The 5P’s of a Self-Sovereign Identity
Increasingly, big data is invading consumers’ lives. It affects consumers’ privacy as the web has become such a centralised platform. When you have centralised organisations collecting so much consumer data and using it to offer personalised advertising to their users, it causes problems. As Jonathan Taplin discussed in his book Move Fast and Break Things, organisations that have access to so much data and use it to steer consumer behaviour could directly undermine our democracy. These centralised organisations do not forget or forgive. Since actions (i.e. data) speak louder than words, it is possible that data are defining human beings.
A Self-Sovereign Identity
A solution to these problems might be the incorporation of a self-sovereign identity; an identity that is owned and controlled by the person or the device that created it. To develop a self-sovereign identity, we need to look differently at identity and in the book Blockchain: Transforming Your Business and Our World, we discussed at length how we could develop such a self-sovereign identity. In a nutshell, it means that not only humans have an identity, but also organisations and even things have an identity.
Identity consists of many different attributes, which are constantly changing and evolving in terms of priority and durability. Some attributes such as birthdates, place of birth, biological parents, and Social Security numbers will stay with a person for his or her entire life. Others, such as an employee number, student number, address, or telephone number could change periodically. Still, other attributes could be very short-lived, such as a username on a forum or website. Each of these attributes has different, uniquely identifiable characteristics, and the combination of them constitutes a person’s identity (although the person might perceive that differently).
What applies to humans, also applies to devices. Machines also have a variety of attributes that make up its identity. These include the type of device, its brand, colour, characteristics, and capabilities. Although we have an identity infrastructure for people in place, at the moment we do not have an identity infrastructure in place for things. Despite that, we are rushing to connect devices to the internet, which could pose significant future challenges such as increased security breaches that could bring down the internet, just as happened already in 2016.
If an identity consists of ever-changing attributes, a self-sovereign identity restores the control over who has access to those attributes to the consumer, or device, which owns that identity. So instead of social media companies or governments owning a person’s identity attributes, the consumer is in full control and determines, for each interaction, who gets access to which data points.
Next to attributes, individuals, organisations and things also have a reputation, which shows how reputable and trustworthy the individual, organisation or thing is. Finally, an identity consists of a shadow reputation, which means who or what is part of the user’s/organisation’s/device’s network and what the reputation is of that actor as that influences the reputation. A connected device linked to another device that contains malware is less valuable. Attributes, reputation and shadow reputation result in a unique identity of an individual, organisation or thing.
The 5P’s of identity
A self-sovereign identity can be defined by the 5P’s as it is personal (it is about you), portable (meaning you can take your identity and data from one platform to another), private (you control your identity and data), persistent (it does not change without your consent) and protected (they cannot steal your identity). In other words, a self-sovereign identity is a paradigm shift from today’s identity system, and it will drastically change how organisations are able to deal with customer data.
For example, when entering a bar, we could use a self-sovereign identity to prove that we are of drinking age without revealing our age. Instead, the bar would only see a yes or no statement that the person is of legal drinking age, rather than providing a driver’s license, which discloses a variety of very personal details such as our name, date of birth, address, or license number, none of which the bar owner needs to know to determine whether or not you are allowed to drink alcohol. Instead, we decide which information we want to release to which organisation and when.
A self-sovereign identity offers many advantages to consumers. Building the infrastructure might be a challenge, however, as is the cultural change that is required when consumers become solely responsible for securing their private key that is linked to their self-sovereign identity.
As a result of self-sovereign identities, consumers will become black boxes for organisations, and only the consumer will determine what data will be shared with an organisation. That will significantly change data ownership, how organisations can deal with customer data, and how they can derive insights from it.
What are your thoughts on a self-sovereign identity? Leave your thoughts in the comments below.
Image: Andrea Danti/Shutterstock