The End of Data Breaches? SSI could be the solution

Recent hacks in Australia, such as Latitude, Medibank and Optus is a stark reminder of the vulnerabilities in current systems. Let’s imagine a world where your private details are not stored in a mass database, waiting to be stolen by hackers. Instead, you have total control over your data, providing your private info on a need-to-know basis.

Welcome to the world of Self Sovereign Identity (SSI)

Okay sounds cool, but what is SSI? 🔐

SSI is a big leap forward in how we handle our identity online. It’s all about having one, simplified, decentralised identity — a single account you can use for online services, but with the main kicker that you’re in control.

The cool part? Your data isn’t duplicated across different systems, in different places. Instead of leaving copies of your ID everywhere, SSI only lets various systems access your credentials temporarily. You choose who gets consent and for how long.

Here’s the setup:

1. Holder: That’s you and me. We hold our digital identity in a wallet app or something similar.
2. Issuer: The entities who give you your digital creds, Driver Licence, Passport etc
3. Verifier: The ones who check your creds when you’re proving who you are online.

Currently, every time you share your ID — like with banks or online services — they keep a copy.

This is super risky.

The way I’d explain it is you’re only as safe as the weakest link amongst all these data holders. If a single one of them gets breached, your info is out there and gone for good.

SSI changes this. Your data stays with you, and only you get to decide who gets temporary access. Think personal data vaults.

TLDR, SSI means less duplication, more privacy, and you being in charge of your online identity. It’s simple, it’s secure, and it’s all about giving you the power back.

What does this look like ? 🔍

Imagine Lucy, a consultant from Sydney, traveling to Perth for a business trip.

She needs to rent a car but dreads the usual hassle of providing her Driver Licence at the counter, especially as someone has stolen her ID before.

With her digital wallet/SSI app, Lucy simply scans a QR code provided by the car rental company. The company then requests a verification of her Age, Driver Licence validity and other details.

Lucy gets a notification from the car company and can easily see the requested information and then can consent through her app. This securely verifies her licence is valid and meets the age requirement, without revealing her licence number or birth date.

The process is efficient, secure, and accurate, protecting Lucy’s sensitive information while meeting the rental company’s needs.

How does it work? The Tech Side of SSI 💻

Look it might all sound a bit complex, and to be fair, it can be. Below is a list of challenges and how the tech involved helps to fix this!

Zero Knowledge Proofs (ZPKs)

Challenge: Maintaining privacy while proving personal information and details is a key part of SSI. If your identity details are available digitally for anyone to request, well you’re not really maintaining privacy.

Solution: ZKPs allows an individual to prove a claim is true without revealing any additional information. This technology solves the privacy issue by enabling users to verify their age (or any other attribute) without disclosing their birthdate or any other personal data.

Asymmetric Encryption

Challenge: Secure communication online. When sending sensitive information over the internet, there’s a risk that it could be intercepted and read by unauthorised parties and bad actors.

Solution: Asymmetric encryption uses a pair of keys (public and private) to encrypt and decrypt messages. Information encrypted with the public key can only be decrypted with the corresponding private key, ensuring that messages remain confidential and can only be read by the intended recipient, thus securing communication.

Verifiable Credentials:

Challenge: Traditional physical ID documents can be easily duplicated or tampered with, leading to a higher risk of fraud.

Solution: Verifiable Credentials are digital and cryptographically secure, making them nearly impossible to forge. They can be instantly verified by anyone, anywhere, without the need to physically inspect the document or verify its authenticity with the issuing body, significantly reducing the risk of identity theft and fraud.

Digital Wallets

Challenge: Storing and keeping your personal credentials, data and details in a secure way is really important. If your sensitive information isn’t locked down what’s the point?

Solution: Digital Wallets provide a secure and convenient place to store digital IDs and credentials. Encrypted and protected by the user’s private keys, these wallets ensure that personal information is kept secure, while also being readily accessible for legitimate use.

Decentralized Identifiers (DIDs)

Challenge: Traditional digital identities are often managed by central authorities, which could lead to vulnerabilities from single points of failure.

Solution: DIDs are controlled by the individual, not any central authority. Stored on a distributed ledger, makes them resistant to censorship, tampering, and control by any single entity. This helps users have full control over their identity and personal data.

Sounds good, why is it not here already? ⌚

Look, there’s lots of reasons why it’s not available just yet and to be honest, that’s probably a whole other blog post. But the quick summary below highlights some key blockers:

• Technological Complexity: As you can tell from above, there’s lots of moving parts that requires significant investment of time and resources to get set up.
• Widespread Acceptance: In order to get this working in the real world it requires universal adoption. Getting institutions, Government bodies and other parties on board is a task in itself and requires lots of collaboration and standardisation.
• Regulatory Landscapes: The decentralised nature of SSI challenges current frameworks in Australia. At the moment centralised data management principles are the norm and regulation will need to evolve to facilitate this change.
• Shift in Mindset: The move is not just a technological shift but a cultural one, requiring changes in how trust and identity are viewed. This involves moving from depending on traditional institutions for identity checks to embracing a decentralized system controlled by individuals, reshaping digital trust and privacy.

There are some really cool projects picking up speed like Solid Project, spearheaded by Tim Berners-Lee (the inventor of a little thing called the World Wide Web) which could really assist with privacy and SSI.

Solid (stands for Social Linked Data) helps represent the principles of SSI by allowing individuals to own and control their data through Personal Online Data Stores (Pods) that act like secure personal web servers for your own data. It’s an exciting example of how the web can be reimagined to empower users directly.

• Any kind of information can be stored in a Solid Pod.
• You control access to the data in your Pod. You decide what data to share and with whom (be it individuals, organisations, and/or applications). Furthermore, you can revoke access at any time.

It’s pretty cool stuff — but maybe that’s just my inner geek talking

Your Identity. In Control. In Your Hands 🤝

Data breaches have become too commonplace. SSI helps fix this.

A future where your digital identity is as secure as a secret vault, yet as accessible as your smartphone.

A future where you decide who gets access to your personal information and on what terms. With SSI, that control can be strongly within your grasp and we longer need to feel like bystanders when companies we trust lose our data to hackers.

If you’re a dev that want’s to jump in or you’re simply just interested, I highly recommend checking out Solid a bit more. There’s already apps using this tech you can use and check out this 5 minute video explaining Solid