While India’s Aadhaar system of digital identity has been held up as an example of efficient modernisation and forward thinking, it has its dark side: as Quartz reports, data breaches.
Obviously, any information online is vulnerable to leaks and hacks. And when it comes to personal information, those come at a cost – even if there is no direct monetary loss, the focus on privacy and natural rights throws into question the “platformisation” of our daily lives. In democracies, this could well lead to a pedalling back of reforms, and a pervasive suspicion of technology in general, neither of which would be good for growth.
Privacy is something that needs to be debated, though, especially in this increasingly connected world. Over the past few decades, personal space has taken on a whole new meaning, as has crime. And our understanding of natural rights is developing, along with what could be perceived as infringements.
Rumblings of discontent over government interference were present in India even before Aadhaar rolled out. Recently they have been growing in volume, even taking the shape of lawsuits.
The official response to a particular challenge in 2012 was startling: there is no fundamental right to privacy under the Indian constitution.
This week, the Supreme Court overturned that statement, declaring that privacy is, indeed, a fundamental right.
The intensity of the questions will no doubt get kicked up a notch. What does that mean? What are the implications for digital identity? Can we safely combine privacy and connectivity?
Unpacking this case, we uncover many other fundamental issues: the impact on humanity of the relentless march of technology; the separation of the courts and the government; the cost we are willing to bear for improved efficiency… And that’s just scratching the surface.
A deeper consequence, perhaps the most important of all, is that the development of Aadhaar in India has shed light on how little we comprehend about fundamental concepts, and how the big picture gets lost in the scoreboard of goals achieved.
Hopefully the matters under consideration will awaken deep debate, and get renowned thinkers from all fields involved in the conversation. The whole world should listen, and join in, for we all stand to benefit.
With this, we can hopefully move towards a deeper understanding of what privacy actually means.
While looking into passports for sale the other day (not for me, you understand… not yet, anyway), I came across a name that I had heard before but knew very little about. So I did some digging and almost had my mind blown.
The Sovereign Military Order of Malta – also known as the Knights of Malta, or Knights Hospitaller – is a religious order with ties to the Holy See that dates back to the early 12th century. But, it is also an independent, sovereign subject of international law.
Its mission is still, almost 1000 years later, to care for the sick and infirm, especially those displaced by conflict. As well as its 13,500 members, it has 80,000 volunteers and employs approximately 25,000 medical personnel.
So, it is an NGO with sovereign status. It can negotiate with other governments as a sovereign entity. Other global NGOs such as Caritas, Greenpeace and Médecins sans Frontières need the backing of a sovereign power. The Knights of Malta don’t, because they are one.
It doesn’t have any territory, except for two buildings in Rome, both of which have extraterritorial status (which means that they are technically not part of Italy – much like embassies).
In 1998, however, it signed a treaty with Malta for the use of the upper portion of Fort St. Angelo in the city of Birgu (for the next 99 years). Technically, this will also be a sovereign territory, but the Order will not be able to grant asylum to anyone, and Maltese law applies. At the moment, it appears to be used for historical and cultural activities.
And get this: the Sovereign Military Order of Malta can issue stamps, currency and passports.
Three of them, to be precise. The Order issues passports to the Grand Master, the Deputy Grand Master, and the Chancellor of the Order.
It has diplomatic relations with over 100 states, including the European Union, which means embassies. It also has observer status at the United Nations (along with the Red Cross, the Council of Europe, the African Development Bank, the European Organization for Nuclear Research and a host of other not-for-profit academic and regional associations), which entitles it to participate in the work of the UN General Assembly.
What I find most intriguing about this is the concept of sovereignty being granted to an organization that has no territory and no citizens (sort of). True, it was granted almost a millennium ago, and no government has dared to attempt to alter that.
Personally, I hope that they never do. I find the mix of chivalry and honour, combined with the long reach of history, totally captivating.
And the notion that sovereignty does not always require the traditional parameters of borders and citizens opens up a new understanding of what could become possible as identity is redefined.
According to an article I stumbled on in Fortune, approximately $2bn a year is spent on buying citizenship. The exchange is usually dressed up as real estate or business investment and a certain minimum is generally established, but the purpose is clear, and an increasing number of nations are making good money on this.
