我們無(wú)法掌控自己的個(gè)人身份信息，這是一個(gè)問(wèn)題。一直以來(lái)，通過(guò)谷歌可以搜索到一個(gè)人的生日和家庭住址，現(xiàn)在訪問(wèn)這個(gè)黑網(wǎng)還可以找到許多依舊珍貴的信息，如社會(huì)保障號(hào)碼，銀行賬戶(hù)，醫(yī)保詳情以及令犯罪分子垂涎不已的一切數(shù)據(jù)。

之所以會(huì)出現(xiàn)這種情況，是因?yàn)樽鳛橄M(fèi)者，我們更愿意選擇便利，而不是保護(hù)個(gè)人隱私。多數(shù)人同意在線分享信息之前，從沒(méi)有閱讀過(guò)附屬條款或進(jìn)行深入的技術(shù)評(píng)估。我們不想為每一個(gè)賬號(hào)記住一個(gè)密碼，也不想每次在線購(gòu)物的時(shí)候都要重新輸入信用卡賬號(hào)。相反，我們拱手交出了這些可以證明我們是誰(shuí)的信息，結(jié)果就是，每一家公司和政府機(jī)構(gòu)都成為了我們的身份信息的管理者，不論他們是否意識(shí)到了這一點(diǎn)。

但隨著區(qū)塊鏈技術(shù)的出現(xiàn)，隱私這個(gè)詞可能重新變得名副其實(shí)。區(qū)塊鏈可以控制信息，避免復(fù)制，這意味著自主權(quán)身份信息，或者個(gè)人可以控制存放在任何地方的私人信息的想法，第一次有可能變成現(xiàn)實(shí)。例如，伊利諾伊州區(qū)塊鏈倡議（Illinois Blockchain Initiative）正在試點(diǎn)將出生證放到區(qū)塊鏈上。他們希望創(chuàng)建自主權(quán)數(shù)字身份信息，由用戶(hù)自己掌控，并可迅速安全地進(jìn)行身份驗(yàn)證，不需要集中數(shù)據(jù)存儲(chǔ)庫(kù)。

杜絕身份盜竊

自主權(quán)身份信息不只是個(gè)絕妙的主意，還可以杜絕影響客戶(hù)隱私的許多問(wèn)題，包括尤為重要的身份盜竊。去年，美國(guó)有1,670萬(wàn)人遭遇了身份欺詐，比2016年增加了130萬(wàn)人。但實(shí)際受害者可能要翻一倍，因?yàn)槿藗兺⒉恢雷约旱臄?shù)字身份信息被泄露，直到他們準(zhǔn)備買(mǎi)房或申請(qǐng)貸款的時(shí)候才發(fā)現(xiàn)，這時(shí)他們的財(cái)務(wù)生活早已一團(tuán)糟。

利用區(qū)塊鏈分布式總賬管理身份信息，使詐騙分子在肆意破壞的時(shí)候很難不留下明顯的數(shù)字痕跡。區(qū)塊鏈分布式總賬的原理是：區(qū)塊鏈中的每一個(gè)區(qū)塊均依賴(lài)前一個(gè)區(qū)塊建立，這些區(qū)塊的加密屬性，增加了修改存儲(chǔ)在現(xiàn)有區(qū)塊中的信息的難度。區(qū)塊鏈生成的記錄是不可篡改的，這意味著對(duì)與個(gè)人相關(guān)的每一個(gè)標(biāo)識(shí)符的修改，都會(huì)生成記錄。該系統(tǒng)可防止數(shù)據(jù)管理機(jī)構(gòu)的惡意行為，最終使身份盜竊更難以實(shí)施。

使每個(gè)人掌控自己的數(shù)據(jù)

區(qū)塊鏈分布式總賬的不可篡改記錄，使個(gè)人可以掌控與其身份有關(guān)的所有信息，并確保信息準(zhǔn)確。例如，對(duì)于護(hù)照或駕照等線下身份，目前尚沒(méi)有一個(gè)被普遍接受的相對(duì)應(yīng)的數(shù)字身份，因此人們每一次使用的時(shí)候，都會(huì)獲得一組獨(dú)一無(wú)二的標(biāo)識(shí)符。這些私人信息形成了一個(gè)龐大的網(wǎng)絡(luò)，最終用戶(hù)很難跟蹤，而且由于安全情況不同，并且時(shí)間上滯后，因此機(jī)構(gòu)無(wú)法保證這些信息的安全。

