The Trump administration’s temporary ban on travelers from certain countries is a dramatic illustration of a longstanding, global problem with no simple solutions, one that financial institutions tackle every day: verifying identities.
Some specific requirements of President Trump’s executive order — more information from the seven targeted countries about their departing citizens, a new U.S. screening process for immigrants, and the completion of a biometric system that would track everyone going in and out of the U.S. — may eventually be addressable by new forms of financial technology.
One tool that many say holds promise is the blockchain, the distributed-ledger system that banks have been considering for their own purposes. While it may not be ready for prime time as an identity system, it gets at a fundamental issue: establishing a shared source of truth that can be trusted by parties who may not trust each other.
Underlying the executive order is a lack of reliable information sharing between countries.
The order requires the U.S. government to review the information it receives about travelers from seven countries — Syria, Yemen, Iran, Iraq, Libya, Somalia and Sudan — and determine whether the type, quality and breadth of the information the U.S. receives is equal to what it shares. If a country fails to collect, retain or share information at the same detail or frequency, then that country will remain on the banned list until the U.S. government is confident it can obtain the level of information it seeks.
This is a tall order. According to the United Nations, a fifth of the world’s population — 1.5 billion people — have no proof of identity. No driver’s license, no birth certificate, no Social Security card equivalent. The odds are long that these seven countries are going to immediately step up their information sharing.
“As you can imagine, the ban will go on for more than 90 days for places like Syria, Iraq, Yemen, Sudan and Somalia with government infrastructure that is not modern or capable of providing information on their foreign nationals at the level of tech-savvy U.S. in 90 days,” noted Christine Duhaime, attorney with Duhaime Law in Toronto. “Some of them do not have anywhere near the sophisticated computer systems in place nationally to do that.”
On the U.S. side, the executive order calls for a new screening process that will include:
in-person interviews; a database of identity documents proffered by applicants to ensure that duplicate documents are not used by multiple applicants; amended application forms that include questions aimed at identifying fraudulent answers and malicious intent; a mechanism to ensure that the applicant is who the applicant claims to be; a process to evaluate the applicant’s likelihood of becoming a positively contributing member of society and the applicant’s ability to make contributions to the national interest; and a mechanism to assess whether or not the applicant has the intent to commit criminal or terrorist acts after entering the United States.
In theory, a blockchain — in the broadest definition, a shared ledger that is maintained and auditable by participants, relies on no single party and cannot be doctored — could meet that need for more reliable information-sharing between countries.
“The desire to create a database of unique identity documents that cannot be duplicated as well as a secure means of proving identity seem tailor-made for a blockchain-based system,” said Steve Ehrlich, an associate at Spitzberg Partners, an advisory firm in New York.
The United Nations is exploring blockchain technology as part of ID2020, a program through which it aims to provide a legal digital identity for every person without one. By 2030, the U.N. hopes to roll out new identities to at least one billion at-risk people. Microsoft, PwC, Cisco, Accenture and Deloitte are among the companies with which the U.N. is collaborating.
“I have a prediction that blockchain can replace passwords and visas,” said Joseph Carson, the director of global strategic alliances at Thycotic, a security software firm headquartered in Washington.
“In the foreseeable future, you could leverage the ability to create an identity and validate it with a trusted service that would go back to a government,” said Carson (who is based in Estonia, itself a hotbed for innovative approaches to identity). “As part of that trusted service, the government can have more information about the individual prior to arrival.”
In a more radical approach, an organization called Humanitarian Blockchain wants to help people establish digital identities through a blockchain that would be free of nation-state involvement.
Julio Alejandro, Humanitarian Blockchain’s founder and CEO, said it has worked with another outfit called BitNation to create digital identities for refugees and stateless people who didn’t want to be labeled as, say, American or Syrian.
To authenticate these people, the two organizations used data from social media sources like WhatsApp, Facebook and Twitter.
“Most of the time they will have WhatsApp and Facebook,” Alejandro said. “That would create a system of mathematical algorithms that would allow us to see the extent of the conversations, how many friends they have, how many texts they’ve sent over a period of time. That would give us some validity that at least this is someone that has a history.
“Imagine you have 1,000 people who could verify in some way that you are the person you claim to be,” Alejandro said. (The authentication startup Socure uses a similar approach as part of its method.)
Yet the idea of using social media to identify people is controversial. For one thing, not everyone heavily uses social media. In some countries, women aren’t even allowed to use a smartphone. Another issue is that someone with a relative who is a terrorist or criminal could be tainted by association.
Duhaime warned that in any event, collecting social media data or profiles and suggesting they’re adequate for immigration purposes isn’t going to fly with governments.
“That actually makes regulators trust fintechs less because it convinces regulators that fintechs don’t invest in understanding the law behind the technology they are creating,” she said.
To be sure, it’s a matter of debate whether blockchains are appropriate for any use case other than what they were designed for: preventing double-spending of the digital currency bitcoin.
Even those who are optimistic about the possibilities say the blockchain systems out there today are not quite ready to handle a world’s worth of identity information and would not meet the U.S.’s security standards.
Ehrlich points out that while there are interesting blockchain startups and pilots out there, nothing has been proven at scale.
“It will take time to create new IDs for refugees who have none or to hash existing documentation onto a blockchain,” he said. “It seems nearly impossible for any of this to be done within the timeline outlined in the executive order.”
Ehrlich noted that while governments are investigating beneficial use cases of blockchain technology, they also are fearful that it can be used for illicit purposes.
“The impetus behind this executive order was a signature pledge of Trump’s campaign, and I doubt that he would trust the vetting to such a new technology, at least right now,” Ehrlich said. “That does not mean that this important work should stop. I think that this executive order demonstrates the urgency behind these initiatives, but unfortunately I do not believe it is the panacea we seek right now.”
Duhaime said that the U.S. government will have to vet, test and trust the technology.
“As you can imagine, for privacy, it would have to be incredibly secure,” she said. There is no blockchain technology today that is trusted for something as important and vital as information for counter-terrorism or immigration.
“Part of it is just that the blockchain companies themselves are not registered, and most could not be, to be a service provider to U.S. intelligence and wouldn’t know how to address a blockchain solution for counter-terrorist or immigration purposes,” Duhaime said.
Carson said blockchain technology is ready, though in his view the original bitcoin blockchain and others like it are not up to the task because they’re too slow. (Bitcoin transactions usually take 10 to 20 minutes to confirm, which is faster than automated clearing house payments but not quite real time.)
What’s needed is an alliance of governments that will trust and validate each other’s blockchains, Carson said.
“The problem you’ve got is to allow one government to control it would not work,” he said. “It has to be an alliance of governments and trusted services.”
In an upcoming column, I’ll look at the role biometrics could play in vetting travelers coming in and out of the U.S., and how that technology is used in places like Canada, Hong Kong, India and Jordan.
First appeared at AB