RealMe vs the decentralized web

It’s an interesting time to be growing a centralized online identity service, like the government’s RealMe. That’s because the current trend in web development is to decentralize. After seeing the damage done to our society in recent years by government-sponsored hackers let loose on large, centralized apps like Facebook, YouTube and Twitter, developers the world over are now exploring decentralized alternatives.

Yet RealMe is the complete opposite of decentralized. It’s a NZ government-operated authentication service that you can use to log in to various government and other online services. If you’re a verified user, which requires more proof of identity, you can also use RealMe for things like applying for a passport or opening a bank account.

The question is, does RealMe’s centralized identity service still make sense in an online world that is now trending to decentralization?

Decentralization in this context simply means to take control away from a centralized authority (like the government, or Facebook) and give that control back to individual users. Decentralization is a big part of the appeal of blockchain, which is often defined as a distributed ledger. But there are non-blockchain platforms for decentralization emerging too – and one of them is being built by the Web’s inventor, Sir Tim Berners-Lee.

Last week Berners-Lee announced a startup called Inrupt, which is developing a decentralized web platform using a new technology called Solid. As one of Inrupt’s developers explained, you will be able to “store every single piece of data you create in a place you want.” Such a place is called a “data pod” and the idea is that you – the user – will choose which apps are allowed to access your data pod.

In other words the data is no longer coupled with the app, as it currently is with Facebook, Twitter and other centralized apps.

Now, arguably RealMe already does this for kiwi users. Similar to Berners-Lee’s data pod concept, you store your personal identification data at RealMe and then use it to log in to other apps. The main difference is that with data pods, you’re free to store your data anywhere you like – you can even store it on your own private web server. Whereas with RealMe, there’s one (and only one) place to store your data: the government’s servers.

But do kiwis trust the government to control such an important aspect of their online life (their identity)? Privacy concerns are at an all-time high in 2018, as are cyber-security threat levels. This has led to a sense of profound unease among many of us, about where our personal data is stored and who has access to it.

RealMe has already had issues with privacy and security this year. In March, there was a phishing scam that targeted RealMe users. Then in August, Immigration New Zealand had to deal with privacy breaches by some immigration advisors, who had wrongly shared RealMe logins.

A well-designed decentralized service would be better suited to repel cyber attacks and avoid privacy breaches. As Ethereum founder Vitalik Buterin wrote last year, there are three key reasons to implement a decentralized system: fault tolerance, attack resistance, and collusion resistance  (“it is much harder for participants in decentralized systems to collude to act in ways that benefit them at the expense of other participants”).

RealMe advocates might counter that if you’re going to trust any service to authenticate you online, the safest option is one run by the government. Especially if that government service has the seal of approval from the Privacy Commissioner.

In May, the Office of the Privacy Commissioner launched a “Privacy Trust Mark” and awarded one of the first two such marks to RealMe (the other went to Trade Me). Privacy Commissioner John Edwards said at the time that “RealMe’s data minimization and user control practices are excellent.” He went on to say that “users can control when and where their identity information is shared and can review all of their transactions and revoke their consent at their discretion.”

Despite having this validation, RealMe has so far struggled to gain traction among NZ citizens. Last week RealMe announced it had reached half a million users, five years after it was launched by the Department of Internal Affairs and NZ Post. But it had originally projected 1.7 million verified accounts by the end of the 2017, over three times more than what it actually has now.

However, major traction for RealMe might not be far off. In March, management of RealMe was transferred from NZ Post to Internal Affairs. Given the number of essential services managed by Internal Affairs – passports, citizenship and marriages, to name just a few – this raises the likelihood that RealMe will, in time, be made mandatory for all NZ citizens.

The real end game of RealMe is online voting. While this won’t happen before the next election cycle and probably not the one after that either, eventually online voting will become a reality. Nearly everything else can be done online now – in many cases using RealMe – including paying your taxes and registering a birth. Voting is a holdout from the online revolution only because of ongoing cyber-security concerns, which are clearly a threat to democracy.

But it’s inevitable that online voting will replace paper voting at some point in the near future. And when that happens, it’s a fair bet that RealMe will become compulsory for all NZ citizens who wish to vote.

Even now, RealMe is hard for the average citizen to resist. If you want to renew your passport online, for example, you must sign up to RealMe. Who wants to fill out the paper form, go to a camera shop to get a printed photo, put it all in a paper envelope, buy a single stamp from your local dairy because you have no other use for stamps, and then attempt to find an increasingly rare letter box to post it? No, that’s all too difficult.

So the convenience of RealMe will reel you in, even if it takes years for online voting to arrive.

As for decentralization, it clearly has promise in this current privacy and security focused era – particularly on the commercial web. However, centralization will continue to rule when it comes to government services.