Can Blockchain Finally Give Us The Digital Privacy We Deserve?

The sprawling Mae La refugee camp deep in the jungles of northwestern Thailand seems an unlikely place to find pioneers of a new digital identity technology.

The first time Larry Dohrs visited the camp, the veteran refugee advocate, with his signature white mustache and oversized glasses, was struck by its primitive conditions and "Dickensian" decrepitude. Located 5 miles west of the Myanmar border, in the shadows of the majestic Dawna mountains, the camp was encircled by barbed wire. Ramshackle, two-story bamboo and thatch structures leaned precariously over the muddy, twisting alleyways, teaming with people—predominantly ethnic Karens who had fled violent persecution by their government.

The impermanence of the refugee existence itself, as well as how heavily it seemed to weigh on the camp residents, drew Dohrs's attention to the improbable issue of digital identity. Many refugees had been resettled to new homes in other countries, but some of the remaining 35,000 camp residents had lived there for three decades. They were seeing food rations get smaller and money for social services drying up as funding was rerouted to seemingly more acute humanitarian crises elsewhere. There were those contemplating leaving Mae La on their own, even with no place to go. But for most of them, existence outside the camp had long since come to seem unimaginable.

Most of the refugees had no form of legal identification. To leave the barbed-wire confines of their jungle way station would be to effectively disappear. The nongovernmental organizations and international aid agencies that had for decades provided them with food, health care, education and job training would remain behind, as would any record of the refugees' health histories, educational accomplishments and work credentials.

The stateless, paperless residents of Mae La lived in a bureaucratic limbo, where the only proof of who they were and what they had done existed in a series of proprietary databases outside their own control. "Their existence inside the camp is established, and their existence outside the camp is not," Dohrs says. "There's a lack of freedom. And an uncertainty that really eats at them and creates despair."

Which is one reason why, after focusing for years on issues of refugee repatriation and human rights, he signed on to head Southeast Asian operations for iRespond, an NGO that helps refugees and others establish their identities using biometric data. Last year, he and his colleagues chose Mae La as the site of an ambitious pilot program that has captured the attention—and the funding—of some of the leading advocates of the much-hyped but still experimental blockchain technology.

Instead of storing refugee identity information on a single centralized server, housed in one place and controlled by a single NGO or company inside the camp, each refugee's new identity would be accessible simply by logging on to the blockchain. A sort of distributed ledger, the chain consists of multiple copies of the same continuously updating body of records housed on more than 60 interlinked computer "nodes" located on every continent except Antarctica. The information will be encrypted and biometrically protected to prevent access by anyone except the refugees themselves.

Many of the funders—part of what's known as the ID2020 alliance, which includes Accenture, Microsoft and the Rockefeller Foundation—hope the Mae La project could eventually serve as a blueprint for the world's millions of stateless people, as well as citizens of developed nations and everyone else. As the recent revelations about Facebook and Google attest, even privileged elites are helpless to control their information in the digital realm, where identities exist beyond our control, on the servers of different government agencies, tech companies and who-knows-what other organizations—all of the data collected and kept at their pleasure, to do with as they please.

Anything we do on the internet leaves a trail of data. Every time we sign on for a new cable company, a telecommunications firm, a ride-sharing company, a bank or a government agency, we must create a different user name and password, and offer up personal information like credit card numbers, home addresses, phone numbers and even Social Security numbers. All of that information, housed on a server, can be sold on the data markets.

More critically, each one of those servers then becomes a honeypot, where personal information remains vulnerable to hackers. Just this past fall, over a single six-day period, Marriott International, Dunkin' and Quora announced they had been hacked, exposing customers' private information to unknown actors. The Marriott breach was the second largest of all time (after the 2016 hack of Yahoo, involving 3 billion accounts), affecting as many as 500 million customers who had used the company's Starwood guest reservation database. Perhaps the most destructive hack was the September 2017 Equifax data breach, which experts say exposed enough sensitive data to place almost 150 million Americans at risk of wholesale identity theft. In determining credit scores, the bureau had tapped a wide array of personal information from other online sources, often without the direct consent or knowledge of the subjects, and aggregated it in detailed electronic files on its server—creating the ultimate honeypot for identity thieves.

