Self-sovereign identity - ecosystem of digital identities

The legal framework for internationally recognized decentralized identities is currently being developed. After the Swiss electorate rejected the e-ID in 2021, Swiss legislators are aiming for a self-managed identity SSI. The consultation on the new law is due to open in mid-2022. The EU has created a framework for a European SSI, and pilot projects are planned for the coming years. North America is also following this path: the standardization organization W3C is currently developing a standard for self-sovereign identities. From a data protection perspective, the SSI is a good solution: it works in line with the currently widespread regulations on the processing of personal data. Decentralized identification also makes data management easier for providers: Thanks to the peer-to-peer nature of SSI, there are fundamentally fewer service providers involved in the data management chain. And because they store less sensitive data, data breaches have less dramatic consequences.

The decentralization of SSI is a paradigm shift: it is no longer the providers who manage authentication data, but the users themselves. To do this, they store verified identity data - known as credentials - in a wallet on their smartphone or other device. From a driver's license to a certificate to social media history, these credentials are far broader in scope than an analogue passport or identity card. An issuer certifies the accuracy of the credentials electronically - and the providers, known as verifiers, also check them electronically. The owners of the wallet - the holders or users - decide which data a verifier sees. Because they, and only they, have sovereignty over their data - a privilege that also comes with obligations. Anyone who loses their wallet, for example, must take care of replacing all ID cards and documents. This eliminates the need for complicated login procedures and the associated password management.

An SSI has many advantages. Banks, for example, benefit from the recognized digital E-ID: instead of going to a local branch or going through a complicated online identification process, all the customer has to do is pull it out of their wallet and have the required credentials ready. Car rental will also be easier thanks to SSI if there is no need to copy ID cards and driver's licenses. Renters may even be able to get in and drive off straight away because the smart car finds and checks the vehicle key as a verifiable credential (VC) in the wallet.

Digitally certified documents such as certificates or diplomas also make the digital application process easier - and potential employers automatically check the authenticity of the documents.

In order to grant a youth or senior discount, the person's age must be known. However, there is no need to disclose the exact date of birth to a transport company or museum. If you also consider that 99.999% of all people in Switzerland are clearly identified by their full name and date of birth, it becomes clear that processing the date of birth is particularly critical from a data protection perspective.

Thanks to SSI, e-commerce merchants benefit from an immediate credit check and a fast payment process. And with a credential that is directly linked to the buyer's bank. Buyers can also be sure that they are paying with the right bank.

Credentials are not necessarily limited to individuals. Companies and institutions can also receive an SSI and use it in communication with customers and suppliers. For example, this could be the new bank relationship for invoicing customers or the current extract from the commercial register for suppliers and partners. It would even be conceivable for autonomous vehicles to have their own wallet, which they could then use to operate economically autonomously with toll booths or garages, for example. In this case, their “identity” would be linked to the vehicle identification number, for example.

These examples show that the potential of SSIs is enormous. If the state solves the chicken-and-egg problem of introduction, more and more use cases are likely to be economically viable. Especially as digitalization continues to make giant strides. The McKinsey Global Institute has predicted that by 2030, the use of digital identities will generate an economic value of 3% of gross domestic product in industrialized countries and as much as 6% in emerging countries.

In order to grant a youth or senior discount, the person's age must be known. However, there is no need to disclose the exact date of birth to a transport company or museum. If you also take into account that 99.999% of all people in Switzerland are clearly identified by their full name and date of birth, it becomes clear that the processing of the data is not necessary.

Despite all the advantages of a self-sovereign identity, there are also challenges. For example, how do you ensure that the issuers are really trustworthy? One solution is to set up trustworthy directories. Issuers - for example a health insurance company - can have themselves checked here and receive an entry that verifiers and holders can view. For public authorities, a state directory is a good option. This is a way of managing trust. Another problem lies in the life cycle management of credentials. How can they be updated in a legally compliant manner? What happens if someone loses their wallet or a credential has an expiration date? Here, too, it is important to find a way to create digital trust.

Even if there are still unanswered questions: Self-Sovereign Identity will unleash enormous economic value. If you want to gain initial experience with it now, you can use existing open source technologies. With a successful proof of concept, companies can recognize the possibilities of the new technology and exploit them more effectively. After all, SSI is much more than a digital identity card: it takes the concept of identity into dimensions that cannot yet be imagined. If we as users have full control over our digital identity, this will also change the way we deal with privacy in the digital space. We may no longer be princes, models or billionaire heiresses, but our digital relationships and interactions will take on a new form.