Our family is moving to a new house: exciting times ahead! Buying a house involves a lot of paperwork, of which a substantial chunk is about identification and authentication.
The new trend in Digital Identity is Self-Sovereign Identity (SSI): a solution for authentication that improves privacy whilst giving people control of their personal information and who they want to interact with.
In this article, I have pitted SSI against the reality of buying a house. If you ever bought a property, with or without a mortgage, read on to see how much easier life would be if SSI was widely adopted.
Part-exchange: who are you and why are you in my house?
As we are buying a new build home, the builder has offered part-exchange (a scheme in which the builder buys your old house off you first), which we decided to try, to keep things simple and smooth! As part of the process, numerous professionals, surveyors, estate agents, builder staff etc knock on our door to view our house, assess it and value it.
The first problem we encounter is identifying these people; how do we know if we are opening the door to a legit professional and not some petty criminal? Sure, they could have a badge or business card, but those are so easy to copy that they don’t even matter.
SSI offers the secure digital equivalent of a badge. It is a Credential that they have on their phone and can share with yours, or your smart doorbell even, and you’ll be able to tell that it’s the person you expected.
“The first problem we encounter is identifying these people; how do we know if we are opening the door to a legit professional and not some petty criminal?”
Mortgage advisors, solicitors, and the endless oversharing of private details
Our builder offered a low price that we don’t like, so we are getting a temporary mortgage for the old home instead, to sell it at our own time. This is a high risk, high workload and high return job that would have been much easier with SSI.
We need to apply for two mortgages — using our own mortgage advisor is a good idea, don’t use the ones working with the builders! Looking for a mortgage advisor, how do you know if they are licenced? How do you know if they will look at the whole market? How do you know if they are any good? Sure, we could google them, but with SSI we could simply scan a QR code on their website to immediately see their accreditations, reviews and other information.
We also need to find a solicitor. Solicitors must do an Anti-Money Laundering (AML) check, which includes an Identity check. The solicitor requires numerous documents and they must all be produced in physical form in their offices.
Not only did we spend the afternoon to go to them; they also had to keep a copy of our documents, hopefully somewhere safe. The solicitor required the following documents:
- Bank statements, to see where the money is coming from. Many different statements, if the money is in multiple accounts. That means they will of course judge our other life choices, although they won’t tell us that.
- Passports, to check our identity. But they now also know our age, passport number, nationality etc.
- Driving licences, to confirm our address — but that assumes you have a UK Driving licence that shows the address. I don’t have a UK Driving Licence, so I was asked for a utility bill. Luckily, they accepted one printed from an electronic form, even though this is easy to forge.
- Signed copy of their “Terms of Business”, which is the easiest bit.
All the above would literally be a few clicks away with SSI, for example:
- Banks can give you SSI credentials proving that you have more than enough money in your bank account and that the money is clean. You don’t even need to disclose how much savings you have in total, just that you have what is needed (yes/no answer, not a figure).
- Passport check can be replaced with a name check, in a Credential coming from the HM Passport Office stating your first, middle and last name and only that.
- Address check can be the same as name check.
- Terms of Business can literally be signed by tapping and looking at your phone.
This can all be done in a manner that meets the legal and regulatory requirements of the government, financial regulator as well as the law society. No reason to go anywhere, no reason to print anything (lawyers are terrible at thinking of the trees, I must say) and no need to store a copy of your passport in some solicitor’s office somewhere.
Keep sharing, until your AML check fails
We’re not done yet. The story repeats with the mortgage application. The mortgage provider requires bank statements, payslips, copies of passports and driving licences, etc. Again, these could all be replaced with an SSI set of credentials that saves time, is safer and more private.
The most excitement-killing part of the mortgage application is the so-called Customer Declaration. This appears only after the application is submitted and it is the most boring document in the universe. Customers must print it, sign it, scan it and return it. Urgently.
And that’s where it went wrong. My wife’s signature on her driving licence, which is like 20 years old, has developed over time and doesn’t match her current signature. She used to sign with something that was readably her name — now she signs a scribble not even a doctor can read. This was flagged by the lender’s AML check: we will have to physically go into a branch to sign in person. I so much wish SSI was adopted.
Self-Sovereign Identity is the way forward
So how does SSI work and why is it such a good capable thing? The simple premise is that any entity, called the Issuer, who has information about you can give this information to you in a digital Credential. This could be anything about you like your name, your professional qualification or your credit score. The information goes into your digital wallet App and you can control it from there. Using this Credential, the wallet can create proofs that you have it, for example:
- Proof that you have a job – can be issued by your employer or the tax office.
- Proof that your income is over x – may come from your employer or tax office or even your bank.
- Proof of your name – could come from your bank or passport office.
Now, here are some very important aspects:
- The “magic” bit: Credentials stored in your wallet state the actual values, i.e. your income is £30,000pa but the Credential proof that is shared utilises Zero-Knowledge Proofs and so it only answers with a yes/no answer to the question “Is this person’s income over £25,000?”. This can be done where possible, minimising disclosure and limiting exposure of your privacy to the absolutely necessary only.
- The credentials can come from various sources, your income is known to both your employer and the tax office, you can choose where to get it from and you can choose which credential to use (assuming it meets other requirements). This is the first level of decentralisation: numerous entities can be used to prove something about you.
- In addition to choosing credential Issuers, you can also choose which SSI Network to use. If you don’t like your bank (I don’t blame you), you can use the government SSI network or the Worker’s Union one. The choice will be there, and many networks will work with the same App. The networks themselves don’t see the data, they are all about organising the communications and making sure secure and trusted connections are created between participants. This is the second level of decentralisation: you can choose who you want to use.
- And, of course, then there is security. SSI is built by big names in the industry, that form a community of privacy promoters, cryptographers and engineers who are all experts in their fields. It is open source to the next level, not just the software but also the concept and the business behind it. There are numerous well-known open foundations involved including the Linux Foundation, IETF and the W3C.
The advantages of SSI over a paper documentation system or a central database with stuff are obvious. In our house buying quest we spent two days dealing with documents. These are two days of my annual leave that I am never getting back. With SSI, it would be less than an hour’s work and that includes the time to set it up for the first time.
Many of us are working hard for SSI here at Condatis, and we have teamed up with some incredible people from the Decentralized Identity Foundation, Evernym and others to achieve this together.
The present is boring, the SSI future is a tap on your smartphone.