Decentralized Identity: How Microsoft (and Others) Plan to Empower Users to Own and Control Personal Data
Microsoft, one of the world's largest software makers by revenue, is currently on a blockchain streak. This time, Microsoft presented a vast blockchain-related plan: a decentralized identity (DID) network built atop of the bitcoin network, which can potentially empower users all over the internet to take control over their personal data and content.
Earlier in May 2019, the United States tech giant announced its brand new Azure Blockchain Service along with Azure Blockchain Development Kit for the Ethereum blockchain. It also teamed up with Starbucks to present the first use case for its technology — tracking coffee production, from farm all the way to paper cups.
Decentralized identity: from helping refugees to fighting data centralization
The initiative could be traced back to the summer of 2017, when Microsoft collaborated with Accenture and Avanade to create a blockchain-powered database system that would enable multiple parties to share access to the same data with an “extremely high level” of confidentiality and security.
The prototype — running on Microsoft Azure, the tech corporation’s cloud platform — was presented to support ID2020. The group is a nonprofit, public-private partnership that has set out to deal with identity related challenges that plague over 1.1 billion people around the world. In particular those people come from less privileged social backgrounds and so the lack of documents excludes them from participating in cultural, political, economic and social life.
The concept of digital identity has been widely discussed as the key to solving those issues. For instance, the United Nations has proposed to use it to aid refugees, who form a substantial part of the undocumented population. “We want every refugee to have a unique digital identity,” Filippo Grandi, the U.N.’s high commissioner for refugees, declared in October 2017. “This will enhance accountability and facilitate two-way communication between refugees and service providers. It will also help prevent and reduce statelessness.”
Around the same time, Microsoft presented its prototype aimed at narrowing the identity gap, while the tech juggernaut also became a founding member of the Decentralized Identity Foundation (DIF). The company subsequently continued its research on how a digital identity can be decentralized, and therefore benefit not only those who don’t have an officially recognized identity, but average internet users as well — meaning practically everyone.
Fast forward to February 2018 and Microsoft unveiled more details regarding its distributed ledger technology (DLT)-based plan. Specifically, the company reported that blockchain technology allows hosting decentralized IDs (DID) on top of the distributed ledgers, and hence can grant users more control over their personal data, as opposed to having it remotely processed by “countless apps and services.” Ankur Patel, principal program manager at Microsoft Identity Division, wrote at the time:
“With data breaches and identity theft becoming more sophisticated and frequent, users need a way to take ownership of their identity. After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards we believe blockchain technology and protocols are well suited for enabling Decentralized IDs. [...] We need a secure encrypted digital hub (ID Hubs) that can interact with user’s data while honoring user privacy and control.”
Now, Microsoft has presented a new and an even more concrete concept: a DID network built on top of the bitcoin blockchain. Titled the Identity Overlay Network (ION), the infrastructure has been reportedly developed in conjunction with other DIF members to accommodate “tens-of-thousands of operations per second.”
Essentially, ION lets users obtain control over their own data via the management of their Public Key Infrastructure (PKI). “Today, the most common digital identifiers we use are email addresses and usernames, provided to us by apps, services, and organizations,” Daniel Buchner, senior program manager at Microsoft Identity Division, explained:
“This puts identity providers in a place of control, between us and every digital interaction in our lives. Our goal is to create a decentralized identity ecosystem where millions of organizations, billions of people, and countless devices can securely interact over an interoperable system built on standards and open source components.”
In other words, having a DID allows users to control their own data and content — including login details and photos, which is not currently possible on most social media platforms that store such data on their private, centralized servers. Consequently, some platforms might be quite skeptical about the concept of a DID. According to a CoinDesk report, Facebook, which had allegedly been invited to partake in Microsoft’s DID project, has rejected the offer and “instead continued to follow its historic approach to user data,” which involves monetization, as per various press reports.
Moreover, DIDs are supposed to be immune to hacking and data leaks, says Charlie Smith, an analyst at asset management firm Blockforce Capital. “The risk associated with security breaches and hacks could be largely reduced when considering that public blockchains are largely decentralized,” he told Cointelegraph exclusively. “Currently, large platforms control vast amounts of personal data and are suspect to centralized attacks in which bad actors can gain access to sensitive information.” According to Smith, the bitcoin network, which has never been hacked (in the conventional sense, at least) could serve as an effective public blockchain to hold private data.
Moreover, the analyst continued, public blockchains can track users who wants to access their data while keeping it safe:
“Another benefit stems from the ability for public blockchains to act as ledgers. Public blockchains, like bitcoin and ethereum, hold extensive records of every transaction that has occurred on each respective network and at the same time, cannot be altered. However, a blockchain could easily be implemented to track who accesses personal information and when. In both scenarios, a transaction of some kind is taking place. The underlying technology doesn’t need to change, just the implementation.”