For example, an IMF report from 2015 puts the income from selling passports for St. Kitts and Nevis at about 25% of GDP. While the economy is small, that is still a staggering statistic.
A recent report in the Financial Times highlighted this growing global phenomenon from a tax perspective:
“The search for second passports and offshore havens is beginning to take on a last-helicopter-out-of-Saigon urgency as capital controls, tax reporting and visa procedures tighten up around the world.”
Other reasons cited are political instability and fear of persecution. According to the IMF, there has recently been a surge of wealthy Chinese and Russians buyers, with an increasing number coming from the Middle East, where tax avoidance is obviously not the issue.
This raises the question: why shouldn’t citizenship be a commodity?
What does citizenship actually mean?
According to Merriam Webster, a citizen is “a native or naturalized person who owes allegiance to a government and is entitled to protection from it”. So, it’s an exchange of allegiance in exchange for protection.
Why, then, is it not transferable? If your state is not protecting you, why can’t you transfer your allegiance to one that will?
Because citizens are considered resources by the countries they are born into. They work, which contributes to economic development. And they pay taxes, which contributes to public finance. This “what’s mine is mine” mentality also explains the concept of capital controls imposed by some countries to stop citizens from sending their wealth abroad.
In the increasingly free market world in which we live – in which we can choose who gives us our electricity, phone service, groceries – it is extraordinary that a similar philosophy isn’t being applied to citizenship. If governments actually had to convince (rather than force) their people to stay, it’s very likely that there would greater efficiency and less corruption in government spending.
If market incentives came into play, the role of government could evolve to focus more on protection and service. Tax rates would be more directly associated with the amenities offered, and citizenship would become a matter of proud choice rather than limiting obligation.
A totally free market concept, though, would perhaps leave the geopolitical balance vulnerable to instability. If a country cannot, for whatever reason, compete with another then the unstoppable flow of people would leave one poor and bankrupt, which would open up the temptation of annexation or even invasion.
And it’s not hard to envision circumstances beyond a government’s control. Natural disasters, a lack of natural resources or poor geography could condemn a nation to poverty and chaos, no matter how pure the government’s intentions. The resulting flood of people to neighbouring regions would put a strain on the receiving country’s resources in the short term, until the entrants find their feet and start contributing.
Along with aid from international organizations, nations depleted by exodus could be helped by the offering appealing amenities at relatively low prices. Attractive investment opportunities, for example, or education facilities, or simply relative stability. As with businesses, the affected governments would need to develop a differentiating offering to attract citizens.
As the article in Fortune pointed out, the possibility of buying citizenship exists, but the choices are limited and available only to the very rich.
Now, bring into the picture the concept of blockchain-based sovereign identity, in which a person’s official name does not depend on a state-issued document, but can be held securely and electronically by each individual. No government would have the right to take that name away, or to pretend that the person does not exist – a blockchain-based solution could ensure that. This name could be assigned the nationality it chooses. It would also reveal any financial or even criminal history, if applicable, which – on a blockchain-based solution – could not be retroactively altered.
Add the financial commitment of a purchase, and you can begin to imagine a whole new business model. Individuals that cannot afford the initial purchase price could enter into a financing agreement with one of a range of approved institutions, and pay the lender back through future earnings, possibly with the help of subsidies from the receiving government.
This could lead to selection bias – only those with reasonable prospects would be welcomed by their chosen domicile. After all, criminal records would be harder to hide. This could lead to some unfair calls, but since the bulk of anti-immigration sentiment usually stems from fear of increased crime, some sort of filter could end up making immigrants more readily accepted by their new neighbours. Those that through no fault of their own end up being blocked could perhaps be eligible for additional aid and/or the opportunity to seek a sponsor.
Education would also be easier to prove, as verified certification could be added to the identity’s history. Governments could even end up “bidding” for the best-educated immigrants.
The paperwork involved would be eased by the validation inherent in a blockchain platform. And the immigrants would have a much easier time integrating, as access to financial services, accomodation and utilities would be helped by reduced documentation and history requirements.
Cost vs benefit? It would be up to individual governments to decide what they offer, and at what price. This quasi-free market approach would have effects beyond that of economic value. It would make governments more conscious of their role, and see it less as a privilege and more as an opportunity. (Imagine if public salaries were tied to the results of satisfaction polls…). Also, citizens around the world would be more conscious of what their government does for them.
