Self-Sovereign Identity Depends on National Policies
Debesh Choudhury, PhD
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
Humans need a reliable system of digital identity for online verification, authentication and identity proofing. The present identity systems are centrally controlled by the service providers and the governments. The users don't have full access to their identity data. But the digital identity system should be such that every human must be the owner of his/her identity data. This is the sole idea behind the requirement of a self-sovereign identity. It is known that the realization of self-sovereign identity is feasible using distributed ledger technologies. Although distributed ledger technologies are nascent and have several issues to be solved, the ascent of technology development is also showing promise. The most daunting challenge probably comes from the strict national policies which prevent the adoption of self-sovereignty in the identity projects.
Service providers capture identity data of global citizens
The identity data have been captured by innumerable service providers throughout the globe. Banks, financial institutions and government bodies have acquired personal and private data of the users on the pretext of governance and providing services. All data are in the centralized servers of the service providers and government bodies. There are instances of leaking, harvesting and unauthorized selling of users' private data. Citizens can't do anything to safeguard their personal and private data.
Government bodies capture biometrics of the citizens
Government bodies capture biometrics and personal data of the citizens for their digital identity projects. As for example, the personal and biometric data of the Indian citizens have been captured without appropriate privacy protection for the national digital identity project Aadhaar. The entire Aadhaar database is available in the dark market for a nominal price.
People have to give biometrics for getting VISA and travel documents
Foreign ministries of countries obtain biometrics of global citizens on the pretext of processing VISA and travel documents. These data are captured through different VISA agents. Do the VISA agents preserve the privacy of the captured biometrics and personal data of the VISA applicants? There is a question mark if the governments take responsibilities to protect the privacy and security of the stored identity data.
The question arises: "Is self-sovereign identity feasible?"
What is the meaning of creating new self-sovereign identity projects when the personal and biometric data are already captured and are existing in multiple servers around the world? Since national governments have their own centralized digital identity projects, what would be gained by new decentralized self-sovereign identity projects? Because the identity data are already under the control of centralized authorities! We may have to admit that self-sovereign identity is not feasible due to federated identity projects of the national governments. It seems that the national policies are posing the real threats towards making self-sovereign identity a reality.
So what is the fate of self-sovereign identity? Is it feasible?
The future of self-sovereign identity depends on the policies of the national governments. If the national governments are hell bent not to part with the control of the personal and private data of the citizens, the reality is not supporting to have any self-sovereign identity in the near future.
What do you think? I would love to get your views and suggestions. If you like this article, please click "Like" or any other LinkedIn "reactions", and "Share" it among your acquaintances and network.
----------------------------------------
Join me on Twitter, Medium, Facebook, beBee, Steemit and LinkedIn
More of my articles on Digital Identity, Biometrics and allied topics:
- The Password Hole in the Cyber Bag
- Identity Dilemmas: Biometrics, Texts or Something Else
- Brand Identity, Digital Identity and Crypto Aspirations
- Digital Identity, Assets and Governance
- Decentralized Digital Identity: Which Distributed Ledger is Most Viable?
- Decentralized Biometrics: Is It the Ultimate Solution?
- Biometric Data Protection is a Big Challenge
- Reset Biometric Traits?
- Spoofing Biometrics isn't Impossible
- Privacy protection could have saved Aadhaar data breach
- Data Protection is a Big Challenge
For more articles, stories, and insights follow #DebeshChoudhury
* * * * * * * * * * * * * * * * * * * * * *
I am a researcher and academician of electronics and applied photonics. My current research focuses on Biometric Security and Privacy Protection. My friend Jose Munoz Mata and myself are researching distributed ledger technology for decentralized biometrics and other real world applications.
In June 2015, Dr. Jeffrey Strickland and I founded a new LinkedIn Group called "The Unfluencers". To learn about the history of "The Unfluencers" please read the seminal LinkedIn article by Dr. Jeffrey Strickland entitled -- "Who are the Unfluencers". This group is an open group. You are welcome to join this group and engage yourself in the discussions. The Unfluencer?? Logo is a registered trademark of Dr. Jeffrey Strickland.
Text Copyright ? 2019 Debesh Choudhury— All Rights Reserved
#digitalidentity #biometrics #governmentregulation #policymakers #dataprivacy #datasecurity #informationsecurity #technology #innovation #infosensys #dazlabsasia #learningtimes #debeshchoudhury #josemunozmata
Advocate of Identity Assurance by Citizens' Volition and Memory. Founder and Chief Architect at Mnemonic Identity Solutions Limited
5 年Thanks a lot for reminding us of the big threat that could make the tall wall hindering the progress of self-sovereign identity. Assuming that the problem is largely due to policy makers and political journalists having a wrong knowledge of the relevant technologies on? digital identity, there is much that we can do. We could make more? strenuous efforts to present a clearer picture to those people on such issues as follows. 1. what passwords can do and cannot do. 2. what biometrics can do and cannot do, 3. what physical tokens can do and cannot do, 4. what the cryptographic ledger technologies can do and cannot do 5. what problems centralized formation can bring, 6. what problems decentralized formation can bring I am of the view that the most serious and imminent issue above all is the rampant myth of biometrics that could be a threat not only to privacy but also to security. So many politicians and journalist are progressing their discussion on a wrong assumption that biometrics contributes to security.
Strategic Communications Advisor and Ghostwriter | Featured Writer-Blogger | Former Spokesman for U.S. EEOC | Former White House Political Appointee
5 年Debesh: Kudos on another informative and insightful article on a timely #technology issue. I agree that protecting #DigitalPrivacy is of utmost importance, especially considering the ubiquitous pace of new and emerging #tech in the fluid Information Age. You appear to suggest that online distributed ledgers, like #blockchain, might be the answer: "It is known that the realization of self-sovereign identity is feasible using distributed ledger technologies. Although distributed ledger technologies are nascent and have several issues to be solved, the ascent of technology development is also showing promise." So what's the bigger issue: the validity and adoption of blockchain and similar distributed ledger tech or the self-sovereign identity policies (or lack thereof) for world governments? I don't pretend to know the answer, but look forward to examining this further per the responses of other tech experts (some of whom I copied on a feed update I posted of your article).
Information Security Researcher, Academician, Entrepreneur | Password & Cybersecurity, Digital Identity, Biometrics Limit, 3D Education | Linux Trainer | Writer | Podcast Host
5 年I am curious to know something from the active developers of self-sovereign #digitalidentity?.. May we get your views Phil Windley?on how would the government policies be tackled for realizing self-sovereign identity?
Program lead (Cyber Security) at Infosys Ltd
5 年The case you make is real, there is such a 'spray' of our personal data already out there, how could any controls delivered via self-sovereign ID be effective - with all the back doors? GDPR privacy regulation mandates that organizations holding data of EU citizens has to fulfill an individual’s request to modify or delete their personal data as requested (Chapter 3 - data subject). This regulation will be enforced by all EU governments and EU business (including UK ICO (post Brexit)) but what about private organizations outside EU reach? Although google has 'right to be forgotten' a recent court ruling could mean otherwise: https://www.theguardian.com/technology/2019/sep/24/victory-for-google-in-landmark-right-to-be-forgotten-case Could the inbuilt willingness of some individuals to share personal data, a lack of international privacy regulation and the black market for data make it almost impossible for self-sovereign ID to be effective?