As we’ve rhetorically asked before, what good is money if not put to good use? This is why one of our two mandatory fees is allocated to supporting ethical projects. Our current ethical project spotlight is on NFTID, pronounced “Nift-dee” or “Nifdy”. It’s a new utility for NFT tech to authenticate identity, persons, or objects. Use cases for Nifdys range from passports, national IDs, to proof of ownership (loans or property titles), and even for skill or training certifications. If you’ve been active in the crypto-sphere, your brain instantly correlates the word ‘NFT’ with ‘images’ like Seth Green’s ‘Bored Ape.’ However, Non-Fungible Tokens (NFTs) are broader than we can imagine. They can be used to prove irrefutable ownership over…just about anything. However, when it comes to new technology, there’s always a legitimate question and hurdle to address, namely, “what’s wrong with what we have?” To which a reply must begin with “Where do we start?” An NFT-based system can improve efficiency, severely minimize counterfeits, and simplify the user experience by providing a fraud-proof digital asset to individuals.
This expression boils down to proof of ownership requiring possession of something, or it becomes rather difficult to dispute or enforce. Today, authentication relies heavily on third parties with centralized control over operations. They host and store records of our transactions, and we must trust that the information in those records is legitimate, won’t be tampered with, and has the appropriate transaction history in full. How do we hold these crucial, governing bodies accountable when they are often the ones creating and enforcing the rules? Well, that’s part of the problem. Even when found in violation of legal requirements, there’s not much we can do when the damage is already done. Concern about access and control over our confidential data and documents sounds rather abstract until it’s your credit card or identity being stolen. While an individual may be too insignificant for government action or targeting by a malicious group, data troves containing millions of individuals’ data are the biggest targets of them all. There’s a reason orgs with vast data lakes full of sensitive information are the prime targets of many cybercriminals; they are the honeypot, the war chest, the gold. Cybercriminals follow the money, which today means data.
Current authentication methods are based on loose pieces of paper or virtual documents stored on a centralized system. Entitlement to clubs, certification, medical records, and proof of skills are types of records that need to be securely maintained yet easily accessible to the individual. Ownership rights are too easily lost, whilst personal information and documentation are too easily manipulated. This is why multi-factor authentication has become so prevalent for identity authentication:
According to NIST, multi-factor authentication involves two of the three options below:
(i) something you know (e.g., password/personal identification number [PIN]);
(ii) something you have (e.g., cryptographic identification device, token); or
(iii) something you are (e.g., biometric).
n many cases, common MFA approaches (SMS key) aren’t enough to completely protect us. This is why decentralized blockchain ledgers are so intriguing, as they provide greater security and control over such records. We acknowledge that individuals may not be able to provide world-class key security and are subject to individual phishing or whaling attempts as Seth Green recently found. However, decentralizing the entire process means stealing sensitive data or proof of ownership is much, much harder than putting out surveys on social media. Imagine the reduction in theft if creating a new bank account required providing an NFTID rather than a stolen or purchased SSN and easily found contact information?
Identity theft is one of the leading cyber criminal enterprises in the world. Our identities are alarmingly at risk and everyone should assume their most private identifiable information has been leaked and sold multiple times over, and is regularly updated and resold. There are rampant examples of identity theft everywhere, as virtually all data breaches are in an attempt to steal personal information to then be used to create fake accounts or withdraw from existing accounts. Other methods, like with Ransomware, are to destroy information that may show proof of ownership and cannot be recreated. Just a few examples include the 2013 data breach of Yahoo, exposing sensitive data for some 500 million users’ and the 2017 Equifax breach, affecting 147 million users.
How is it that stealing a few bits of information can relinquish ownership over our identities? How is such a purpose-built identity system so entrenched yet so vulnerable? What options do we have? Ultimately, ownership and identity are managed according to systems that predate the nuance and speed of the world today. Therefore, a modern, decentralized NFTID system can be designed to address the many issues that persist today by embracing a single, key concept: transparency is security.
Nifdy decentralizes the entire “authentication” ecosystem, encompassing everything from your medical records to your ownership over a business class flight ticket or your new city bicycle (no more having to register it with the local police!). If you were to scrutinize it case by case, you might believe it to be too nuanced for general use cases. But the fact of the matter is this: our current systems are failing us on a daily basis, and the cost of that failure is being passed to the victims rather than the custodians of our data. By looking to decentralized ledgers, we are making counterfeit records improbably successful. By having multiple nodes for transaction records, we are preventing scams asking to make payments for a debt that doesn’t exist, or accessing bank accounts by simply having socially engineered the correct password reset questions. We are trying to modernize a system built before televisions, before the internet, and before the social engineering tactics that make identity theft so prevalent and lucrative.
Looking to the future, NFTs may be the next best authentication option for proving ownership with “something you have.” It may also become the guiding means toward self-custodial ownership and your right to privacy. However, for now, integrating a more decentralized authentication system won’t hurt. Ironically, the most monolithic and monopolistic companies constantly preach individuality without providing true ownership over anything. Would we solve this problem if society’s ID system became irrefutably on-chain? Modernizing how we interact with the environment around us in a truly decentralized manner, blockchain technology can be leveraged to improve and simplify proof of ownership. Afterall, it is nine-tenths of the law.