The potential of Self-Sovereign Identity to reduce the growing regulatory burden

What are the regulatory burdens banks need to carry these days?

Banks have a whole slue of regulatory requirements all centred around figuring out who their customers are – Know Your Customer (KYC), Anti-Money Laundering (AML), Anti-Terrorism Financing (ATF). The Financial Action Task Force (FATF) mandates compliance globally and the cost to do all the checks needed are quite high.

Much of it involves looking at paper documents and trying to figure out if they are real/genuine or not. Even if one is based within a context, where something like eIDAS is applied, most of those schemes are oriented to government interoperability and there are over 200 different schemes in Europe – so they aren’t actually interoperable and for the most part they were not designed for private sector use.

How can Self-Sovereign Identity technology tackle these challenges?

Self-Sovereign Identity technology is created by some existing technologies coming together in a new way to enable infinitely scalable low-cost federation. These technologies include smartphones, public key infrastructure (PKI), distributed ledgers (blockchains), personal cloud computing, and they are based on two open standards developed by the World Wide Web Consortium (W3C) – an international community where Member organisations, a full-time staff, and the public work together to develop Web standards.

These standards are called Decentralised Identifiers (DIDs) and Verifiable Credentials. Together they support individuals by being able to get credentials from an issuer, like a government, and present them to a verifier, like a bank, all without technical federation. This means that the bank does not have to ‘connect’ to the government to figure out if the credential is valid or not. The bank simply looks up the Decentralised Identifier of the issuing party to find in its associated DID document the public keys associated with the private keys used to sign the document, and uses this to confirm the digital document’s validity.

As the future of self-sovereign identity solutions depends on the appetite and adoption of users, from your experience, do individuals want (or even have the capacity) to manage their personal data themselves?

These technologies are new but are actually rooted in very well-understood paradigms of exchange. The digital versions of credentials act ‘the same’ as paper and plastic documents individuals carry in their wallet. When individuals present paper documents, they don’t ‘phone home’ to the issuers. The paradigms for the user-experience are still being innovated by companies working on the new technologies and the ones I have seen map well to the metaphors of a physical wallet.

There is a lot of work being done to refine the user-experience for decentralised identity basics like exchanging credentials. I do think that, with more advanced capacities to share and revoke data, new user-experience paradigms will be needed. Some people are also talking about how one can have personal artificial intelligence agents that work on an individual's behalf so that the person themselves isn’t doing ‘all the management’. 

Last fall I met with a startup, Spaceman ID, that has created a cloud based agent/wallet for individuals that they can control via SMS so this makes the technology accessible to people on feature phones.

A lack of regulatory certainty creates market uncertainty and a barrier for the adoption of self-sovereign identity, particularly for highly regulated industries such as financial services. Could this be an impediment when it comes to market adoption?

A lot of work is being done by some really great folks to educate governments about the potential of these technologies in Europe. The Identity Working Group of the German Blockchain Association published a position paper on how self-sovereign identity can enable identity. The European Union Blockchain Observatory and Forum has published Blockchain and Digital Identity. There are efforts put in to work with European governments to align the emerging Self-Sovereign identity with the existing eIDAS technologies. A European Self-Sovereign Identity Framework has been put forward and looks very promising.

In the North American context several Canadian provinces, British Columbia, Ontario, and Alberta are all actively working on developing the technology. The Canadian national government recently put out a call for proposals to support innovation in the space. This follows on the US Government Department of Homeland Security Silicon Valley Innovation Program solicitation for preventing forgery, counterfeiting of certificates and licenses. There is also the Known Traveler Digital Identity program that is a large and growing public private partnership.

How will identity look like in 5 years’ time?

I believe that in 5 years’ time adoption of wallets for decentralised digital identity will be widespread. Many startups and established companies like Workday are working on developing the tools for enterprises to issue and accept verifiable credentials. I know many different educational networks are exploring how these new standards can serve their members and it will become THE WAY for all educational credentials to be issued and shared digitally. I am really optimistic about the next five years. 

The interview was first published in the Digital Onboarding and KYC Report 2020, which offers insightful editorials on topics such as digital onboarding best practices and key challenges, financial crime and how to fight it, crypto, and more.

About Kaliya Young

Kaliya ‘Identity Woman’ Young holds a Master of Science in Identity Management and Security from UT Austin. She co-founded the Internet Identity Workshop in 2005. She was elected as a founding management council member of National Strategy for Trusted Identities in Cyberspace (NSTIC) Identity Ecosystem Steering Committee. In 2012 she was named a Young Global Leader by the World Economic Forum (WEF). She consults with governments, companies and startups about Personal Data and Self-Sovereign Identity.