Have you ever seriously considered the negative impacts of a data breach? Are you aware of the digital safety risks that lurk around the corners of the internet? And, did you know that cyberattacks may produce life-long consequences?

Nowadays, applications and websites have become so common that we consider them an integral part of our daily lives. And, because we have normalized it, individuals blindly share their private information with little thought given to the implications of doing so. 

We rarely ever stop to consider what happens to our personal data once we share it with large technology corporations. And that’s because we live with the illusion that our valuable or sensitive private information is safe. That cyber attacks cannot possibly reach us.

However, some serious privacy violations have occurred in the past several months. And they have exposed the severe effects of sharing personal information without proper caution to safety and privacy. 

Despite data breaches occurring on a daily basis, they aren’t discussed as often as they should be. Individuals who have not experienced such incidents may assume that they are immune to them. But anyone can fall victim at any time, and the consequences of a data breach can be irreversibly harmful.

In this article, ESelfKey aims to provide an in-depth analysis of data breaches, recent events, and the potential aftermath for individuals whose personal information is compromised. 

It is highly important to spread awareness about the possible consequences of data breaches. To attempt to prevent them from happening at all. With ESelfKey’s decentralized solutions, a safer digital future may await us.

Let us elaborate on these crucial aspects in the paragraphs below.

Highlights

• Defining data breaches: Meaning and Overview
• Factors contributing to data breaches: Why, Who, and for What?
• Caught Off Guard: When and Where Data Breaches Strike
• Victims of data breaches: Are you safe?
• Conclusions

Defining data breaches: Meaning and Overview

A brief, but fundamental introduction

Data breaches are serious security violations where confidential, protected or sensitive data is accessed, stolen or used by an unauthorized person or organization. These devastating incidents are also known as data spills, data leaks, or information disclosures, and they can occur in a variety of ways.

These digital attacks are typically well organized and initiated by malicious players, including organized crime, political activists, and national governments. However, even individuals who accidentally gain unauthorized access to systems with poor security configurations can cause data breaches.

The information that hackers may disclose can range from matters that may compromise national security to information that government officials want to keep hidden. When a person who has access to such information deliberately exposes it, for political reasons, it is usually referred to as a "leak".

The negative effects of a cyber attack: What happens after?

Data breaches can have far-reaching consequences, impacting a variety of information types including, but not limited to:

• financial data, such as credit card information and bank details.
• personally identifiable information (PII), such as full name, full address, IDs, birth certificate information, etc.
• personal health information (PHI), such as full name, home address, or dates related to the health or identity of individuals.
• trade secrets, and intellectual property. 
• sensitive or valuable information, like photos or videos.

Unstructured data, such as files, documents, and private information, can also become exposed and vulnerable if proper security measures are not in place to protect them.

These cyberattacks aren’t limited to organizations or powerful institutions, though. Anyone could be a victim. And, worst of all, the compromise or theft of the information listed above can lead to anything from:

• financial losses
• identity theft
• reputational damage
• legal repercussions

It's important for individuals and organizations to take steps to protect their sensitive information and implement strong security measures to prevent data breaches. 

ESelfKey understands the devastating consequences of data breaches and emphasizes the significance of implementing preventive measures. Responding promptly and adequately in case of such incidents is also highly important. 

Recent Data Breaches: The beginning of 2023

The frequency of data breaches has increased in recent years. Alarmingly, the past several months have seen a handful of significant incidents. 

• One such example is TikTok’s illegal processing of data belonging to 1.4 million children under 13, who were using its platform without parental consent. This breach highlights the importance of proper data management practices, particularly when dealing with children's information.
• Another example is the cyberattack on Yum! Brands, where attackers stole personal information belonging to some individuals, including names, driver's license numbers, and other ID card numbers. This kind of data is particularly sensitive and can be used to commit identity theft, among other crimes.
• Finally, the hacking of The Kodi Foundation resulted in the exposure of personal information and private conversations of over 400,000 users. Such incidents can have long-term consequences for the affected individuals, including reputational damage and financial losses. These breaches emphasize the need for better cybersecurity measures and data protection practices across industries.

Factors contributing to data breaches: Why, Who, and for What?

Cyberattacks have become a prevalent threat to our digital lives, and they occur on both personal and larger scales. While most people may assume that only organizations with weak security measures are at risk, individuals are also susceptible to data breaches. 

In fact, personal cyberattacks often happen due to a lack of caution when it comes to protecting oneself online.

Why do data breaches occur?

