PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

Can Blockchain Tech Help Us Reclaim Control of Our Personal Data & Identities?

Tim Sloane by Tim Sloane
October 6, 2017
in Analysts Coverage
0
Bank Fraud

Businessman on online Financial Assessment on a tablet . Team work in the office

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

This Harvard Business Review article suggests blockchain technology combined with personal encryption keys should replace centralized storage of our personal identity credentials. I’m not ready buy into this quite yet!

First the article identifies the problem:

“It’s a strange world we live in when large companies such as Experian, Equifax, and TransUnion are able to store huge quantities of our personal data and profit from it in a way that doesn’t always benefit us. And when those same companies lose our personal data and make us susceptible to identity theft, there’s virtually nothing we can do about it. Equifax lost the data of more than 140 million people, and recompense is not forthcoming. Meanwhile, the CEO may be stepping down with a pension worth $18 million. Clearly, the system is broken, and it’s time to stop and ask ourselves why we continue to rely on a system that doesn’t stand up to the challenges we face in a digital society.

Credit-referencing agencies benefit immensely from our data, but there are many other data privateers — from online shopping sites to retailers to media firms – that are doing the same, including our own governments. U.S. Social Security numbers, or UK National Insurance numbers, were originally created to keep track of the earnings history of workers for entitlement and benefit programs. Both have since morphed into critical numbers assigned at birth that can be used by government agencies not just to collect taxes, but to identify individuals. They are also now used by private industry to track our financial and commercial histories.

The article then transitions to a discussion of national identity systems, such as those in China and India, which at minimum represents an important building block for a totalitarian state. The article however identifies state operated solutions that operate on distributed ledger technology, including Estonia’s ID-kaarts.

“Still, numerous smaller countries, such as Singapore, are exploring national identity systems that span government and the private sector. One of the more successful stories of governments instituting an identity system is Estonia, with its ID-kaarts. Reacting to cyber-attacks against the nation, the Estonian government decided that it needed to become more digital, and even more secure. They decided to use a distributed ledger to build their system, rather than a traditional central database. Distributed ledgers are used in situations where multiple parties need to share authoritative information with each other without a central third party, such as for data-logging clinical assessments or storing data from commercial deals. These are multi-organization databases with a super audit trail. As a result, the Estonian system provides its citizens with an all-digital government experience, significantly reduced bureaucracy, and significantly high citizen satisfaction with their government dealings.”

This is where the article moves into areas that I question. One is the argument that personally encrypted credentials in a distributed environment are inherently safer than those same personally encrypted credentials in a centralized database. I don’t think this is necessarily true:

“This characteristic of encrypted distributed ledgers has big implications for identity systems.  You can keep certified copies of identity documents, biometric test results, health data, or academic and training certificates online, available at all times, yet safe unless you give away your key. At a whole system level, the database is very secure. Each single ledger entry among billions would need to be found and then individually “cracked” at great expense in time and computing, making the database as a whole very safe.”

In reality this would also be true if I encrypt my records as an individual and put them in a centralized database. This is purported to be the solution used in many cloud solutions including password managers. Despite the centralized database I personally hold the decryption key. One advantage to this approach is that it is relatively easy to implement a new encryption algorithm. All the data is located centrally and so the conversion can be done one user at a time with all user data re-encrypted.

The National Institute of Standards has already deprecated multiple encryption algorithms since the first was released in 1975 and NIST warns that existing encryption is likely to be vulnerable in 20 to 30 years. That may be optimistic given recent advances in quantum computing.

A distributed solution needs to include a mechanism by which all my data, across all the nodes where my data exists and for all of the entities I have given permission to access my data, can be upgraded to a new encryption standard. I don’t believe a highly distributed solution is required to provide individuals control over their own data. I do believe the world needs a self-sovereign identity solution; the problem in achieving this is less about technology and more about the wish of governments and businesses to control our identity. Technology can’t fix this.

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here

Tags: BlockchainPersonal Data
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from CSG Forte: