Will Civic Make It?

Blockchain and Identity Verification

"Before you read this article, please submit your username and password. We are concerned with your identity, cyber-safety, and literary preferences. We want to serve you better. Please also transcribe the tangle of case-sensitive CAPTCHA letters in the box.
Sorry, your username and password combination does not match our records…"

This all too familiar process comprises the opening pages of George Gilder’s Life After Google. This renowned economist and investor follows with “Security is the foundation of all other services and crucial to all financial transactions. It is the most basic and indispensable component of any information technology.”

Consumer understanding of identity verification (IDV) on the blockchain starts and ends with replacing of usernames and passwords. The deeper potential for this solution is thwarted multi-billion dollar solution refuse to present a simple and unified goal. Civic has gained much by the lack of widespread understanding. The horde of startups racing to commercialize this popularity and investor dollars through their native cryptocurrency. After evaluating their lesser known blockchain competitors, this coin presented itself as nothing more than an unnecessary addition to a substantially outperformed startup. As always, these statements are rooted in opinion developed solely from my independent research.

To put the scale of competition into perspective, these are some startups essentially sharing the same purpose; Cambridge blockchain, Sovryn foundation, Selfkey, Thekey, Dominode, kyc-chain, Uport ID, Shocard, ID2020, Blockverify, Pillar, and Hyperledger. I chose to discuss Civic because they are the most popular cryptocurrency targeting IDV. Many startups show great promise but I will limit this comparative discussion to SecureKey, a seldom mentioned project with already commercialized technology.

Current System

Every service provider requires identity verification in different forms. The end user is responsible to comply to each individual criteria and is then issued usernames and passwords. For this reason, the average Joe is now managing over 100 often forgotten usernames and passwords. When dealing with utilities, banks, and government sites these inefficiencies become much more expensive. These destination services have individual standards for identity verification, each requiring different forms of personally identifiable information (PII). Typical examples include photo ID, phone number, email, bank statements, and credit information. The standards are varied and the user physically supplies the necessary documents each time they register. The destination service than issues a username and password. The only common alternative is the use of a concierge service which contains PII and distributes it accordingly.

Problems With the Current System

Registration and recovery are expensive
The end user wastes time
Documents are not tamper-proof or verifiable
Registration entails oversharing of PII

Problems With Credential Brokers

Privacy is not ensured by the often honest but curious broker
Single point of failure with all data stored on one node
Expensive

The Solution

Reading the Civic Whitepaper in its entirety provided few specifics of the technology. The resources provided by most startups mentioned give a broad overview of functionality and had most content repeatedly eluding to future prospects. The following information will be on the Securekey system due to its commercial viability and its abundance of resources on the technical process.

Securekey uses a private permissioned blockchain which gives the ability to verify the authenticity of information without revealing where it comes from. Verified.me is the current Securekey service used in Canada. Securekey Chief Identity Officer Andre Boseon explains the following process in the video linked below. It starts with a user logging into one of the 5 major banks Securekey is partnered with. Then the user verifies the phone number and can chose to get a credit score via the app. In a matter of minutes, user identity has been confirmed by three independent sources. The bank verifies the user, then cross-references that data with the phone carrier, which is further confirmed by the sim-card of the device used. All your PII that overlaps at this point can also be confirmed with the credit bureau. The application itself is secured with a passcode or biometric data.
This level of verification is already stronger than traditional methods and travels with you. With this, usernames and passwords will become obsolete pending cooperation of service providers. At face value this makes the user experience more convenient but the more lucrative intent is in quick registration and the unneeded credential recovery process. Securekey explains the use case in a phone registration scenario with Rogers. When credit and bank information is required physical documents are replaced with the use of a barcode. From this app, the user controls what information is released and verification is made that simple. Rogers expense for this process is cut from an estimated $60 to $5 and the users time commitment is cut from 40 minutes to 2 minutes. The economics for startups deploying this are simple, Rogers is happy to pay a fee for the enormous cost reduction. This registration process extends to healthcare, automotive insurance, credit agencies, etc.

How Blockchain Makes This Possible

This system was formerly impossible with PII being trusted exclusively with who it belonged to. Private permissioned blockchains uses the principle of triple blind identity to keep all data in control of the user. The data itself is not actually held on your phone, just pointers to the data. Release of any PII requires the use of two encrypted keys, one from the source and one from you. Use of encrypted keys makes this data verifiable by the source without revealing its origin. Essentially when you share info from your bank through rogers, the bank doesn’t see where it went, Rogers knows it came from a bank but not which one, and Securekey is also blind to this process.

Problems with Civic

Partners
Andre Boseon agrees that the hard part is getting destination services on board. With many startups having functioning technology the differentiating characteristics are best evaluated with results which brings me to partners. Civics partners are almost exclusively cryptocurrency and blockchain startups. I hope this flaw requires little explanation. Many cryptocurrencies will fail and few require the use of PII at this stage. The extent of Civics progress can be summarized with the secure login of one of Civics most notable partners, wikihow. After two months with the Civic app my experience started and ended with the fruitless process of replacing wikihows one required credential, an email. Civics partnerships serve as excellent proof of concepts but when compared to securekey they merely appear as a microcosm for the big picture of identity verification. Take for example Securekeys humble beginnings in 2012, securing authentication for the Canada Revenue Agency. According to Andre Boseon Securekey technology has saved the Canadian government over 800 million dollars from 2012 to 2018. Having attracted the attention of financial institutions they are now partnered with 5 of Canada's largest banks and multiple credit unions.

Tokenomics
Civic’s economic model uses the CVC token for settlement, fueling smart contracts, rewarding users, and buying additional services from Civic. These futile use cases serve only to add complexity to an otherwise streamlined system. Starting with settlement, a process which Civic still has not released specifics on will reap no benefits from a specialized token. Smart contracts will be used in a system of validators, service providers and users as a method of settlement between all parties. These validators will be “financial institutions, government entities, and utilities” according to the Civic whitepaper but the platform has yet to use any of these for verification. Other startups have avoided this settlement process altogether, as the collaborative effort has substantial cost savings for all parties involved. The specifics of the civic reward system are still unclear but the benefit would be paying users so they can enjoy additional Civic services. These services should include personal background checks, notary services, dark web monitoring, and access to individual credit reports all of which are irrelevant to most users and available externally. The token is already timely to access and with no specifics on how much services will cost or how much users will be rewarded it is unclear how any of this will function. In theory all this could work great, but there has been no clear progress toward implementation. It may take time to reach clarity on CVC’s purpose but the ideas presented in Civics whitepaper have proven themselves impractical thus far through lack of use.

I primarily review altcoins in a positive light but this immensely important topic is likely to become the base level internet 3.0. My goal is not to destroy a cryptocurrency but to bring attention to the bigger picture and perhaps protect investor dollars in the process. I am happy to reply to any opposing viewpoints down below.