It's a new kind of identity crisis—one unique to the internet age. "Right now, a lot of people feel helpless," says Adam Gunther, director of blockchain trusted identity at IBM. "'Everybody has my data. I have no control. I've given up.'"

It doesn't have to be this way, argues Gunther. Though Facebook, Google and Amazon have business models based on collecting our personal data, the vast majority of commercial enterprises, he says, would rather not keep that kind of information on their servers, preferring a solution that would relieve them of the liability and allow us to somehow take our data with us. To solve this intractable problem, Gunther, Dohrs and others are hatching a fundamentally new way of establishing a digital identity.

High Stakes and Urgency

Dohrs is the first to admit that initially, every time the subject of technology at the heart of the Mae La project came up, his eyes glazed over. "I knew some people who were involved in cryptocurrency, and it was really hard for me to understand," he says.

Like many, Dohrs first heard about blockchain in the context of bitcoin, the digital currency that developed a cultlike following when it was introduced in 2009 by a mysterious figure known by the pseudonym Satoshi Nakamoto. But eventually Dohrs came to see its applicability to his work while attending a forum sponsored by the U.S. Agency for International Development on other use cases for the technology. There he learned that Nakamoto's greatest invention was not his concept of a digital currency; it was the un-hackable, distributed system of data storage he created to keep track of who owned it.

Nakamoto's breakthrough was software that allowed thousands of people to simultaneously serve as custodians of the same continuously updating body of records—the blockchain. Using his system, the time and origin of every bitcoin transfer and transaction were recorded and revised at the same time on a multitude of independently run computers. A majority of these computers had to validate any new "block" of transactions to make it stick (hence the term, blockchain). For these reasons, it was virtually impossible for anyone to hack it, cheat it or manipulate it. And since the ledger was not confined or reliant on a single server, but many independently run "nodes," no single entity owned it. It was controlled by everybody and nobody at the same time.

Within just a few years of Nakamoto's invention, other programmers had taken his concept and built even more sophisticated new blockchains—systems that could be used to record any transaction or body of records—like a self-executing "smart contract" between two parties to exchange $1,500 for an ounce of gold on a specific date in six months.

Almost from the start, advocates of the technology recognized the potential these neutral virtual storage spaces might have for digital identity. If information were properly encrypted, blockchain might free us from the tyranny of those who own the servers we rely upon to use the internet and restore the privacy many complain has been lost, while at the same time allowing us greater control over the many records that document our histories. And groups have been meeting ever since around the globe to discuss how we might take advantage of this truly community-owned new internet, how this kind of "self-sovereign identity" might work and how to implement it.

The urgency and the stakes facing the refugees of Mae La and the clearly defined population make it an ideal proving ground for self-sovereign identity. The key to the project is linking residents with the blockchain by scanning their irises, thus ensuring only the residents themselves control who can have access to their information.

Last fall, iRespond, in partnership with the International Rescue Committee, began providing secure, encrypted digital identities to the roughly 35,000 Mae La residents receiving IRC's services. When a refugee enrolls in the program, his or her iris is scanned, and iRespond's proprietary algorithm then converts that unique image into a 12-digit number with no name or personal identifiers attached to it.

Initially, these cryptographically protected digital identities will give the refugees access to improved, consistent health care within the camp through accurate and secure electronic medical records. The records, stored on the cloud or in an internet-connected database, will be linked to their untraceable 12-digit number housed on the blockchain.

But later, if the refugees show up at a participating health clinic somewhere else and wish to share their records with their new caregiver, all they will have to do is provide verbal informed consent and allow a doctor to perform an iris scan. The clinic will then be able to access their records by pulling up their numbers on the blockchain. "The only way to access that information is to have that iris present; there's no address, no name, no birthday, no personally identifiable information associated with the ID number on the blockchain," says Scott Reid, iRespond's chief operating officer.

It's just the first step in an effort that aims to equip the camp's entire refugee population with secure and portable "digital wallets" that will hold not just their medical records but also educational and vocational credentials, camp work histories and myriad other records that could prove essential for anyone hoping to establish an identity and start a new life outside the camp.

