Dutch government exploring blockchain digital ID via hackathon
How do you solve tough problems? You just keep hacking away.
The Dutch Ministry of the Interior and Kingdom Relations, or Ministerie van Binnenlandse Zaken en Koninkrijksrelaties if you're feeling continental, is challenging developers to devise a new digital identity system at the Odyssey blockchain and AI hackathon in the Netherlands, held from April 12-14.
At almost the exact same time, on almost the exact opposite side of the planet, the Ethereum Developer conference (EDCON) will be happening in Sydney with a hackathon of its own, plus free EDCON hackathon visitor passes for anyone who wants to show up and cheer the hackers on.
The stakes are higher in Europe though.
Firstly because there's just a lot more prize money involved all up.
Secondly because EDCON is a bit more recreational, while Odyssey is more for serious teams building serious things.
And thirdly because Odyssey's "21st Century Digital Citizenship" challenges are being presented by the Dutch government itself, with the aim of finding workable blockchain digital ID solutions which could potentially be rolled out across all of Europe someday.
The overall goal of the Next Gen ID challenge is for "all citizens in the Netherlands to be able to prove their identity (provide attributes) on the internet with a high level of trust and ease of use".
Creations coming out of the hackathon will be tested, and if those tests are successful the Dutch government may present the system as a viable digital identity solution to private markets throughout Europe.
The solution must be an end-user application, usable on all common consumer devices. The idea is that people can, for example, use their phone to scan the NFC chip on their passport to reliably bring that identification to their phone. To this end a Dutch driver's licence and ID smartcard – both with an NFC chip – will be made available to hackathoners.
Ideally it will also be open source, unless there's a good reason for it not to be.
But the main event, as it were, is that the solution devised must provide a "substantial" level of assurance in the digital ID, as defined by European Union electronic identification regulations.
This is where the rubber really meets the road, because it lets you see the actual shape of potential solutions and some of the challenges involved.
Among other things, the solution must:
- Have taken steps to ensure the same person owns both the digital ID and the physical ID they used to get it.
- Have taken steps to ensure that both the digital ID and the device it's being delivered to are owned by the same person.
- Be designed so the digital ID can only be used by its rightful owner, with a pretty high degree of certainty.
- Be designed so the digital ID is still revocable by authorities when needed, and not revocable by any unauthorised parties.
- Be designed so that when someone is actually presenting their digital ID for validation an attacker can't replicate or tamper with the process, even if the attacker has a decent amount of freedom to do so.
- Ensure that all sensitive information is secure and tamper-proof.
By looking at the actual specifications laid out in these kinds of challenges you can get a good sense of the obstacles that need to be overcome when designing such important systems, such as something that could potentially one day become a foundational digital identification app for an entire continent.
You also get a sense of some of the dichotomies that blockchain technology will need to get its head around. For example, how to combine immutability, decentralisation and self-sovereign identity on the one hand with the need to let central authorities revoke passports on the other.
But perhaps most of all, it highlights how many moving parts there are in a digital revolution. A holistic and workable large-scale digital identity system will have to be more than just an app.
It probably also needs to involve the evolution of physical identity such as a shift from "dumb" plastic to "smart" ID cards, changes in how exactly identity is verified, evolving regulations to match the changing times, a deliberate push for service providers to start accepting digital ID and probably other things that haven't even surfaced yet.
In this context, blockchain by itself isn't a solution you point at problems to make them go away. Rather, it's a foundation on which those solutions are built, composed partly of tangible technical architecture and partly of a new way of thinking about what the digital world should look like.
Hackathons such as Odyssey are highly encouraging because they bring together the specific solutions from one side, and entities like the Dutch Ministry of the Interior on the other, to meet at blockchain in the middle.
Disclosure: The author holds ETH at the time of writing.