Extra Surveillance May Stay After the Corona-crisis Is Gone, But Privacy Can Still Be Protected
In his online presentation, Stepan Gershuni, Bitcoin evangelist and the CEO of Credentia, talked about real technologies that may help avert a dystopian privacy crisis. This is the adaptation of the Russian-language talk from ForkLog’s Digital Middle Ages online conference.
The thing I want to talk about, self-sovereign identity, is an architecture-level technological solution implying safe storage and peer-to-peer access to data.
It is also an ideology and it has a lot in common with ideas behind Bitcoin. Bitcoin is a technological solution but it is also the idea that money should be decentralized, nobody should control it, etc. Here we have similar things. Self-sovereign identity (SSI) is a technology architecture that manages sets of facts about a person, object, or organization peer-to-peer and in a portable form. There shouldn’t be a centralized database that will inevitably be either hacked or leaked by one of the employees.
SSI also solves the problem of proprietary access to information. Facebook and Twitter are typical examples here. Both are free to use, but all the data generated on the platforms are owned by the platforms. As a user, I have no freedom to take this data, such as all my posts or my follower lists, and move it somewhere else.
Traditionally, there are paper documents, which are inefficient, fragile, and hard to verify, and records in centralized databases, which presents a single point of failure and makes data vulnerable to hacks and leaks. The idea behind SSI is that the user controls and stores their data themselves. As a naive implementation, they can store data locally on their device, but it can also be stored in cloud storage protected by multisig.
Importantly, self-sovereign identity isn’t a single technological solution. It is a stack of technologies. It is also crucial that the technologies involved are open-source.
Implementing this whole concept already involves large players like Microsoft, IBM, Blockstream, and other serious companies. The main ideologist in SSI is Christopher Allen. About 15 years ago, he created TLS, which is the protocol that is used billions of times each day. SSI is being built on the foundation of the W3 Consortium, the organization supervising most of the standards used in internet communication like HTTP and HTML.
The most basic level of the SSI technology stack is the data storage level. It can be built on a blockchain, but not necessarily. There are lots of decentralized storage projects similar to IPFS. These aren’t blockchains, but follow the ideas of decentralized access and verification of data. In a blockchain, we can store proofs of certain facts, such as that you’ve been issued a driver’s license, but we can’t store large amounts of data there. Blockchain is solving the problem of trust, but it is not absolutely necessary for the system to work.
Next, there are two levels that represent the key concepts within SSI: decentralized identifiers and verifiable credentials.
Decentralized identifiers have to do with the standard procedures with the user’s cryptographic keys: what to do if a user lost their device or private key and how to make these interactions peer-to-peer and as anonymous as possible. The idea is that a user should have a separate identifier for each interaction. The ID involved when I get my diploma from a university and the ID involved when my bank gives me some sort of confirmation shouldn’t be the same and shouldn’t be linked to each other. This way, I will be controlling all my documents and data and will be able to disclose it voluntarily.
Verifiable credentials here are the actual facts about a person or an object: my grades, expiration date on my license, my posts, certificates, etc. Here, there are three key players: issuer (the one who creates the fact, such as an authority issuing a license), holder (a person or a crypto-wallet that stores the information in question), and verifier (the one who needs to figure out if certain facts are true).
This architecture is a prerequisite for creating a so-called “transitive trust.” With transitive trust I would’ve been able to get, say, dozens of different education certificates from Coursera and other resources, keep them all in one place, and selectively show them when I need it, for example, applying for a job. Each of such facts would be completely verifiable. In this area, the crypto-industry has a lot of great things to offer, such as zero-knowledge proofs that let you prove certain facts without disclosing them.
SSI and Impact of Pandemic
The pandemic brings up privacy problems. State and municipal governments, as well as other organizations, introduce surveillance systems meant to monitor and control the spread of the virus. These systems have to be deployed right now to be effective, but there won’t be a lot of reasons to scrap the surveillance when the crisis ends. As a result, we might get something similar to the situation in China where WeChat knows everything about you and regularly shares information with the government.
SSI has technical solutions to these problems. It is possible to create such verifiable credentials that will be able to tell about your geolocation, medical test results, etc. but will belong to you. This way, there will be no need for a centralized database controlled by a single entity, the system can work peer-to-peer.
Watch the full video on ForkLog YouTube channel
Subscribe to our Newsletter<
- Mastodon Review: Federation of Bubbles
- NewTON Blockchain Launched Test Network, Building Upon TON’s Original Source Code
- TON Developers Pushed Final Code Updates, Now It’s Up to Community
- Does Your Phone Eavesdrop On You? It Can but Not Necessarily Does
- Chinese Province Wants to Label Citizens by Their Health Rating Using Data on Their Sleep, Eating, and Exercising
- Zoom Users Fall Victim to Personal Data Stealing Malware, Research Says
- Hackers Can Impersonate Bluetooth Devices to Steal Users’ Personal Data: Is This a Threat to You?
- Searching for Search Engine and Post-Google Dream