Self-Sovereign Identity: The Next Step in Personal Privacy Protection

As the world becomes increasingly more digitized and mobile, a growing number of services and applications require consumers to entrust their personal data to third-party services. Yet these services offer the consumer little control over how companies collect, protect and use this information.

And this is causing growing concern about privacy issues.

Some of these concerns are addressed by regulation such as the passage of General Data Protection Regulation (GDPR) in 2018 by the European Union. GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business.

In the U.S., California has passed the California Consumer Privacy Act (CCPA), similar to GDPR, while a handful of other states (Colorado & Virginia) have passed similar legislation. At the Federal level, however, there has been limited interest in revamping privacy laws. A proposed bill, SAFE DATA legislation, would provide Americans with more choice and control over their data and direct businesses to be more transparent and accountable for their data practices. But more must be done.

According to a recent Deloitte survey1, consumers are changing their behaviors due to privacy issues. This includes restricting access to or adjusting permissions to information for apps; deleting apps or online accounts; changing online browsing behavior; as well as using more secure apps or services.

At present, there are two main types of digital identity: centralized and federated. In the centralized identity model, each service provider manages the user’s identity via authentication information such as passwords. In the federated identity model, service identity providers establish agreements between each other and operate under a common trust framework. An example is using your Google profile to log into new services. While the federated model offers convenience, there is a higher risk that authentication information can be leaked possibly impacting multiple services.

The challenge in the current environment is a fragmented identity ecosystem of multiple third-party identity providers that lacks interoperability, which constrains scale and adoption.

A proposed Self-Sovereign Identity (SSI) solution, also referred to as “Identity 2.0,” places the consumer in control of their own identity and the information that is shared with third parties. SSI gives individuals control and autonomy of their digital identities while establishing trust with an interaction. With more and more services occurring online (telemedicine, travel planning, employment, etc…), consumers are seeking better and more trustworthy privacy controls.

From a data privacy perspective, SSI credentials are private and under the users’ control. The consumer decides which attributes of their identity they want to share. They are also tamper-proof (through the use of cryptography) and can be verified anywhere, at any time. This approach can provide proof of physical identification by signed verifiable credentials.

Key benefits of SSI include simplicity and privacy; no more passwords, usernames or registration forms, etc… It also offers instant customer data verification, offering a better customer experience.

ATIS is taking a proactive role in examining how telecom operators can leverage innovation in self-sovereign identity to not only comply with privacy regulation and create new business opportunities, but also foster greater trust between consumers and businesses.

The recently launched User-Controlled Privacy initiative is designed to help the industry adopt and advance innovations that would make it possible for users to establish a self-sovereign (i.e. self-managed), identity. This work is both timely and strategic as handling customer data grows more complex in the emerging regulatory environment. Moving forward, businesses must realign operations to adapt. This new initiative will provide operators with practical insight into the new technology being developed to enable secure user-controlled privacy.

Learn more about the ATIS initiative advancing User-Controlled Privacy Using Self-Sovereign Identity. To join this exciting new initiative, contact ATIS Membership Director Rich Moran.

1Deloitte, Trust and Privacy Digital Consumer Trends 2020

Ian Deakin, Principal Technologist - ATIS
Ian Deakin, Principal Technologist at ATIS is currently applying his expertise in digital transformation to advance ATIS initiatives in the areas of distributed ledger technology (DLT) and 5G vertical enablement platforms. Deakin has a 30-year career in the ICT industry, with a long-standing track record working with companies globally to define new product and service propositions, implementing emerging technologies to deliver new business lines. Before his current role at ATIS, he worked with executive-level leadership at innov8id to help organizations use blockchain innovation to facilitate change, optimize performance and productivity, and create new business models. Prior to this, he held senior management positions leading product and technology strategies with iconectiv, CMG Telecom, Motorola, O2, and Siemens Nixdorf. He has filed three patents in the ICT area. His most recent work at ATIS involves leading the organizations’ initiative to devise and deliver a solution using DLT to help combat fraudulent/spoofed telephone calls.