Blockchain technology solutions as a righteous shield against privacy attacks

blog
April 28,
2020

Blockchain technology solutions as a righteous shield against privacy attacks

Does the goal always justify the means? When freedom and democratic values are endangered, this should definitely not be the case. But, due to covid-19 crisis, we are witnessing questionable practices that are interfering with civil rights in several countries. However, if the governments would apply advanced technology solutions such as Self Sovereign Identity (SSI) on the blockchain, the invasion of the privacy could be prevented and the exchange of information done in a fairer and secure manner.

Since the COVID-19 outbreak, 10 European countries have introduced digital tracking measures. Among them are Italy, which was affected the most,  Iceland, Switzerland, Belgium, Germany, Poland, United Kingdom and Spain which is, according to covid-19 digital rights tracker, using this type of surveillance in Madrid and Catalonia.

The digital tracking measures were implemented with the intent to monitor the citizens who might have been affected by the virus and therefore need to abide to the decrees for isolation and social distancing as instructed by the authorities.

Even more, there are many other European countries that are also considering the possibility of digital tracking, whether by developing their own version of a dedicated digital-tracking app or by using one of those that are already available. And there are many out there: according to covid-19 digital rights tracker mentioned before, 43 contact tracing apps are available globally, whilst 28% among them have no privacy policy stated at all.

Given the persistence of the virus, the intention of governments to keep track of those who need to be quarantined and thereby prevent the possibility of further infections is somehow understandable. But what happens after the threat of virus spread is curbed? Can we really blindly believe that this kind of targeted and purposeful tracking will stop?

There is no such guarantee. The citizens will have no physical proof about it; as there will be no possibility to check that their government has really stopped the tracking.

And yet, we could change that! With the use of Self-Sovereign Identity, powered by blockchain technology, the citizens could receive the power to own, control and manage their personal data!

Self-Sovereign Identity (SSI) is a term that describes a form of identity that can be applied and used in a digital realm. It is about each user owning their data and arbitrarily sharing it with other people or services online. Appropriate technology, however, is one that ensures that the data is credible and trustworthy, and above all that it is visible to the person or company organization only for as long as we allow it. The ultimate result of the SSI used in the digital space would bring upon the equalisation of our digital and physical identity.

For this purpose, our company Netis has developed AceID, a simple, secure and widely-applicable authentication protocol that gives the users the ability to decide who, why and for how long they share their data with when interacting online. This is made possible by combining the following concepts: Self-Sovereign Identity (SSI), data access management controlled and recorded via blockchain, end-to-end encryption and verification. 

How does it work? In the case of AceID, the user’s data is stored locally on their mobile device, and remotely on the AceSpace storage, where all the content is encrypted. What AceID saves on the blockchain is only the reference to the data, and all of the permission actions related to them.

Onboarding is straightforward; a person simply has to fill the required data fields in the mobile app (serving as their own mobile digital wallet). Once this process has been completed, entering data is no longer required, and only a QR code authentication will suffice to interact with a service.

How would the app work in the case of digital tracking during the covid-19? Using it, a citizen would simply allow the authorities to access the GPS signal and revoke the access when monitoring is no longer necessary. Furthermore, the AceID can also be connected with smart devices, such as thermometer which can monitor the individual’s temperature.

Covid-19 pandemics and governments’ interference in citizens privacy also resulted in the formation of various privacy protection initiatives. For example, COVID Credentials Initiative, which  is a collaboration of several dozens of organisations, including ours, that are working to deploy verifiable credential solutions to help stop the spread of covid-19. Their goal is to enable society to return to previous (before the covid-19 state) in a controlled, measurable, and privacy-preserving way.

With AceBlock blockchain framework we at Netis strongly welcome and support such initiatives, as we believe privacy is one of the most critical issues that must be addressed. Otherwise, our society might suffer a severe attack on democracy and freedom of speech, especially in those countries where the level of democracy is already questionable.

