GOPAX Insight: Civic (CVC)
Overview
Civic is releasing a token (CVC) to enter the Identity Verification (IDV) service market. The primary premise of Civic is to allow users to store their personally identifiable information (PII) on their own devices, and give them only to a few trusted services. Once these services have verified the PII, they hope to be able to sell attestations to other services that require PII.
Business Landscape
Current Challenge
One needs to look no further than the Equifax data breach in July 2017 to see that the storage of sensitive PII is both costly and insecure. In that hack alone, information such as customer credit scores, social security numbers, addresses, names, dates of birth, and phone numbers of over 140 million Americans were exposed due to negligent practices regarding data security from Equifax and malicious hackers.
To make matters worse, these types of incidents are not isolated rare occurrences. Yahoo suffered a similar hack in 2013, which was revealed in 2017 to have to exposed every single Yahoo account, affecting nearly 3 billion accounts. As more data is both required from customers and improperly secured, the reward for hacking such systems will only increase.
Proposed Solution
Civic proposes using a blockchain to store attestations of PII instead of storing the PII directly. This allows users to control their PII and be responsible for its safety, and entirely removes centralized “honeypots” of PII. These attestations can then be sold to other service providers, meaning that only a few actors ever see the PII. Instead, service providers can simply verify the user has control of the attested data, and that can be sufficient.
Current Major Players
Civic is not the only team to be tackling the problem of self-sovereign identity using a blockchain. Other projects and groups, such as uPort, Blockcerts, and other members of the Decentralized Identity Foundation are all working to provide similar services which would allow users to control access to their PII.
Technical Specs
Technical Details
The users of the Civic Identity Platform can be divided into three camps. The first are the individual users, ideally using the Civic Identity app. The app manages the secure storage of PII, and alerts the user when PII is requested.
The second are Identification Verifiers (IDVs). An IDV requests PII from users in order to verify the authenticity of the PII. Once verified, an “attestation” is placed on the blockchain. An attestation consists of a hash of the verified data with a statement of verification.
The third are service providers. These will consist of many parties that currently are required to directly store and manage PII. In Civic, these parties can agree with the user what IDV to use, and they will only see the attestation to the PII instead of directly viewing and storing the PII. The IDV can offer to sell their attestation to the service provider.
An overview of the parties in the Civic Secure Identity Platform
The Civic PII Lifecycle
To better understand the components of Civic and their relationships to each other, consider the following user story.
First the user downloads and installs the Civic Secure Identity Platform (SIP) app. The user then supplies the app with some basic PII, such as name, date of birth, address, and a photo. The user then can purchase an attestation from an IDV that participates in the SIP. The user grants the IDV to access their information, and in exchange the IDV produces an attestation to the data.
When the user wishes to use a service that would normally require PII, they can ask the IDV to provide the attestation to the service provider. This way the service provider does not actually see or store the requested information, but instead can know that the user satisfies certain requirements, such as being over the age of 18 or being a resident of a certain area.
The CVC Token
Civic plans on using the CVC token for users to pay IDV providers, and for service providers to pay IDV providers and users for requesting attestation to user data. In the future, CVC tokens may be used for more direct and specific services tied to the SIP, such as notary and background checks.
Token Market Structure
Premine / Inflation
There is a total of one billion CVC tokens in existence, and approximately 33% were sold in the token sale. Another 33% were distributed to partners of Civic, and the final 33% were held by the company. CVC tokens are neither created nor destroyed.
Initial Coin Offering: Sales Model
The Civic token sale was a capped sale with pre-registration required to participate. Civic raised approximately $33M worth of digital assets in their token sale.
Founding Team
| Name | Credentials |
|---|---|
| Vinny Lingham | CEO, Co-founder & Limited Partner at Newtown Partners |
| Jonathan Smith | CTO, VP & Global Head of Platforms at Genpact Headstrong Capital Markets |
Secondary Market
Market Cap
Source: https://coinmarketcap.com 2018/02/06
| Market Capitalization | Price Per Token | Circulating Supply | Volume (24h |
|---|---|---|---|
| $86,119,816 | $0.25129 | 342,699,966 | $6,003,110 |
Volume by Major Exchange
Source: https://coinmarketcap.com 2018/02/06
| Exchange | Volume % |
|---|---|
| Huobi | 73.52 |
| Bittrex | 12.95 |
| Poloniex | 5.11 |
Market Price Volatility
Source: https://cryptocompare.com 2018/02/06
Risks and Limitations
Despite performing their token sale on the Ethereum Network, Civic plans the main platform for their operation to be the newly released Rootstock sidechain on Bitcoin. This presents a potential source of confusion for partners working with CVC tokens. It has not yet been described if the CVC payment mechanic will migrate to Rootstock from Ethereum, and how to ensure that CVC tokens are not used on the wrong network.
Another risk lies in the model for the attestation market. The project describes that service providers will need to pay IDVs for their attestations, but also describes attestations as being publicly visible on a public blockchain. If attestations are visible, there is no described mechanism for preventing service providers from simply viewing the attestation without paying the IDV. It is possible Civic will post a hash of the attestation to the blockchain, and only provide the content of the attestation upon receiving payment.
But if the attestations are not made publicly, then the model is prone to collapsing to a blockchainless model, perhaps only using a blockchain for payment.