Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
The ubiquitous digitization brings both the better ways of handling information and more opportunities for bad actors to exploit whatever we put online.
In this piece, Stepan Gershuni, CEO of digital identity firm Credentia, explains how the blockchain-based self-sovereign identity technology can help users regain control over their personal data.
We live in an era of digital feudalism. Large tech companies and nation-states have more power over our online data then we do. Ubiquitous data collection for market research, personalized ads, or pseudo-security leads to frequent mass hacks and leaks. Over the last year alone, there were at least 3,800 reported hacks affecting over 4.1 billion accounts and records.
The interest in the issue of control over one’s own data from media and the general public is growing. According to Pew Research, 81% of Americans think they don’t have enough control over the information online. The public demand necessitates a two-fold response:
- Market. Last year, U.S. companies spent $19 billion on protection and audit of personal data storage systems.
- Regulatory. Democratic governments introduce data protection laws en mass: GDPR and CCPA. Their authoritarian counterparts try to get away with fakery and consolidate as much data as they can in shady systems like Russia’s new personal data registry system.
From Feudalism to Rennaissance
The shift from feudalism to the Rennaissance is self-sovereign identity technology. It lets you store and confirm any facts about yourself. These facts are stored in a cryptographic wallet and only the user can control the information.
The technology also allows you to work with documents and facts just like you would with paper. Only you hold and control it deciding who can see particular parts of the documents. All that happens digitally in a more secure and efficient way.
Modern authorization systems store too much information. After you register an account with an online shop or a service, it will store your email, address, password, and lots of other information indefinitely. Moreover, if the service gets hacked and your data is stolen, your other accounts will be threatened as well.
In a self-sovereign identity system, you have a single cryptographically protected wallet you’ve created once. It holds facts about you: email, height, date of birth, and driver’s license. You control access to this information and can change or deactivate the access keys at any time.
If you lost the key, there’s the “social recovery” feature or a “secret phrase” that can be anything from a picture to GPS coordinates. When visiting an online store, you chose whether to share information about your height to form a personalized feed of clothing items. You know that your data isn’t stored on the server and is available only with your consent, so you can restrict access whenever you feel like it.
Thanks to the attention given to this problem, the technology has already gone mainstream:
- Ontario and British Columbia launched the VON project for state-issued documents.
- California introduced a law regulating the use of the protocol for medical records.
- Bank and credit unions use portable KYC.
- The U.S. issues trusted digital passports for doctors and nurses.
- Over 20 IT companies, including Oracle, SAP, IBM, Microsoft, and Workday, allow people to create provable and verifiable career credentials.
- Universities around the world grant digital diplomas and certificates.
This is an adaptation of the original Russian-language article written by Stepan Gerhsuni for ForkLog
Subscribe to our Newsletter<
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack
- Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
- Are RSA and Cryptocurrencies Safe Despite Quantum Computing Progress?