Digital Identity and the Power of Me
Just before the end of 2020 , I decided it would be a good idea to switch business bank accounts for the consulting company I co-founded a little while ago with some colleagues. Almost 2 months later we are still trying to make this happen. In these days of instant digital gratification, why is this taking so long? The simple answer is that we are having trouble proving that we are who we say we are. After scanning passports, emailing company correspondence, and enduring several meaningless dialogs with chat bots we still seem to be no further forward.
For all forms of online interactions, one of the most significant issues facing the digital economy is the fundamental need to be able to uniquely identify yourself, and for digital systems to provide trusted ways to verify, manage, and share identities. For many people, this is the Achilles’ heal for just about all major online systems today.
With the recent acceleration of digital transformation, it is becoming clear that all organizations, both in the private and public sectors, will need to consider how to address the opportunities and risks of identity management. It is a critical element of the security and privacy backbone that will allow access to the personalized products and services we all demand.
It is a complex, multi-layered issue for organizations. And two elements of the digital identity challenge have been highlighted recently. The first is that as we connect more and more things to the internet, we’re starting to realize that digital identity is something increasingly important for not just people but also to “things”. As Dave Birch has pointed out, everything from pets and cattle to cars and robots will require unique digital identities. As Dave nicely summarises:
“A quarter of a century ago, on the internet nobody knew you were a dog. Now they don’t know if you’re a fridge pretending to be a dog.”
In fact, Dave is now convinced that we need a new kind of identity suitable for a digital age. Not just a digital version of your analogue identity. He takes this further, and is openly asking whether robots will need passports.
The second element of digital identity raising its head is the UK government role in this area. The government’s experiences indicate that solving this puzzle is far from straightforward. It has quite a long and controversial history of investment in digital identity over more than 20 years with a great deal of UK Government investment. The most well-known effort is Verify with a reported cost of £130M over 10 years before the UK government cut its losses and handed it over to the private sector having missed many of its key targets. This multi-year effort by the UK Government Digital Service (GDS) was widely criticized, including in a National Audit Office report that concluded:
“Unfortunately, Verify is also an example of many of the failings in major programmes that we often see, including optimism bias and failure to set clear objectives. Even in the context of GDS’s redefined objectives for the programme, it is difficult to conclude that successive decisions to continue with Verify have been sufficiently justified.”
In an attempt to move things forward, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) has announced they are establishing a new trust framework to create a set of national standards to allow interoperability and re-use of digital identities across public and private sector organizations. The framework describes two forms of digital identity: in-store and online. In-store (i.e., face-to-face) is a digital wallet allowing you to store your approved attributes in a “personal data store app”. Adding fuel to the move supported by Tim Berners-Lee and Irene Ng to offer personal data stores to manage your personal credentials.
Lots still needs to happen to bring this to reality. For example, establishing appropriate governance is a key part of any digital identity management approach and the paper says “a governing body chosen by the UK government” will implement the UK’s digital identity trust framework. The draft framework will be tested with industries, services, users, and organisations ahead of a final version being published.
Where does all this leave us? Well, unfortunately we’re still a long way from addressing the digital identity issues in any widely accepted way. Efforts such as those based on blockchain technology may seem promising. But the reality for now is that I still may be exchanging many more scanned documents with my bank before they’ll start to believe it’s me.
Source: AWB Digital Economy Dispatch #24