The need for secure, privacy-centric, fraud-proof digital identities that allow us to demonstrate our credentials has never been greater.
A year unlike any other, when much of life went online, created a compelling case for digital identity. Talk of “immunity passports,” privacy-protecting contact tracing apps and even a potential move to online voting systems all speak to the need for robust digital identities.
In July 2020, the World Economic Forum published a briefing paper covering the risks and opportunities around “the internet of bodies.” From wearable technology to connected medical implants, it’s evident that our future digital identities could comprise more data than we ever thought possible.
But the push for digital identity is also provoking strong pushback. The idea that we should hand over even more control of our data to governments and institutions is a cause for alarm for many people.
Technology is the solution, not the problem
The answer to this problem doesn’t lie in maintaining the status quo. If anything, the events of 2020 have underscored that our current approach to identity isn’t fit for purpose. As we move increasingly online, the cracks in the existing system are only becoming more apparent.
In the crypto space, particularly, there has been a push toward anonymity as the solution to data privacy. But this isn’t the answer, either. It’s simply not possible to exist in the real world and remain completely anonymous. Taking a flight, paying for goods and services online, obtaining medical treatment or being allowed to drive a car are just a few examples of everyday actions that are tied back to our identities.
Technology is the answer. Cryptographic solutions such as zero-knowledge proofs solve the trade-off between anonymity and privacy on the one hand and being able to prove our identity when there’s a legitimate need to do so on the other.
A practical example could be the much-discussed idea of “health passports.” Let’s say you want to take a flight in early 2022. All the airline really needs to know is that you aren’t going to pose an infection risk for fellow passengers. Perhaps you’re also entering a country that requires immunity from yellow fever. You get your COVID-19 and yellow fever vaccines, and the status is added to your digital ID, encrypted by zero-knowledge proofs.
You can now prove that you’re safe to fly without disclosing where or when you had your vaccines, or at which clinic, or which doctor administered them. The airline could simply scan a QR code on your phone that confirms you’re not going to put anyone else at risk.
While COVID-19 creates a compelling immediate use case, there are far-reaching applications. If you want to buy age-restricted items like alcohol or tobacco, you could generate a QR code to prove your age without needing to show a copy of your identity documents. Similarly, if you wanted to rent a car or take out a loan, you could demonstrate your driving license or credit history without distributing copies of personal information.
Preventing abuse and ensuring compliance
Underpinning this system, there needs to be a fail-safe mechanism that allows someone’s identity to be revealed if there’s a legitimate legal need to do so. This is necessary to ensure compliance with the relevant jurisdictions and prevent the system from being abused by bad actors.
For example, if someone used a rental car to rob a bank or even just got a speeding ticket, the authorities will want to know who they are. In this case, the zero-knowledge proofs can be decrypted. However, decentralizing this responsibility across multiple parties ensures that it’s not subject to misuse or abuse and removes the single point of failure.
In 2021, we will start to see the beginnings of a system where people can walk around with their digital identities in their pockets. It will be the beginning of the end for antiquated, document-based systems and the start of a new era of self-sovereignty over our data.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.