SALT LAKE CITY — One of the largest and most valuable corporations in the world, IBM, announced Wednesday it's going all-in with the Utah-based Sovrin Foundation, a private sector nonprofit working to create a decentralized digital identity network.
IBM will join the foundation as a founding steward, working with other stewards to "create, operate and maintain" the network.
While Sovrin's mission statement may sound like so much tech gobbledygook to the non-fluent, the work is aimed at creating a way for individuals and entities to control who can see and use their digital personal data and/or proprietary information, regardless of the type of transaction or exchange involved.
Sovrin Foundation Chairman Phillip Windley said most of the digital tools to create this individually controlled, or self-sovereign identity network, have been in place for decades except for a critical piece — a way to digitally verify information as accurate without relying on a centrally controlled database.
"The pieces have been around to do most of this for the last 20 or 30 years," Windley said. "But it wasn't until blockchain technology was developed that we finally had a way to have an identifier, a verification … without having to look it up."
Windley — who is a tech educator, runs a research lab at BYU and is the former chief information officer for the state of Utah — used the analogy of a police officer asking to see a driver's license but still needing to "call it in" to verify that the license is still valid, and whether or not that person may have outstanding tickets or warrants attached to their name.
Utilizing Sovrin's open-source, blockchain-based network, individuals would be issued a digital wallet — accessible from a smartphone, tablet or computer — that would securely hold sensitive personal data like identification, banking information, medical data, consumer preferences, billing accounts and other transaction-based details. The open-ledger blockchain system allows parties on both sides of a transaction to verify details without either party "seeing" sensitive information.
For example, an applicant for a mortgage would be able to allow a lender to verify that they have the $50,000 they need for a home down payment in their savings account without having to share an account number, or what bank the money was deposited at. Another, simpler example is a user verifying that they are old enough to purchase alcohol without the need to share their birthdate.
Windley said it boils down to making the digital world look and function more like things do in the three-dimensional world.
"It comes back to personal control, which I think is fundamental to us having a digital life that is real and authentic," Windley said. "In real life we have control over things and we need to have those same things in a digital world. How do we build a digital world that functions well? Security is important, when you see it in context of the control people want to have over their lives."
Adam Gunther, IBM's director of Blockchain Trusted Identity, said the effort his company has joined at the Sovrin Foundation may be best compared to early work done to ensure the internet was a platform that could accommodate many different access needs, but done in a way where each web host or information sharer was buying into a consensus on basic operation rules.
"As the internet was developed, we established global standards to guarantee that no matter what technology a website is built on, we can communicate with each other," Gunther said. "In a world with many different blockchain networks under development, the key is interoperability."
Gunther noted IBM has been working in the blockchain space for over a year and brings enormous resources and connections into the mix with its new role at Sovrin.
"What we bring to the table is relationships with global enterprises, almost all of which are looking closely at identity issues," Gunther said. "Responsible data stewardship is critical to every business. Giving the ownership of that data, and power over it back to consumers is key and we're here to help businesses make that happen."
Both Gunther and Windley noted the Sovrin network is live but still undergoing various piloting tests. The beta efforts have been positive and public accessibility to the network could be just months away. Success may lead to decreasing or eliminating the need for storing personal and sensitive information in central locations, like corporate and government databases.
Those repositories have increasingly been the target of nefarious actors looking to access that information to perpetrate identity fraud, gain illegal access to financial resources or simply lock out the data owners and force them to pay a ransom to regain control.
According to IBM's 2018 X-Force Threat Intelligence Index, over 2.9 billion records were leaked from publicly disclosed documents in 2017, and incidents that year cost companies over $8 billion in lost productivity, downtime and ransomware payments.
To learn more about the work of the Sovrin Foundation, visit sovrin.org.