2018 was the year of the data breach. 7.85 million records were exposed every day, leading to a cumulative total just north of 2.6 billion records for the year.
According to Experian, 31% of data breach victims later experience identity theft. Beyond the obvious financial damage this causes, there is also the underappreciated emotional impact. The Identity Theft Resource Center released a study in which 69% of respondents reported subsequently losing their faith in society and feeling unsafe.
Worryingly, 2019 is already on track to become another record year. Just a few weeks ago, the celebrated cyber security expert Troy Hunt provided compelling evidence that the biggest data dump in history had just taken place. 773 million records detailing email and password combinations were seemingly auctioned off to the highest bidder.
With such sobering news coming so early in the year, you’d be forgiven for thinking that both data breaches and identity theft have become an inescapable fact of life. Indeed, we have abundant evidence that contemporary identity management solutions are simply not up to scratch.
The antiquated system requiring email and password combinations is no match for the constantly evolving strategies employed by malicious actors. The fact that 7.85 million records were exposed per day stands as a testament to that.
Clearly identity management is broken, but what exactly is going wrong?
How broken is modern identity management?
With these staggering numbers in mind, it’s worth taking a closer look at exactly how current identity management systems fail.
- Security is treated as an afterthought: If you’ve been paying attention to the security space you will have noticed a litany of “hacks” affecting unsecured Amazon S3 buckets. The most famous case occurred in August 2018, when security firm UpGuard discovered that GoDaddy had left documents describing the infrastructure of 31,000 GoDaddy systems in a publicly accessible S3 bucket. This is indicative of the low status “Security” holds in most companies.CIndeed, it’s hard for most businesses to invest time and money into increased security, when public perception of the issue seems so nonchalant and monetization is difficult.
- Centralized databases: Another key issue regards the incredible size of modern centralized databases. Hackers know that if they find a vulnerability to exploit, it could give them access to hundreds of millions of records (Marriott hack, MyFitnessPal breach). The potential to find buyers for such a large database is much higher and so is the price the hacker can charge. Providing an attractive target for malicious actors is one of the most significant failings of modern identity management.
- You do not own your identity: The most pressing issue however, is that we currently give up ownership over our identity when participating in the online world. The most prominent example of this is the Cambridge Analytica scandal which involved the misuse of users Facebook data to target divisive political campaigns. Here we see how the desire to connect with friends and family resulted in the oversharing of personal data, which was then used to impact voting behaviour both during Trump’s election and Brexit.
These are just the three biggest issues with modern identity management – many others exist.
So how do we fix this?
What is the solution?
We believe that the solution is a self-sovereign identity (SSID) management system – one in which you control your data. In this system, you grant and rescind permission to access your information, and enjoy transparency as to how your data is used.
How would a self-sovereign identity management system work?
- Encryption: Using SSID, security is no longer an afterthought. Instead, sophisticated encryption is used to encrypt personal data and protect it from malicious actors. Identity owners can therefore cryptographically sign identity documents to securely share information in commercial transactions.
- Decentralized identity ownership: SSID systems allow users to manage their identity locally through specialised software like the SelfKey Identity Wallet. Not only does this grant much more control to the identity owner, but it also avoids the need for large, centralized databases. As a result, users are protected from data breaches and other attacks on centralized infrastructure.
- You own your identity: With the help of SSID systems, users can regain ownership over their digital identity. Only you can determine who accesses your information, and you can rescind permission at any time. This is achieved through a sophisticated verification system, in which notaries for example validate documents. This stamp of approval can then be used as a proof of identity without the need to give up or share personal information.
Self-Sovereign Identity Management is the Solution to the Modern Identity Crisis
Self-Sovereign identity management offers a tantalizing alternative to the broken systems we have in place today. Encrypted, local and personally owned systems harbour a plethora of advantages that we need to take advantage of.
Contemporary identity management is broken. It’s time we fixed it.
About the Author
Edmund J. LOWELL a known serial entrepreneur living in Asia since 2011 is the Founder and CEO of the KYC-Chain. He is an avid technical solution provider who builds technical solutions for business and consumers. He studied and possesses expert knowledge in personal data protection, self-sovereign digital identity, blockchain, and distributed ledgers, and cross border issues of KYC/AML/CDD and securities laws. In 2107 he joined SelfKey as an advisor in identity solutions for identity owners.