Digital identities and the future of technology
One topic discussed in a recent Treasury Department report on financial technologies and innovation is the need to update regulations to better facilitate the authentication of digital identities. Digital identity systems use digital authentication protocols or technologies such as blockchain to verify the identities of individuals or entities. The report discusses digital identity products and services in the financial services sector, but the ability for these technologies to improve “the trustworthiness, security, privacy, and convenience of identifying individuals and entities, thereby strengthening the processes critical to the movement of funds, goods, and data” can benefit a variety of economic sectors and the government as well.
As many of today’s new business models are fully online, innovators and consumers would benefit greatly from the existence of a digital identity that can be legally authenticated by a government authority and is portable for use on digital platforms. Similar to how a driver’s license can be used as proof of identity for a physical transaction, an established digital identity can be used for new transactions outside the original authentication process.
Managing and verifying identities with digital methods such as distributed ledger (blockchain) can improve transactions by making them less expensive, more secure, and more convenient. Verification of a person or item using a legally documented trust anchor helps combat fraud and counterfeit issues and can help reduce risk to all parties involved in a transaction.
The US Department of Commerce’s National Institute of Standards and Technology (NIST) has been working on establishing a technical standard around digital identity systems that will allow for easier enrollment and identity proof structures that have the authentication and life cycle standards that government institutions need as party of a digital legal identity. Once these standards become the norm, private industry partners can treat them as authoritative identity verification.
The NIST standards are risk based, giving the creators of blockchain-style identity management systems the flexibility to calibrate requirements for authentication or verification documentation. The level of risk corresponds with how much data are needed to identify the person or entity at the beginning of the process. For example, authenticating a person for a financial transaction carries risk and requires proof of identity through trusted credentials such as a driver’s license, current utility bill, or Social Security card. These physical documents are often used to validate a person’s legal identity and then used to bind that identity to a unique digital identifier that can be recognized throughout the digital identity ecosystem. A less risky transaction may not require full proof of legal identity to go through, just proof that payment will successfully occur.
Proof of legal identity and the ability to authenticate a person can be done with technology that actually enhances security and privacy. An individual could be authenticated at the beginning of a transaction, and the system would issue the person a unique federated identifier allowing the data to be protected in order for that specific system to recognize the person through the transaction cycle without publicly revealing their personally identifiable information.
The Treasury Department report identifies the need to remove legal and regulatory uncertainties that are keeping financial institutions from creating agreements that result in more secure and efficient data sharing compared to current systems of scraping publicly available user data from website logs. Aligning regulatory frameworks at the federal level should encourage state and local officials to consider opportunities to move their programs to a digital ledger for better transparency and accountability in city- and state-level information structures.
Businesses that exchange goods and services can perform transactions more efficiently with contractual agreements built into the digital transaction capability of blockchain technology. This makes the execution of the good or service part of a transparent record system that is permissioned, distributed, and sharable. The advent of trusted cloud services helps take this same technology and apply it to regulated or licensed items and transactions. For example, titling a vehicle on a blockchain-style ledger could show a chain of custody through the registration of the vehicle identification number, allowing transactions involving that vehicle to be part of a public record.
Decentralized record keeping allows authenticated individuals to access records through the cloud architecture. Blockchain technology could give medical providers access to patient medical records from various locations, allowing patients to share their most recent medical information available if they were hospitalized away from home.
Blockchain is also proving to be a great technology for logistics, as companies such as FedEx, UPS, and Procter & Gamble have discovered. A new standards organization, the Blockchain in Transport Alliance, has led the freight transportation industry in adopting a common framework of standards for industry participants. This allows logistics applications to provide an agreed-upon standard that can enable security and trust of the data being transported while speeding up the logistics process and eventually lowering transaction costs as more carriers and shippers adopt the blockchain platform. The blockchain technology enables proof of provenance and execution of delivery contracts with proof of delivery that can provide greater clarity and certainty in the chain of custody data from beginning to end of the transport process.
Creating identity proofing protocols that can be used beyond initial government enrollment with broad, standardized credentialing will be a great asset across multiple industries. The US government could be part of the solution with its ability to provide the essential components for digital identity management. This could enhance the ability for identities of both humans and physical items to be portable through the use of blockchain technology for credentialing. Official government registration processes can become part of the digital revolution that will serve as a starting point for accurate documentation of information and entities in the future.
Trustworthy authentication is key to our digital future, and having the US government as a trust anchor is a major step in the right direction.