Okta’s Frederic Kerrest explains the potential of Blockchain for identity services and the obstacles that must be overcome
Blockchain, the digital ledger technology behind Bitcoin and Ethereum, was initially made popular on the dark web, allowing criminals to sell illicit goods on the Silk Road.
Despite its dark beginnings, it has found its way into the mainstream over the past year, with financial institutions such as Goldman Sachs and Citi investing heavily in the technology.
While it was created to facilitate payments, many analysts and future gazers believe it also has the potential to become a primary identifier.
When leveraging blockchain, data exchanges cannot be erased or changed without leaving a digital record — forgeries are practically impossible and it’s extremely difficult to hack. It’s easy to leap to the conclusion that if transactions on the blockchain are immutable, it could be used to manage your identity.
Think about all of the areas that would benefit from a consolidated identity layer — healthcare, voting, travel, banking and beyond. Many have argued that blockchain is the answer, but is akin to saying autonomous cars will be the only vehicles on the road by next year. Someday, perhaps. Next year, definitely not.
Blockchain is not currently a rip and replace for existing identification systems. A lot of work must be done to make it a workable backbone for identity management.
To get blockchain ready for primetime, collaboration between businesses and the public sectors is critical. Project Jasper, a first joint effort between Canada’s central bank, payment systems operator and financial institutions to experiment with blockchain in the private sector is a great example. Other companies will need to follow suit to make it a suitable tool for identity.
Looking ahead, here are three of the most pressing issues with blockchain we will have to address before we can make any declarations about its future as a universal identifier.
Calling all regulators
Blockchain’s lack of regulation is exactly why early-adopters in the cryptocurrency world love it, but this is not viable for national institutions. Established legal, and well-defined protections for users are vital.
We need a trusted entity to establish enforceable rules for how it will all work, including basic protections for consumers. If someone robs a traditional bank for instance, customer account balances don’t change. Unregulated Bitcoin users do not enjoy the same benefit.
Regulators will also need to figure out how to manage the irreversible nature of blockchain. Given that it stores information on a distributed and ever-changing database, parameters must be in place that allow people to somehow reverse or fix problems tied to their identities. Currently, a victim of identity theft in the US cannot change their Social Security number, causing problems if it’s stolen. If regulatory bodies can not find a solution, this may leave blockchain in a similar place.
Universal adoption required
Making a highly complicated technology like blockchain accessible and adopted by every citizen will be a challenge. To have an identity on blockchain, individuals are assigned a key that must be used to access and control their personal information. The practical solution to this is the creation of an app that can manage everything.
Would someone without a smartphone be able to access their identity via an app? What about your digitally-averse grandmother or grandfather?
What’s more, an app like this creates security problems of its own.
Overcoming the security cycle
The need to better secure and manage our identities is the reason why this discussion is so important. While blockchain has the ability to significantly improve identity management and security, that effort goes to waste the moment you put the key to all of that information in an app.
When a user is assigned a key, required to download an app, create an account, store the key on the smartphone, and in the cloud, it becomes a target. While cybersecurity measures are constantly improving, the bottom line is that applications get hacked every day, and an application storing the key to everyone’s identifying information ‒ passports, birth certificates, medical records, you name it ‒ is a hacker’s dream come true.
There’s no doubt that blockchain will play a role in the future of identity management, but the extent to which it is used will depend on our ability to think beyond our current solution set and apply emerging technologies to build a secure and compliant user experience. There’s no doubt this will be challenging, but the rewards could be significant.
Frederic Kerrest is the COO and Co-Founder of Enterprise Identity firm Okta