There is a new form of identity on the block. Self-Sovereign Identity, or SSI, looks set to change the dynamics of interactions online. By extension, that will have profound second-order effects on businesses and customers throughout the telecoms world and beyond.
What is Self-Sovereign Identity?
While there is no one universally agreed formal definition of SSI, the essential principle is fairly straightforward to grasp.
Today, while devices can digitally identify themselves by MAC addresses and other methods, people cannot, as we interface through devices. As a result we identify ourselves by signing into accounts with different applications, service providers and so on, giving up control of the information associated with us. This is problematic for a wide variety of reasons – as consumers we lose track of who has what data, forget passwords, and are susceptible to identity fraud, while companies holding personally identifiable information make themselves targets for hackers aiming to steal customer data.
Governments have traditionally been the main guarantors of identity, issuing documents such as birth certificates and passports. While they take pains to be secure, there is a problem insofar as any single point of failure can be exploited. The more heavily dependent we are on one source, the more reason there is for people to target it. It also means that any exploitation of the system, for example to create a false identity or to steal another person’s identity, is harder to rectify.
Systems recording an individual’s identity need the capability to be updated and changed over the course of a person’s life. Name changes through marriage or deed poll are an obvious example, but even biometric identifiers can change; for example, scars could alter a person’s fingerprint, while age-related changes can modify voice prints. This creates a natural entry-point for fraudsters.
Where a central body is responsible for the identification and authentication of many people, those individuals have given up control of the information associated with their identity. Self-Sovereign Identity uses distributed ledger technology to decentralise identity information and enable people to identify themselves without a centralised guarantor.
The FIDO Alliance has been a significant driver of a decentralised identity model for SSI. Users generate and control unique decentralised identifiers based on credentials held in crypto wallets and verified using public-key cryptography anchored on a distributed ledger. Those credentials can vary from traditional forms of authentication such as birth certificates: While those may be used, credentials might also consist of a social media account, a history of transactions on an e-commerce site, or attestation from friends or colleagues.
Essentially, the end user is able to present credentials from their crypto wallet which are appropriate for creating trust with a third party in a given interaction. So long as the credentials come from an organisation which the third party trusts, they can trust the end user.
In some ways, this is similar to traditional methods of authentication. However, the end user is the one controlling the credentials and data is only shared with consent. So, for example, it would be possible to verify that somebody is eligible to vote by confirming that they are over the minimum age and a citizen of that country, without giving their exact age or name.
Is Self-Sovereign Identity being adopted?
Yes, and while it is still a fairly niche concept it is likely to loom larger over time, as it solves several problems for both institutions and end users. Decentralisation means that institutions need to keep less personally identifiable information on end users, lowering its value to attackers. When widespread, this will reduce the motivations for hackers to attack an organisation, and it will also reduce the impact of any successful attacks and data breaches on the customers, in turn minimising the reputational damage and legal liability of the company.
For example, the German government is aiming to form an ‘IDunion’ based on Self-Sovereign Identities. “At the heart of the software is a digital wallet. It’s stored on mobile devices, so the data is always at your fingertips,” said Nik Scharmann, Bosch’s Project Director for Economy of Things.
Meanwhile, South Africa’s research organisation CSIR is in busy in conversation with insurers to explore how a blockchain-based, Self-Sovereign Identity could be used not only to verify a customer’s identity in a part of the world where authentication is problematic, but also to confirm their history of insurance claims.
In many cases, however, projects are somewhat… blurry. In 2016 Christopher Allen set out ten principles for Self-Sovereign Identity, as laid out below. There are many projects which will adhere to many or most of those principles without being able to willing to follow all of them. For example, this analysis of the EU’s planned digital identity wallet shows that it aligns with most of the principles of SSI, but not all of them. There are regulations to do with, for example, financial transactions which would mitigate against some of the principles being adhered to.
However, it is clear that there is an appetite to move closer to SSI and to mitigate some of the risks of centralised identity management.
