Could Blockchain Technology Help Avoid Another Cambridge Analytica? Posted on : Apr 12 - 2018

Facebook and Google offer free services in exchange for user data, but that data can be misused. Could blockchain technology help users regain control of their information?

The role of centralized internet giants as “digital identity brokers” is under fire.

While users worry about privacy, tech giants (like Facebook and Google) primarily focus on generating profits and satisfying shareholders.

These companies make money by collecting, selling, and analyzing user data, primarily on behalf of advertisers. In 2017, Facebook brought in about $40B in advertising revenue — a figure that represents almost 20% of the global online ad market, and is expected to grow in coming years.

As these companies collect data, there’s an ever-present risk of misuse of personal information — as most recently highlighted by the Cambridge Analytica and Facebook scandal. 

“Federated identity,” in which a single credential is used to sign in across the web, is starting to gain traction. Facebook, Google, and Twitter already offer “social sign-in,” which makes it easier for users to sign in with pre-existing digital credentials.

While this can offer users a more seamless experience, this process also puts more power in the hands of these internet giants acting as identity brokers, and gives them even more data.

How blockchain could shift control back to users

Users want to own their digital identities in a way that maintains privacy and permits only certain organizations or individuals to access, store, analyze, or share personal data. At the same time, enterprises need to identify and authenticate customers, while building a profitable data moat and complying with user privacy regulations.

If the shared digital history in question were an identity management system — or a database of identifying information — it might shift power and control toward the user and away from the enterprise.

In a perfect world, identity management might look something like this:

Personal and unique to the user

Persistent and living with the user from life to death

Portable and accessible anywhere

Private, with only the user giving permission to use or view personal data

A blockchain is a type of distributed database that allows untrusted parties to agree about a shared digital history, without a middleman.

If the shared digital history in question were an identity management system — or a database of identifying information — it might shift power and control toward the user and away from the enterprise.

There are two schools of thought around applying blockchain technology to identity:

1. USER-CONTROLLED IDENTITY

First is using a blockchain for user-controlled identity. A user-controlled identity is similar to a social media account: no pre-existing identity credentials (like a driver’s license or birth certificate) are required to create one.

A blockchain-based account could then be used across the internet, and moreover, a user could grant and revoke access to his or her information on a case-by-case basis.

A number of companies and organizations are working on this kind of solution, including Sovrin, uPort, and Blockstack.

Sovrin is a nonprofit that governs a distributed identity network as a public utility. Its parent organization, Evernym, is developing enterprise solutions on top of Sovrin, including one focused on credit unions. Evernym has raised $7M to date.

Another solution comes from uPort, which offers a mobile wallet built on top of the Ethereum public blockchain. The wallet will allow users to control access to their identity and tokens. Currently uPort is working with the city of Zug (in Switzerland) to register identities on the Ethereum blockchain.

Finally, Blockstack aims to reimagine internet privacy, with identity as the foundation. Users will be able to control their identities, issuing and revoking access on a case-by-case basis. The company has raised $57M in combined ICO and VC financing.

2. IDENTITY ATTESTATION

The second school of thought focuses on identity attestation. Unlike user-controlled identity, attestation would mean verifying pre-existing credentials (like a driver’s license or birth certificate), and then tying that information to the rightful owner on a blockchain. This effectively creates a decentralized database for traditional forms of identification.

Companies working under this school of thought include SecureKey, Civic, and ID2020.

SecureKey is launching a product called Verified.me to help banks prove user identification, and is working with IBM to build a digital identity network for Canadian banks. The company provides services beyond blockchain-focused solutions and has raised $73M.

Civic is another high-profile company working in this area, enabling users to share and manage their verified identity data via a blockchain. This allows users to provide multi-factor authentication without a username or password. The company has raised $36M in equity and ICO financing. View More