Amid the enterprise blockchain hype of 2017 and 2018, digital identity emerged as one of the more compelling use cases for distributed ledger technology.
When Gartner described the possibilities for using blockchain in identity and access management as “almost too good to be true,” it didn’t seem to be an overstatement.
After all, blockchain adoption can solve many of the challenges surrounding digital identity management. It’s decentralized, trustless, tamper-proof, and secure digital signatures would allow people to choose exactly with whom they share their digital ID.
However, in the absence of any immediate solutions for blockchain-based identity management, blockchain users diverged into two camps.
On one side, there are the public blockchain users who tend to prize the pseudonymity of participating in networks like Bitcoin or Ethereum. On the other, there are the enterprise users who have veered towards private and permissioned implementations of blockchain – closed networks that allow them to know with whom they’re doing business.
This knowledge isn’t a mere preference. In the financial sector alone, the cost of compliance is a staggering $270 billion each year. If this seems excessive, then consider the costs of getting it wrong. Fines from the authorities are one component, but companies also have to consider the loss of productivity, business disruption, and eroded revenues resulting from a lack of trust.
Identity Verification as a Central Challenge of Financial Compliance
Identity management is a significant part of the hurdles associated with compliance. In a recent survey of 172 banks, over half of software analytics firm FICO’s respondents said that manual identity validation processes were a challenge.
This challenge is only made more difficult by the ongoing push for digitalization, accelerated by the COVID-19 crisis. In Europe, the Payment Service Directive 2 now puts even more stringent responsibilities onto financial firms to guarantee authentication and reduce the risk of fraud.
However, taken in isolation, laws and policies offer no practical solution to the challenges of managing paper-based documents in an increasingly digital world. So banks are now attempting to develop their own digital identity platforms.
In early November, Spanish bank Santander announced a collaboration with several other financial firms that aims to issue blockchain-based digital identities to customers. It plans to launch the solution in mid-2021, having “credential issuers” certify a user’s digital identity. They can then download a mobile app that will allow them to choose with whom they share their personal data.
The CBDC Imperative
The ongoing research and development of central bank digital currencies (CBDCs) creates an even more powerful imperative for digital identity solutions in the financial sector. Whether or not CBDCs will be, or should be, developed on a blockchain is an unresolved question.
However, one of the ultimate challenges of CBDC implementation, acknowledged by the European Central Bank, is resolving the trade-offs between privacy and security. No government will sign off on any system that creates an opportunity to launder money using digital currencies.
However, there are obvious privacy challenges if a central bank has oversight of every single citizen’s transactions.
Nevertheless, assuming the privacy challenges could be overcome, the opportunities afforded by a digital identity management system, along with a government-issued virtual currency are significant. For example, governments could instantly disburse welfare payments – a need that has become even more acute in light of the COVID-19 crisis.
Solving the Privacy vs. Identity Challenge
One project that is making significant inroads into the privacy vs. identity trade-off is enterprise blockchain platform Concordium. Concordium operates a public blockchain architecture that aims to provide businesses with the assurance that they can comply with their legal obligations without compromising privacy.
The project has incorporated an identity layer as part of its technology stack. Users must undergo an off-chain verification to create an account on the platform, after which they can transact with complete privacy thanks to zero-knowledge proofs. If any legal authority issues a legitimate demand to know who is behind a given transaction, the Concordium Foundation calls on a trusted third-party who can authorize that the off-chain identity is disclosed.
The team at Concordium has a business and finance pedigree, too, given that founder Lars Seier Christensen previously founded Danish investment bank Saxo, while CEO Lone Fønss Schrøder brings executive experience from Volvo, IKEA and Moller-Maersk.
The project has already confirmed that it has this caliber of global enterprise clients in its sights. With the backing of its scientific team, which includes veteran cryptographic researcher Professor Ivan Damgård, it seems likely to wield the technological clout needed to make global corporations sit up and take notice.
Will the Crypto Community Compromise?
Concordium may be able to convince enterprises of the merits of a public, privacy-centric identity management platform, but what of those fiercely privacy-focused cryptocurrency fans? Cryptocurrency firms have been forced to give a lot of ground to regulators over recent years, with the FATF travel rule forcing crypto exchanges into know-your-customer checks.
As the founders of crypto futures exchange BitMEX recently discovered, the costs of ignoring legislation can be high. They’re facing criminal charges in the US for having “made [BitMEX] available as a vehicle for money laundering and sanctions violations.”
For exchange operators that want to avoid the same fate, a privacy-focused identity management tool could be just the compromise that’s needed, protecting crypto firms’ freedom to operate in tight jurisdictions such as the US and Japan.
However, blockchain interoperability is another development that could underscore the need for a decentralized identity solution. Increasingly, cross-chain transactions allow users to transfer tokens between different platforms. In the future, this flexibility could make regulators even more wary of the pseudonymous nature of blockchains if they think it offers any means of laundering illicit funds.
Ontology is one project that appears to be across this, developing a cross-chain decentralized identity protocol.
Over the summer, Binance announced that it was teaming up with Ontology to ensure that participants in its Security Tokenization Offerings (STO) projects on the Binance Smart Chain could be authenticated. Ontology operates the ONT Trust Anchor Gateway, which provides KYC services via a series of “trust anchors” who are responsible for verifying paper-based identity documents.
Due to certain jurisdictions requiring investor accreditation to participate in the purchase of securities, Binance and Ontology have also baked in this compliance requirement at the protocol level.
Public vs. Permissioned: The Race Is On
Ultimately, the question is whether or not blockchain innovators can position themselves at the center of the shift to digital identity.
There are many good reasons to put digital identities on the blockchain. Still, if governments and corporate consortia continue to devise their own solutions, they may not offer all the benefits of trustlessness and decentralization that come with using public infrastructure.