Finance Security Sovrin

Which infrastructure critically needs to be decentralized?

Infrastructure can often be termed as critical. But should critical infrastructure like Payment infrasturcture be decentralized? Or, is it more important to ask, What infrastructure critcally needs to be decentralized?

It’s a great question, and one that shouldn’t be mixed with, “what is critical infrastructure?” These are two very different questions, but often the #DeFi community likes to blur the lines between these two distinctly different questions.

The best example of this is that of Payment Infrastructure. For many years now, #DeFi has argued that critical infrastructure, such as Payment’s infrastructure should not be controlled by one company, one entity, one body, no it should be owned by no one and yet everyone. There are many compelling arguments for that, and the application of DLT technology makes sense. However, as there are many arguments for this take on the world, there are equally as many arguments against it, or at best significant challenges that DeFi cannot solve.

To make my point, lets just take a look at the world we live in. Sadly, there are criminals in all aspects of life, and the digital and finance worlds are no exceptions. There are so many aspects of financial regulation in-place, not because it makes things painful for new entrants, but because regulation is often a direct consequence of some form of “crime” that has gone before. Look at Ponzi schemes, the PPI scandal, millions of cases of miss-selling of financial products, push payment fraud, card fraud, phishing, account take over, my list could go on and on. In the world of #DeFi who can effectively regulate behaviour? Who can consumers and businesses turn to if there is an issue? Without centralized bodies things can get tricky very quickly.

When we state that Payment infrastructure is critical, who does a regulator “go after” if there are significant issues with that Payment infrastructure? In a centralized world, these answers are easy, and operationally, quite simple to solve. However, #DeFi, well we have more questions than answers – that’s not to say #DeFi won’t get there, just an acknowledgement of where we are today and for the near to medium term future.

What we must acknolwege is yes, Payment rails are critical infrastructure, but with regulation of payment systems and banks that use them, many of the concerns we have are already dealt with. Critical infrastructure it might be, but do we critically need to have it decentralized? The answer to that is a big NO. And that’s because Payment infrastructure is already working well for the vast majority of us. When there are issues with banks, regulators want to know why, and if it seems they aren’t taking resilience concerns seriously enough, hand out some big fines. If the Payment infrastructure itself goes down, well a regulator goes to the regulated Payment System or Financial Market Infrastructure provider and again, hands out some big fines if it feels there are weaknesses in their setup. It’s not perfect, but the current world works fine here….

So what infrastructure is critical, but more importantly critically must be decentralized?

Identity is the only critical infrastructure that must be decentralized

Our personal data, our identity information is traditionally centralized in a distributed fashion. It’s centralised because businesses you interact with gathers your data, request it and then store it centrally. It’s distributed because business after business is gathering that data and storing it centrally for their own use. The result, your personal data is sitting in tens if not hundreds of centralised computer systems geographically all over the country or world. A breach of any one of those systems puts your entire identity at risk, and your identity is what you need to carry out so many virtual and real-world tasks. Some people even use the phrase identity is money….

Your identity is needed to open a bank account, get a job, receiving your wages, to make payments, to book a holiday, to travel, to apply for insurance, to own a car and to gain access to health care. Your identity is critical. If you lose control of that data, then someone else potentially can use your identity to do those things. As I say, it’s the world we live in.

But things don’t even need to get to a point of identity theft. Businesses sell and trade your personal information, monetizing your data for their own ends. Identity data is correlated, joined together to provide in-depth profiles of you as a person, enabling targeted ads, campaigns and more worryingly, deep profiling of you as an individual. Lose track of this identity data that has been correlate, and your identity will soon be very hard to claim back, if it has been used by a third party…

We see this happening today. Big tech companies want you to use their “ID” solution, and it looks attractive, but the entire premise is around them “owning the customer”, and that means owning you. Not a pleaseant thought when you read it, but that is exactly what it means. Identity owners wish to own your identity and therefore can make money off of you.

The identity requirement is therefore simple, no one should own your identity data except you. No one should control critical identity infrastructure. No one should be able to correlate your identity data and sell it on. No business should be asking you for any data they don’t require to deliver you the service you want/expect/pay for. Add in risks that in some areas of the globe, Governments / organisations actively abuse personal identity data and the need for privacy multiples by 10. This basic list of requirements points to a technology solution that, yes, needs to be owned by no one entity, but owned by us all….

Digital Identity is the one critical infrastructure, that critically, must be decentralised.

Our Identity information, our digital identity is critical to how we live. In a digital world, our digital identity underpins everything we do, not just the obvious – like opening a bank account, but also for things like holding an NFT, logging into an online dating service, accessing social media and much more. As critical infrastructure it must be resilient, it must be available 24/7, it must perform at scale but critically, it must secure our data, it must enforce privacy and it must not be controlled by anyone…Critically, it must be decentralized…

Principles of Self-Sovereign Identity

As an organisation, ID Crypt Global believes there is only one digital identity model that can be adopted globally, and that is a Self-Sovereign model (SSI). It is the only model that addresses all of the challenges digital identity brings, including those of security and privacy. It is also the only model that can truly scale and yes, the only model that delivers critical global infrastructure in a decentralized fashion – built specifically for identity.

SSI is built upon 12 core principles, if you are new to these, or new to digital identity, then please take a moment to visit Principles of SSI V3 – Sovrin

Digital identity is at a critical stage, it’s imperative that we ensure the future is that of a #DeFi model, that identity infrasturcture is decentralized and owned by us all…

Leave a Reply