In the age of virtual reality and artificial intelligence, identities can be stolen with fixed pieces of data, such as Social Security numbers. And that just covers the people in the world with governments adequate to verify identity. How can companies verify potential customers as real without jeopardizing their privacy?
A blockchain is a database copied across lots of devices so that it’s nearly impossible to tamper with the records; it was created to run bitcoin. At the Blockchain Conference 2016 in New York City yesterday, Mooti CEO Brad Chun argued that people might be more ready to trust their identity to a blockchain company devoted entirely to keeping identity secure. “We’d like to centralize identity to businesses who really know how to handle security,” he said.
He’s not alone. During the day’s last panel, Microsoft’s Yorke Rhodes said, “Identity is one of those pieces of plumbing that we’ll see as very important going forward.” He wrote more on the Microsoft blog, noting that 1.5 billion people around the world don’t have verifiable identities.
The USA PATRIOT Act forced companies that help customers use money to verify their customers’ identities, as the Observer has previously reported. In other words, if a person uses multiple financial services, this exposes them to multiple points of failure for all their identifying information to be stolen. That information can then readily be used to get access to a person’s accounts or open new accounts in their names.
Called “know your customer” (or “KYC” in banking lingo), it sounds logical, but it forces companies that want to do one kind of business (for example, managing the exchange of money) to do very different work just as well (securely storing personally identifiable information). It’s like how the coffee shops inside bookstores are always a bit of a mess. Bookstore managers know how to run bookstores, not coffee shops.
This is not theoretical for Chun, who described how his personally identifying information, including a copy of his passport, was stolen in the infamous Mt. Gox hack.
Yesterday’s gathering was the first time he’s explained what his company, Mooti, has been working on. Chun unveiled Mooti’s first public project, Mootipass, at the event, during the panel on non-monetary uses for blockchains. “This is our take on what we believe the future of identity is going to look like,” he said.
In an identity chain white paper that Chun co-wrote with lead author Andrew Egbert, it says:
Identity chains have a variety of use cases such as voting, authenticated payments, age verification, anonymously verifying logins, and do so in a way which is cryptographically simpler and more secure than previous attempts.
The workings remain a bit opaque to this reporter, but the fundamental idea is simple: put your identity inside a fortress designed specifically for protecting identity, then give vendors, financial institutions and others a way to verify just as much of your identity as they actually need. So, for example, if you can’t download adult content in some country unless you are over 18, Mootipass could verify that you were over 18 without actually revealing whether you are 19 or 90.
Chun gave this example. “Let’s say I’m a dating website,” he said. As the operator, you have the same question as users: “Is this a real person that I’m talking to? … With our system, you can verify a real person is behind that identity.” Yet that’s all you have to reveal: that the person has been verified as a real living human being by other companies, not their exact physical location, date of birth or shoe size.
Every single company that consumers turn over their personally identifying information to becomes a target for cybercriminals operating in the $15 billion realm of identity fraud. That’s why Andreas Antonopoulos called “know your customer” dangerous.
Mooti faces a rival with deep pockets. Rhodes’ blog post says that Microsoft has been collaborating with blockchain startups to build “an open source, self-sovereign, blockchain-based identity system that allows people, products, apps and services to interoperate across blockchains, cloud providers, and organizations.”