Out-Law News 3 min. read
30 Nov 2017, 11:09 am
The Reform think tank said blockchain technology can be used to verify people's identity to allow them to access public services. It said use of the technology for identity (ID) management purposes could be underpinned by 'smart contracts' and brought into practice through the use of smartphone apps and biometrics.
"Blockchain is a unique technology in that it allows the control of identity data to move from government to the citizen, securely and efficiently," Reform said in a new report (16-page / 1.33MB PDF) issued in partnership with Accenture. "It would enable citizens to view their public service identity via an identity app on their smartphone and share relevant data with government to access public services."
"This new model would reimagine the relationship between state and individual, as government would become the verifier, rather than the controller, of people’s public service identity. Estonia, Dubai and Australia are trialling the use of blockchain to transform identity management and the UK must do the same if it is to lead the group of digitally enabled nations," it said.
Blockchain, a distributed ledger technology, is best known for underpinning trading involving the digital currency bitcoin, but it has many other potential uses. Broadly it can be likened to a type of database that, using cryptography, can be operated as a digital public ledger for recording information, such as the transfer of assets between two or more parties.
In its paper, Reform said that blockchain offers governments the potential to move away from a situation where different and sometimes contradictory pieces of data concerning the identity of citizens is held in silos by different government departments. It said that this model of identity management is not secure, efficient or convenient for citizens.
The UK government already has a digital ID scheme called 'Verify', and earlier this year set a target of getting 25 million people in the UK to sign up to it by the end of 2020.
Under the Verify system, individuals using government online services choose a certified ID assurance provider with which to verify their identity. This involves answering security questions and entering a unique code sent to an individuals' mobile number, email address or issued in a call to their fixed-line telephone number. When using government services online thereafter, government bodies are able to rely on the third party verifications of individuals' identities.
However, Reform said there are limitations to the Verify system.
Reform said: "[Under Verify] control of personal data still sits with government. Uptake of Verify has been slow and departments such as HMRC continue to use their own identity model. This is because Verify provides limited information for certain transactions – meaning that departments need to request and check additional data. The new computer system also has trouble matching information with legacy systems."
By using blockchain technology, the government could put users of online public services in control of their data and provide for a new model of ID management, Reform said.
"A blockchain network could be built across several departments and would act as a thin layer on top of current databases," Reform said. "This layer would enable citizens to view their data, via an identity app on their smartphone, and grant government access to it."
"In practice, an individual would have a set of two encrypted keys, one being completely private and the other public, allowing them to share information with public services. Taking the example of the passport, the individual would only use their public key when verifying their information with the Border Force. Government would retain overall authority over the new identity management model through a so-called permissioned blockchain. It would own the network and would decide who else could access and join it. The decentralised nature of blockchain means that all departments on the network agree to ‘one version of the truth’ when information is added," it said.
The 'permissioned' blockchain, that restricts who has access to the network, would differ from the 'unpermissioned' blockchain that operates for documenting transactions made in bitcoin, Reform said.
A new ID management model provided for via blockchain would be underpinned by "smart contracts", Reform said.
"The rules of the new identity management model would be codified into smart contracts which are computer codes that can automatically process data and execute protocols on a blockchain," the think tank said. "Smart contracts could automatically ensure that government departments are compliant with data protection regulation and that databases are accurately up to date. Smart contracts also allow the codification of various rights that blockchain network members have, such as what information could be viewed and accessed and in which form."