One of the most common ways individuals make themselves vulnerable to cyberattacks is by using weak or predictable passwords. This makes it easy for hackers to access their accounts and steal sensitive information. Additionally, using the same password on multiple accounts makes it even easier for hackers to gain access to a person's entire online presence.

Lack of proper security measures is another way individuals put themselves at risk. Failing to have anti-malware protection on their devices can allow malware to infiltrate and infect their system. Similarly, exposing personal information publicly online, such as on social media, can provide hackers with the necessary information to carry out attacks.

Clicking on or accessing suspicious links is another way individuals can become victims of cyberattacks. It is worth mentioning that bad players often use phishing emails to trick people into giving up sensitive information. These emails can appear legitimate, so it's important to be cautious and verify the source before clicking on any links or providing personal information.

Who is responsible for data breaches?

Anyone could carry out a cyberattack, if they have the necessary tools, and if that is their intention.

Data breaches are a serious concern for individuals, organizations, and governments alike. These breaches are often the result of bad players with malicious intent. Perpetrators can range from organized crime groups seeking financial gain to political activists looking to disrupt or expose sensitive information. 

In some instances, national governments have conducted data breaches for espionage or other motives. Regardless of the motive, it's important for individuals and organizations to take steps to protect themselves from potential breaches and to respond quickly and effectively if one occurs.

What are the intentions of those who initiate cyberattacks?

Malicious individuals typically have two main intentions: financial gain or causing damage to institutions for various reasons. 

In pursuit of these goals, they may carry out data breaches that can have serious consequences for their victims. These attacks can result in the exposure of personal information and sensitive data, which can lead to identity theft, financial fraud, and other types of harm. 

Sometimes, larger feuds between hackers and their targets can result in victims becoming collateral damage and suffering the consequences of attacks that were not specifically directed at them.

Caught Off Guard: When and Where Data Breaches Strike

Data breaches can happen every second and anywhere, from major technology companies to large financial institutions, and even in our own homes. 

Public places such as cafes or airports, which offer public Wi-Fi, can also provide opportunities for hackers to access personal data.

Recently, incidents involving Yum!Brands and TikTok have highlighted the vulnerability of powerful institutions to cyber attacks. However, individuals are also at risk in their personal lives. 

At any given moment, scam messages spread by viruses or hackers can target friends and family members. Weak personal security measures, such as predictable passwords and email addresses, can leave individuals vulnerable to attacks. As a result, the malware can spread to the victim’s circle of friends, family, or acquaintances via personal messages or emails.

One common method used by attackers is phishing emails. They appear to be legitimate messages from a trusted source but actually contain malicious links or attachments. Clicking on these links can result in the installation of malware on a device, allowing attackers to gain access to sensitive information. 

Victims of data breaches: Are you safe?

Who do bad players target?

The victims of data breaches can be anyone whose personal data was involved, regardless of age, gender, occupation, or level of power. 

This includes children, women, men, students, teachers, and employees who trust their employers with their personal information. It also includes clients, customers, and patients who share their data with businesses and healthcare providers. 

It's important to recognize that anyone who uses the internet is at risk of being affected by a data breach, regardless of how small or popular they are. Constantly searching for vulnerabilities and ways to exploit them, bad actors can breach even the most seemingly secure systems.

That's why it's essential to take the right security measures, such as using strong passwords, regularly updating software, and being cautious when sharing personal information online. By being proactive about data security, individuals and organizations can help protect themselves and minimize the potential impact of a breach.

How can Data Breaches affect you? 

Individuals can be affected by data breaches in two different ways:

1. At a large scale, when a centralized system is hacked, which can affect millions of people. 
2. On a personal level, when an individual's personal online accounts are hacked. In this case, the breach may only affect one person, but it can still have severe consequences, such as financial loss or identity theft. 

In both cases, it's crucial to take steps to protect yourself and your personal information. ESelfKey advises using strong passwords, enabling two-factor authentication, and regularly monitoring your financial accounts for suspicious activity.

Large Scale: Attacking Businesses

Large-scale data breaches can have far-reaching consequences that extend beyond the immediate victims. 

While companies, institutions, and organizations are often the primary targets of such attacks, individuals can also suffer the consequences on a personal level. Even if the attack was not personally directed at them, they could still become collateral damage if the company they have trusted their PII with falls victim to a data breach. 

The consequences of this kind of data breach can be severe and long-lasting, for instance:

• Companies can face financial losses, damage to their reputation, and even legal action.
• Institutions may lose the trust of their stakeholders and customers, leading to a decline in business. 
• Organizations may find it difficult to attract and retain talent if they cannot demonstrate that they take data security seriously.

