How do I know it’s the digital you?
Does it matter? Today crooks seek digital anonymity
- |
- Written by Chris Skinner
Who’s who in cyberspace? In this Tech Viewpoints article consultant Chris Skinner probes some of the international challenges of finding a way to answer that question—and whether it matters as much as it once did.
I was part of a fascinating chat about digital identities recently. It was a private roundtable with members of government, central banks, the banking and fintech communities, and commentators and observers at the Innovate Finance Global Summit.
Listening to the dialog going to and fro, I realized that this is one nut that’s too tough to crack. Here’s the lowdown.
What it’s all about: trust
The overriding reason for a digital identity is trust.
And there are degrees of trust.
A sign-on to a website or booking service does not need to have a uniquely verified identity. However, if it comes to more important matters—travelling across borders, driving a car, claiming benefits, collecting taxes, storing money—higher degrees of trust are needed.
That’s why we have passports, driver’s licenses, and bank accounts verified through Know Your Customer (KYC) rules.
A great point was made during the group discussion: KYC to open a bank account may be a pain in the neck—filling in pages of forms, providing utility bills, and proof of address—but we need these things. And it doesn’t prove to be such a great pain that it brings down the global economy.
That raised the first of the questions I want to deal with.
What would be the motivator to create a digital identity system?
That question relates, for me, to the need that government has to use the financial system to police digital crime. Physical crime can be policed by the officer on the street, but digital crime occurs through the financial system.
Terrorist funding, money laundering, tax avoidance, and illicit arms deals could all be executed easily if there were no financial police. Because the financial police manage our online identities, alongside the aforementioned government-issued documents, the criminal fraternity have to rely on cash for their illegal activities.
Or maybe not. Now that we have bitcoin and the Dark Net—oooh, scary!—criminals are focused far more on digital anonymity than digital identity.
In fact, there is as much a focus on creating digital anonymity as there is on digital identity, and that then raises the next question.
How will digital identity counteract digital anonymity?
The answer is it won’t, but governments will do all they can to ensure that any digitally anonymous activity is monitored, and wherever online goes offline, it gets caught.
This then extends into a different discussion, as in how to get cross-border standards of trusted identities.
No two countries manage identity in the same way.
Our passports have different formats, and some governments are moving to “edentities,” but even there, they’re all different.
Nordic countries have digital edentities, but they are struggling with interoperability as you move across borders. The UK has started various programs, such as the Open Identity Exchange, but a pan-European standard for identity management is still a long ways off.
Equally, some countries are trying to use central control structures for identity whilst others are using federated structures. This point is a key one, as a central digital identity structure is fatally flawed as it creates concentration, and concentration can lead inevitably to a single point of failure. That is an issue, and so a federated structure is far more robust, reliable, and secure.
Federated structures implies distributed ledgers and blockchain, therefore.
Will the blockchain will solve all the problems of digital identity?
Absolutely not. Herein lies a confusion that is starting to annoy me, in that when we talk about blockchain everyone thinks we mean bitcoin blockchain—which we do not.
In my case, I mean taking what Satoshi Nakamoto offered and developing it into a shared internet database, a distributed ledger, that can be used for digital identities.
Now this is plausible, and companies like Shocard and OneName are working on it. But there is a challenge, as alluded to earlier: Who is sharing the database?
It would be fantastic f all governments and financial parties agreed on a shared ledger for identity. But they haven’t yet. If it were that easy, we would already have one.
If it were that easy, SWIFT would have its KYC Register rocking and rolling across the world, but it isn’t, yet.
And remember that digital identity is not just for you as an individual, but you as an individual in a company.
Make that a large multinational corporation with thousands of employees, and the question arises as to how I can verify that all the individuals in that company are authorized to transact as they want, and have no questionable past, present, or future.
That is a tough request, and one that cannot be solved through technology, although it might be solved another way. For example, if Facebook and Baidu or Yandex and Alibaba or Google and Tencent collaborated, then maybe we could have a system working for billions of people.
In other words, government, financial markets, and technology innovators will solve the digital identity challenge?
Not necessarily. Already we see divergence between different countries and different markets. I’ve already mentioned the Nordic view, and there are several other major identity program rollouts out there, and they are all different.
• India has given every citizen a biometric ID card, as many citizens cannot sign their name due to illiteracy. That is visionary and it works.
• Many African countries are building up digital identities through mobile wallets and mobile credit history. That also works and is usable.
• An identity via Facebook and LinkedIn can be as usable as a KYC profile, which is something that European and American governments are starting to determine.
This shows the diversity that is out there, and so no one digital identity will work. Instead, we need multi-layered identity structures that can be used across borders through interoperable standards, allowing each government, institution, and company to use as little or as much as they need.
Then we need to “future-proof” it, as that’s just as important. After all, a digital identity based upon a distributed ledger for the Internet of Things makes absolute sense, but only if it is component based and standardized for all to access and use as they see fit.
A lot more was discussed, but that’s a wrap for the moment.
This is the one and only Chris Skinner signing off … and wishing a great day to the other 14,576 Chris Skinner’s and 563,275 C Skinner’s out there, somewhere.
This guest blog originally appeared on Chris Skinner’s own blog, The Finanser.
Tagged under Feature, Feature3, Risk Management, Cyberfraud/ID Theft,