Eventually, Dohrs and his collaborators aim to offer the refugees a level of fine-grained control over what pieces of personal information are shared with others. When refugees are queried by a doctor, employer or banker, they will be able to decide which portions of their health care records, educational credentials, job histories or even loan histories they wish to make visible. That level of granular, discretionary privacy power is a holy grail of sorts to blockchain advocates.

If the project delivers on that promise, it could help fundamentally change the way everyone interacts with businesses and government institutions around the globe.

Starting From Scratch

Rouven Heck is one of the people trying to bring Mae La–like solutions to the broader world. His interest in digital identity was piqued in 2013, when his company, Deutsche Bank, transferred him from Germany to the United States. The then-34-year-old was unable to rent an apartment in New York City; he couldn't get a lease without a U.S. credit history. Securing credit cards and a cellphone was equally difficult, even with a spotless credit history in Germany. There was simply no system for validating those credentials in the U.S.

Like many of his European friends, Heck had to start from scratch. His employer provided temporary housing and helped him get a Social Security number, so he could "build a footprint in this ecosystem." They also got him a credit card by tapping their own relationship with a domestic bank. It still took four months to establish enough of a history to take out a lease.

Cracking the identity problem became an obsession. After leaving Deutsche Bank in April 2016, Heck went to work for Brooklyn, New York–based business incubator ConsenSys—established by one of the co-founders of Ethereum, a popular blockchain platform—where Heck started uPort. The self-sovereign identity network runs on thousands of computers around the globe, providing the technological backbone to support scores of experimental projects dealing with portable digital identity.

Heck and other pioneers say a secure self-sovereign identity system would ideally use the blockchain only to verify the identities of individuals and the legitimacy of the government or private credentials they present. The credentials themselves would be stored "off-chain," in our digital wallets. That would give their owners the ability to control access to what personal information and credentials are provided to others to authenticate transactions involving health and educational records, credit cards, employment histories, driver's licenses and any other information. Such a system would make our data easily available when we move from one country or jurisdiction to another, or when we change cellphone or internet providers.

Precisely how digital wallets will work in the developed world is still being hammered out. It will likely vary depending on which blockchain users rely upon. uPort users will likely have a "private key" that can be stored on their phone or elsewhere and can be used to demonstrate that they are the rightful owner of their data. The data itself would be stored somewhere on the cloud in an encrypted form that could not be deciphered without the private key, says Heck. Similarly, users of another identity network called Sovrin could store personal data in any number of protected areas—provided by what Phil Windley, the chairman of the nonprofit Sovrin Foundation, calls "agents"—that could be accessed only with a private key. (If a phone containing a private key is lost or stolen, a user could inactivate it and obtain a new one.)

"When you go to the bar, they only need to know you're over 21," explains Windley, whose Sovrin Foundation oversees the 60-node network of computers and servers the Mae La project is using for this purpose. "They don't need to know your address or your birthday, your organ donor status and everything else that is currently on your driver's license. Using blockchain and a digital wallet, you could prove your age or identity without revealing all that other personal information on your driver's license."

Similarly, he adds, to obtain a mortgage, you shouldn't need to provide months' worth of bank statements; you should have the option of confirming simply that you are gainfully employed and make over a certain amount a year. "If we don't protect individual privacy with minimal disclosure," says Windley, "we're not actually creating a system that puts the individual in control."

Such a system could replace universal identifiers like Social Security numbers with encrypted, biometric identification data that cannot be stolen or faked, or used by a government, or aggregated with other personal data without our consent by a corporation such as Equifax. It could also allow us to unify our balkanized digital data without having to sacrifice privacy, as has happened with universal identifiers. "What happens with universal identifiers generally is they're used behind our backs to make correlations we don't necessarily know about," says Windley. "Equifax, for example, can create a credit score using the Social Security number. Then they have a big hack, and everybody's data gets lost because they aren't very careful."

