Can Blockchain be used to allow citizens to control their identities?

In the first days of existence, our arrival to the world is registered in a Civil Registry Office, which, on behalf of the State, issues a birth certificate. This is our first identity in society.

From then on, the main facts of our civil life (marriage, death, among others) are also registered in a notary’s office, and complemented by other documents, such as ID and Individual Taxpayer Registry, issued with the function of identifying the same person before different legal facts (enrollment in institutions of education, assistance at health care units, opening of bank account, for example).

If there is a need or interest in driving vehicles, we will need to obtain a Driver’s License, a document intended to identify and certify we are qualified for driving.

Our “collection” of documents, however, will not be exhausted at this point. If we wish to travel to other countries, then it is necessary to issue an identify that is valid abroad – the Passport[1].

Here, it is also important to highlight the large volume of “investments” annually made by companies in mechanisms for identifying clients and partners, especially financial institutions, given compliance rules [2] and the multiple documents and certificates issued by agencies for identification of the same person.

From this framework, the urgent need to replace this traditional and analogical identification model (ineffective, bureaucratic and systemically deficient) by a unique, digital and universal identity system, more in line with technological advances and speed of transactions implemented by Digital Economy, Internet Economy or Web Economy[3].

In seconds, we can send an email to the other side of the world, but we spend hours waiting for the issuance of a second copy of our Identity Card or renewing our Driver’s License. This does not make any sense! It is necessary to optimize the collection of personal data and accelerate its verification, as well as change the way of storing and making this information available, returning ownership and possession of data related to civil identity to individuals, who are the actual owners of their personal information.

Nowadays, there is an urgent demand in the world for a unique, digital, sovereign and universal identity that gives people the power to choose whether or not to give their personal data to third parties, such as social media and companies, whose access to personal information should only occur upon permission of citizens who, in turn, could choose to discontinue such access at any time.

Despite the lack of knowledge of many people, such replacement of the traditional system of analogical identity by a system of universal and digital identification is already possible with the use of blockchain technology which, despite being at embryonic stage (similar to that of the early years of Internet), has been successfully used in Estonia whose population, more specifically 97.9%, has a unique and digital identity [4].

With a single registration via blockchain technology, individuals acquire more freedom and direct control over their personal data, being able to decide how much, when, and to whom their personal information will be made available. Thus, the use of data should be released by the identity holders themselves, who could even be remunerated for the availability of their personal data. Yet, maintaining identity control with citizens would make it easier to apply the “right to be forgotten”, in line with the new General Data Protection guidelines adopted by the European Union, which will be best explored in a separate article.

In addition, there is considerable improvement in security with management of identification through blockchain, which given its decentralization, hampers the penetration of hackers in the identity system, thus avoiding any malicious modification of identity information by third parties, or even restricting the population to access identification documents, especially passport, as occurred in countries under a dictatorial regime, or in situation of civil war.

It is important to demystify the mistaken belief that a universal identity system would put privacy at risk. Such an assertion is, in fact, a consequence of the lack of knowledge of the stage at which blockchain technology currently is. The fact is that there is not only an open platform, nor a single blockchain where anyone can query or modify information or change the system as a whole.

There are several types of blockchains, classified as “open” or “closed”, depending on how they approach their security model and threats. Blockchains may also be either public or private[5], permissioned or permissionless, with various governance structures and rules that may be implemented in several existing platforms, which allow the use of this technology for a wide variety of purposes, with applications to a wide range of audiences.

Considering the secrecy and security required to implement and manage a single, digital, sovereign and universal identity, such requirements would only be achieved through Distributed Ledger Technology (DLT), which may be closed or open permissioned blockchain [6], in which only authorized users have access to all data and may include or suppress information and change the network.

The debate is long, and will certainly require regulation at international level, so that blockchain technology enables creation of a unique, digital and universal identification system for the benefit of the whole society, really able to avoid abuses by governments and companies, and allowing citizens to exercise full power over their own personal data.

__________________

[1]  Guzmán, Liana Douillet. In: Oxford Blockchain Program: What are some key applications of blockchain technology, both in the financial services industry and beyond. University of Oxford, 2018.

[2] For example, among the obligations imposed on financial institutions to prevent the use of financial system for the practice of money laundering, it is important to identify, keep updated, and retain customer data for at least five years, from the first day of the year following the closure of current accounts or operations (Law 9.613 / 98, article 10, § 2 and Circular Letter BACEN 2,852/98, article 3)

 [3]  “(…)a new business model that uses information and technology as communication facilitators, data transfers, and business transactions. ” Revoredo, Tatiana. In: A digitalização da sociedade: economia da Web (impactos e reflexos na sociedade atual) (Digitization of society: Web economics (impacts and reflexes in current society)). Jota. 5/19/2017. Available on: https://www.jota.info/opiniao-e-analise/artigos/a-digitalizacao-da-sociedade-economia-da-web-no-brasil-19052017. Last access on 4/5/2018.

[4]  E-estonia. In: e-identity. Enterprise Estônia. Available on: https://e-estonia.com/solutions/e-identity/id-card/ . Last access on April 03, 2018.

[5] Jayachandran, Praveen. In: Blockchain Explained – The difference between public and private blockchain. Published by IBM Blockchain Blog on May 31, 2017. Available on: https://www.ibm.com/blogs/blockchain/2017/05/the-difference-between-public-and-private-blockchain/ . Last access on April 03, 2018.

[6] Shrier, David. In: Oxford Blockchain Program: Transforming enterprise business models”. University of Oxford. 2018.


By Tatiana Trícia de Paiva Revoredo and Rodrigo Caldas de Carvalho Borges

DISCLAIMER: Opinions expressed by Coinschedule Blog contributors are their own.

Rodrigo Caldas de Carvalho Borges
President of the Entrepreneurial and Startups Commission of Brazilian Bar Association, section Pinheiros and partner at LLM – Lucas de Lima e Medeiros Attorneys. Currently attending Specialization in Blockchain Strategy at Saïd Business School, University of OXFORD. Specialized in Digital Rights and Startups by INPER and in Blockchain by Blockchain Academy. Master of Laws in Corporate Law by INSPER. Law graduate by Pontifícia Universidade Católica de São Paulo – PUC/SP