Self-sovereign identity is not enough

New EU regulation over online identification is a Trojan horse that threatens the privacy of everyday citizens. Web3 can fix that

article-image

Midjourney modified by Blockworks

share

A Trojan horse lurks outside the gates of European cyberspace. The recently signed updates to eIDAS — the EU regulation that governs online identification in the EU — threaten the online privacy of everyday citizens and make it possible to conduct state surveillance. 

Web3 identity infrastructures, blockchain and zero-knowledge technology are necessary to fight off this Trojan horse and safeguard peoples’ privacy.

The horse: Self-sovereign identities 

For privacy advocates wary of the expanding dominance of technology megaliths, eIDAS initially seemed an attractive solution. The legislation promotes Self-Sovereign Identities (SSI), a decentralized technology that gives individuals greater control over their digital identities. Under the SSI model, entities like banks, governments or social media platforms issue digital credentials, such as academic degrees, driving licenses or account log-ins.

Users maintain full control and ownership over these credentials by storing them in private, off-chain wallets. This grants them the agency to elect if and when they share these credentials with various apps and services. Not only is privacy and user control enhanced, but so too is the security and ease of online verification.

SSI represents a striking alternative to the current online identity paradigm, where users do not own their online credentials, log-ins and digital identities. Instead, users must rely on a small pool of centralized providers, such as Meta or Google, to act as intermediaries and enable access to internet services in exchange for their private activity data. 

The absence of user-owned data structures has led to information abuse scandals like that of Cambridge Analytica, and facilitated a culture of corporate surveillance. Targeted ads, which monitor and record our desires and interests, have, for instance, become a defining aspect of the online experience.

EIDAS and the roll-out of SSI will redirect the ownership of certain data-sets away from corporations. However, that doesn’t instantly place data back in the hands of users. To the contrary, Article 45 in the eIDAS legislation makes it possible for the EU to monitor the online activities of SSI wallet owners within its jurisdiction. 

If enacted, this provision would mean that both the state and Silicon Valley could monitor and analyze the online activities of users.

The hidden Greek army: Article 45

Article 45 and its consequences are difficult to intuit without cyber security expertise.

It mandates that all web browsers distributed in Europe will be required to trust the certificate authorities and cryptographic keys selected by EU governments. This is dangerous because whoever controls these certificates is able to monitor internet traffic, making it possible for the EU to track the activity of every SSI wallet on every EU-authorized site. 

It is highly unlikely that the ownership of these wallets will remain anonymous, because the EU itself will be distributing credentials such as digital national ID cards. These will likely have traceable numerical codes (DiDs) that can be mapped to wallets and their owners. 

As Mozilla, the maker of the Firefox web browser, elegantly puts it:

“[eIDAS] enables the government of any EU member state to issue website certificates for interception and surveillance which can be used against every EU citizen, even those not resident in or connected to the issuing member state. There is no independent check or balance on the decisions made by member states with respect to the keys they authorize and the use they put them to.”

Over 500 leading cyber security experts, researchers and NGOs have signed an open letter calling on the EU to amend the article. However, time has run perilously short. As it stands, there is now only one vote standing in the way of eIDAS. Widely considered a formality, this vote will take place in early 2024 during the bill’s formal ratification at the European Parliament.

How to protect Troy: Web3 identity infrastructure  

So with the horse, and its attendant army waiting at the gates, what can we do to protect users from digital state surveillance? 

First, we need to scale Web3 identity infrastructures. This encompasses a range of decentralized technologies. Blockchain is needed to bring transparency and security to public-facing identity credentials. Off-chain SSI is needed for the storage of confidential credentials that users may not want to publicly publish on the blockchain. 

Read more from our opinion section: Phones and the internet aren’t blamed for terror finance. Crypto shouldn’t either.

And, in both on-chain and off-chain environments, zero-knowledge cryptography is critical for privacy. It allows users to prove certain statements are true without revealing any additional information. For instance, you could confirm that you are older than 18 without disclosing your exact date of birth. 

Together, these technologies usher in a new era of privacy and user ownership. They grant users the right to access, manage and delete information about their online activities and preferences as needed. This user-based ownership also marks a fundamental shift in the power dynamic between users and online platforms. If users no longer need to depend on platforms to use or access their identities, it is much harder for those platforms to censor users, or misuse their data. 

The impending rollout of eIDAS and Article 45 proves that decentralization cannot be delivered in a piecemeal fashion. Doing so would leave critical gaps in privacy and security, exposing users to potential surveillance and data misuse. Instead, we need a holistic implementation that encompasses not only the technological framework, but transparent regulation and an unerring emphasis on user empowerment.

SSI alone is not enough to safeguard users. It is effective only when it exists within a robust and fully decentralized ecosystem. Thankfully, advances in decentralized and Web3 identity services are developing in leaps and bounds. While there’s much to be hopeful for, legislative actions such as eIDAS remind us that vigilance and proactive measures remain essential. 

There is no room for complacency in our efforts to safeguard privacy and freedom in the digital world.



Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg

Research

In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.

article-image

Opinion: Even though I didn’t pay for my “Diamond Hands” burger with BTC, don’t let that fool you into thinking that crypto’s development is futile

article-image

The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally

article-image

While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders

article-image

Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume

article-image

DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit

article-image

The Boston Globe reports that lawyer John Deaton is weighing a possible bid