Obviously the idea is a lot more complicated than the brief suppositions laid out here. But passport shopping is already an economic fact. Should it be only available to the very rich?
Blockchain technology could offer the breakthrough that will enable the activation of sovereign identities tied to convenient nationalities – while at the same time incentivizing governments around the world to better understand what their purpose is.
An issue is currently being debated in India’s courts that could affect the development of blockchain-based identity programs worldwide.
I’m talking about the Aadhaar platform, which is leaving a trail of takeaways for others to learn from.
Given the proliferation of startups and official institutions looking at the problem of self-sovereign, immutable digital identities, a look at Aadhaar’s successes and obstacles could help with the design of lofty goals and sweeping implementation.
In 2010, the Indian government issued the first Aadhaar identity number, a unique rendering of personal data, with the aim of documenting all of India on a digital platform using biometric identifiers.
That in itself is staggering – how do you coordinate the inscription of 1.3bn people, including the scanning of fingerprints and irises for each individual?
The first main takeaway is that it is possible. In just over 6 years, approximately 1.15bn people have been issued Aadhaar numbers, including almost 100% of the over-18 population. That’s more than the entire populations of the US, Europe, Australia and South Korea combined.
True, it took a massive rollout of administrators and digital readers, but the Unique Identification Authority of India (UIDAI) showed that it could be done. At its peak, over 1 million people were being processed each day.
Second, certain rules need to be set out from the beginning. Is the program mandatory or optional? If mandatory, how will enforcement be carried out? If optional, how will the old and new systems cohabitate?
The Aadhaar program is optional. But a recent amendment to the Income Tax act stipulated that an Aadhaar number was required to file a return – which pretty much makes it mandatory. Last week the Supreme Court upheld this law, but also ruled that those without an Aadhaar number should still be able to pay taxes, until the broader privacy issues can be decided by the Constitutional bench. On the one hand, good news (for now) for privacy activists and for citizens who don’t (for whatever reason) have a card. On the other, an administrative mess for the government, which could have been mitigated with clearer parameters at the outset.
Also, one of the main incentives for the government is the opportunity to streamline administration and reduce “leakage”, the amount of aid paid to “false” identities. However, there is still some confusion as to whether or not an Aadhaar number is a requisite for government aid. Several official agencies seem to think that it is, but the Supreme Court has ruled that it isn’t.
Furthermore, while the first cards were introduced in 2010, legislation backing the project (the Aadhaar Act and the Aadhaar Regulations) did not pass until 2016, and is often criticized as being unclear.
Third, the privacy issue will always be a problem, however great the efficiencies. Concerns have been raised about the lack of clear regulation on the process of sharing identity information, as well as the lack of redress and appeal if you feel your data has been mishandled.
The Aadhaar Act mentioned above authorises any official at the level of District Judge or higher to access an individual’s identity information, excluding the biometric data – that limitation doesn’t apply to officials with rank of Joint Secretary or higher. Given India’s reputation as the “most corrupt country in Asia”, this raises some concerns.
And while the government understandably wants to standardize administration, some groups are raising the alarm over the volume of data on each individual the government would have in its power, the capacity for tracking and the spectre of mass surveillance.
The fourth lesson, a surprising one, is that biometrics are complicated. It turns out that not everyone has fingerprints that lend themselves to being scanned. Apart from the very young, manual labourers often have worn hands due to repeated handling of rough objects. One area in north Delhi reported a 10% fail rate when reading fingerprints.
The same goes for eyes – the elderly often have degraded irises, so getting a clear reading can be challenging.
Fifth, even with biometrics, falsifications will emerge. In some cases, inscription agencies took advantage of a rule that said that biometrics were not always required (if fingerprints or irises were not clear, for instance), In others, hackers were able to bypass the scanning requirements.
Sixth, census statistics are unreliable, which makes it more difficult to plan and implement projects that affect populations. The Aadhaar web page shows what percentage of the population are inscribed, by province. In Delhi, that reaches almost 120%. It turns out that the population figures are “estimates”.
Seventh, “inclusion” is elusive but possible. While bringing undocumented citizens “into” the system was touted as one of the main goals – millions of people don’t even have a birth certificate due to an inefficient registry system – apparently almost all of those who enrolled in Aadhaar already had an official ID.
