Cryptocurrency fortunes have been made and lost in what often seems like the blink of an eye, but blockchain is no longer just about money.
Indeed, what started as a proof of concept for the development of a techno-libertarian financial currency is now attracting serious interest (and venture capital) for its "silver bullet" status in the realm of things cyber.
Blockchain technology has been used in elections--first in Sierra Leone (as a much-debated proof of concept) and also in a pilot test in West Virginia. While it is still unproven, blockchain technology may offer protection against the election security issues of the non-Fake News variety that beset the 2016 presidential race. As a cyber defense weapon, it has also been pointed at the identity theft plague and the various security issues faced by banking, investment companies and real estate.
The potential decentralization, or perhaps, de-privileging, of data security protocols as well as the way data is distributed, is undeniably exciting. That said, it's important to remember a lesson from the dotcom crash, that excitement can easily get in the way of common sense, pragmatism, and skepticism, and when it does, bad things happen. This holds true whether we're talking about big-picture tech whizbang or the microcosm of our personal choices in the realm of things cyber--such as how we manage our identity portfolios.
ID Management, Blockchain-Style
Many companies are starting to develop tools that aid in personal verification and authentication processes: IBM blockchain, Atencoin, Blockauth, Blockstack, Blockverify, Cambridge Blockchain, Cryptid, Evernym, Identifi, OIX, UniquID, uPort to name a few.
Civic is another such personal identity cybersecurity tool that uses distributed ledger technology--or blockchain--to manage online identification, verification and authentication, making these tasks easier to manage, faster and more cost-effective.
Like many of its competitors, the tool Civic has created is a good fit for enterprises with KYC (Know Your Customer) needs--banks, utilities, insurance companies, retailers, healthcare providers, etc. Civic is singled out here as an illustration of how these tools work rather than as an example of best-in-class--a status that no company has yet attained in this new cybersecurity area.
The goal with all these distributed ledger verification tools is to provide a fast way to determine a user's identity using blockchain-stored data--information that can be neither deleted nor changed without creating a permanent record of those actions (in other words, it's secure).
The Civic model, as with the other companies developing similar solutions, share design DNA with proven identity management systems, most notably the Estonian government's approach to personally identifying information. There is a well-considered data protection architecture beneath every function and feature, both regarding where and how data is stored as well as how it is moved and accessed.
Civic's verification tool is based on the Etherium platform, which is both a cryptocurrency and a platform upon which to develop other blockchain apps. (There's no easy analogy to it, since it's a fairly new concept with entirely new applications.)
The Civic tool works by dint of a network of users, validators, and service providers. Users store their personal data for verification purposes. Civic doesn't store any PII on the distributed ledger--but rather references to it, which validators find, providing attestations that the person looking to be verified is who they claim to be for a "fee" paid in CVC tokens.
Are We There Yet?
Nope. There are still unresolved issues around the best way to upload the data references in the verification processes required to make blockchain authentication possible. For example, to use Civic, you need to download the company's Secure Identity app (there are mobile and web versions), and therein lies the problem.
Mobile and web apps can be hacked even if they rely on secure technology, and since setting up the Civic Secure Identity app requires your name, address, Social Security or tax identification number, passport number, driver's license, etc, there is at least the potential for trouble.
What could go wrong? You name it. In this day and age where security breaches and data compromises are the third certainty in life, it is more than a stretch to accept on blind faith that a company receiving such a treasure trove of personally identifiable information is protecting it flawlessly.
Regardless, apps get hacked sometimes, and devices get hacked all the time. For just one of the countless ways things could go sideways, consider what would happen were the device used to register for blockchain identification verification infected with keystroke recording malware.
Another issue is blockchain itself. While it is supposed to be more secure, it's fallen victim to many hacks--coin exchanges have been pieced, hardware insecurity in wallets discovered, phone apps cracked.
Yes or No?
Rumors of the world's first blockchain-enabled national election were greatly exaggerated, and let's not forget that there are probably more than a few traders out there who would like to forget an iced tea company's 500% increase in stock price after adding "blockchain" to their name.
Unless you're trapped in a soap bubble floating over Loon Lake in the murk of a total solar eclipse, you know digital currencies are unpredictable. You might even know that their value can be manipulated in the same way as "real" money can. So, is blockchain safe?
While the answer is yes and no, this doesn't mean skepticism should prevail here. The same exuberance that propelled dotcom-era stock prices ended up being in some instances way beyond prescient. The internet did change the world, and there was in fact a market for delivered pet supplies, books, diapers. The number of internet-enabled devices has and will continue to skyrocket.
Blockchain looks to be on a similar course, especially when it comes to the nature of identity, but we should wade into the water slowly.