From birth, our Identity is compromised.1 Our Super Secret Number (SSN) is printed onto pieces of paper and stored in filing cabinets or databases which thousands of strangers can access. Every time we hit a meaningful milestone in life we must divulge the SSN to strangers again, and again, and again, on applications for school, health care, ID cards and licenses, bank accounts, firearm purchases, the list goes on. How can something be meaningfully called a secret when so many people know the secret? Identity is in for a big disruption, specifically the kind of disruption that is happening to industries across the board as an endless list of free or low-cost apps emerge to replace previously expensive products and services: unbundling.
If you live a life of modern comfort, you might have at least one vehicle, and, consequently, a license to drive that vehicle. Look at the information on the card: a name, an address, a date of birth, gender, height, weight, eye color… none of which is actually relevant to the question “Can this person drive a car?” Indeed, lawmakers and bureaucrats have decided to bundle the Driver’s License with an Identification Card, forcing you to divulge irrelevant personal information every time a cashier, bouncer, or bartender checks to make sure that you’re old enough to party, and every time a highway patrol officer checks to make sure you’re legally allowed to drive. This forced breach of privacy is just one example of poor design causing inherent insecurities in the legacy Identity systems.
Much the same can be said of the SSN, which is used in all kinds of different contexts: medical, financial, career, education… just what purpose does it serve to build such a deep, comprehensive history on an Identity that is compromised every time it is shared? How much meaning can this Identity take on when, combined with information that can be gathered from a low-cost private investigation or even a thorough internet search, its compromise can so easily lead to Identity theft? I would argue “not much,” but based on the tone of voice used whenever the SSN is asked (demanded?) of me, other people seem to disagree. This low standard for security and privacy appears to be a symptom of the larger problem of people generally half-assing, well, everything (but that’s a topic for another blog post). People figure, good enough is good enough, and get on with it without investing any further resources into finding a better way, save for the occasional academic exercise.
A better way exists, and there’s no ignoring it. Block chain tech is the topic du jour in the more forward-looking parts of the tech world, and whether they like it or not, this technology is going straight for the jugular of “trusted third parties” everywhere: finance, value storage and transfer, dispute resolution, escrow, registries, intermediaries of all sorts, including the Keepers of the Super Secret Numbers – and this is a very good thing. Block chain technology can do more than just secure Super Secret Numbers and other personal information, it can secure ALL of the “secrets” used to prove that individuals or devices are authorized to access some resource or engage in some activity. The next victim of this middleman serial killer? The password. With protocols like BitID, services no longer have to store a user’s password, whether in plaintext or hashed and salted. Soon, a product will emerge that is so compelling, the market will collectively rush for the exit of the transparent train station where every passenger’s personal information is displayed in bright LEDs on the platform display for all to see (okay it’s not that bad, but almost. EDIT: it really is that bad). I hope to help bring such a product to market, and if what I’ve described here intrigues you, I invite you to join me.
1 This is written from a USA-centric perspective.