We’re bringing information and devices online at an unprecedented rate, raising one of the fundamental questions of our time: how do we represent ourselves in this digital world that we are creating? And, more importantly, how do we secure our identity in a digital world? We’ve heard about blockchain for currencies and smart contracts; a compelling and crucial application is in securing online identity.
For four billion years, the genetic code has been life’s data store — containing not only instructions for, but also the lineage of, all terrestrial life. Over the past few hundred thousand years, a new species has emerged, one that is rapidly and inexhaustibly producing huge volumes of data of their own: humans.
We have observed the world and made sense of it through language for as long as we’ve existed. Armed with the technologies we developed, we peered inside atoms and learnt something about the behaviour of the fundamental particles including electrons and photons that we have found there. Developing capabilities to manipulate collections of these units of electricity and light has led to a series of technological revolutions that has had a fundamental impact on how we store, analyse and communicate information about our world.
The network of networks, the Internet, has evolved over time from a range of contributing developments by mathematicians, scientists and engineers. In each decade from the 1940s inventions, included the transistor, the computer, computer networks, remote access to computing power, software and documents, and finally by the mid-1990s, commercial service providers, ensured increasingly global connectivity. Near-instant text and audiovisual communication, and the emergence of social media and online services across industries, have vastly transformed our society in a remarkably short space of time.
The benefits of increased connectivity come with the associated risk around how the information that we create, communicate and store can be intercepted, sometimes with malicious intent. Cryptography is the ancient art of achieving confidentiality by transforming a message such that is only intelligible to someone in possession of a key. Since the emergence of the Internet, a multitude of algorithms for data security have been developed, and global standards for encryption protocols provide some level of communications security over our computer networks.
Just months after the financial crash of 2008, the first digital currency to employ cryptography to solve the problem of double-spending without the requirement for a central trusted third party was proposed. That currency was bitcoin, now valued at over US$100bn and one of over a thousand cryptocurrencies. The technology underlying this decentralised capability is a distributed ledger, or blockchain. Transactions are recorded in blocks that are linked and secured by cryptography. These records are verified and stored across a network, making the ledger resistant to modification.
The interesting part is that blockchain, this combination of capabilities in computing, connectivity and cryptography, has applications not only in the financial world but in any transactional environment, including for a decentralised personal data management system that ensures users own and control their data.
The risks of exponential data
The digital world’s data content is estimated at billions of terabytes, or zettabytes, 90% of which has been created since 2016. Information is an increasingly valuable commodity, and its acquisition, analysis and trade play an important role across industries. And with one quarter of the world’s population using Facebook every month in 2017, a lot of this data is personal.
The rise of social media has led to new conceptualisations and discussions around identity, as we build representations of ourselves online. On the other hand, information about ourselves that we did not intend to be shared or distributed is also contributing to our digital profiles. Any organisation with stores of personal data can be hacked, be negligent, or even sell this data to external parties for profit, resulting in outcomes that range from spam to identity theft.
In 2013 and 2014, three billion Yahoo accounts were hacked in what was the highest-profile digital identity breach at the time. In South Africa, more than 30m identity numbers and other associated financial information was leaked online only last year. Regulators have been swift in their response: personal data protection regulations such as the European GDPR or South African Popi Act carry severe penalties to companies who act recklessly or even negligently with personal data.
Stunning revelations surrounding Facebook’s sharing of up to 87m members’ data to a third party has caused shockwaves across the world, wiping $100bn off its market capitalisation and leading some analysts to speculate around fines that could amount to $2 trillion — 100 times larger than the biggest corporate fine in history.
Personal data is an economic asset generated by the identities and behaviours of individuals, and the monetisation potential of its (mis)use is astounding. Services like messaging, search and navigation may appear free to use, but they come at a cost: your personal data, or perhaps more aptly called your consumer data. Because, if you’re not paying, you’re not the customer, you’re the product. The question of how to verify, secure and manage identity and personal data online is more pertinent today than ever before.
Foundation for human rights
Identification provides a foundation for human rights. An estimated 1.1bn people worldwide cannot officially prove their identity, and we simply don’t know how many of the world’s more than 200m migrants, 21.3m refugees or 10m stateless people have some form of identification. The World Bank estimates that 78% of these unidentified people are from sub-Saharan Africa and Asia.
The recent Blockchain Africa Conference in Johannesburg brought together like-minded innovators. Global Consent, based in Cape Town, is one such local player doing exciting things in the identity space. Consent is developing a blockchain-based trust protocol to independently authenticate identity and selectively exchange personal information. Consent is also the first Sovrin steward in Africa. Sovrin is the world’s first publicly available distributed ledger dedicated to digital identity. The code base of Sovrin is part of the open-source Hyperledger project, which is governed by the Linux Foundation and backed by big companies including SAP, IBM, NTT and Intel. The infrastructure for ensuring consensus, security and trust around identity transactions on the Sovrin network is provided by globally distributed stewards like Consent, who independently own and operate nodes on the network.
Blockchain has impressive applications in a transactional environment, in this context enabling individuals to own and control their identities online in a decentralised personal data management system where records are verified and stored across a network making the ledger resistant to modification. Like any network, the strength of a blockchain-enabled personal data management system depends in part on its size. And given the size of the problem of personal identification in Africa, both online and off, we can look forward to ongoing discussion and adoption of technologies like blockchain to meet this challenge.
So, developments in computing, connectivity and cryptography have resulted in blockchain, the technological confluence of the three, with exciting applications in identification and securing personal data online. However, we live in the physical world, and biometric data will need to support the initial registration of an individual on such a system. A candidate for advanced biometric identity verification is a naturally occurring structure, which could also be the future of data storage, with a remarkable 700TB capacity per gram — the ultimate unique identifier.
This structure is the DNA molecule, and despite significant achievements, like determining its structure and sequence, science continues to grapple with the computational complexity of understanding life. The role of large portions of determined sequences remain a complete mystery. Life and, in particular, humanity, is arguably the most mysterious phenomenon we have ever encountered, and we have a long way to go to fully understanding ourselves. One thing we have arrived at is a solution to taking back ownership of our identities in the digital world we are creating, through the compelling application of blockchain in the digital identity space.
- Adriana Marais is head of innovation at SAP Africa