Identity in the blockchain era –beyond the hype

By Frederic Kerrest, co-founder and COO, Okta

Credit: Photo 85379808 © Nils Ackermann - Dreamstime.com

Blockchain, the digital ledger technology behind cryptocurrencies, such as Bitcoin and Ethereum, was initially made popular on the dark web for its security and anonymity that facilitated the sale of illicit goods.

Despite its dark beginnings, blockchain has found its way into the mainstream over the past couple of years, all four big banks investing in and piloting the technology. While it was created to facilitate and authenticate payments, many analysts and future-gazers believe blockchain also has the potential to become a primary identifier.

When leveraging blockchain, data exchanges cannot be erased or changed without leaving a digital record — forgeries are practically impossible and it’s extremely difficult to hack; both clear advantages for identity management.

Identity is at the heart of innovations in healthcare, voting, travel, banking and beyond. Many have argued that blockchain is the answer to managing this digital identity but, as driverless cars may be the future of transportation, the future is not quite here just yet.

Blockchain is not currently a rip and replace for existing identification systems. A lot of work must be done to make it a workable backbone for identity management. To get blockchain ready for primetime, collaboration between businesses and the public sectors is critical.

This is beginning to happen; Australia Post, for example, is working with Alibaba and Blackmores to develop blockchain solutions to counterfeit products, following its blockchain identity solution rolled out in late 2016. Others will need to follow suit to test blockchain’s suitability for identity management.

Looking ahead, here are three of the most pressing issues with blockchain we will have to address before we can make any declarations about its future as a universal identifier.

Calling all regulators

Blockchain’s lack of regulation is exactly why early adopters in the cryptocurrency world love it, but this is not viable for national institutions. Established and well-defined legal protections for users are vital. We need a trusted entity to establish enforceable rules for how it will all work, including basic protections for consumers. If someone robs a traditional bank for instance, customer account balances don’t change. Unregulated cryptocurrency users do not enjoy the same benefit.

Regulators will also need to figure out how to manage the irreversible nature of blockchain. Given that it stores information on a distributed and ever-changing database, parameters must be in place that allow people to somehow reverse or fix problems tied to their identities. A victim of identity theft will struggle changing key personal identifiers (such as a TFN), causing problems if your identity is stolen. If regulatory bodies cannot find a solution, this may leave blockchain in a similar place.

Universal adoption required

Something as fundamental as identity must be universally adopted in order for it to work, and making a highly complicated technology like blockchain accessible and adopted by every citizen will be a huge challenge. To have an identity on blockchain, individuals are assigned a key that must be used to access and control their personal information.

One solution to this is the creation of an app that can manage everything. Would someone without a smartphone be able to access their identity via an app? What about your digitally-averse grandmother or grandfather? Furthermore, an app like this would create a heap of security problems of its own.

Overcoming the security cycle

The need to better secure and manage our identities is the very reason why this discussion is so important. While blockchain has the ability to significantly improve identity management and security, that effort goes to waste the moment you put the key to all of that information in an app.

When a user is assigned a key, required to download an app, create an account, store the key on the smartphone and in the cloud, it becomes a target. While cybersecurity measures are constantly improving, the bottom line is that applications get hacked every day, and an application storing the key to everyone’s identifying information ‒ passports, birth certificates, medical records, you name it ‒ is a hacker’s dream come true.

There’s no doubt that blockchain will play a role in the future of identity management, but the extent to which it is used will depend on our ability to think beyond our current solution set and apply emerging technologies to build a secure user experience for digital identity. There’s no doubt this will be challenging, but the rewards could be significant.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags dark webBitcoinOkta

More about AustraliaAustralia PostBlackmores

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Frederic Kerrest

Latest Videos

More videos

Blog Posts