Sign In

Communications of the ACM

Cerf's Up

Validating Factual Personal Information

Google Vice President and Chief Internet Evangelist Vinton G. Cerf

We are called upon, frequently, to validate personal information: name, address, phone number, birth-date, national identification number, birthplace, employment, educational record, and more. Often this demand is made online. Browsers can capture some of this information and automatically fill it in. It is not a new idea to try to automate this. Moreover, as facts change (for example, a new address, new phone number, new employment), we might find it useful to automatically propagate this information to places where earlier versions have been registered. How is the registry to know whether the information is accurate? How can there be control over the release of this information? I have been wondering what properties would be useful to realize in a system intended to keep personal information, where it is needed, up to date. What follows is only partly digested and reader reactions would be appreciated.

First, let us suppose all this information can be structured as name:value pairs and that the names are widely standardized as to their meaning. One could imagine a business which records this data and validates it according to accepted (and maybe legislated) practices and releases it only on authorization by the party submitting it in the first place. Since this business is to be trusted to validate and disgorge information only on authorization, one might imagine that such a company would have to be certified somehow and pass rigorous tests of its ability to control access to and the release of such personal information. One would imagine the possibility of widely accepted safety and security standards analogous to generally accepted accounting practices (GAAP).

One could imagine that the initial cache of personal data might have to be submitted in person as is sometimes required when establishing bank and securities accounts, driver's licenses, passports, or corporate identification badges. In any case, there would have to be criteria for vetting the information so that the attestation of its accuracy is accepted as valid by relying parties.

The registrant would bring verifiable data to the registrar, who would validate and record the information. At this time, the registrant would generate or be given a public/private key pair. The public key would be shared with the registry. A relying party needing valid personal information (for example, age, birthdate, birthplace, current residence, email address, and phone number) would request it from the registry. The registry issues a request to the registrant to authorize release of the data, which includes identifying the party making the request. The registrant should receive sufficient information to validate the relying party and its intended use of the data. The registrant can then authorize—for example, by digital signature—the release of the data by the registry to the relying party.

What properties would be useful to realize in a system intended to keep personal information, where it is needed, up to date?

Another use of such a system is for the registrant to send updated information to the registry. Relying parties might, by practice, automatically query the registry whenever personal information is needed so that updates propagate when a request is made. The relying parties might make periodic queries to keep their information up to date or they might keep no substantive information but, rather, request it when needed. It is obvious that the data transfers should be encrypted for privacy and digitally signed by the registry to assure data integrity. Registrants could individually permit automatic responses to queries by specific relying parties, or they might insist on authorizing the release of access every time a request is made.

Updates to the registered data could be validated both by digital signature of the registrant as well as through vetting of the new data by the validating registry. There might be different levels of validation available, not unlike real-estate title searches and various certificate authorization practices. The business model for such a system might include subscription fee payments by the registrants and transaction fee payments by parties requesting valid personal data.

It will not surprise me to find that such services already exist. I will be interested to learn from readers what they think about this idea and perhaps what risk factors should be considered.

Back to Top


Vinton G. Cerf is vice president and Chief Internet Evangelist at Google. He served as ACM president from 2012-2014.

© 2024 Copyright held by the owner/author(s).
Request permission to (re)publish from the owner/author

The Digital Library is published by the Association for Computing Machinery. Copyright © 2024 ACM, Inc.


Rene Mayrhofer

Some countries already have exactly such a service under governmental control and regulation towards its access: central registers of people living in that country with clearly specified standard data like name, place of residence, date of birth, etc. Governments would seem to be in the best position to provide such a service, explicitly without commercial interest, and to keep the balance of interests between stakeholder. I am very well aware, though, that it is highly controversial in different cultures if the government should or should not be keeping such a central registry.

Martin Gfeller

The idea is extensible beyond basic facts to transactional information, which originates in the interactions between individuals and organizations. This needs orchestration and organization.

I named this a personal Digital Data Hub and wrote about it in and .

Noreen Whysel

I notice that you mentioned registries but did not discuss wallets or mobile credentials. It seems like what you are describing for the most part already exists. But has a potential to duplicate the problem of storing data in a browser or at the verifier rather than with the data subject or their fiduciaries.

I wonder if you are aware of the work the Kantara Initiative is doing on mobile wallet credentials, consent receipt and trusted identifier registries. The Privacy Enhanced Mobile Credentials and Anchored Notice and Consent Receipt work groups are developing standards. PEMC is creating a set of requirements and conformance criteria to protect the privacy of individuals holding or using mobile credentials such as mobile Driving Licenses or wallets. This includes, but is not restricted to, technology ecosystems based on ISO/IEC 18013-5 compliant mobile driving licenses. and the work of ANCR extends the ISO/IEC 27560 Consent record information structure published August 2023. I am on the Resilient Identifiers for Underserved Populations which is building on previous Kantara specs like the Mobile Authentication Authorization Statement which is a JSON statement that similar to what you are describing above.

Displaying all 3 comments

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: