Digital identity (or digital ID) is such a thorny problem fraught with technical, legal, societal and political issues, because there are two different interrelated issues.
- Proving that you are who you say you are (aka access control).
- Control over your personally identifiable information (PII).
Let’s look at both in more detail.
Proving that you are who you say you are (access control)
Biometric security has to replace passwords and captcha. Chip and pin works great in a physical store, but the pain of mobile commerce cuts deep for buyers (extra friction) and sellers (abandoned carts). Biometrics is technically interesting, but relatively simple at a societal/political level and not as game-changing as the issue over who controls PII. Biometric security comes down to a simple question: ‘What part of your anatomy does sir/madam wish to use?’Finger. This one scares me. It’s hackable by simply recording somebody’s fingerprint and putting that on thin film. I can change my password if I’m hacked, but I can’t change my finger. Also, the privacy issues concern me. Eye. Iris recognition doesn’t seem ready for prime time yet. Voice. This has a nice, old-fashioned ring to it. Voice recognition is like the banker who recognized your voice. The tech has been brewing for a while and seems ready for prime time. VoiceVault and Nuance are the two leading contenders. Voice is probably better for high-value transactions than getting a coffee or paying for a subscription. Talking to my phone while queueing for my coffee seems too much like Her. Typing rhythm. I never understood why Biopassword didn’t do better, as it seemed simple and elegant. Maybe mobile changed typing rhythm and created new rhythms around swipe. There may be something new that emerges out of smart watches, such as pulse recognition.
Biometrics has to be driven by consumer choice. I have the choice between fingerprint and password on my iPhone (Luddite confession: I choose password). The choice over access control is so critical because the amount of personally identifiable information (PII) and the power related to that PII is so massive.Further reading: Biometrics – does your bank know you are you?, by Carron Oswald.
Control over your personally identifiable information (PII)
This is what gets into societal and political issues and can change the dynamics of commerce at a fundamental level. There’s a reason why Microsoft worked so hard to get Passport established: the upside is huge. There’s also a reason why any company that gets close to this prize, whether it’s Facebook or Apple or Microsoft, eventually gets consumer pushback. As Ethereum’s Vitalik Buterin points out:
10 years from now, it may be harder to change identity providers than it is to change countries
In the west, we’re used to proving our identity with simple artifacts such as driving license, passport and social security number. In the rest, verifiable identity is the on-ramp to financial inclusion. This was brought vividly home to me while waiting in line at a post office in NYC and witnessing the desperation of a homeless person being refused a PO Box because she had no physical address. Without that PO Box, she would be refused the job she had applied for. She would be an ‘unperson’ without any official identity.
That digital identity on-ramp to society cannot be solved by technology alone. In India, they’re tackling this through the Unique Identification Authority of India (UIDAI). I’ve seen three interesting companies in this space: Onename, ShoCard and Trunomi. Onename and ShoCard use blockchain technology to meet two fundamental needs:
- ‘Trustless’ and decentralized. Your identity is not under the control of any institution (either government or commercial).
- Immutable. Nobody can change a record. They can only append a new record.
Trunomi is more focused on a third fundamental issue: granularity – you can have my driving license but not my passport or medical records, and you can only have it for this one transaction.
Consumer control over identity will enable Doc Searls’ vision of vendor relationship management (VRM). I have been fascinated by VRM since I wrote about it for ReadWrite in 2007. Some tech disruptions have to wait for a trigger to turn inevitable into imminent. The blockchain-based identity systems may be that trigger. A similar vision is articulated in the book called Pull by David Siegel. This is a fundamental reordering of commerce. For all the talk of ‘customer first’, a world where customers are really in charge will be a wrenching transformation for most companies. This will challenge all the business models driven by big data and advertising. Translation of big data:
‘We will assemble data about you so that we can sell to you in a way that suits us and maximizes our profit.’
The reordering of commerce enabled by consumer control over PII changes this to:
‘I will buy from you when and how it suits me.’
It’s also a fundamental change in our relationship with government. We’re used to a world where our identity is granted to us by government. If humans control their their own ID, our relationship with government also changes. This fundamental reordering is made possible by blockchain technology.
Those who want to take a deeper dive into this subject should check out the pioneering work done by Kaliya Hamlin, aka Identity Woman.
– This article is reproduced with kind permission. Some minor changes have been made to reflect BankNXT style considerations. You can read the original article by Bernard Lunn of Daily Fintech.