How we create an international framework for privacy-preserving digital ID
Mar 30, 2023
Chair and President, Hedera
This article is republished from the World Economic Forum under a Creative Commons license.
Currently, around 850 million people lack official identification; meanwhile, billions of others with legal ID lack adequate privacy protections when participating in the digital economy.
Decentralized digital ID enables people to participate more effectively in the digital economy.
They can use verified identity credentials to present themselves in a privacy-preserving manner they control. In addition, some underlying technologies enabling decentralized digital ID for personal identification can deliver environmental and governance benefits.
At the 2023 World Economic Forum Annual Meeting workshop on “Improving Livelihoods with Digital ID,” organized by the Forum’s Crypto Impact and Sustainability Accelerator (CISA), we explored how to realize the benefits of digital ID through a coordinated international approach to standards and policies.
The panopticon problem with digital ID
Blockchain-powered decentralized digital ID provides privacy-enhancing capabilities unlike current centralized systems more vulnerable to personal data exploitation and massive data breaches. We can bind digital ID identifiers and metadata to decentralized public blockchain infrastructure while keeping all personal data off-ledger in digital wallets under the user’s control. The privacy features in this model remove a long-standing problem with previous identity solutions known as the “panopticon” problem.
To illustrate the “panopticon” problem, consider a social network provider that provides users with “single sign-on” to other websites. This “identity provider” is required by the limitations of web2 that inherently relies upon central intermediaries to facilitate the sharing of verified information.
While it is true that the “identity provider” model can enable some privacy benefits to its users, such as minimum disclosure to third parties – e.g. “this user is over 18,” without sharing the date of birth – that same identity provider will still participate in all identity transactions by that user.
Therefore, every time the user wants to assert their identity using this web2 approach to digital ID, their identity provider knows about it, knows who they are interacting with and even knows what information is being shared i.e. they are always watching (hence the panopticon metaphor).
Better privacy and compliance through blockchain
The identity management community has worked on this problem for years and introduced innovations like “double-blind” architectures where an identity exchange sits between a digital service and the identity provider to mitigate the panopticon problem. However, these architectures are complex and do not adequately scale to address the global need for verified, privacy-preserving digital ID.
The web3 solution to this problem removes the need for an identity provider. It replaces that intermediary with public blockchain infrastructure where the user stores their digital identity metadata while keeping their personal information offline in their digital wallet with verified credentials signed by their various credential issuers e.g. a university issuing a credential of graduation, a government agency issuing a legal ID credential etc.
When the user presents a credential from their wallet to an application, it can verify the credential by checking the cryptographic signature against the original credential issuer’s public key, which has previously been published in a publicly available registry. This system allows the user to control when information is shared and who it is shared with while enabling verified personally identifying information sharing to satisfy know-your-customer, anti-money-laundering or anti-terrorist-funding compliance.
State-of-the-art decentralized digital ID technology is evolving rapidly. While several core technologies have been proven and standardized by W3C (the standards body that governs core web technologies), some notable recent developments suggest the role of blockchain in digital ID will only grow over time.
Just last year, the founder of Ethereum, Vitalik Buterin, collaborated on a paper titled “Decentralized Society: Finding Web3’s Soul” that introduced the notion of “soul-bound tokens” as a blockchain native capability to advance the field of digital ID. My colleague Keith Kowal describes this innovation in the context of other emerging blockchain-native ID capabilities in “The Rise of the Identity Token.”
Beyond technology and standards, digital ID offers tangible social, environmental and governance benefits…”— Brett McDowell, Chair and President, Hedera
Gaining sustainability impacts
Last year, Envision Blockchain launched the “Guardian,” an open-source solution that provides full discoverability and traceability of environmental, social and governance assets on the Hedera network.
This tokenized policy management platform relies upon decentralized identifiers and verified credentials to identify and verify data objects (tokenized assets) and the actors authorized to provide the source data to deliver an end-to-end digital measurement, reporting and verification (dMRV) solution.
Blockchain tools like the Guardian enable tokenized climate asset marketplaces to grow by mitigating the risk of fraud, information asymmetry and inaccuracy in carbon credits and related assets.
As more corporations build trust in these tokenized climate asset marketplaces, their increased participation and the ability to independently verify the quality and provenance of the assets will drive the economic incentives for increased investment in carbon offset projects. It will establish a virtuous cycle with scalable network effects to accelerate the global adoption of MRV-compliant carbon offsets.
The work that still needs to be done
Decentralized digital ID relies on a carefully considered stack of open technology standards, open-source blockchain infrastructure and public registries that have been years in the making.
Beyond technology and standards, digital ID offers tangible social, environmental and governance benefits demonstrated by pilots, proof-of-concept projects and emerging market solutions.
As discussed within the Forum’s Digital ID Initiative, we need to draw generalizable lessons from pilots. We then apply them at scale to deliver a foundational building block for solutions to global challenges ranging from digital workforce transformation to carbon asset MRV to fundamental social challenges of exclusion and data exploitation.
To address that need, the Forum’s Digital ID Initiative is engaging a global group of key stakeholders across the public and private sectors, focused on technology, policy and social impact considerations, to craft an international policy and standards framework that will serve to accelerate the adoption of privacy-preserving digital ID.