A.I.M. - Access, Inspect & Maintain

A hybrid system designed to empower individuals with a sustainable way to access, inspect and maintain unique personal data.

We propose a hybrid digital identification system that leverages blockchain technology coupled with traditional, off-blockchain data storage. While there have been multiple use cases for blockchain technology in identity management systems, none of the existing solutions offer users the ability to fully and unequivocally inspect and manage who accesses their data. Our solution intends to address specifically this gap in the digital identity scholarship.

We focus on two main use cases for which IDs are usually required: (1) proof of identity (i.e., during elections) and (2) data sharing (when opening a bank account). Our system is designed to be technologically capable of offering different solutions for both scenarios as they require different levels of access. When proof of identity is required (use case 1), the system sends a zero-knowledge proof to the service/authority that has made the request. However, when specific data is requested (use case 2), the service/authorities are given access to encrypted data that is limited specifically to the user’s requested information.

From a technical point of view, we would build on top of blockchain technology to provide a inspection and access control layer to off-blockchain storage. While use of blockchain for fine-grained access control to data objects has been proposed before (e.g., by Zyskind et al.), the existing proposal do not monitor who accesses users’ data. Furthermore, existing models like the scheme by Zyskind et al. are not applicable to identity management systems where trust in the authenticity of identity is pivotal. Our proposed blockchain layer allows users not only control over who is allowed access to their identity stored on off-blockchain servers, but additionally keeps track of each and every access made to users’ identity through time-stamped transactions. To establish users’ identity to services, our model relies on zero-knowledge proof for biometrics and iris scans to ensure security of the identification data. For services that require other personal identifiers (such as name, age, address, etc), our model allows encrypted message response, each time keeping track of both who accessed the information and what part of the users’ identity was accessed. This design allows us to keep all relevant parties (users, governments, services, international organisations, etc.) involved and incentivised to maintain the system.

Details of our model are depicted in the figure below:

Individuals are allowed to both grant and revoke access to their identity data through permissions transaction sent over to the blockchain. For any service requesting access to an individual’s identity, its permissions to access data are checked. For each successful transfer of identity data from off-blockchain storage to the service, blockchain nodes record details in a time-stamped transaction, to be used by the individual to inspect all instances of access to their identity data. Through these features, our proposal aims at creating a more sustainable and transparent relationship between the data subjects and the authorities, a relationship that will allow the users to know which authorities accessed their data, preventing potential abuse and making data driven actions more transparent.

In addition to providing secure and private access to digital identity, our system empowers the users to inspect who accessed their data and how much or what data was accessed. Through its design, unauthorised access to private data is discouraged (as all access operations are recorded on the blockchain), users are empowered with more agency in terms of setup, use and management, and mindful data sharing behaviours are encouraged. Our solution is compliant with GDPR’s “Right of access by the data subject” article by making data controllers and processors accountable for their actions as a part of our design.

Instead of having mechanisms that will minimize the negative impacts of the data misuse, our system proactively prevents them by requiring users to grant access to their data on a case by case basis. Our default setting is the maximum privacy and the minimum of data sharing. It is a positive sum solution as it enables privacy without compromising on the functionality and, in fact, enhancing it.

Our solution is designed to keep all key players (governments, users, services, and international organizations) in the game. Since our proposal guarantees protection of each party’s interests within prescribed limits, it incentivizes them to make necessary changes to adopt the proposed ‘privacy by design’ features. Our solution continues to accommodate the use of current storage solutions in use by the developing countries and adds the layer of blockchain on top. This will ensure smooth transition as recollection of identity data from registered citizens is not required.

To account for educational and technological gaps, we aim to provide a training component that will familiarise underprivileged communities with the use of our system. Given that it will take some time before internet penetration rates will increase around the world, we plan to offer an offline solution in the form of “smart cards”, which will work as access keys to our system, allowing greater accessibility and ease of use.

We are operating under an assumption that internet penetration will increase and our solution will become accessible to larger parts of the global population with the time. We envision regional/urban centers/cites that will help users safely access and inspect their data with the help of trained personnel. This will make our solution available to more people and account for some regions where technology might not be readily available in every household.

Our group consists of members that come from fields: computer security, usable privacy, interactive design and social policy disciplines. We are an internationally diverse team from Germany, Pakistan, the US, and Moldova, and represent a range of distinct socioeconomic backgrounds which gives us a comprehensive perspective on this issue. Our diverse academic and cultural background puts us in a unique position to develop our solution by reaching out to appropriate resources and connections across our networks.

While our proposal is currently only a demonstration of concept, the technology behind it is buildable and our solution can be adjusted to fit different contexts and grow as the technological capabilities improve. This makes our proposal also easily replicable by design. In creating our proposal, we tried to use both technical feasibility and innovation, as well as policy and design considerations as guiding principles to create a solution that will be serving multiple communities around the world. All of these particularities offer our proposal the ability to expand fast and reach multiple geographically distant communities.  

Since we are invested in our goal to empower citizens with complete control over their identity, we are looking for opportunities that can help us realize our mission. Mission Billion Challenge has a unique position to link us with resources and experts, who can help us further improve our proposal and increase its chances of wide-scale adoption.

Convincing local authorities and services to adopt our system for the pilot testing program will be challenging given that our proposal empowers the end-users most. We aim to overcome this zero-sum thinking of authorities and services by effectively communicating the benefits they stand to gain by adoption of our proposal. In the wake of recent regulations, such as GDPR in Europe, it is expected that concerned parties will be more receptive to proposals that protect users’ privacy.