “Post-quantum Cryptography.” https://en.wikipedia.org/wiki/Post-quantum_cryptography.

[6] Prenatal healthcare and childhood vaccination

References:

World Bank. 2017. “Identification for Development.” http://www.worldbank.org/en/programs/id4d
(accessed 25 October 2017).  programs may be examples. 

United Nations (UN) SDGS. 2017. “Targets and Indicators.” https://sustainabledevelopment. un.org/sdg16 (accessed 25 October 2017). 

Tobin, Andrew, and Drummond Reed. 2017. “The Inevitable Rise of Self-Sovereign Identity.” Sovrin
Foundation White Paper. p. 10. https://sovrin.org/wp-content/uploads/2017/06/The-Inevitable-Rise-of-Self-Sovereign-Identity.pdf

The Japan Times. 2017. “University of Tokyo Pair Invent Loop-Based Quantum Computing Technique.” Sep 24. https://www.japantimes.co.jp/news/2017/09/24/national/science-health/university-tokyo-pair-invent-loop-based-quantum-computing-technique/#.Wd9ayBOCwdU 

Vandenabeele, Caroline, and Christine V. Lao, eds. 2007. Legal Identify for Inclusive Development. Manila: Asian Development Bank. https://www.adb.org/sites/default/files/publication/29046/legal-identity.pdf

____________________________________________________


Recommended Reading (Suggested by IndraStra Global Editorial Team)
A Blueprint for Digital Identity - The Role of Financial Institutions in Building Digital Identity (Pdf)

(Click on the above image to download the pdf)