The 2nd annual Know Identity Conference just took place in Washington DC and Acuant was in attendance to catch this year’s buzzworthy topics. A major one was how firms will establish consumer identity especially in the digital world and how/when most consumers would use digital identity. Enter SSI. The industry has unified around the term self-sovereign identity (SSI) to represent both the digital identity credential and the right for the consumer to control access to it and who gets what portion of their identity.
So how do we test whether digital identity is ready for the consumer mainstream? One line of thought by David Birch of Consult Hyperion, was that by taking care of 3 audiences of online consumers (the 3 W’s), that would be enough to ensure the right amount of protection to make business transactions secure. The 3 W’s are witness protection, whistle blowers and people who browse explicit material (wankers in his informal British prose). If digital identities allow the 3 W’s to browse anonymously and protect their transactions, then we can all have an appropriate level of security in the digital world.
Scott Galloway, a professor at NYU Stern School of Business, worries about the ever-increasing control of personal information in the digital world by four companies: Google, Facebook, Amazon and Apple. He calls these firms the brain, heart, stomach and libido of the digital world. These four companies each create more revenue each year than the GDP of all other nations except USA, China, Japan and Germany. Scott argued these companies are already monopolies and innovation could gather renewed energy if these companies were broken into smaller entities, further pondering that they may have just too much information about individual consumers. In the backdrop of the recent Facebook debacle and the pending European GDPR laws, protection of consumer information was at the forefront of many conversations.
The General Data Protection Regulation (GDPR) goes live May 2018. The hardest part of compliance with this new regulation mentioned by many of the panelists, is compliance with the laws mandating the right for a consumer to be “forgotten” by any company. With the size and breadth of systems in many companies, the right to erasure of a consumer may prove a daunting task. The days of selling consumer contact lists will be over in the EU come May and the UK is currently racing down the path to adopt similar laws as GDPR by the end of 2018.
Biometrics and its various forms was also highly visible at the conference. Most sessions and panels discussed biometrics whether it was facial recognition, iris, fingerprint or voice as the natural next step in security. Most experts suggested a multi-modal approach to biometrics (more than one biometric) as there always needs to be a fallback when something does not work quite right. The fear factor of biometrics is much lower now and with adoption rates increasing we should all expect to see more usage across industries.
Lastly, there was a theme of hope as digital ID was seen as a solution to the unbanked and underrepresented for many parts of the world. Many areas where government IDs are made available at birth (but other forms of identification are scarce, unreliable or inaccurate), could benefit from digital IDs backed by initial ID documents. With Washington DC as a backdrop, new ways of proving identity with low friction, high confidence and mobility shined through.