Decentralised identity: first step towards banking the unbanked
A decentralised digital and economic identity can improve the lives of the impoverished and unlock hidden economic value in places where traditional banks fear to tread
Blockchain has significantly disrupted a wide range of established industries and services while enabling a vast array of new technologically based economic and other opportunities for many around the world. It has expanded beyond the world of banking and finance with the inception of cryptocurrencies, with blockchain-based solutions springing up in industries as diverse as real estate, travel, advertising and energy.
While the commercial applications of blockchain are numerous, significant potential also lies in the ability of the technology to assist the impoverished and those looking to make a new start in life through “decentralised identities”. Eric Lim, Senior Lecturer in the School of Information Systems and Technology Management at UNSW Business School, says a decentralised identity can build on a public decentralised infrastructure, such as a blockchain, to help provide an economic identity to a range of individuals. These might include those who are at risk of being displaced as refugees from politically unstable regimes, people who are homeless or without fixed residences, or others who are located in regimes without formal documentation by trusted institutions, and who are politically and economically oppressed.
“Instead of seeing these segments of the population as those that need our help, charity or handouts, we should recognise their hunger for success and recognition, and their desire to participate in the global economy and forge their own destinies,” said Dr. Lim. “To allow that, we need a decentralised identity that cannot be taken away from an individual. It should be a fundamental human right.”
How can decentralised identities assist those in need?
A decentralised identity can insulate individuals from political instability and the lack of formal documentation or poor record keeping, said Dr. Lim. “It means that whenever there is a regime change or a civil war, paper or computer record of the identity of the individual, which could be easily destroyed, could now be preserved on the blockchain,” he said.
“With the assurance of permanence, the individual would then be free to anchor their entire life history and curate a story of themselves that would serve them in their best interests. Once this individual exists, they can build a credible and self-preserving economic identity that will allow them access to the global financial market – whether it be the form of traditional finance or peer-to-peer micro fintech services.
“Essentially, we have to realise our privilege to say that we exist, and recognise that is a power that many individuals under the poverty line and living in politically unstable environments do not possess and are hence excluded from traditional financial services. As the World Bank Group President Jim Yong Kim said: ‘Financial inclusion allows people to save for family needs, borrow to support a business, or build a cushion against an emergency. Having access to financial services is a critical step towards reducing both poverty and inequality.’”
What are the pros of a decentralised identity?
Dr. Lim said the biggest benefit of a decentralised identity is that it exists on a public infrastructure, such as a major blockchain like Ethereum, Cardano, Polkadot, and Algorand. These public infrastructures are open for anyone to use, and their usage encourages digital inclusivity, he explained.
Also, because decentralised identities exist on a blockchain, which has the properties of being transparent, immutable, time-stamped, and auditable, Dr. Lim said individuals’ identities cannot be removed or excluded by entities that are in power and adversarial, nor could these individuals be erased because of political or civil unrest in their locales.
“What it means is also that individuals who have a decentralised identity on a blockchain would also become a truly global citizen with the ability to move anywhere in the world and would still retain all their history and credentials of their achievements and creditworthiness scores they have accumulated in their previous countries of residence,” he said.
Decentralised identity privacy concerns
There is a common misconception about decentralised identities, in that people think an individual’s private data and all their credentials are stored on the blockchain, which is a public infrastructure. “They believe that in such a scenario, an individual would lose all their privacy. This misunderstanding causes privacy concerns. However, this is not true,” said Dr. Lim.
“The decentralised identity on a blockchain is simply a pointer on a blockchain. It is represented by the public key that the individual can share publicly and declare that this public key is connected to their identity.”
Dr. Lim explained a decentralised identity is simply a reference and does not contain any information about the individual that could be appropriated by nefarious adversarial parties for any damaging purposes. “While not entirely accurate, an analogy could be drawn from the following example of when you reveal to a counterparty your bank account number so that they can send you money. In this analogy, the counterparty, even in possession of your bank account number, cannot try to withdraw your savings because they do not possess your pin or password to the account number,” he said.