How might this change the dynamics between consumers and telecoms service providers?
There are a few elements at play here. Most straightforwardly, in many cases a person’s identity wallet would sit on their mobile phone or similar personal device. Service providers would have the opportunity to act as the providers or support for that identity wallet, for example with backup and restore functions in case somebody’s phone is damaged or stolen. As companies already associated with the device process in many countries, this would be a natural evolution.
More interestingly, it gives the opportunity for service providers to re-imagine their customer relationships.
Today, telecoms providers have to go through Know Your Customer (KYC) processes in order to sign customers up both for prepaid and postpaid plans. The customer’s identity information is stored by the service provider and, between that and the SIM for verification, makes for a ‘customer relationship’ that binds the two parties quite closely.
Let’s explore that in a situation where the end user has an identity wallet capable of being used for authorisation or authentication at any time, and where credentials of many different kinds can be stored.
In this environment the end-user (or their device) might be able to determine, on a case by case basis, what service provider to use depending on variables such as the network quality and service pricing available at any given time for the service to be used, with KYC obligations being met through interactions with the device’s identity wallet.
This would, of course, require a very different setup for billing and customer care; however, it would open up opportunities for competition between telecoms providers based on network quality. It would also revolutionise pricing for services, with the ability to move away from flat-rate tariffs to much more differentiated pricing. It would enable new forms of price-based competition, but would also reward investment into network coverage and capacity in a more direct way than in the past.
More that that, under this scenario SSI would act as a key enabler for service provision that really was based on the demands of the user at any given time. While a close customer relationship is something which has long been considered important to telecoms providers, much of this is related to the cost of customer churn and customer re-acquisition. Under the new dynamic, churning away from MTN to Vodacom for a call might be followed minutes later by hopping back onto MTN’s network for a video conference – all based not on marketing but on the situation at any given time.
At this point, the whole basis of the customer relationship changes. Rather than one company having a unique billing and service provisioning relationship with an end user, the consumer has choice at any given moment; and in all likelihood the consumer would simply define their parameters or priorities (price, functionality, etc) with the choice of provider in any given instant being automated.
Telecoms service providers could start offering branded decision engines as a way to stay relevant to the customer as a brand and focus on affecting their preferences, for example through rewards.
Alternatively they could choose to become opaque to the end user and save on customer care and marketing costs entirely, simply focussing on delivering their network capabilities at an efficient price.
This kind of user-oriented service provision would also enable more efficient use of network resources. For example, if in a crowded area a provider was struggling under the demands of its users, another’s unburdened network might take some of the traffic, enabling everyone to receive good service without extra investment into physical infrastructure. From the consumers’ point of view this would reflect well on both MTN and Vodacom, resulting in fewer complaints and fewer costs for customer care.
Under today’s networks, this kind of dynamic provisioning and service management isn’t readily achievable. However, organisations like the ITU are anticipating the need to provision dynamic slices with particular SLAs for end users in more advanced versions of 5G and beyond. Using a decentralised basis for authentication along with micro-payments directly to the slice provider would be the simplest way to provide the service, while opening up the whole user base in a geographical area as potential customers.
In areas where there is no geographical coverage today, it might be possible for companies to negotiate temporary monopolies in service provision over newly-covered areas. This would change the calculation of return on investment and encourage greenfield deployments.
We are some way away from these outcomes today. However, as we can see above there are programmes tending towards self-sovereign identity under way in many countries today. It is well worthwhile looking ahead to exploring the commercial implications and value to be captured by established telecoms service providers.
Alex Lawrence is Managing Editor at 6GWorld. His mission is to bring together stakeholders from across industries, countries and disciplines to make sure that, as technology evolves in the coming decade, it’s meeting the changing demands of society, government and business.
He has been involved as a professional nosy person in the telecoms sphere since 2004, with short detours through industrial O&M and marketing.
If you’d like to talk to Alex about your ideas or projects he’d love to hear from you. @animalawrence or email@example.com.