Last week, after months of hype and speculation, Facebook finally revealed its plan to launch a blockchain system, called Libra. Since the launch, most of the attention has focused on Libra coin, the cryptocurrency that will run on the new blockchain.
But tucked away in one of the documents Facebook published is something that may turn out to be just as important as the coin—if not more so. A major goal of the Libra Association, the nonprofit Facebook has created to manage the project’s development, is to use Libra to revolutionize the concept of digital identity.
The relevant passage lives near the bottom of a document meant to explain the role of the Libra Association: “An additional goal of the association is to develop and promote an open identity standard. We believe that decentralized and portable digital identity is a prerequisite to financial inclusion and competition.”
But what is a “decentralized and portable digital identity”? In theory, it provides a way to avoid having to trust a single, centralized authority to verify and take care of our identifying credentials.
For internet users, it would mean that instead of relying on Facebook or Google’s own log-in tool to provide our credentials to other websites, we could own and control them ourselves. In theory, this could better protect that information from hackers and identity thieves, since it wouldn’t live on company servers.
The concept (sometimes called “self-sovereign identity”) is something of a holy grail in the world of internet technology, and developers have been pursuing it for years.
Big companies including Microsoft and IBM have been working on decentralized identity applications for a while now, and so have a number of startups.
But it’s more than just an internet thing. For the roughly one billion people around the world without any kind of identifying credentials at all, such technology could make it possible to access financial services that they cannot today, starting with things like bank accounts and loans.
Helping some of those people must be part of what Facebook meant when it said in the Libra white paper that the new system is intended to “serve as an efficient medium of exchange for billions of people around the world” and “improve access to financial services.”
In some cases the currency itself might be able to do that, but in others it’s likely that users will need some form of identification to access a particular service. That’s probably why Libra’s developers call an open, portable identity standard a “prerequisite to financial inclusion.”
But such a digital identity could go beyond finance, too. Sharing many kinds of sensitive data using a blockchain—for instance, health information—might require some form of automated ID check.
Facebook itself already has experience with digital identities. Facebook Connect lets users log in to third party sites using their Facebook-verified credentials (you might be using it to access technologyreview.com right now).
But Facebook Connect is risky because it relies on a central authority, argues Christopher Allen, cochair of the credentials community group of the Worldwide Web Consortium, the most important international standards body for the web. Trusting one entity with this responsibility is dangerous because the site could go down or the business could fail. And Facebook can revoke accounts at will.
But it’s hard to say how decentralized Libra’s new identity system would be, because Facebook hasn’t revealed anything about what it’s planning.
For example, there’s the possibility that the digital identity will only work inside the Libra network, which requires permission to participate in. Unlike systems like Bitcoin and Ethereum, for which anyone with the right hardware and an internet connection can join and help validate transactions, Libra requires its validators to be identified and approved.
Nearly 30 companies have already signed up to run network “nodes,” and Libra’s developers want to up that to 100 by the time the platform is supposed to launch for real next year.
Facebook’s main message with the launch of Libra and the Libra Association appears to be a response to past criticisms of how it handled personal data. The company appears to be saying “Hey, look, we’re trying to be more open. We don’t want to be this honey pot of everyone’s information,” says Wayne Vaughan, cochair of the steering committee for the Decentralized Identity Foundation, a consortium of companies all working on aspects of blockchain-based identity.
But if whatever identity standard they might come up with only works for 100 companies, says Vaughan, “that’s not decentralized”—it’s just a standard for 100 companies. Facebook did not respond to a request for comment.
Either way, it’s not clear how Facebook and the Libra Association would overcome some big technical challenges that have held back blockchain-based identity systems. For one, blockchains are still hard to use for many people.
A problem that is particularly difficult for identity applications is that if you lose or forget your private keys, which aren’t easy to manage in the first place, it’s hard to restore them, says Allen.
Another technical challenge pertains to privacy. How will the personal identification data be kept separate from financial transactions? This piece is particularly concerning for privacy advocates in the context of Libra, given Facebook’s less-than-stellar track record. And an aversion to financial surveillance fuels much of the cryptocurrency movement.
“Where you spend your money and who you spend it with and how much you spend is some of the most private information for people,” says Vaughan.
On the whole, says Allen, though the technology of decentralized identity has advanced to the point of several serious pilot tests, it’s “not anywhere near ready” for adoption by billions of people around the world. And given what the company has revealed so far, “I don’t see how Facebook can do it,” he says.