There is a "real sense of betrayal around Social Security numbers and how they have been mishandled by organizations," he adds. "This will solve that problem and allow us to create a digital identity system that doesn't just become the world's best surveillance system."

It's less clear how this new architecture might affect complaints about organizations with business models, like Facebook's, based on "monetizing" the personal data they collect. Blockchain advocates like Windley, Heck and Gunther insist that in a world where self-sovereign identity becomes the norm, getting people to accept the conditions of those services will become increasingly difficult. New laws will likely be passed; European authorities have begun to implement additional consumer data protections. And competing systems will crop up that attempt to offer the same kinds of services, while also guaranteeing privacy.

"This is a universal problem," Heck says, "and we are on a path to build something that can really help across contexts, across the world."

Widely Touted Potential

Although the Mae La experiment is one of many pilot projects currently demonstrating how these systems might work, virtually all these projects are in their early phases. The largest public use of the Sovrin network, says Windley, was launched late last year in the Canadian provinces of British Columbia and Ontario, where government authorities began placing roughly 6 million business credentials, such as registration records, health department certificates and liquor licenses, on the blockchain. Initially, these records will likely be used internally in provincial offices, which can also record and track the revocation and expiration of credentials on the blockchain. But in the future, he says, business owners themselves might have digital wallets and rely on the provincial blockchain to prove to others that the various credentials they hold in it are legitimate and up to date.

Heck, of uPort, touts a pilot project rolled out by the city of Zug, Switzerland, which has begun issuing residents attestations stored on the blockchain. Roughly 300 residents can now use their attestation to unlock and ride city-owned bicycles.

That's in addition to perhaps the most widely cited Ethereum self-sovereign identity project: In 2017, the World Food Program launched a blockchain-based program called Building Blocks that now helps distribute and track cash-for-food aid to 106,000 Syrian refugees living in camps in Jordan.

Still, none of these projects are close to demonstrating the potential described by blockchain believers. Bryan Pon, an academic researcher and analyst at Caribou Digital, and a member of the Sovereign Foundation panel tasked with analyzing different efforts to help the poor, sees "great potential everywhere." But all the hype undermines the credibility of some legitimate efforts.

In some cases, the eagerness of donors to fund identity projects is ill-conceived—even dangerous. Both Pon and Dakota Gruener, the executive director of ID2020, pointed with consternation to a project launched in a refugee camp in Bangladesh. The aim is to enroll all of the Myanmar's Muslim Rohingya refugees in a blockchain-based program, but it could easily backfire. Unlike the Mae La project, which includes no personally identifying information on refugees in the blockchain, the Rohingya project stores the names and other identifying information, making them vulnerable if the project were to fall into the wrong hands.

"It's a terrible idea," says Pon. "I have very strong opinions about any of these systems being rolled out for a specific ethnic or religious group—or anything else that could be used to advance persecution."

The project in Mae La, meanwhile, though promising, likely won't deliver on its full promise for months. How soon may depend on events on the ground. "It's really early for us," says Dohrs. "But circumstances in eastern Myanmar could change very, very quickly. We don't know the path the refugees are going to take, so to be able to show who they are, where they are from, what their training is, what they're prepared for, could make the difference in giving them better access to livelihoods, training and a future outside that barbed-wire perimeter if they decide to leave. They have a lot at stake."

For the rest of us, the most important strides are taking place behind the scenes, in chat rooms and conferences. Programmers, tech idealists, entrepreneurs and others with a stake in blockchain's future have been working on a broad sketch of how disparate self-sovereign identity systems might work, and how they can be designed to work with one another. .

Markus Sabadello, the CEO of the Austrian company Danube Tech and a programmer who has been actively involved in these discussions and in writing standards, estimates the first widespread use of the technology will appear over the next five years and, if all goes well, go mainstream soon after. "Right now, it's all experimental," adds Sabadello. "But there's a lot of excitement and a lot of energy behind it."

The identity crisis is likely to continue. Last year, there were 1,244 data breaches, according to the Identity Theft Resource Center, 23 percent fewer than 2017. In that one year, however, 446.5 million consumer records were hacked, double the year before. The sheer volume of personal information on each of us is growing quickly.