The issues of privacy-breaching therefore need to be discussed and questioned, and especially in the times of distress, meaning the pandemics must in no way serve as an excuse for citizens to lose their rights.

How the Coronavirus Became a Catalyst for Impersonal and Automated Services

blog
April 9,
2020

How the Coronavirus Became a Catalyst for Impersonal and Automated Services

At this moment, the whole world is facing a common enemy: the fight to stem the covid-19 virus real. This battle translates through all layers in our society and it is only right that each business and individual strive to contain it as much as possible. On the other hand, we are witnessing a strange phenomenon as the pandemic has become a catalyst for quick and significant change in the way we are getting our affairs in order. In a matter of days, the strange disease has therefore shown us where we are lacking in structural digitized services, and forced us to start searching for answers.

When the World as we Know it Ceases to Exist

Because of the coronavirus epidemics, many stores have closed overnight. Even those that remain open are now subject to rigorous measures, which means that we have to respect the hours we can shop there and the distance between others, which all takes time and effort. Also, any gathering in a larger group, including doing grocery, presents an opportunity for infection. Both of these two important facts quickly tempted customers to shop, bank and “do” everything online: stores today can hardly keep up with the orders, banks and other public services are urging us not to go to physical locations, even schools are using online tools so the students are able to continue with their studies.

Digital Life Demands Digital Services: Are They Effective?

It seems that all of our affairs have in one way or another now become digitized. A term that only a month ago stood more for an “added value” has now become a new standard. However, using digital services is still not as easy as it should be.

For every new digital service they want to use, users still first need to sign up. And even though online application forms are becoming more user-friendly in this aspect, this does not change the fact that entering the same information over and over again, validating emails and memorizing new passwords can soon become tiresome and time-consuming. Autofill function can help in some cases, but it is seldomly compatible with all the data we give, which means users still have to double-check and replenish the forms.

Another problem that comes up with every new login and password we receive is that keeping them safe and in order can become messy. Users are encouraged to choose their passwords and usernames carefully, however by doing so, they also tend to forget them. It is even more dangerous, but also common, that we use the same password-username combination for different services or store the combinations on the computer. This can almost read as an open invitation for hackers to misuse our data.

Some digital services however, offer users the possibility that they login with the identity they use to access some of the most popular platforms such as Facebook, Twitter or Google. This seems like an ideal solution, but keep in mind that doing so users also give these services an access to the personal data Facebook, Twitter or Google have on them. This is why you first need to ask yourself what are you prepared to share and is this kind of exchange really secure?

In many countries, including ours, there is also a possibility for users to access public digital services with some kind of version of a personal digital certificate. However, user first needs to install the certificate to each device he/she is using, meaning that one cannot usually not use it on a mobile device nor a public or work computer without first facing many complications.

The common denominator to all of the above is that users give away sets of their personal information each time they interact with different providers. Even more: their digital identity doesn’t even exist independently from these systems, and represents a compilation of various information that different organizations store on them.

Self-Sovereign Identity on Blockchain: A Gateway to Safe and Secure Digital Services

The solution to the challenges addressed above exists within a concept known as a self-sovereign identity, or in short SSI. From a technical perspective, SSI represents a new paradigm of online identity management, allowing users and also (business) entities to manage their personal information by storing them locally on their own devices, and then selectively granting access to others.

Rather than allowing control over personal data to each service provider, SSI solutions are designed to give freedom and control of their privacy back in the hands of individuals. This is the reason such digital identities also aren’t locked into any given platform not controlled by any operator. They remain portable and interoperable across platforms so that they can allow each user to move from a service to service, and from one operator to another, freely and whenever they choose to. Compared to identity management in use today, SSI solutions also no longer need to refer to other trusted authority or third-party intermediary operators to validate these claims.