Furthermore, large-scale data breaches can lead to a loss of trust in the digital economy. If people cannot trust that their personal information is secure, they may be less likely to use online services and conduct transactions digitally. This could lead to a decline in e-commerce and other digital industries, negatively impacting the overall economy.

All in all, the consequences of large-scale data breaches are not limited to the immediate victims. Companies, institutions, organizations, and individuals can all suffer the effects of these attacks.

Below, we will examine some of these negative impacts more thoroughly.

Temporary Shut Down

Data breaches can have a significant impact on companies, not only in terms of the immediate costs but also in terms of long-term consequences. When a company experiences a data breach, it may be forced to halt its activity temporarily, which can result in millions of dollars in damages.

According to industry surveys, Gartner concludes that the cost of operational downtime can be around $5,600 per minute, which translates to $300,000 per hour. This can add up quickly, especially if the breach is not resolved promptly. 

In addition to the financial costs, a data breach can also damage a company's reputation and erode the trust of its customers, leading to long-term consequences.

For example, Expeditors International is still dealing with the aftermath of a data breach that occurred in February 2022, which forced it to halt its activity temporarily. The company is likely to experience long-term consequences as a result, including a potential loss of business and damage to its reputation. 

It is therefore crucial for companies to take proactive steps to prevent data breaches from occurring and to have a solid plan in place for responding to them if they do occur.

Financial Loss

Financial losses can arise from two main sources following a cyberattack: 

• Ransomware
• Legal actions

Ransomware attacks can result in significant financial losses for organizations, as hackers can demand large sums of money in exchange for unlocking access to their encrypted data. 

The growth of ransomware attacks is a cause for concern, with experts predicting that the total cost of ransomware damages worldwide could reach $265 billion by 2031.

Legal actions can also result in substantial financial losses for organizations. The Equifax data breach in 2017 affected over 145 million people worldwide and has already cost the company more than $700 million in compensation to affected US customers. The breach also affected an estimated 15 million customers in the UK, who have launched their own separate legal action in the high court seeking £100 million in compensation. 

Legal actions can be costly and time-consuming, and the reputational damage caused by a data breach can have long-term consequences for an organization's financial performance.

Reputational Damage

Reputational damage is a major concern for companies that experience large-scale data breaches. Such damage can lead to revenue loss and have long-term impacts on the company. 

When a company's reputation is tarnished due to a history of data breaches, people are less likely to trust the company with their payment information, and they may choose to take their business elsewhere. 

This loss of trust can be difficult to overcome. Therefore, companies must take steps to protect themselves and their customers from data breaches. Additionally, they must try to maintain their reputation and ensure their long-term success.

Loss of Private Data

Sensitive data and intellectual property are two key areas that hackers target in a cyber attack. 

Sensitive data can include, but are not limited to:

• Personal information belonging to customers, patients, and employees.
• Private company emails that contain personal health history, home addresses, and payment information. 

When this type of data is breached, it can lead to significant financial losses and reputational damage for the company.

Intellectual property is another target of hackers, particularly designs, strategies, and blueprints. When intellectual property is stolen, the competition can take advantage of the leaked information. And this, in turn, may cause long-term damage to the company's competitive advantage.

Businesses within the manufacturing and construction industries are particularly vulnerable to these types of cyber threats. Therefore, many small businesses believe that they are unlikely to be targeted by hackers, but this is not the case. 

In fact, 60% of all hacks target small businesses because they are often easier to attack. It is therefore crucial for businesses of all sizes to take proactive measures to protect their sensitive data and intellectual property from cyber threats.

Personal Level: Targeting the Individual

Data breaches at a personal level often occur due to a lack of caution when operating in the digital world and inadequate security measures. 

People may accidentally share sensitive information, such as their social security number or credit card details, on unsecured websites. Alternatively, they could fall victim to phishing scams that trick them into revealing their login credentials. 

Additionally, using weak passwords and not updating software and operating systems can leave personal devices vulnerable to hacking. 

SelfKey’s decentralized solutions are centered around the individual’s privacy and security, with a strong emphasis on individuality. It is highly important for individuals to be vigilant when using digital platforms and take appropriate security measures to protect their personal data from cyber threats. 

Identify Theft

Identity theft is a serious crime that can have devastating consequences for its victims. 

When criminals gain access to a victim's personally identifiable information (PII), such as their full name, Social Security number, and birthday, they can wreak havoc on their financial and personal lives. 

Victims can have their bank accounts emptied, credit histories ruined, and valuable possessions taken away. In some cases, victims have even been wrongly arrested for crimes they did not commit. This is because the criminal may use the victim's identity to commit cybercrimes or other illegal activities, leaving the victim facing legal action and potentially a criminal record.

Notable examples of identity theft

1. The case of Nicole McCabe, an Australian woman suspected of murder after her passport was compromised and her identity stolen. 
2. Several victims of identity theft had to struggle with proving they were not responsible for the withdrawal of large amounts of cash from banks, or illegally attempting to obtain loans worth thousands. 
3. The terrifying story of Andorrie Sachs, whose medical identity was stolen by a pregnant woman who gave birth in Sachs' name and left the baby at the hospital, resulting in a $10,000 hospital bill. 

Local authorities mistakenly reported Sachs as an unfit mother and threatened to take her children away. This could also have lifelong implications for Sachs as the perpetrator had a different blood type, and uncorrected medical records could result in Sachs' death if she ever needed a blood transfusion. A healthcare provider could even prohibit Sachs from reviewing her own medical records as they might not be in her name.

This is one of the many reasons why ESelfKey strongly encourages individuals to take proactive steps to protect their personal information, such as:

• Using strong passwords.
• Regularly checking their credit report.
• Being cautious when sharing personal information online. 

By being vigilant and taking appropriate security measures, individuals can reduce their risk of falling victim to identity theft and the devastating consequences that can follow.

Personal Health Information

The theft of personal health information (PHI) is highly valuable on the Dark Web, as it can be worth more than 200 times stolen credit card information. 

This type of identity theft can have serious consequences, including, but not limited to:

• Obtaining illegal medical treatments or prescription drugs.
• Altering the victim’s medical history.
• Using up the victim’s medical benefits. 

Hackers can also sell stolen PHI to other criminals, who can use it for a range of illegal activities. 

Given these horrifying facts, ESelfKey strongly advises individuals to take steps to protect their medical identity, such as:

• Regularly checking medical records for errors.
• Checking for signs of fraudulent activity.
• Ensuring that their healthcare providers have proper security measures in place to protect their PHI.

Financial loss

Once malicious individuals obtain your PII, they could potentially use it to damage your credit score and commit financial fraud. 

A lowered credit score can make it challenging for the victim to:

• Obtain a personal loan.
• Secure a mortgage.
• Even impact job prospects. 

Additionally, individuals who commit identity fraud can open new bank accounts in your name, drain your existing accounts, and commit check fraud. They can also apply for credit using your information, and engage in a variety of other banking scams. All things considered, it’s important to be vigilant in safeguarding your PII. The long-term financial consequences of a data breach can be severe.

Impersonation on Social Media

Cybercriminals can use your digital identity to carry out various malicious activities that can cause significant harm. Here are only a few terrifying examples:

• They can use your digital identity to phish for credentials from your friends and family, leading to further attacks. 
• They can ruin your reputation by posting obscene or profane content online, damaging your personal and professional relationships. 
• They may look for sensitive photos and videos in your account and use them to extort you, leading to emotional distress and financial loss. 

As horrifying as this may sound, there are ways to prevent this kind of disaster from causing irreparable damage to your digital identity. For instance, ESelfKey’s AI-Powered Proof of Individuality methods may be the key to protect individuals against identity theft.

Emotional and Mental impact

A personal data breach can lead to significant mental and emotional distress. The harm caused can take a long time to recover from, depending on the extent of the damage done by the hacker. 

Along with reputational damage, victims may also have to spend a considerable amount of time and money to mitigate the fallout. And, the steps towards recovering from such a cyberattack could be draining in themselves. 

Victims may have to spend endless hours or days:

• Contacting their bank, lenders, and creditors.
• Securing all their online accounts.
• Replacing stolen identification documents.
• Canceling and replacing bank accounts and credit cards.
• Dealing with criminal charges made in their name. 

Victims will also need to remove malware and viruses from their devices, while constantly proving their identity and showing that it was stolen. A process which can be emotionally, mentally, and physically exhausting in itself. 

Worst of all, if affected individuals fail to repair compromised information or remove malware from their devices, they will risk falling victim to the same attacks over and over again.

The long-lasting consequences of a data breach can be devastating, particularly if your PII or PHI end up on the Dark Web. The information could be in circulation there indefinitely, making you vulnerable to further harm.

SelfKey’s visions for a safer digital future

Recent events have demonstrated the devastating impact that data breaches can have on individuals and organizations. That's why ESelfKey is emphasizing the importance of security when it comes to online interactions and digital identities. 

By developing decentralized solutions with Self Sovereign Identity in mind, ESelfKey is using the potential of modern technology in its aim to counteract these breaches. AI-powered proof of individuality is one solution that may fight against maliciously used AI, to prevent identity theft. 

It's important to raise awareness about data breaches and their potential consequences. To teach individuals and organizations about how to prevent them or how to respond in case one occurs. 

Conclusions

In this modern, digital world, we have normalized sharing our personal data online. However, this does not mean that our personal information is necessarily safe. 

In fact, data breaches are becoming more and more common, and the consequences can be severe and irreversible. That's why it's crucial for individuals and organizations to take caution when sharing and storing their personal data.

ESelfKey is focused on developing solutions which may prevent data breaches and enable individuals to operate safely in the digital world. At the heart of their approach is a commitment to the idea that privacy is a basic human right that should not be traded for convenience. 

By prioritizing privacy and security in their technology solutions, ESelfKey is aiming to help empower individuals to take control of their digital identities and protect their personal information.

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the official ESelfKey Newsletter to receive new information!

Note:

We believe the information is correct as of the date stated, but we cannot guarantee its accuracy or completeness. We reserve the right not to update or modify it in the future. Please verify all information independently.

This communication is for informational purposes only. It is not legal or investment advice or service. We do not intend to offer, solicit, or recommend investment advisory services or buy, sell, or hold digital assets. We do not solicit or offer to buy or sell any financial instrument. 

This document may contain statements regarding future events based on current expectations. However, some risks and uncertainties could cause results to differ. The views expressed here were based on the information that may change if new information becomes available.

Have you ever wondered what happens to your personal data once you share it with a website or an application? Have you thought about where your information is stored and who has access to it? Were you aware that data breaches happen daily and your information is at risk of being compromised at any time? 

This article touches upon a new technology which is currently being developed to help you manage your private information online. In the near future, you will no longer have to rely on other parties that might put your sensitive, valuable, or personal data in danger. 

We’ll be discussing the concept of self sovereign identity (SSID), how it works and how it impacts our daily lives as individuals operating in a digital world.

We will thoroughly cover the following topics:

• Online Safety
• How will Self Sovereign Identity improve our online activities?
• Self Sovereign Identity
• Issues with the current implementation of Self Sovereign Identity
• How can the current Self Sovereign Identity implementation be improved and scaled?
• The Trust Triangle
• Agents of The Trust Triangle
• Trust in the digital world
• The Three Pillars of Self Sovereign Identity
• Blockchains
• Decentralized Identifiers 
• Verifiable Credentials
• Zero Knowledge Proofs
• Conclusions

Online Safety

Digital revolution: both a blessing and a curse

In the past several decades, mankind has shown magnificent progress in computer science. So much so that society quickly became accustomed to using Information and Communication Technologies on a daily basis. Whether it is for recreational purposes, communication, work or education, mundane tasks are made significantly easier with the help of cutting-edge technology and wireless systems. 

Artificial Intelligence (AI) is capable of performing convenient assignments, such as reading, generating, integrating, and theorizing information. However, it is also heading dangerously fast towards mimicking a trait which, up until now, has been uniquely human: identity. 

When personal data is leaked, AI can potentially make use of that information to steal or forge human identities. Thankfully, the future will also bring ways to prevent that. A Self-Sovereign Identity solution is being developed to protect our data from being stolen and sold.

How safe is it really out there?

Using technology and having a digital presence has become so common nowadays that many people don’t think twice about the security of their personal information. 

Although they are within the safety of their homes, their data is still potentially visible to millions of users online. Among those millions, there are many individuals with bad intentions, who look for ways to use other people’s private data for their own personal benefit.

More often than not, however, it is entities that individuals are supposed to trust who end up selling or divulging their personal information to other parties. And those parties, whether willingly or not, will put that personal information at risk of being unlawfully used by bad players.

At the moment, unfortunately, people have come to depend on centralized systems in order to benefit from online services to perform their daily tasks. Without those online services, it would be impossible for individuals to function in the present day society. 

It is more of an obligation rather than a choice,and it has become so normal that we simply go with the flow. Otherwise, we will not be able to keep up with the fast-paced changes in the way we work, study, and communicate.