Bitcoin’s bane: Why scalability isn’t an issue for Microsoft — and other DID networks
Notably, the tech corporation had to overcome bitcoin’s infamous scalability issue in order to make the infrastructure ready for mass consumption.
In the blog post, Microsoft explained that “the most robust, decentralized, public blockchains” operate at just tens of transactions per second, which is “nowhere near the volume a world full of DIDs would demand.” Since the company aimed to inherit the attributes of decentralization — and hence use slower, but time-proven blockchains — it had to address the throughput issue. As a result, Microsoft’s new solution reportedly ensures that as many as “tens of thousands of operations” per second can be achieved. That echoes the concept of the Lightning Network, which adds another layer to the bitcoin blockchain and performs large amounts of transactions off-chain, thus unburdening the main network.
“Critics have always been quick to compare the transaction processing abilities of the Bitcoin network with that of Visa or Paypal,” Smith told Cointelegraph. “It wasn’t until the lightning network was established that those arguments became far less valid. The ION network will face very similar critiques and will need to back up its lofty expectations with results.”
Also, Microsoft plans to collaborate with open-source contributors so that ION can publicly launch on the bitcoin mainnet “in the coming months” — meanwhile, the code has already been published on GitHub for everyone to review.
The U.S. tech giant’s plan isn’t the only DID initiative out there. Microsoft’s allies from the DIF community seem to be working on their own decentralized data solutions as well.
“As part of DIF we regularly review and give feedback to each other’s DID methods, to make sure they are interoperable,” Pelle Braendgaard, the co-founder of ConsenSys’ Self Sovereign Identity (SSI) solution uPort commented exclusively to Cointelegraph. “At ConsenSys, we've developed multiple DID methods. Our primary method is known as Ethr-DID.”
According to Braendgaard, although both Ethr-DID and SideTree — the blockchain agnostic protocol used by Microsoft for ION — are “very scalable,” there are some differences between the two. Specifically, he argued, SideTree DIDs “have to be created by a centralized server, currently hosted by Microsoft.”
When asked whether ION can be considered a fully decentralized project, Smith argued that it is “debatable, but all the main benefits of a decentralized network are present.” Particularly, he specified that “two major components of the ION network make it highly decentralized”:
“The system is set up so that no person or entity can control users’ identifying information and the public key infrastructure is decentralized. This means that the private and public key pairings aren’t managed by one central authority, essentially giving each user secure access to their identifying data. Even though Microsoft has spearheaded this project, they have formed it in a way that allows individuals to remain in charge of their information.”
Further, according to Braendgaard, SideTree DIDs are only useable off-chain in traditional applications, while some other DIDs — including its own — are fully usable both on blockchains and Layer 2 protocols.
Other major companies pursuing DID solutions include global online payments firm PayPal, which has recently invested in Cambridge Blockchain startup. Also a DIF member, Cambridge Blockchain is reportedly leveraging blockchain to give users more control over their digital identities.
“We envision a future where users have a lot more direct control over their personal data, and we also believe in open, interoperable architectures,” the startup’s CEO, Matthew Commons, told Forbes.
There is also Telegram, an encrypted messenger that is widely popular among the crypto community. Last year, it released a personal identification authorization tool dubbed Telegram Passport, which reportedly encrypts user’s personal ID information and allows them to securely share their data with third parties like “finance organizations, ICOs, etc.”
As per the announcement, users’ ID data is currently stored on the Telegram cloud, but “in the future, all Telegram Passport data will move to a decentralized cloud.” Indeed, that could help the messenger to boost its data tool’s security — just a few days after Telegram Passport was announced, cryptographic software and services developer Virgil Security reported that it is vulnerable to brute force attacks.
Will Microsoft’s solution become the go-to one?
Microsoft’s DID-related plans seem to be highly ambitious. Specifically, the company aims to create an ecosystem where “billions of people and countless devices can securely interact over an interoperable system built on standards and open-source components.”
So, what are the chances of us seeing this come to be true?
“I can see how the ION network could potentially remove the control that apps and platforms have over digital identifiers and I believe that it could even become a worldwide-used phenomenon,” Blockforce’s Smith told Cointelegraph. “However, for that to happen, the technology powering the network would have to consistently prove that it can successfully scale.”
Once Microsoft manages to show that its network can handle thousands of transactions and operate on an industrial-scale, the data industry might be disrupted. This means that large social media platforms may have to adjust to the new rules and stop handling data in a centralized, opaque way — or else share the fate of Facebook and become infamous for regularly dealing with privacy concerns.
Cointelegraph has reached out to Microsoft for further comment, but the company said it was unable to accommodate the request at this time.