Last week I received an e-mail from the design firm Ideo. Last year I did a couple of online courses with them (which were great by the way). They now sent me a hyperlink to a digital certificate. Didn’t I receive their certificates already? In pdf and digitally added to my LinkedIn profile? Curious anyways, I followed the link and viewed my new certificate. The credential is blockchain secured, it says. There is a “Verify” button, clicking it delivers the result in this picture. Accredible’s website states that the credentials are stored using the Bitcoin blockchain. Sounds interesting.
First, let’s step back in time 5 years. One of my best friends was leaving for Singapore in a couple of weeks. In order for her to be able to prove her academic credentials in this high tech country, she had to visit the embassy in Brussels, where a copy of her diploma was ornamented with the appropriate stamps (it was a nice road trip, but that is another story).
Back in time another 6 years when I graduated from university. I received a paper document with a rubber stamp and signature, together with the warning that this would be the only copy. Reissuance is impossible. I guess nobody kept digital records of credentials issued? So this piece of paper truly is the only proof of my Masters’ degree (better keep it safe).
What problem are we solving?
Fast forward to today. In the UK, since 2006 12 people were arrested for pretending to have a medical degree. Of course, we need secure electronic records of credentials. It should be no hassle at all to verify them when somebody applies for a job. Or for further studies with prerequisites. And even more so in times when credentials are earned in bits and pieces. An academic title is only the start. Or not even, in a lot of areas of expertise you could earn similar knowledge and skills combining online courses, books, and work experience.
Then how can you be sure about these credentials on Accredible? Looking at this webpage with my own blockchain secured a certificate from Ideo, I wonder: couldn’t any web developer build a website that displays this information? How would I know that it is actually stored on the Bitcoin blockchain?
How do blockchain secured credentials work?
So I did some research. This is how it works: the issuer digitally signs a one-way hashed credential. This is issued in a blockchain transaction to a recipient who is identified by the public key they own. This key, together with a time stamp, allows the recipient to prove ownership. Interesting enough, with Accredible it is possible to change your credential data (recipient name, e-mail, issuer name, description). Then using the verify button will return the message that the credential is blockchain secured, but some data was changed. So how can it be secured, then? Changing information will change the hash. The blockchain record itself is immutable. That will make it impossible to verify.
That said, I would still like to know how to be sure my certificate is actually blockchain secured. So I was happy to find out Accredible wrote an instruction for manual verification. Luckily I am not afraid of a few lines of code. However, it ended for me at the instruction to “Calculate the SHA256 of the stringified JSON data, for example in Ruby”. Seems there are specific credentials needed for this manual verification process. And still I have no idea where this code lives and if I am really querying the Bitcoin blockchain.
Where does this leave us?
There are several other digital credential solutions using blockchain technology, Blockcerts for example. And there could be great value in this kind of solution: it makes it unnecessary to prove credentials using a paper document. The blockchain they use is distributed and can be accessed online anytime. It is not necessary to contact the individual issuer of credentials or provide physical documents. We will trust the technology, not some paper document or stamps. However, there’s still work to be done: how will I trust the stuff between the blockchain and me, user interfaces, API’s? How can I be sure of the issuer’s identity? Do we need a worldwide trusted credential verification application and enter the third party again that we thought we were phasing out with blockchain technology? Or should we all become more code-savvy, do a manual verification and just check the Bitcoin blockchain? Exciting new world.