How self-sovereign identity could benefit online gambling

20 October, 2020

Do you know how much personal information about you exists in cyberspace? If you are like most people, you don't have a clue. These days, the simple act of using your smartphone to search for a local restaurant provides marketers with key information that gets added to your profile and spread around. One potential solution now being bandied about is something known as self-sovereign identity (SSI).

SSI is as much a philosophy as a technology. It is about giving ownership of one's identity back to the individual by way of blockchain and cryptography. Essentially, SSI combines the best of what we know about cryptocurrency and blockchain with know-your-customer (KYC) principles. If it ever becomes reality, SSI could benefit the online gambling industry tremendously.

We need something better

If you are a Facebook user, you are in the company of nearly 3 billion others worldwide. Facebook collects information on each and every user with every active visit to the site. The same goes for Google. But Google's reach goes far beyond the search engine. Google currently manages some 1.5 billion email accounts in addition to the billions who collectively use Google Drive, G-Suite, YouTube, and on and on.

All those Facebook and Google accounts represent people with individual identities. And each one of those people leaves an easily mined trail of electronic breadcrumbs with every minute spent online. The powers that be are watching every website we visit, every email we send, every music video we watch, etc. We need something better; something that does not tie our online habits to who we are as people.

To understand why SSI is that something, we need to understand how we got here. It started with the actual design of the internet itself. The internet was built from the ground up as a decentralized network. Individual computers on the internet were assigned IP addresses with no human identities attached. In that way, IP addresses could be dynamic and, subsequently, assigned and reassigned as necessary.

All was fine until we started using the internet to transact business. At that point, dynamic IP addresses could not be used to identify people because they were not static. So merchants had no other choice but to require their customers to sign up for accounts. With every account came a name, address, telephone number, and more.

Enter big data

Even the early days of online commerce were not terribly invasive in terms identity. But then Google was born. The birth of what is arguably the world's most dominant online property introduced big data to the internet. In turn, Google also introduced the idea of monetizing personal information. That was the beginning of the end. It was the point at which Google et al became the intermediaries self-designated to control information access.

Google developers were smart enough to develop a search engine that generated superior results. That allowed them to develop an ad business to drive revenue. The pieces were in place for a cross-selling bonanza that is, today, self-perpetuating. Google needs to learn more about us so it can better predict our habits, thereby commanding a higher ad prices from advertisers.

Facebook, Amazon, and all the rest simply grabbed Google's coattails and went along for the ride. It is now at the point where you and I cannot go anywhere online without Big Tech knowing about it.

The SSI solution

Proponents of the SSI solution say it is the ideal tool for taking our identities back. SSI relies heavily on blockchain and encryption to protect identifying information from snooping eyes. For example, what kind of information do you normally supply when opening a new online account? At the very least, you offer your name, address, and an email address. If it is an e-commerce site, you provide your address for shipping.

Joining an online gambling site should be different. Why does that site operator have to know your address? Why does that operator need to know anything about you other than the fact that you are who you claim to be? The operator does not need to know, and that is the point.

With an SSI system, you control all of your personal identification the same way a cryptocurrency user controls his or her coin. You store your personal data on your own computer, a flash drive, etc. Instead of taking a picture of your photo ID and sending it to the operator to satisfy KYC requirements, you simply send a token that proves your identity. The token is accompanied by public and private keys - just like cryptocurrency - as a means of verifying authenticity.

Sending the token verifies your identity in the same way sending a single BTC puts money in your gambling account. All of your identifying information remains encrypted on the ledger. Nothing else about you is ever revealed.

You choose who gets what

A well-designed SSI system would allow each of us to choose who gets what information about us. Going back to the concept of e-commerce and shipping addresses, it would be theoretically possible to supply a merchant with a shipping address without tying it directly to your name. How? By generating two different transactions on the blockchain.

Using smart contracts, you make a purchase under your account name. That purchase is assigned a transaction number. Through a separate transaction, the number is then assigned to your shipping address. In the ledger however, everything is encrypted. No one can make the connection between your name and your shipping address without having the necessary keys to decrypt the ledger.

Such a system would allow you to supply your physical address only when necessary. You could hold everything else back. When you don't need to supply your physical address, you don't. You could do the same thing with all of your identifiable information: your name, email address, age, and so forth.

SSI and online gambling

Even a basic understanding of how SSI works reveals the potential of applying it to the online gambling space. Imagine, once and for all, true anonymity for all online gambling activities. Imagine satisfying KYC rules simply by sending site owners a token.

SSI would make it possible for an individual to gamble online without ever being identified. Information could not be sold or traded. More importantly however, SSI would make it exponentially harder to gain any valuable information by hacking a computer network. Score one for security.

Operators would benefit from limited liability. As things currently stand, they must make their best effort to verify the identities of new customers before accepting deposits. Most accomplish KYC compliance by requiring new users to send a copy of a photo ID, an ID that reveals all of that personal information SSI seeks to keep secret.

An SSI system eliminates the need for the photo ID. Instead, a verifiable token takes its place. Operators are freed from having to collect photo ID information and verify it with an SSI system. The likelihood of fraud decreases while the security of both the casino operator and user increases.

A more convenient system

Security and ID ownership are reason enough to pursue self-sovereign identification. But if you need icing on your cake, so to speak, SSI is also more convenient. How so? By eliminating the need for endless usernames and passwords.

All of us are smart enough to know it is unwise to use the same username and password on every website we visit. Doing so just makes it too easy to be victimized. Why? Because using the same username and password makes all of your accounts and vulnerable if a hacker gets that information.

The problem with individual usernames and passwords is that they add up. The average online user could have dozens of them, if not hundreds. All have to be managed as well. And they have to be stored, too - although not in a way that makes them vulnerable to hackers.

SSI answers all of that with a single ID verified by a token and secure keys. The beauty of this sort of system is that you do not need to have separate IDs. Hackers cannot steal and use information to log on to websites because they do not have the secure keys.

A plan in motion

Coin Desk contributor Michael Casey explained in a recent piece that big tech is already working on a plan for SSI.1 Casey mentioned companies like IBM, Microsoft, and Gataca as primary players. The public sector is involved as well. Canada's British Columbia province is apparently working with the private sector to develop digital IDs for residents.

Like cryptocurrency itself, SSI's viability will ultimately come down to a competition between the public and private sectors. Cryptocurrency offers things like BTC in the private sector and central-bank digital currencies in the public sector. Likewise, it is probable that we will see parallel SSI development both privately and publicly.

This competition is good in the sense that it will eventually yield the desired results. When SSI eventually becomes a thing, it is going to change the way we interact online. It will certainly help online gambling by bringing true anonymity to the equation. And it will be good for operators and gamblers alike.

1) Coin Geek