Our digital identities

Personally Identifiable Information (PII) belonging to individuals, firms or organizations is being stored online in the form of digital data. This collection of digital data is then used to build our digital identity.

A digital identity is used to facilitate access to services that make it easy for computers to efficiently mediate transactions between two or more individuals. The web provides us with a quick way of performing these transactions. However, it is not the safest place to store our private information. 

Data breaches happen on a daily basis without our knowledge. Through data breaches, important and valuable information can be stolen and sold, including our very own digital identities.

Ideally, individuals should be able to make use of the advanced, modern day technology without the risk of their private data ending up in the wrong hands. In order for that to happen, individuals need to have more control over how their information is stored and who has access to view or share it, at all times.

The illusion of choice

Nowadays, control seems less impactful on our lives, because the deception of freedom is given to us through choices. However, when access to necessary modern applications is being restricted unless personal data is consensually shared, choice becomes an illusion.

With the choice to opt in being enforced, people have grown used to accepting the privacy policies of applications without a second thought. These policies, that we barely even bother to read, do mention how data is shared with third parties. However, we cannot do anything but blindly trust that service providers will not abuse or mishandle our data.

At the moment there is only the illusion of consent, of trust, all in the detriment of the individual. Because of this deceitful way of forcing users to consent to their data being used, trust between individuals is becoming more and more difficult to establish.

SSID aims to dispel these illusions and bring authentic consent and trust to the mainstream.

Seeking safety in a digital world

Sadly, Big Tech often profits off of individuals at the expense of the latter’s safety, which may lead up to identity theft. 

Many users are unaware of the unlawful incidents happening underneath the brightly colored backgrounds of websites and applications as they perform their daily online tasks. Living under the impression that, as long as there is no malware alert on their devices, they have nothing to be concerned about. 

The alarming truth, however, is that security violations occur on a daily basis. These cumulative cyber attacks can potentially cause millions of dollars in damages to the individuals whose data was involved.

How will Self Sovereign Identity improve our online activities?

Fortunately, a solution to the above-mentioned risks is currently being developed by ESelfKey. It will be the sword and shield for individuals to function and perform transactions in the safest way possible. 

Self sovereign identity not only gives back the freedom of choice, but it also prevents this kind of disaster from happening. SSID users give access only to individuals that they wish to engage with. During this interaction, only a very limited amount of information is shared.

Therefore, sensitive, protected and important data is less likely to be sold to or shared with harmful individuals and organizations. Self sovereign identity was conceived to prevent data leakage in this sense. It gives users the power not only to manage and control, but also to protect what they deem valuable. 

Self Sovereign Identity

A brief introduction

Self sovereign identity (SSID) is a new way of managing digital identities, which aims to put individuals in control of how their accounts and private information are managed. With SSID, individuals have full ownership over their personal data. They no longer need to rely on centralized systems that might share their data with unknown parties for personal gain. 

Users can store their private information into their devices and present it for validation when it is specifically needed. This way, the risk of having their data compromised is considerably reduced. Individuals are in complete control over how their information is used and stored, at all times.

How self sovereign identity is currently being implemented

Once Self Sovereign Identity users store their private data on their devices, they can quickly take the opportunity to interact with trusted partners. In order to benefit from the services offered by these trusted partners, users need to accept the processing of their information by the partners. This is declared by the relying party once the user attempts to onboard into their services.

Issues with the current implementation of Self Sovereign Identity

Adoption and Convenience

At the moment, SSID users must store their data on their private device instead of the traditional central database. This method allows the users to have full control of their personal data. On the down side, the flow by which users interact with the system is less convenient than centralized alternatives. 

Storing data on one private device makes it difficult for it to be accessed by the user’s other devices. Individuals have to manually introduce their information into devices they want to use, which can become time consuming and frustrating.

Scalability

Currently, users can only exercise their self sovereign rights with partners within the SSID environment. More so, individuals need to trust that the parties they choose to interact  with will handle their personal data with respect to their privacy and store it securely.

How can the current Self Sovereign Identity implementation be improved and scaled?

Should we use Centralized Systems for convenience?

Centrally controlled systems are databases in which an individual’s digital identity is stored in one or more servers belonging to a centralized entity. Once personal data is stored in this type of server, an individual has no way of knowing who has access to it, who it is shared with, or where it ends up. 

When personal data is being shared with unknown, third parties, there is a high risk of unintentional information disclosure. This can lead to dire consequences like identity theft or secret information being disclosed to the public, stolen or sold. 

