Blockchain and identity: a solution without a problem?

Published on 2nd Nov 2017

When did you last need to prove your identity? Not just remember a PIN number to use a credit card – though that is, in a way, a proof of identity as the owner of the account – or show a security pass to get into the office, but really demonstrate your legal identity.

The fact that a person living in the UK might not be sure about the answer to this illustrates two points about identity. One is that it is rare, not to say exceptional, to have to prove identity in daily life.  The other is that in a jurisdiction where national identity cards have not been issued since the 1950s, many people might wonder exactly what proving identity might mean.  Presenting a passport at an airport is certainly a proof of legal identity – that the bearer is a citizen of the issuing country and entitled to its protection when abroad – but the very statement demonstrates that this identity attribute is relevant only in the context of travelling to and being in a different jurisdiction.

The nub of what possessing an identity means, in legal terms, is access and entitlement. For many UK residents the requirement to present a drivers’ licence as proof of age to enter a night club, or entitlement to be driving a vehicle, are probably the most familiar occasions when this sort of identification is needed. But this immediately highlights that the attributes which are required in proving identity are different on every occasion. Age, citizenship, competence to drive, entitlement to health services, membership of a club or a professional qualification: no single token is able to verify every attribute that might need to be demonstrated.

Is blockchain the solution?

It is not surprising, therefore, that self-sovereign identity is among the many other applications now being proposed for the blockchain, or distributed ledger technology.   A cache of personal data, continually growing as the individual acquires further relevant attributes – degrees, attestations, parental responsibility for a child – preserved in tamper-proof fashion for as long as the ledger persists, could be referenced on any occasion when verification of the relevant attribute was required. The individual, rather than the government or another institution, controls what data is accessed, when and for what purpose.  And being digital, the self-sovereign identity could include associations with avatars (for gamers) or social media accounts, which a purely real-world identity tends to exclude.

A number of organisations are working on such solutions, including ID2020, a global alliance working with the UN High Commission for Refugees to develop digital identities which could be used by displaced persons. To read the hype, you might be forgiven for thinking the age of physical identity tokens such as passports was coming to an end.

There are obvious but solvable problems: of personal privacy and the need to be able to change attributes – when a passport expires, or a professional qualification lapses. The ledger might need to store pointers to the data, rather than the data itself, though that would undermine the immutability which is much of the attraction of the idea. There is also the question of how such systems would achieve the trust status necessary to be generally accepted as reliable proof of the claimed attributes.  But this might be only a question of time, technical credibility and familiarity.

But is this really needed?

The distributed ledger solution, may, however suffer from a more significant practical problem: the accumulation of so many disparate aspects of an individual’s legal and biographical attributes simply not being necessary. Establishing, verifying and maintaining such an extensive set of data is an administrative burden very few individuals are likely to welcome when it is not an externally imposed obligation.

Fundamentally, people are bad at maintaining complex databases: it requires constant attention to detail wholly incompatible with today’s convenience culture. Managing, obtaining and presenting the specific token or evidence to verify a specific attribute as and when needed almost certainly takes more effort when the effort is summed over the whole of an individual’s lifetime, but on a daily basis it requires a lot less engagement.  And the occasion when an individual is required to verify all of their identity attributes at once, from highest Call of Duty scores to school leaving certificate through to national insurance number and current nursing registration, is realistically never going to arise.

Interested in hearing more from Osborne Clarke?

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?