1 October 2018 (updated: 16 November 2020) by
Sona Kerim Sona Kerim
Blockchain technology can be used as an additional security measure for sensitive personal identity data stored elsewhere.
We have a lack of control over our personal identities. This includes our birthdates, home addresses, and other personal data that can now easily be found through search engines. There are also concerns about more sensitive personal data that has become available over the dark web, including social security numbers, bank account information and health insurance details.
The concerning part is that we aren’t quite sure exactly what of our personal data is being shared, or if it is quietly being modified without us knowing. Through all the technology that we’re using, we often end up sharing far more than we realise.
Using Blockchain technology, for security, is a way of ensuring that all of the data that is stored somewhere, is consensually accepted to be correct. This may not prevent our data from being shared, but it does ensure that our data cannot be modified without the system’s knowledge.
World-wide, there are consistent issues with identity theft and people who fall victim to identity fraud. More often than not, people are not aware that their identities have become compromised until they try to take out a loan or buy a home — in which case they may find out that their finances are in ruin.
Using blockchain technology helps to identify if changes have been made to any data. In the case of sensitive personal information, this additional security measure can prevent the data from being modified or changed, and if attempted, the system would detect it almost immediately.
How’d They Get It?
We put companies and governments in the business of managing our identities, and in turn, we lose the ability to secure how that data is being accessed or if it’s being changed. It seems like consumers these days prefer convenience over their privacy, meaning that people will give up their personal details to make certain transactions easier. It’s worrying to think that our personal data can be modified or accessed without our awareness, and these companies or governments can become a centralised source of sensitive data for hackers.
The emergence of blockchain technology means that it’s remarkably difficult to modify any data, which empowers individuals to feel secure that information related to their identities won’t be tampered with.
With blockchain-based Decentralised Identifiers (DiDs), individuals can regain control of their data. These DiDs are basically like a secret URL stored on a blockchain ledger, each being assigned to different parts of a user’s identity, such as their social security number, birth date or name.
Using a digital wallet app on a smartphone or desktop, users will have the power to temporarily grant access to the DiDs of their choosing. The apps will show a QR code, for example, which they would scan, and the digital wallet app would automatically transfer the relevant DiDs over the blockchain and the app will grant access. These wallet apps will come with secure pins, that only the authorised owner knows, and must put in to grant anyone temporary access.
Of course, it’s possible to secure this type of data with a different system, but the added security of the blockchain means that the sensitive data is safer and any modifications would be detected much faster.
For additional security, it’s proposed that all of the data and smart devices that need protecting from misuse or corruption, would be covered in some sort of “digital defence dust” — like in the case of e-Estonia. Traces left in the pattern of this ‘dust’ would be detected instantly. Distributed over millions of computers, it would be almost impossible for any changes to be made in the data without anyone noticing. Potential manipulation of sensitive data can be prevented or instantly detected. This is sort of like a military force that deters invaders from entering a country but doesn’t actually hold them back.
The fact that the hashes of the data are distributed on P2P networks is an obvious security feature. Some blockchain vendors have also been publishing in physical media, like newspapers. This way if someone tries to change the data in the digital ledger, the blockchain data would also have to be changed in physical newspapers stored in libraries worldwide. This minimises the risk of hackers being able to manipulate information on the blockchain.
Using the blockchain is more just a way of catching anyone who is violating other people’s data, and finding out when and how it was done, as there is no actual data being stored on the blockchain. The blockchain will just contain the hash values of that data, essentially the digital fingerprint of the original information. This way it’d be impossible to know anything about the actual data and is a means of preventing original data from being compromised.
Who Else is Doing It?
So far the few projects using blockchain for identity data have proven to be successful. You’ll even find that this technology is being used by NATO and the US Department of Defence.
Some of the more notable projects to date are e-Estonia and the Illinois Blockchain Initiative.
e-Estonia is the first country to consider itself an “information society”. In the works for about 20 years, they have invested in becoming one of the world’s most developed digital societies. They have a digital system that allows their citizens to take care of their taxes, digital identification, voting, e-health and more, all using blockchain technology as one of the ways to further secure their data.
Illinois is the first US state to attempt becoming a ‘smart state’, meaning that they are using blockchain technology to secure the sensitive personal data of their citizens. As of August 2018, they launched their pilot for digital birth-record registration. This will include cryptographically signed data such as legal name, date of birth, sex or blood type.
People use a set of identifiers for every app, which means there’s a lot of private information that users are struggling to keep track of. If an organisation fails to keep that data secure, then it can get into the wrong hands, be modified without their knowledge or even be erased entirely.
This means that we are constantly looking for new solutions to increase the security of sensitive personal data.
Using blockchains, as an additional means of securing that data is an interesting idea, though still very new. It allows the system to greatly improve the detection rate of attempts to change sensitive personal information, deterring hackers from being able to quietly modify important data.