While centralized systems are not necessarily malicious, their security is weak, which leads to data leakage. With AI progressing alarmingly fast, this is a particularly serious concern. As a conclusion, centralized systems can not be used to improve the adoption and scalability of SSID solutions.

Are Decentralized Systems a better option?

On the polar opposite of centralized systems are decentralized systems. This type of system stores and verifies information in multiple computers that work together as nodes in a network, popularly known as a blockchain. 

By transferring the control from a centralized entity to a dispersed group, decentralized systems aim to reach a level of fairness among its users, without one individual having authority over the other. 

The way data is stored in a decentralized system makes it very difficult for malicious parties to manipulate it, because it is secured by the blockchain. A decentralized system is perfect for storing public and openly-accessible data, such as a record of transactions.

However, storing personally identifiable information (PII) in a decentralized system is highly unadvised, even if it is encrypted. PII can be anything from full name, phone number, full date of birth, full address, or credit card information.

Once data is made public, it can not be erased or changed, and it is openly accessible to anyone. Therefore, decentralized systems alone are not ideal for storing private information, due to inevitable and permanent loss of privacy. 

They are part of the solution, though, and we will discuss in the following sections.

Is there a solution to this dilemma, then?

At the moment, SelfKey is actively working on and is committed to delivering an ideal solution to increase the adoption of SSID, using cutting-edge technology. 

In the next segments we will thoroughly discuss ESelfKey’s proposed solution, which pertains to:

• The Trust Triangle
• The Three Pillars of self sovereign identity
• Zero Knowledge Proofs

The Trust Triangle

Presently, we are accustomed to the traditional “peer-to-peer” interactions between identity owners and verifiers. To better facilitate the goals of SSI, a three-party system is proposed. In this triangle, two individuals that want to interact securely can rely on a third party to issue and to confirm the authenticity of their credentials. 

For example:

• We have individual A and individual B, two entities who are about to make an exchange. B has obtained their verifiable credentials (personal data that can be checked for validity) from C, a third, neutral party. C is legally permitted to vouch for B’s authenticity. 
• B wants to make a purchase with A, but the services provided by A are age-restricted. Therefore, A must check with C if B legally qualifies to access that kind of service. 
• In this case, there is only one specific inquiry that must be clarified: whether B is a legal adult. That is the only information that C will validate with A.
• A does not have access to extra information that would otherwise be physically printed on an ID or a passport. This information can be name, full address, full date of birth, social security number, photos, etc. Basically, any identifier that B does not want to share with A or to divulge to the public.
• This also eliminates the risk of A, if potentially ill-intended, retaining private information from B. There is no visible data for A to read and memorize. There is only C’s confirmation that B qualifies (or not) to purchase a service from A, without giving out specific details.

This applies to any kind of identifier which is needed to validate interactions between persons or companies. The risk of personal data being visible to individuals outside of the trust triangle is eliminated this way. And even within the trust triangle, only the minimum, relevant information will be shown or confirmed.

Agents of The Trust Triangle

The issuer is the entity that releases verifiable credentials after verifying the claims given by the holder. 

• It is typically an institution, an organization or an individual who possesses the legal authority to verify and to vouch for the holder’s authenticity. 
• Examples of issuers are governmental institutions; universities, departments, companies, agencies, authorities, training institutions, etc. 
• The issuer is a neutral party whose role is only to validate a claim in a holder-verifier transaction.

The holder (data owner) is the individual, a person, a company or an organization who owns unique, personal data.

• The holder earns verifiable credentials after providing proof of authenticity to the issuer. 
• The data owner will use those verifiable credentials to prove authenticity before benefiting from various services, making purchases or transactions.

The verifier (relying party) is the entity which verifies a holder’s verifiable credentials.

• The relying party will need to verify only a specific piece of information. Only the bare minimum which is relevant to provide a service to the holder.
• The verifier checks if the holder’s data is issued by a competent and legally authorized issuer.
• The verifier makes sure that the holder’s data has not been tampered with, forged, expired or revoked. 

Trust in the digital world

What makes this triangle work is that the three parties are willing to trust one another. The element of trust is important, especially in a time where information forgery and theft happen quite frequently. But within a trust triangle, the user (or holder), has complete control over the management and visibility of their data.

As stated above, digital identities are the counterparts of physical identities that are verified through paper documents. The way trust works digitally is similar to the real, tangible world. However, the consequences of having personal information exposed to the public digitally are much greater. 