而通過(guò)基于區(qū)塊鏈的分散標(biāo)識(shí)符（DiD），我們可以完全掌控自己的個(gè)人數(shù)據(jù)。實(shí)質(zhì)上，分散標(biāo)識(shí)符是一個(gè)存儲(chǔ)在區(qū)塊鏈分布式總賬上的加密統(tǒng)一資源定位符，每一個(gè)標(biāo)識(shí)符被分配給了用戶(hù)身份數(shù)據(jù)中的不同部分，如姓名、出生日期和社會(huì)保險(xiǎn)號(hào)碼等。用戶(hù)通過(guò)智能手機(jī)或電腦上的數(shù)字錢(qián)包應(yīng)用，可以臨時(shí)授予對(duì)其所選的分散標(biāo)識(shí)符的訪問(wèn)權(quán)限。例如，今天你登陸一款新應(yīng)用，通常要分享自己的姓名、電子郵件地址和其他基本信息。而有了分散標(biāo)識(shí)符，這個(gè)過(guò)程變得更快更安全。應(yīng)用將顯示一個(gè)二維碼，掃描二維碼，數(shù)字錢(qián)包應(yīng)用會(huì)自動(dòng)在區(qū)塊鏈內(nèi)調(diào)用相關(guān)分散標(biāo)識(shí)符，之后應(yīng)用授予訪問(wèn)權(quán)限。

我們的身份信息中會(huì)發(fā)生變化的部分，如電話、職位、家庭住址等，會(huì)使個(gè)人隱私變得更加復(fù)雜，因?yàn)橐粋€(gè)標(biāo)識(shí)符可能在不同時(shí)間關(guān)聯(lián)超過(guò)一個(gè)人。想想你在結(jié)婚后修改姓氏的時(shí)候，你需要更新多少信息？你必須修改護(hù)照、駕照、社交媒體賬號(hào)、銀行賬戶(hù)、醫(yī)療保險(xiǎn)等等，這個(gè)令人頭疼的過(guò)程可能至少耗時(shí)幾個(gè)月。而有了分散標(biāo)識(shí)符，更新信息變得更便捷；更新分散標(biāo)識(shí)符時(shí)，相關(guān)服務(wù)會(huì)自動(dòng)獲得更新的信息。這個(gè)過(guò)程勝過(guò)讓錯(cuò)誤信息肆意傳播。

注意：這項(xiàng)工作仍在進(jìn)行當(dāng)中

任何顛覆性技術(shù)的成熟都需要時(shí)間。例如，互聯(lián)網(wǎng)背后的概念模型與通信協(xié)議 — 眾所周知的TCP/IP，在誕生了30年之后才開(kāi)始顛覆零售、交通等傳統(tǒng)行業(yè)。

區(qū)塊鏈上的自主權(quán)身份信息肯定大有前途，但依舊有許多問(wèn)題亟待解決。首先是驅(qū)動(dòng)力的問(wèn)題：現(xiàn)有公司為什么愿意喪失對(duì)客戶(hù)身份信息數(shù)據(jù)的控制？自主權(quán)身份信息并不符合企業(yè)的最佳利益，所以我們需要一家全新的公司，打造一個(gè)身份信息的區(qū)塊鏈分布式總賬。

另外還有其他技術(shù)問(wèn)題需要克服。首先，真得有可能做到不可篡改嗎？理論上，區(qū)塊鏈?zhǔn)遣豢纱鄹牡?，它將扮演關(guān)鍵基礎(chǔ)設(shè)施的角色，但這種想法需要接受大量測(cè)試，才能獲得社會(huì)的信任。我們還需要確定如何安全準(zhǔn)確地連接個(gè)人的物理身份與數(shù)字身份。區(qū)塊鏈只存在于數(shù)字世界，無(wú)法保證用戶(hù)的物理身份，這就增加了公司驗(yàn)證、鏈接和識(shí)別兩種身份的負(fù)擔(dān)。

這些問(wèn)題進(jìn)一步強(qiáng)調(diào)了強(qiáng)大隱私保護(hù)基礎(chǔ)設(shè)施的必要性。其中必不可少的一部分是監(jiān)管；在沒(méi)有法律先例的情況下，參與基于區(qū)塊鏈的身份信息生態(tài)系統(tǒng)的實(shí)體，必須接受風(fēng)險(xiǎn)、不確定性和無(wú)限的責(zé)任。我們需要一家值得信任的實(shí)體，就該系統(tǒng)的運(yùn)行方式、制定一些合法的、可執(zhí)行的規(guī)則，確定連接物理與數(shù)字世界的基礎(chǔ)設(shè)施，奠定為消費(fèi)者提供基本保護(hù)的安全基礎(chǔ)。如果我們能做到這些，隱私將變成標(biāo)準(zhǔn)，而不是與己無(wú)關(guān)的事情。（財(cái)富中文網(wǎng)）

本文作者弗雷德里克·克里斯特為Okta聯(lián)合創(chuàng)始人兼COO。

譯者：劉進(jìn)龍/汪皓

We lack control of our personal identities, and that’s a problem. Birthdates and home addresses have long been accessible through a quick Google search, but now a trip to the dark web will turn up the information many of us still hold precious: Social Security numbers, bank accounts, health insurance details, and whatever else a criminal may desire.