So, what about those without? Over 200,000 undocumented citizens took advantage of the “introducer” option, in which someone with an Aadhaar number vouches for someone with no official identification.
And, it’s worth noting that the Aadhaar number does not substitute a government-issued ID, so it cannot be used for cross-border travel, for instance. However, Aadhaar holders without any other ID can now get mobile phones and open bank accounts, something that they couldn’t do before.
Takeaway number eight is that any broad platform needs to be designed for growth. Even after the successful rollout and the years of experience with the system, experts admit that they don’t know what else the platform will be adapted for, or what other functionalities will be built on top. However, Aadhaar has been designed to allow other private and public applications, and already innovations and apps are emerging from the ecosystem.
The hope is that Aadhaar will become a “universal id”, in that it grants the holder access to a wide range of services. Also, it aims to reduce onboarding expenses for businesses such as mobile operators, landlords, employers and even banks, allowing them to bypass most of the cumbersome KYC requirements by using information already in the system.
The last lesson is to question the technology. Aadhaar is not a blockchain solution. That in itself calls into question the need to use the blockchain for national identity. If the verification of the data needs to be centralized, and if transparency is not a fundamental feature, then a distributed database could suffice.
True, the idea of identity being centralized in the hands of the government may be disquieting to many. But for a digital version to be useful on a national or pan-national scale, it needs to be accepted by the jurisdictions in question. What will incentivize governments to cede control over the fundamental role of granting citizenship?
The Aadhaar project is encouraging in that it is leading the way in showing what can be done today. Blockchain technology, however, allows us to contemplate other forms of identity, new uses for that information, and evolving roles for government. It is inviting us to think about what could be done tomorrow.
The search for the holy grail of blockchain technology – robust, global and easy-to-use identity solutions – seems to be picking up.
When you think about it, all blockchain applications rely on identity. Your bitcoin wallet, trade finance operation, connected device and energy transaction – they all count on data originating somewhere. The degrees of available information about the identity may change according to the application – but everything needs to have a reliably-identified origin and a destination, even if it’s just aseries of characters.
So it’s understandable that activity in this space is heating up.
What’s staggering about this is the public acknowledgement by all involved – competitors as well as tech incumbents – that identity has to be a collaborative effort. From realizing that “data is the new gold” to being willing to share that gold (in this case, identity data) with others in the ecosystem is a huge step. It’s a step encouraged, though, by the knowledge that a solid digital identity is not very useful if it can only be used in limited applications. That’s pretty much where we are today, with different logins for each website, and repetitive information needed for each sign-up.
There is so much more going on in the identity space that volumes could be written (and I will get around to it), but for today I just want to take a brief look at the members of the consortium, to get a feel for the type of products that could emerge:
Microsoft has been working on decentralized identity for some time. Over a year ago it partnered with ethereum consultancy ConsenSys and startup Blockstack Labs (more on them below) to build an open-source identity platform aimed at integrating the bitcoin and ethereum blockchains. Earlier this year it announced a new partnership with startup Tierion (more on them below) to investigate how decentralized identities linked to a blockchain could validate data, claims and agreements.
Professional services giant Accenture doesn’t seem to have been quite as active on the blockchain-based identity front, but its work on blockchain in general has been ramping up, with the unveiling of an innovative hardware solution for the protection of private keys.
Tierion has built a platform that creates a verifiable record of any data, file or business process on the blockchain. It is currently working with Microsoft on blockchain-based attestations (= something that confirms and authenticates) and with Dutch giant Philips on an unspecified project in the healthcare sector.
Gem pivoted in early 2016 away from bitcoin APIs to custom blockchain applications focusing on healthcare and supply chains. It is working with US financial services company Capital One in blockchain-based healthcare claims management, and Philips Healthcare on the creation of blockchain-based wellness apps, global patient ID software and secure electronic medical records. Its web states that it is also working on “global identifiers to link together data belonging to a person or asset, eliminating time consuming reconciliation, providing real-time transparency, reducing risk and creating better outcomes”.
