FB pixel

Sovrin highlights the risks of commingling data in digital identity guardianship

Categories Biometrics News  |  ID for All
Sovrin highlights the risks of commingling data in digital identity guardianship

Sovrin has outlined some of the risks involved at the intersection of Self Sovereign Identity (SSI) and guardianship, highlighting potential areas where issues could arise such as in the commingling of data.

The organization is well known in the digital ID community for its popular MainNet Hyperledger Indy identity ledger.

Guardianship, for the purposes of this whitepaper, is where one party has responsibility for another, for example, a baby or young child in the care of its mother, or a severely disabled person with a carer, incapable of making their own decisions

Though the paper argues that guardianship is “essential for SSI to be inclusive,” as dependents are inherently vulnerable, it argues certain steps may need to be taken to prevent some risks, saying things can “easily get messy” when it comes to guardianship.

It explored how issues around guardianship might manifest in fields as diverse as social work, humanitarian aid, finance, healthcare, law, government, and the Internet of Things (IoT).

Impersonation and commingling of identity data is a key risk outlined.

For example, a guardian may pretend to be the dependent without the dependent’s knowledge to qualify for a discount when making online purchases or when taking out a loan, or for other purposes related to their own benefit.

Potential mitigations suggested for this include having a “clear distinction” in the original Guardianship Arrangement outlining the scope of the guardian’s rights and duties and clearly outlining the limitations.

Other potential mitigations included using a trusted third party for authorization or making it a requirement that it always made clear which party is acting.

Another One of the risks outlined is “recentralization,” where power moves back to a guardian, which contrasts with how SSI is meant to “be inherently decentralized and moves power to the edge to eliminate single points of failure” according to Sovrin.

The paper suggested migrating this risk by outlawing “bulk load” processes, in which entire populations are pushed into guardianship without their consent.

Sovrin argues that there is a possibility that organizations or governments could “try to act as their customers’ or citizens’ guardians instead of as their peers and delegates.”

Another more technical set of challenges outlined by the report are risks at the moment of transition, for example when a change of caregiver is needed, which the paper argued would leave some “digitally stranded.”

Mitigations suggested by the report included the use of “biometrics, QR codes, embedded or supporting technologies, and low technology / no technology solutions to support the SSI user experience” as well as implementing an “SSI architecture with an end-to-end process framework that includes online and offline processes.”

Sovrin regularly publishes on the risks and opportunities within the digital identity space, in January 2022 was pointed out in an ENISA report looking at how different national ID systems have been implemented around the world, and looked at their applicability within the EU.

This post was updated at 9:06am Eastern on June 13, 2023 to clarify that ENISA, not Sovrin, published the report on national ID systems.

Article Topics

 |   |   |   | 

Latest Biometrics News


Could be 25 years before TSA gets facial recognition in all US airports

The Transportation Security Administration (TSA) foresees significant delays in implementing facial recognition across U.S. airports if revenue continues to be…


Single solution for regulating AI unlikely as laws require flexibility and context

There is no more timely topic than the state of AI regulation around the globe, which is exactly what a…


Indonesia’s President launches platform to drive digital ID and service integration

In a bid to accelerate digital transformation in Indonesia, President Joko Widodo launched the Indonesian government’s new technology platform, INA…


MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…


Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…


Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Featured Company