The identityplatform IRMA

The free open source IRMA platform provides privacy-friendly attribute-based authentication and signing, free and accessible for everyone.

Attributes are small pieces of personal information, like name,
address, gender, phone number, date of birth, bank account, email
address, social security number, passport number, age limits, loyalty
statuses, credit statuses, etc. In attribute-based authentication one
discloses precisely those attributes that are relevant in a particular
context.  For instance, someone who wishes to play a certain game
online may only need to prove to be older than 16. Such data
minimization is not only privacy-friendly but also protects against
identity fraud and extensive profiling.

IRMA is the the name of an attribute-based identity platform that is
based on advanced cryptography (zero-knowledge proofs and multiparty
computation). It builds on the Idemix work from IBM Zurich,
Switzerland, from the 1990s and was taken up and further developed at
Radboud University Nijmegen, The Netherlands. A bit more than two
years ago the not-for-profit spin-off foundation Privacy by Design was set up
to further develop and roll out the IRMA technology, first in The Netherlands,
and then beyond.

IRMA is open source and its software is publicly available via Github.
It is avalailable worldwide, see the dashboard that describes the
countries and numbers of registrations of the IRMA app.
Clearly, most registrations are in The Netherlands (around 90%), but they also
happen in many other countries, including the developing world. These
registrations typically come from people trying out the technology.
More concrete interest has been shown for instance by a government
delegation from Kenya, on a Unicef-sponsored visit to The Hague in
nov. 2018.

Within the Netherlands IRMA is connected to various official
registers. IRMA users can obtain personal attributes in the IRMA app
on their phone from official government registers, from banks, from
registers for medical professionals, from universities etc. In each
new country where IRMA will be introduced such new trust anchors need
to be established. IRMA thus forms a culturally/nationally sensitive
identity platform, since in each environment it can be filled with the
attributes that are relevant and appropriate there. It is made for
diversity, unlike the single-identifier logins provided by the major (global)
IT-companies.

IRMA uses a decentralized architecture where attributes are stored
exclusively in the IRMA app on the users' phone, and nowhere else. Disclosure of attributes for authentication happens in direct contact between the app and a website, without involvement of unnecessary intermediate parties that can build up personal profiles (such as with Facebook Login). Similarly, issuance of attributes happens in direct contact. This decentralized architecture makes IRMA into an ecosystem where participants can benefit from the contributions of others. In  this distributed set-up the foundation behind IRMA has only a limited role, so that costs are almost zero. Only issuers of attributes need to pay a modest amount to the foundation for access that allows them to write attributes into the app. For all others involved, IRMA can be used free of costs.

IRMA is based on value-driven design and promotes public values, including diversity and inclusiveness. It uses advanced cryptography for secure and privacy-friendly contextual authentication and signing. IRMA's security- and privacy-by-design has a decentralized architecture in which sensitive personal authentication data is stored exclusively on users' devices and is used without unnecessary intermediaries. Users fully control their data for authentication and signing via their own phone. IRMA is available worldwide, free for users and verifiers (like webshops). It is culturally sensitive since different attributes can be used within different communities in line with local laws and customs.

IRMA's privacy by design is demonstrated in several  ways:

1. Its authentication (and signing) is attribute-based, so that different attributes are used in different contexts, in line with Helen Nissenbaum's context-dependent view on privacy.

2. Non-identifying attributes, such as gender, or "younger than 15" can be used for access, without revealing identifying information. Moreover, the cryptography guarantees that if you reveal such attributes twice to the same verifier, they cannot be linked

3. A user authenticates directly to a verifier, and not via an intermediary (like with Facebook login), so that unnecessary privacy hotspots are avoided.

The IRMA ecosystem requires very little expensive centralized infrastructure, because it uses a decentralized architecture. It runs on smart phones, which are widely available in many developing countries nowadays and does not required handing out new cards. IRMA does need existing or new registers where users can collect relevant attributes, but phone companies can provide such access where government registers are not so easily accessible. The software for issuing and verifying attributes is all available for free, as open source.

IRMA is a digital identification system itself. It does need to be integrated with registers of attributes that can be used as source, see the previous point.

The IRMA solution is completely open source, including the software for issuing and verifying attributes, so that there is no vendor lock-in. This software connects to widely used standards such as SAML.

The IRMA app has been developed in close cooperation with usability experts, but has been tested so far mostly in a European context. The app's interface is written in React Native and can be adapted easily and flexibly to other environments, with more pictures and less text.

IRMA users should be online, requiring connectivity, but not with a high bandwidth since IRMA attributes are only small pieces of information. IRMA does not work on very old phone models, which might be an issue. Introduction in new countries however, will probably happen gradually, so many phones will have been upgraded.

A system like IRMA can really empower individuals to carry out economic activities online, in a reliable manner, without additional identity-related costs. Through authentication, people can reliable prove their identity and thus obtain access to high-value services, either in finance or in care. Via digital signature they can really do business online, with reduced levels of fraud, and higher trust, since offers and transactions can be signed by all the participants involved. The fact that IRMA offers both authentication and signing can boost the economic power of individuals, without the need to rely on heavy (expensive, monopolized) infrastructure.

The Privacy by Design foundation has set-up a strategic partnership with SIDN, the national domain name registrar in The Netherlands. SIDN is also organised as a not-for-profit foundation, and thus a natural partner.  SIDN professionally hosts the server infrastructure needed for IRMA.  In addition the foundation has managed to develop cooperation with several partners, esp. in local government and health care, for the issuance of many kinds of attributes.

The chair of the Privacy by Design foundation, Prof. Bart Jacobs, is an (inter)nationally well-known scientific expert in privacy and security. In 2017 he was ranked "most influential computer security expert" in the Netherlands. He is frequently in the media and regularly consulted as external expert in Parliament. This media access provides IRMA with much positive exposure. In addition, the IRMA team has discussed with a visiting Kenyan delegation and has also been in contact with the Dutch Immigration of Office about using IRMA as first form of identity for refugees that arrive in The Netherlands.

- Sale of access to issue attribute to phones: everyone can verify IRMA attributes, but access to the app for issuing is limited to keep the system "clean", but this also offers a revenue model

- Paid service and advice on IRMA usage

- Paid sofware integration for third parties

- Funding for research projects

When the internet was designed in the 1980s, no protocols for securely establishing the identities of communicating parties were included in its design. While understandable from a historical perspective, it has created serious problems down the road. IRMA has as ultimate point on the horizon to provide a global privacy-friendly and secure identity infrastructure. Towards such a global adoption developing countries may play a crucial role, since much of the developed world (esp. the US and China) identity is already dominated by privacy-unfriendly platforms. This Challenge can help to give global exposure to the IRMA platform.

- Possible growth that is faster than the Privacy by Design foundation can handle at this stage. This requires finding like-minded partners in time.

- Opposition of powerful established proprietary platforms whose position may at some stage be threatened by an open and low-cost identity platform. Broad public support and adoption provides the best protection.

Support from the Mission Billion Challenge may contribute to overcome both barriers.