The Future of Digital Immutable Identities

With physical books quickly becoming antiquities, it’s quite quaint to consider that we still carry a small book of paper in our pocket that provides us with the only way we are able to enter or even leave a country. Passports are not only expensive, but in most cases, especially in developing nations they are also a luxury. Take the Turkish Passport for example; applying for one will set you back $251 which is roughly equivalent to working for 95 hours on minimum wage; making it virtually inaccessible to a large portion of Turks. For refugees or those from failing governments that can no longer access information or records to prove who they are it becomes a paradox. As a result, digital identities have become one of the more meaningful technology trends on the planet at the moment.

According to a recent survey by the Pew research center there has been a remarkable increase in smartphone ownership and internet usage in both emerging and developed economies. What if we could use our smartphones to not only identify ourselves, but also make transactions, sign documents and to do so securely without having to go through third parties? What if we could truly own our digital identity? Technically, it’s already possible.

The discussions around forging self-sovereign identities are definitely interesting and the possibilities for Digital IDs are truly endless, but in reality – especially at a national level; we’re just not there yet. As the President of Estonia, I represent the only truly digital society which actually has a state; almost all our citizens’ interactions with the government, including voting, can be done securely online, and our “e-residents” can incorporate and run their businesses in Estonia without ever having to set foot here. Thankfully there’s currently one country that has taken the leap and started to experiment with Digital Identities at a State level; Estonia. This former Soviet Republic country in northern Europe is way ahead of the curb in digitising public services and has now come to be considered the most digitally advanced society. The President of Estonia was quoted as saying that he represents “the only truly digital society which actually has a state; almost all our citizens’ interactions with the government, including voting, can be done securely online, and our “e-residents” can incorporate and run their businesses in Estonia without ever having to set foot here”. Yes, you read that right. Estonian e-Residency is not only open to Estonian citizens, but also foreigners from all over the globe. It’s all made possible via Blockchains.

Theoretically the Estonian e-Residency would allow a Malaysian entrepreneur to start an EU company that she runs from the comfort of her home in KL to serve clientele based all over the world making use of the EU’s extensive free trade agreements. She’d also be able to use her digital signature to sign contracts with customers throughout the European Union. Its 2017, we can essentially run a location independent company completely online with minimal hassle. With the Trump administration tightening the requirements for the popular H-1B Visa, the launch of the Estonian e-residency program could not have come at a better time. Immigrants are widely perceived as being highly entrepreneurial and important for economic growth and innovation. This is reflected in immigration policies in many developed countries who have created special visas and entry requirements in an attempt to attract immigrant entrepreneurs.

So what constitutes a Digital ID? The Digital ID essentially comprises of three domains, the authentication domain, identification domain and most importantly the authorisation domain. The identification domain allows the cardholder to be ID-ed properly just like any other ordinary ID card but the beauty of the Digital ID lies in the authentication and authorisation aspects. These two aspects of the Digital ID allow one to digitally sign documents, access secure services, and make secure transactions — without ever having to set foot in Estonia. The digital ID card and e-services are built on state-of-the-art technological solutions, including 2048-bit public key encryption. The digital ID card contains a microchip with two security certificates: PIN1 for authentication and PIN2 for digital signing.

So what exactly makes this Digital ID secure? Put simply – Blockchain; the underlying distributed ledger technology used for Bitcoin and other decentralised crypto-currencies. Estonia has had its fair share of cyber attacks over the years but nothing came close to the magnitude of the infamous 2007 cyber attack that was waged on them. To prevent a re-occurrence of the attack they developed their own scalable blockchain technology called KSI “to ensure the integrity of data stored in government repositories and to protect their data against insider threats.” Some describe the attack as a blessing in disguise as it turned Estonia into the cyber security giant that it is now today; hosting both the NATO Cooperative Cyber Defence Centre of Excellence and the European IT agency. It was a great security test. We just don’t know who to send the bill to – Tanel Sepp a cyber security official at the defence ministry Sceptics in the fringes of the cryptosphere have questioned the authenticity of the Blockchain applied in the Estonian digital IDs citing Tarvi Marten’s (one of the masterminds behind the ID) explanation on how the KSI Blockchain functions in a Digital Identity Management book from nearly a decade ago. He said “Long-time validity of these [digitally-signed] documents is secured by logging of issued validity confirmations by the Validation Authority. This log is cryptographically secured by one-way hash-function and newspaper-publication to prevent back-dating and carefully backed up to preserve digital history of mankind.”

Regardless of whatever side of the debate you’re on, there’s no denying that Estonia is paving the way for other governments and shifting the paradigm for the better. The same centralised governance models that were first introduced when nation states were coalescing are still used in most countries today. The siloed approaches governments have long taken when building infrastructure are quickly becoming obsolete. The old style centralised databases will soon be replaced with shared non-redundant trustworthy systems where there is a more fluid interoperability between different stakeholders. This shift towards distributed governance can only be commended. Soon enough the notion of where you’re born dictating where you can and can’t go – what you can and can’t do will come to seem absurd. Please contact us if you would like to explore digital identities within your organisation.

Written by Mahamed Hagi – Research analyst at BCE Asia – @Mahamed_Hagi

join our mission to take the cryptic out of crypto