Having to trust a centralized database is more or less forced upon individuals. Otherwise they couldn’t benefit from services required to perform daily transactions, either for personal or professional gain. Within a trust triangle, SSID can facilitate these daily transactions without holders having to concede to “blind trust” and risking the safety of their personal data. 

The Three Pillars of Self Sovereign Identity

Within the trust-triangle framework, there are three main components, or “pillars”, that enable the realization of the ideal solution SSID is aiming to achieve:

• Blockchains
• Decentralized Identifiers
• Verifiable Credentials

Blockchains 

A blockchain is a ledger which is shared across thousands of computers around the world. These computers act like nodes within a network, storing and verifying information in a way that makes it nearly impossible to modify or cheat the system.

Within a blockchain, data is saved like a compilation of records, linked to one another. Each user has a copy of this collection, which makes it particularly difficult for hackers to unlawfully modify the information stored within. 

To enhance security, data is protected using complex cryptography which, at the moment, cannot be deciphered by malignant parties. The blockchain will provide the security layer necessary for users and relying parties to interact within the SSID framework. 

Decentralized Identifiers 

DIDs, for short, are the digital counterparts of physical documents, IDs, passports or licenses used to verify one’s identity.

What qualifies as an identifier is any kind of information that proves an individual’s identity and individuality. Traditionally, identifiers are issued and stored by centralized systems, such as governmental institutions and organizations.

Decentralized identifiers no longer depend on a central system to manage, issue, and store valuable, private information. They ensure that individuals are able to generate their own identifiers with the help of systems that they trust. Individuals can then use cryptographic proof, such as digital signatures, to authenticate their new identifiers as their own.

Decentralized identifiers are unique. They cannot be forged or stolen, because identity itself is unique and pertaining to only one individual. For example, a digital wallet address can be used as a decentralized identifier.

Verifiable Credentials 

Verifiable credentials are digital versions of physical, paper documents used by persons, businesses, and organizations to identify themselves. Individuals can also use them to prove that they are qualified to access a service or perform a transaction. 

Verifiable credentials are, but not limited to: digital birth certificates, digital education certificates, digital licenses, digital employee identification cards.

Verifiable credentials are issued in a tamper-evident manner that is respectful of the individual’s privacy. Bad players cannot make any unauthorized attempt to modify or forge digital documents without leaving evidence behind. This is something that a relying party will verify at each check.

In the physical world, a tamper-proof document would be sealed within multiple layers that are locked in a specific manner. If anyone attempts to open them, they cannot rearrange the layers in the original way. There is visible evidence that someone has unsealed and tampered with the document.

Using such a tamper-proof document, holders can present them to issuers and be verified immediately. This makes onboarding even more convenient than what centralized services offer nowadays.

But how do individuals make use of these credentials? We believe that the answer to that question lies within Zero Knowledge flows detailed below.

Zero Knowledge

In the current context, the concept of zero knowledge simply means that a relying party (verifier) does not need any additional information, other than the necessary minimum, to confirm whether a data owner (holder) qualifies for the service they provide or not. 

Using the zero-knowledge proof method within a trust triangle, participants will benefit from secure interactions. This is because their full personal information does not need to be revealed in the majority of interactions. 

Let’s revisit our previous example but with ZK in mind:

• Holder A wishes to access Verifier B’s services, which are age-restricted.
• B needs to verify with Issuer C whether A qualifies for said services. 
• C will confirm whether A is of age or not, without revealing the full date of birth, or specific age. Confirmation is expressed in the form of a ZK proof.
• B will not have access to any kind of additional information, like location, actual date of birth, full name, full address, gender, etc. Likewise, B will not be retaining any data, because there will be no information for B to memorize or share outside of the interaction with A.

Conclusions

The quick progress of technology is both thrilling and anxiety-inducing. It can be challenging to adapt to these fast-paced changes. However, there will always be ways to combat the threat of being controlled by an ill-intended higher power. 

Self Sovereign Identity is keeping pace with this constant technological uprising, making sure to protect its users. It aims to maintain the ideal that there’s a choice that doesn’t trap individuals in exhausting, exploitative loops. 

Its goal is to continuously certify its users to reach their full professional and personal potential. To restore each individual’s ability to be the sole controller of their PII in their digital lives. 

ESelfKey is restlessly working towards achieving ways for users to be able to safely engage with partners in an environment that is secure and neutral. At the moment, SSID is an ideal, a work in progress. ESelfKey has the potential to become the bridge that will take its users towards a much safer and empowering future. 

Stay up to date with ESelfKey on Discord, Telegram, and Subscribe to the blog to receive new information!