We got to this point because we consumers have historically favored convenience over privacy. Most of us don’t read the small print or do deep technical assessments before sharing information online. We don’t want to remember a different password for each account or re-enter credit card numbers every time we make an online purchase. Instead, we transferred ownership of the details that make us who we are, and as a result, we effectively put every company and government institution in the identity management business—whether they realized it or not.

But with the emergence of blockchain technology, the word privacy may regain its meaning. Blockchain’s ability to control information and avoid duplication means that self-sovereign identity, or the idea that individuals can control their personal data no matter where they are, could be a reality for the first time. For example, the Illinois Blockchain Initiative is managing a pilot program to put birth certificates on a blockchain. Their hope is to create self-sovereign, digital identities that can remain under a user’s control, capable of quick and secure validation without the need for a centralized repository.

The end of identity theft

Self-sovereign identity isn’t just a nice idea; it can put an end to many issues that impact consumer privacy, including, importantly, identity theft. Last year, 16.7 million people in the U.S. were victims of identify fraud, a 1.3-million-person jump since 2016. But these numbers only show half the story. Oftentimes, individuals have no idea that their digital identities have been compromised until they attempt to buy a home or take out a loan and find their financial lives in ruins.

Using a blockchain ledger to manage identities would make it extremely difficult for fraudsters to wreak havoc without leaving an obvious digital trail. Here’s how it works: Each block in the blockchain builds upon its predecessor, and the cryptographic nature of these blocks makes it hard to alter information stored in the existing blocks. The resulting record is immutable, meaning that changes to every single identifier associated with an individual must be logged. This system prevents malicious actions by data custodians, and ultimately makes identity theft more difficult to execute.

Putting individuals back in charge

A blockchain ledger’s immutable record is also what empowers individuals to take charge of all the information tied to their identity and ensure its accuracy over time. For example, since there isn’t a universally accepted digital equivalent for offline identity, such as a passport or a driver’s license, people are issued a unique set of identifiers for every single application they use. The result is a sprawling web of private information that end users struggle to keep track of, and organizations fail to keep secure thanks to inconsistent and lagging security postures.

But with blockchain-based Decentralized Identifiers (DiDs), individuals could regain complete control of their data. DiDs are basically a secret URL (which actually stands for Uniform Resource Locator) stored on a blockchain ledger, with each being assigned to the different parts of a user’s identity, such as their name, birthdate, and Social Security number. Using a digital wallet app on their smartphone or desktop, users have the power to temporarily grant access to the DiDs of their choosing. For example, when you sign up for a new app today, you typically have to share your name, email address, and other basic information. With DiDs, the process is faster and more secure. The app shows a QR code, you scan it, your digital wallet app automatically transfers your relevant DiDs over the blockchain, and the app grants access.

The changing parts of our identity, like phone numbers, job titles, and home addresses, further complicate individual privacy because it is possible for a single identifier to become associated with more than one person at different times. Think about all the details that must be updated if you get married and change your last name—you must change your passport, driver’s license, social media accounts, bank accounts, health insurance, etc.—the headache-inducing process takes months at least. DiDs empower individuals to swiftly update these details; when the DiD is updated, the services using your DiD automatically have the updated info. This process is much better than letting misinformation run free.

Caution: work in progress

Any transformational technology needs time to bake. For example, TCP/IP, the conceptual model and communications protocols behind the Internet we know today, was around for 30 years before it started disrupting legacy industries like retail and transportation.

The idea of self-sovereign identities on the blockchain is certainly promising, but there’s still a lot to figure out. There’s the issue of incentive: Why would incumbent businesses want to lose control of their customers’ identity data? Self-sovereign identities aren’t in enterprises’ best interest, so we’ll need a brand new player to build a blockchain ledger for identity.

There are other technical issues to overcome. First, is immutability really possible? In theory, a blockchain is immutable and would take the role of critical infrastructure, but this idea requires intensive testing before it can be trusted in the wild. We also need to determine how to securely and accurately connect individuals’ physical and digital identities. Blockchain only exists in the digital world and cannot guarantee the physical identity of the user, so this puts the burden on businesses to verify, link, and navigate the two.

These issues reinforce the need for strong privacy infrastructure. An integral piece of that is regulation; in the absence of legal precedent, the entities involved in a blockchain-based identity ecosystem would have to accept risk, uncertainty, and unbounded liability. We need a trusted entity to establish some legal and enforceable rules for how it will all work, infrastructure to bridge the physical and digital world, and the security groundwork to guarantee basic protections for consumers. If we can do these things, privacy will become standard, not a thing of the past.

Frederic Kerrest is the cofounder and COO of Okta.