Fragmented. Insecure. Lacking in interoperability. These are just some of the realities of today’s digital identity landscape, according to a new report published by the European Union Blockchain Observatory & Forum.
“There are persistent – and increasingly serious – problems with the way digital identity works,” says the report, ‘Blockchain and Digital Identity’. “For individuals, but also for businesses and governments, the status quo is becoming less and less tenable.”
But the report maps out a path to improving the current digital ID landscape, in which citizens typically use a huge range of systems to access public and private services. “It is now possible to build new identity frameworks based on the concept of decentralised identities,” its authors write, setting out six recommendations for public sector business owners and digital professionals.
A use case for blockchain
A blockchain is a decentralised, distributed and public digital ledger used to record transactions across many computers, so that any involved record cannot be altered without the alteration of all subsequent blocks. Expectations of blockchain’s potential for digital ID are high, and the report says that concepts such as self-sovereign identity (SSI) are “taking hold” in the EU.
Across the EU, the electronic Identification, Authentication and Trust Services Regulation (eIDAS) and the General Data Protection Regulation (GDPR) are identified as the two most important regulatory regimes. And the 27-page report recommends that the EU “clarify open regulatory questions” – in particular around the standing of blockchain-based signatures and timestamps under eIDAS.
Further specific recommendations for the EU include: to “educate and encourage” government agencies on decentralised identity and their role as issuers; to give legal clarity on the re-use of issued credentials outside of their original regulatory environments, such as those subject to Europe’s 5th Anti-Money Laundering Directive; and to consider using “smaller cities as excellent testing ground for decentralised identity frameworks”.
Reacting to the report’s publication, Ott Vatter, managing director of Estonia’s e-Residency programme, told Global Government Forum: “Digital identity is key to establishing trust. If the highest standard of signature can be created using time-stamped blockchain technology, this would unlock a truly decentralised way of exchanging documents and data in EU.
“The recommendations brought out in the paper are definitely a step in the right direction, and it’s great to see Blockchain Forum taking an active role in demystifying this complicated sphere.”
Stefaan Verhulst, co-founder of the Governance Laboratory (GovLab) at New York University – a research foundation that works on how to transform governance using advances in science and technology – has previously cited identity as one of three types of applications where blockchain could have substantial impact (the other two being ‘track-and-trace’ and smarter contracting). GovLab is behind the ‘Blockchange’ platform: a hub showcasing how blockchain can be used to drive social change.
A key building block
Asked by Global Government Forum for his view on the report, Verhulst said: “From all the emerging ‘blockchange’ applications, identity management – as it relates to people, tangible objects, and intangible objects – appears to be the most foundational, firstly because of its prominent role in social change; second, it underpins most other blockchain applications; and, third, it may provide a necessary missing ID protocol layer on the internet.
“Yet identity is not just a set of attributes – it involves a process composed of provisioning, authentication, administration, authorisation and auditing. Each stage has its own unique challenges today, each of which may or may not be addressed by mobilising relevant blockchain attributes – including decentralisation, which is the main focus of this report.”
Verhulst continued: “A key take-away from our work, and reinforced in the European report, is that not all current blockchain technologies are equally applicable or mature across the identity lifecycle. It appears that blockchain provides the most potential to improve the authorisation and auditing stages of the identity lifecycle, potentially providing more user-control and security – with implications for human rights, national security, voting, and financial services, among many other topic areas.”
Asked to name the biggest challenges facing the EU in this area, Verhulst cited a “lack of governance and ethical frameworks that can help scale the use of blockchain,” and “poorly defined problem definitions or use-cases”. He added that “blockchain is still being promoted as a solution in search of a problem,” and advised that “a common expression of the key information assymetries Europe wants to tackle and hav[ing] a dedicated focus toward those priorities would help”.
Regulate, but don’t control
Paulius Vertelka of Infobalt, the Lithuanian ICT industry body that represents the sector and provides digital services to government, also gave his reaction to the report.
Vertelka, who is Infobalt’s director, told Global Government Forum: “We support the recommendations to clarify EU-level regulation on the use of specific technologies in electronic identification processes. However, no specific technology should be hardcoded in the regulation and handed supremacy over other technologies.
“Currently blockchain technology can hardly be a standalone solution for eIDAS implementation as it must have an integration with public key infrastructure. The idea to develop European self-sovereign identity framework sounds interesting enough to pursue, but again it should be technology-neutral so it leaves an even playing-field for different technologies to prove [themselves]. The European SSI framework idea will also have to be synchronised with current identity frameworks where governments are the sole issuers of an official identity for it to be truly impactful across the EU and beyond.”
The EU Blockchain Observatory & Forum is funded by the European Commission’s Directorate General for Communications Networks, Content and Technology (DG CONNECT). Partners include the University of Southampton, the Knowledge Media Institute at the Open University, University College London and the Lucerne University of Applied Sciences.