Blockstack is building a “decentralized internet”, in which the content is pulled from peers rather than from centralized servers. Users access locally-owned apps and websites via a login based on identity… that the user owns. The startup began life in 2013 as Onename, which registered blockchain-based domain names. Initially built on the Namecoin blockchain, the system migrated to bitcoin and now also supports ethereum and zcash.
Netki was founded in 2014, and early the following year launched an innovative wallet naming service. It has since developed a system for blockchain-based identity in which a user’s details are not recorded on the blockchain itself, but on an application layer that allows for the system to work on multiple protocols. It is also a member of Hyperledger, and has contributed its work on digital identity solutions for worldwide regulatory compliance and legal non-repudiation. Late last year it participated in the launch, together with PwC, Bloq and Libra, of an enterprise platform based on bitcoin, called Vulcan Digital Asset Services. Its service is part of the IBM blockchain ecosystem. And at Consensus last month, it announced its collaboration with Barbados-based exchange Bitt in the compliant on-boarding of customers.
Uport was built by ethereum consultancy ConsenSys, with the aim of creating an open-source identity service on the ethereum blockchain, in the hope of giving users control of their information. Crypto exchange Coinbase has indicated that its messaging app Token (currently in testing) will include support for Uport’s identity service.
Berlin-based BigchainDB was originally Ascribe, a blockchain-based art authentication service. Since then the firm has rebranded, and now focuses on developing blockchain solutions for enterprises. It offers a combination of blockchain-like features with some traditional database characteristics, such as noSQL query language and faster transaction rates. In early 2016 it launched the IPDB Foundation, a non-profit aimed at developing the ecosystem around a new kind of blockchain-based database, built to serve identity and licensing needs.
The not-for-profit Sovrin Foundation (created in 2016 by blockchain startup Evernym) has an international board of trustees that includes representatives from banks, credit unions, education and retail. Its goal is to develop an ecosystem around a ledger (built and contributed by Evernym) on which individuals control their identities. It recently handed over its Project Indy – an identity solution built on a hybrid blockchain platform – to the Hyperledger consortium (of which is is a member). One of the innovations is that the identity information is never written to the ledger. Bits of it get anchored to the ledger, so there’s proof it existed on a certain day.
Civic launched in 2016 to stop identity theft, and recently announced the launch of a login authentication service – a blockchain-based platform that will offer users the chance to develop one digital identity, and use that to log in to any website without being tracked. Civic users will be able to prove their identity when logging in, without sharing that information with the website.
IDEO is an international design and consulting firm. Its research arm IDEO CoLab has identified blockchain technology as one of four key technologies that will impact society.
Mooti has developed a blockchain-based service that not only protects your identity, but will also validate the relevant components for web services or logins, without actually revealing information. Like Netki, its “Identity Chain” is part of IBM’s blockchain ecosystem.
Blockchain Foundry grew out of Syscoin, a cryptocurrency and protocol that allows near-zero cost financial transactions on a wide variety of marketplaces. The foundry focuses mainly on data security, leveraging decentralized networks, and later this year will roll out proof-of-concepts for medical, legal and real estate applications.. Last year it incorporated into Microsoft’s Azure platform, offering e-commerce solution Blockchain Market.
Iceland-based Authenteq offers automatic identity verification that can be installed via an API on just about any online marketplace or website. Its goal is to increase trust in P2P communities.
Taqanu, based in Norway, is developing banking services for people without a fixed address. It offers financial inclusion to refugees and others without a fixed address, by offering them a blockchain-based self-sovereign digital ID and the chance to accumulate a credit history.
Cybersecurity company RSA – known for its work in encryption, identity and cyber threat detection – has been ramping up its involvement in the blockchain space, giving sector startups an increasing amount of attention at the company’s renowned cybersecurity conferences.
South Africa-based Consent initially launched in 2015 with the goal of helping secure the integrity of medical records on a blockchain, but soon widened its scope to include financial know-your-customer (KYC) processes.
Danube Tech was set up in Vienna in 2015 to develop technology related to digital identity, such as blockchain-based identifier registration infrastructure including personal clouds, data transfer protocols and connectivity.
IOTA has focused on developing a blockchain for the Internet of Things, with fast throughput of micropayments. The protocol makes users and validators the same entity, eliminating the need to charge transaction fees. One of its current partners is German electrical utility’s R&D group Innogy Consulting.