How access to a decentralised identity works
The difference, however, is that while the bank stores passwords or pin numbers on its servers, while Dr. Lim said an individual with a decentralised identity on the blockchain will always retain custody of their private key and they will never need to give it up to a third party even when trying to authenticate their credentials.
“There is never a need for the individual to send their private key to anyone,” said Dr. Lim, who explained all credentials that are associated with the individual when revealed to a verifier would have to contain all relevant digital signatures by the holder of the credentials and the issuers of the credentials. Such digital signatures are unique to every transaction and do not reveal the private keys of the individual and the issuers.
“For instance, if an individual desires to purchase alcohol at a liquor store, they would choose an appropriate credential like perhaps a driver’s license or a passport to reveal to the cashier,” he said. “Along with the credential will reveal digital signatures of both the issuer of the driver’s license and the credential holder. The cashier can match those digital signatures with the respective decentralised identity on the blockchain to verify that the credential is legitimate.”
The biggest disadvantage in such a scenario is when the individual in question loses their private key. “However, I am an optimist and if we are really serious about changing the world and having an impact on society, it is not possible to not trust people to be able to be responsible for their own lives especially if they have something precious to protect. There is simply a need to believe that if we provide people with the tools to empower and better themselves, they will use them,” said Dr. Lim.
Should banks be concerned about decentralised identities?
Applying the use of decentralised identities does not mean that the banks will have to stop complying with existing regulations, such as Know Your Customers (KYC) or Anti-Money Laundering (AML) laws. If anything, Dr. Lim said history has shown that any institutions that possess custody of large number of their clients’ passwords and data are constantly in danger of attacks.
“They represent single points of failures and honey pots that attract hackers. It also means that having a vulnerability at any point in their defence, would have a cascading effect on every client,” he said. “On the contrary, using decentralised identities would push power to the edges and diffuse the attractiveness of organisations as targets of attacks. It would increase the costs and efforts for attackers to target individual clients to steal their private keys and even if one were compromised, it would not cause a cascading effect on other clients who have taken appropriate steps to secure their private keys. In summary, the damage is contained and isolated to individual clients.”
Of course, Dr. Lim observed there is good reason to believe that any institution tends to see centralised control of their client’s data as a competitive advantage. “However, I believe that is short-sighted as what is a loss in one area could represent a much bigger gain in other valuable areas. Persisting with the old way of doing things that are only applicable to segments of the population who conform to very specific and contextualised rules of engagement means closing the doors on vast segments of the population that are not connected to the existing financial networks and infrastructures,” he said.
Banking and traditional financial institutions need to understand they could benefit significantly by vastly expanding their market share by cracking this global market, without the need to make expensive inroads through setting up a physical presence in different geographical regions.
Making decentralised identities a reality
As the concept of decentralised identities is very new, a roadmap towards the realisation of a decentralised identity vision – especially at the national level (much less at the international level) – does not exist. However, Dr. Lim said the first step towards setting up a decentralised identity and giving everyone a digital identity is the need to agree on a set of procedures that will allow people to register their decentralised identities on a blockchain with own their relevant governmental agencies.
“It means that each individual is recognisably connected to their decentralised identity and the connection is made official and also auditable on the blockchain. This applies to all government agencies who would also be officially connected to a unique decentralised identity on the blockchain and made official and auditable,” he said.
The systematic creation of an auditable trail of connections between the decentralised identities and their real-life entities would be the first and most important step, and preferably recorded on a open decentralised blockchain. Dr. Lim explained this will ensure that in the event of political or civil upheaval, that the decentralised identities would still be auditable by others.
Second, we need to determine a standardised process by which the chronology of the existence of these entities and their corresponding decentralised identities and their succession by other entities is documented and recorded. “For instance, if a university of a country only existed for a short period of time and cease to operate subsequently, there must still be a way by which the digital credentials offered by such a university are recognised or grandfathered into its successor,” said Dr. Lim.
Lastly, digital identity solutions that are both intuitive to use and offer a great user experience would need to be created. Currently Dr. Lim said there is very little attention paid to this area. “The design of a digital wallet that will act as the main point of interactions between an individual and other entities that they come into contact with remains elusive. I expect that to change,” he said.