Let’s Create SSI for Your Business, Shall we? Meet AceID

In short, SSI eliminates the effort of collecting personal information that has already been gathered elsewhere. A blockchain based ID system adopts a user-centric approach, meaning it gives users far more freedom and privacy when interacting with online services. This is why you just may be wondering why companies need SSI as much as people? Here is the answer!

But first, look at an example: If a user wants to sign up for a new bank account online today, he will first be asked to provide a series of information such as a picture, valid ID, social security number, date and place of birth and other, similarly sensitive information. Only after a KYC provider, acting as a third-party intermediary, confirm and therefore verifies that the person is indeed the one they claim to be and that the information they have provided is true, one will be able to use the service. What is more, by becoming their new client, the bank will also be given a responsibility to digitally protect the user’s data. This is not a case with SSI.

As are you, the majority of businesses is also increasingly depending on electronic data to manage their daily operations, which leads them to store and transfer a growing number of sensitive information online. This is becoming a huge liability!

However, an identity system your business and others, including governments and institutions can trust, can actually enhance your operational capabilities without making you responsible to administer it. In other words, you can still access the data you need to complete transactions with the users without having to keep it in large collections. What is more, once a claim has been verified for one purpose, it can be reused several other times.

This is why SSI is a perfect fit for any digitally-aware business that wants to succeed in this precise moment in time, when digitalization is becoming increasingly necessary, and yet the processes connected with it still far too lengthy and complex, as the covid-19 crisis has confirmed.
But, to truly get there, businesses first need to adopt a different mindset by understanding that giving up user data in the end actually pays off! We are here to help you with that, whereas our solutions which we are building on top of the Aceblock blockchain framework are here to help you easily implement blockchain technology into your business.

As mentioned before, SSI is a concept and the road toward true SSI (which requires global standards and cross-border governance) is still long. However, a functional digital identity system is becoming a new prerequisite for a digitally connected world.

For all entrepreneurs who want to be the first ones in their industry by best meeting the demands and expectations of their customers, we have developed the ultimate and a fully-working SSI solution. Meet AceID, a portable identity on blockchain technology with which any holder can present verifiable credentials everywhere online. It gives users the ability to decide who, why and for how long they share their personal data with, and gives you a room to create a trustworthy, fast and effective business platform that strengthens the confidence in services you provide.

 Choose AceID to improve on:

Secure
authentication

AceId is a secure authentication protocol that combines the following concepts: self-sovereign identity (SSI), data access management controlled and recorded via blockchain, end-to-end encryption and verification. These elements guarantee each user has a complete control over who they share their data with, and for how long.

Simple user
onboarding

A first-time user needs to input his/her personal information (name, date of birth, ID number etc.) into their own mobile digital wallet. Afterwards, each time he/she wishes to access a certain web service, this process is no longer necessary, and only a QR code authentication suffices to interact with a service.

Data
storage

The user`s data is stored locally on /her device, and remotely on the AceSpace storage, where all the content is encrypted. What AceID actually stores on a blockchain is just the reference to the data and all of the permission actions related to them,

GDPR
compliance

Since the blockchain is generally public, anyone can get information about the existence of the link. However, it is impossible to see what kind of data are stored on a given address. The data can be seen and read only with a user`s private key used for their decryption.

Service
login

To access an online service, a website displays a QR code. Each time the registered user scans the QR code, he/she can choose which pieces of information they allow to be shared, and confirm their choice by pressing “Authorize”. The result of this last action logs them into a website.

Data management &
permissions

Due the fact the personal data is not stored directly on a blockchain, the user can easily make changes, such as deleting or adding the data. Each time the user interacts with a business or changes the permissions, the mobile application reacts in real-time.

Encryption

The user keeps his/her personal information locally. Prior to sending the data to the AceSpace storage, they are encrypted with the user`s private key, making sure no one can read or change them.

Perhaps quarantine time has offered you the best time to start thinking about new ways to reach out and offer more benefits to your customers?

Book a meeting and let’s get started: