In our last blog post, we introduced the concept of self sovereign identities (SSIs) and explored one particular implementation of SSI through decentralised identifiers (DIDs).
To better understand the potential value of SSI, let’s consider one of the most important government-issued identifiers in the United States—the social security number (SSN).
The SSN is a unique, 9 digit number issued to U.S. citizens, permanent residents, and some temporary residents for taxation and other purposes, like setting up a bank account or applying to college.
Like other national identifiers, SSNs are persistent. This means that once they are issued, they are valid for your lifetime. The persistence of SSNs make them a reliable source of identification when accessing various services. However, because SSNs are often provided as a means of identification, they are constantly at risk of being stolen and exploited by identity thieves. One single data breach in 2017 exposed the SSNs of over 147 million U.S. citizens.
When your SSN is stolen, you can’t simply cancel it and request a new one, like you would do when you lose a credit card. Consequently, people who have their SSN stolen are likely to
spend a considerable chunk of their life shutting down fake accounts, disputing bills, and paying for credit monitoring.
Underscoring the demonstrable vulnerability of SSNs is the fact that SSN cards are printed on small pieces of paper that can easily fall into the hands of an opportunistic identity thief.
In theory, SSNs are meant to serve as a universal and credible source of identification. In practice, however, SSNs expose individuals in the U.S. to unnecessary risks.
So does that mean the U.S. should do away with SSNs? Well, no.
What the U.S. could and should do is move away from assigning one universal identifier to each individual that must constantly be shared to access services and is subsequently stored in centralized, easily hacked databases.
Instead of having one SSN that needs to be used in many different situations across our lifetimes, we would have a different DID for every interaction (e.g. filling out forms for the doctor, accessing social welfare, etc.).
Each DID is of course tied to the identity owner’s unique identifier, which is stored securely in their identity wallet app.
Like conventional U.S. SSNs, an owner’s unique identifier would be persistent. However, unlike SSNs, the unique identifiers used in a SSI model would be protected, decentralized, and never shared to access goods and services.
The same incentive that exists to steal SSNs simply doesn’t exist with DIDs. A cybercriminal would need to hack an individual’s identity wallet to attempt to exploit their DID credentials. But when this hacking effort only gives access to one identity instead of millions, the incentive to commit fraud is significantly reduced.
So far, this post has made a particularly U.S.-centric case for SSI. But looking through this quick example of how SSI and DIDs would completely change the way U.S. citizens share their data, you can begin to imagine how a DID-based model would be attractive for any national welfare system that is looking to streamline access to its goods and services, secure its institutions, and empower its citizen base.
Taking it one step further, broad adoption of a standardized DID approach could also enable supranational social security systems in which DID credentials would grant access to cross-border welfare services. For example, a European Social Security Number (ESSN) that facilitates “the identification of persons across borders for the purposes of social security coordination” has been the topic of policy discussions for several years now. An efficient, secure, and effective ESSN framework is now possible through the broad adoption of a European DID framework.
Transforming the welfare and insurance systems of any state towards a DID framework will not happen overnight and will require the endorsement and inclusion of governmental and intra-governmental bodies. Sustained and transparent collaboration around guiding principles and regulatory frameworks will be crucial to getting a DID-based social welfare system—and SSI more generally— to be trusted and recognized.
A leading force that is shaping the future of digital identification is the European Blockchain Service Infrastructure (EBSI), a European Commission effort tasked with leveraging blockchain technology to deliver cross-border public services. EBSI exemplifies the cross-government collaboration necessary to drive the innovation and cooperation needed to develop SSI standards and applications, such as an ESSN.
A DID approach may be the best option for modernizing welfare systems that are vulnerable to fraud, struggle to keep up with large influxes of requests, or potentially span numerous jurisdictions. Moreover, DID-based social security and/or insurance numbers could change the way refugees and stateless individuals travel, work, learn, and begin rebuilding their lives.
Secure, DID-enabled access to welfare services is just one example of how a self sovereign approach to digital identities could help individuals gain back control of where their personal data is stored and how it is shared. In our next posts, we will explore a few other SSI use cases.