In this first article covering the aspects of blockchain and distributed ledger technology (DLT) use cases, we will talk about identity management. The blockchain technology itself already has certain qualities like transparency, security and immutability that makes it very attractive for a range of use cases. Several attempts have been made to use distributed ledgers as the underlying technology to tackle the common problems one could stumble upon when trying to work online with personal information or identities as a whole.
DLT offers a secure and decentralized way of storing and verifying personal information, which can help protect against identity theft and fraud. It has the potential to change the way identities can be managed online.
By leveraging the decentralized, secure, and transparent nature of blockchain, digital voting systems can be built that are more efficient, accurate, and fair than traditional voting systems.
One of the key advantages of using blockchain for digital voting is that it eliminates the need for a central authority to oversee the voting process. In a traditional voting system, a central authority is responsible for maintaining a record of all votes, counting the votes, and declaring the winner. This central authority can be vulnerable to manipulation, errors, or even fraud.
With a blockchain-based voting system, however, each vote is recorded on a decentralized ledger that is maintained by a network of users. This means that there is no single point of failure and no central authority that can be compromised. Instead, the integrity of the voting process is maintained by the consensus of the network.
Another advantage of blockchain voting systems is that they can provide a high level of transparency. Each vote is recorded on the blockchain and can be viewed by anyone. This means that voters can have confidence that their vote has been counted and that the election results are accurate. Additionally, the use of smart contracts can enable the automatic counting of votes, further increasing the transparency and accuracy of the system. For more information on how such a system could work, you can have a look a FollowMyVote.
One of the most promising applications of blockchain technology in identity management is the use of self-sovereign identities. This allows individuals to have full control over their personal information, and to share it with others only on a need-to-know basis. The German government has tried to create a digital identity for its citizens with a blockchain as its key feature. With Bürgeridentität, a pilot project was launched based on the Ethereum blockchain. The goal was to be able to verify your ID card (Personalausweis), passport, or driving license digitally using your phone. Only the user himself would hold the private keys granting him access to his data. He would then be able to verify his personal information with other third parties using his phone. Also, a derived versions of the driver’s license was made available for cases where not all the data had to be shared.
Using the Bürgeridentität, Telekom started the project XRide, a fully decentralized scooter rental system utilizing multiple blockchain projects at once to fully automate the complete rental process. Since scooters require a driving license in Germany, POSTIDENT or a similar service would need to be implemented to verify the user’s identity. However Xride based the onboarding process of a new customer on the Bürgeridentität. The user could quickly verify himself with his phone without the need of getting in front of a webcam and waving his licence around. Paired with a payment system running as a dApp (decentralized App) on a blockchain, the typical centralized functionalities were now running decentralized on nodes fully automated.
The last example for identity management, which also made the German tech news (unfortunately), is the verification of official documents handled by governmental bodies. All of our important documents are handed out with a nifty stamp at the bottom and after then it is up to the people to keep those documents secure and available whenever they need them. The common problems of paper-based documentation are
- Records have to be exchanged physically via post or in person
- Additional copies have to be certified
- Physical copies can be lost or destroyed
- There is no loss of quality or human error/manipulation when digitizing a document
Being able to use a digital copy instead that can be easily verified could circumvent all those issues.
The Bundesdruckerei (responsible for secure identification via documents and devices in Germany) started a project for digitizing school certificates using blockchain technology. When a new certificate is created by an institution the hash value of it is simultaneously stored on a blockchain. When the owner of the certificate applies somewhere, the party receiving the certificate can verify the authenticity by checking the hash value on the blockchain.
At first this appears to be a sound idea, however on a second look the way it was implemented becomes more and more questionable. Apart from a trivial XSS vulnerability found soon after the test system went live, which allowed unsecured access to the API to create unsigned certificates, the whole approach using blockchain was brought into question. A German institute for data security (Berliner Beauftragte für Datenschutz und Informationssicherheit) released a report in 2021 saying that according to German law it wouldn’t be legal to use this system in its current state and on top of that all technical documentation is still missing. Sowing further doubt whether having a blockchain as its central means of storing the data they mention, that in terms of data protection law a person has the right to edit or delete all his personal information. Nevertheless a core feature of a blockchain is its immutability after information has been committed to a block and added to the chain, what directly violates the aforementioned right.
Furthermore the system would only be used between governmental bodies across Germany. Adding data to a blockchain requires the participants (nodes) to agree that the new block is in fact correct and the true continuation of the chain. This agreement between parties that don’t necessarily trust each other is created through various consensus mechanisms and an essential part of block generation. After all in our example there should be enough trust between all parties, since we are talking about the German government itself. So if you strip away all features not allowed or needed you end up with an extremely bloated distributed database. This begs the question if the choice of technology was the correct one or whether concept with a digital signature could be enough.
Blockchain technology has the potential to revolutionize the way we manage our identities online. Its decentralized and secure nature can provide a higher level of protection against identity theft and fraud. However it is important to make sure that necessary ground work has been done. A thorough analysis has to be conducted, whether the legal and/or technology circumstances are right for a project featuring blockchain technology. It seems tempting to use technology because of its novelty, but in most cases this does more harm than anything else.