Latest News

Blockchain for identity – the hype bandwagon

Steve Ritter, CTO at Mitek, discusses the need for a sound business model for blockchain

The recent “move fast and break things” attitude has meant building things and figuring out how they make money later. Facebook, now highly profitable, lost $59 million in 2011 before it figured out exactly how it could make money through advertising. Twitter only just made its first profit in its twelve years. It’s not just social media—one app, Springpad, had 5 million consumers using its Evernote-like features. But after building its user base, it failed to create a business model, and folded.

Recently, excitement over the possibilities of blockchain have combined with this to create some potentially brilliant, and potentially crazy ideas – blockchain for copyright, blockchain for music distribution, blockchain smartphones, and blockchain for identity. This last idea has many possible benefits for consumers, but a lack of a solid business model to accompany these innovations often means the idea is dead on arrival.

By decentralising identity, the possibility of people controlling their own identity credentials, rather than having them controlled by a central authority, becomes real. So-called “self-sovereign” identity means that consumers have control over what they share. For example, content that is age-gated can be accessed simply by sharing a date of birth, while more complete information can be shared with those that need it, such as financial service providers. Consumers could also have access to a better overview of who has their data, and revoke access where necessary.

A blockchain also provides a better audit trail. Identity theft is an ever-present issue that blockchain can bring into focus; consumers can see when their identity has been misused and get a complete record of the identity-based transactions that have taken place. This record, an inherent feature of blockchain, is impossible to alter, so any wrongdoing will leave traces that can be followed.

As it stands, every company that holds our data in the business of identity management – they need to protect what we’ve handed to them. When they get it wrong, our details are exposed in a data breach, the rate of which seems to be ever-increasing., a site that collects data from breaches to help identify who might be at risk, has over five billion accounts in its database. Blockchain could mean that data breaches would no longer reveal so much sensitive information.

Unfortunately, the case for blockchain identity runs into problems when the business case is examined. Cui bono? In this case, the consumer benefits, as well as those organisations making use of the service – but the actual provider of the service does not.

A public distributed ledger for identity would be accessible to anyone who needed it, but essentially owned by no one. The system would need buy-in from both consumers and businesses to get traction and reach an acceptance “tipping point”. It would take time and money to promote the service, far more than would be required to create and run it.

Similarly, the idea of self-sovereign identity, made possible by the blockchain, runs into immediate issues. We’ve all had to succumb to the “Forgot your password?” link, no matter how hard we tried to commit our security credentials to memory. In a distributed system, who is the central authority that will help consumers who have mislaid the details they need? Who can amend any mistakes that have been made? Again, this would require an investment of time and money that few organisations would be willing to spend without a clear idea of where revenue is being generated.

While the social media platforms that took years to make a profit had a “build it first, then monetise it” attitude, there was always a plan to make money. Facebook and Google make billions from advertising because they invested so much in creating a massive userbase, demonstrating that monetisation was always on the agenda. The difference with blockchain is that there isn’t often a feasible monetisation plan – not even a vague one.

But blockchain for identity has an even bigger problem than just revenue generation: is it actually better than current systems? There are already successful ways of managing identity, so why take a punt on another technology, just because it’s new and shiny?

When all you have is a hammer, everything looks like a nail. For the moment, blockchain’s advantages for identity do not outweigh the problems. Until businesses figure out how to monetise blockchain and where it can best be adopted in their businesses, we’re unlikely to see this technology revolutionise identity management.