By Mung Ki Woo, VP Trust Services at Ledger
In less than a generation, the Internet has completely transformed our lives, providing access to services which are so advanced that they could have passed as magic in other times, to paraphrase the famous quote from Arthur Clarke.
However, the downside of today’s Internet is that our online existence belongs to someone else. We exist only as identifiers on many centralized platforms to whom we have provided all our personal information (name, address, banking details, etc.), who track our every move and expose us to our data being sold or leaked without us knowing and very high risks of piracy.
In short, we are not in control of our online identity.
The next Web generation, known as Web3, promises to change this state of affairs by giving power back to users thanks to the advent of new technologies enabling both ownership of the data but also the immutability of the information.
Self-Sovereign Identities (SSI) lie at the heart of this change of paradigm that could not only define our future digital lives, but also rewire the entire structure of the Internet.
In today’s Web, our identity belongs to someone else
In “Self-Sovereign Identity,” Johannes Sedlmeir makes a clear distinction between two concepts too often mixed: “identity” and “identifiers”. What we are experiencing in today’s Web are some external organizations identifying us as citizens, community members, customers, etc. But this isn’t our “identity.” Those are identifiers.
Browse any website, use any mobile application and we are invited, or sometimes forced to create such identifiers (which can then be used to subsequently login). With each one of these identifiers, we are asked to relinquish our personal information and allow detailed tracking. Of course we are getting something in exchange: free access to an attractive service. But at what cost? What does each provider know about us? Do we realize that all the messages we send, all the content we create and our every move is stored and processed? How many of these companies hold a copy of our banking details and/or our government-issued IDs?
The overwhelming majority of us have no idea and we would be shocked if we were told in detail.
In today’s Web, our personal data, and so our identity, belongs to someone else, because everything we do is via identifiers behind which centralized databases systematically store all our data. Unfortunately, we only exist via these identifiers under the control of companies or governments. We can disappear on a whim of these entities. Each one of these centralized databases also is an attractive target for hackers, leading to ever increasing identity fraud issues. For example, already a third of US consumers have suffered from identity theft. In 2020 only, the FTC handled 2.2 million child identity theft incidents, while 15 million Americans become victims of identity theft every year.
Shifting the Internet’s balance of power with Self-Sovereign Identities
The emergence of Self-Sovereign Identities is a game changer as it promises to change the Internet’s currently flawed structure by placing the user at the center.
Let us use an example to explain how SSI works. Imagine that I want to buy alcohol. In the US, I would need to prove that I am over 21. In the physical world, this would be very simple: I would show my government-issued ID document to the store’s sales clerk. The government would not be told and the store would not keep my name or keep a copy of my ID.
However, in today’s Web, an equivalent transaction is simply impossible: the e-merchant would have to call the government-run central ID platform to obtain the desired confirmation. Thus, the government would know about my purchase of alcohol, and the e-merchant would likely store my personal information (name, ID document number, etc.) together with the details of my purchase. Do we really want these entities to know everything we are doing, when we just wanted to prove being over 21? Also, in many countries, governments do not provide a digital ID service, which makes the situation even worse.
SSI turns the situation around: the user, equipped with an identity wallet, is now at the center. This identity wallet retrieves from the government systems a digital identity (also called the user’s identity credential). This is similar to having a government-issued ID document in one’s pocket. To the wine e-merchant, this wallet is now able to provide a so-called ID presentation which only says that the consumer is over 21. This ID presentation is calculated from the government-issued credential and refers to this source.
By putting the user at the center, SII solves all the problems listed above:
- The e-merchant fully complies with the law: the ID presentation has the same trust level as the original government-issued credential.
- The government never knows that their credential was used to carry out this transaction, as the verification was based on an ID presentation generated by the user’s identity wallet.
- The user only discloses the required information (whether they are over 21 or not) and not anything more.
In contrast to today’s identifiers, SSI shifts control away from external providers to individuals who become the true masters of their identities. With SSI, service providers no longer need to store sensitive private information such as government–issued ID, as these can be provided as ID presentations with the same level of trust as the original credentials.
Ledger’s Commitment to Self-Sovereignty
We embrace all the efforts towards making self-sovereign identity a reality.
Today, we are the world’s leading Web3 platform enabling you to protect and manage your crypto, NFTs and Web3 value. In the near future, we will also protect self-sovereign identities and enable a new Web experience based on trust, ownership and privacy.
In this context, Ledger has recently joined Project Verite, a decentralized identity coalition giving people and organizations direct control over how, when and where their personal information is shared when doing business in the crypto economy. Through this involvement, we aim at contributing to the creation of common standards that we consider as prerequisites to scale new digital identity services around the globe.
We also recently released a comprehensive policy proposal entitled “How Can Europe Lead Innovation and Win Web3? Ledger’s 4 Recommendations for EU Policymakers” which would enable the EU to seize the Web3 revolution, and we believe that scaled SSI solutions should play a fundamental role in this regard. Europe should embrace this technology and invest in its development as it has the potential to enhance financial freedom while impeding financial crime.
With SSI, let us build together the better Internet we all aspire to, where we take back control of our digital selves and experience true self-sovereignty.