Collision course: Privacy, payments, digital identity
17 November, 2014
category: Biometrics, Corporate, Digital ID, Financial, Government, Library
Would a digital identity infrastructure enable us to get rid of cash, dump passwords, and solve privacy problems associated with the Internet of Things?
David Birch is hopeful. “If we continue to have our old notion of identity – the idea that you’re this passport identity, and everywhere you go you have to present that identity and give all of your personal details in order to engage in any kind of transaction — that’s devastating,” says Birch, a founding director and global ambassador for Consult Hyperion, a firm based in the UK and the U.S. that specializes in secure electronic transactions.
Birch is also an author who’s been talking a lot about his book Identity is the New Money, in which he explains that the thing that makes commercial transactions possible has more to do with a reputation than an identity.
“I go into the bar and you ask to see my driving license. My driving license gives you all sorts of information, which is none of your business,” explains Birch. “Who I am isn’t relevant to that transaction. So it’s not really about my identity – it’s about my reputation.”
Birch focuses on the technological changes that are merging payments with identity. He wants countries to rethink the identity, or entitlement, infrastructure.
Birch calls for three things in his book:
- To establish a national entitlement scheme, creating a framework where the private sector can produce identities to be consumed by both the private and public sector.
- To enable a financial services passport, so transactions can be cheaply and easily conducted using one’s reputation — instead of paperwork that can’t be verified on the spot.
- To reduce the cost of payments and consider using banks as privacy partners. “Suppose you had a bank app on your phone that could tell other people I’m an American citizen, I’m over 21, I’ve been with Citibank for more than five years, but that’s all,” Birch says. “There might be a lot of places where you’d want to use that identity because Citibank in that example is protecting your identity. They’re not telling people who you are.”
Another reason for an identity infrastructure is the possibility of dumping passwords. Birch hates them, especially when he’s fumbling to recall the password for his coffee shop account. Security and identity need to be built into the infrastructure of this new world with the Internet of Things.
“How am I going to give my car permission for my wife to drive it and to use my highway toll pass?” Birch asks. He suggests that passwords are not sufficient or efficient in such cases.
He eschews cash, too. He figures with an ample identity infrastructure, we wouldn’t need cash because the system could keep track. But he knows that’s a long time coming, particularly in the U.S.
“The American relationship with money is odd compared to other counties,” Birch says. “I go to buy a ticket on the subway and I have to literally go and iron dollar bills I can feed my them in. It’s crazy stuff, especially since I’d rather just use my debit card.”
Birch believes the anonymity of cash enables the rich and powerful against everyone else because it’s unaccountable. He says it can be used for nefarious purposes, like tax evasion. Plus cash costs money to produce.
Birch supports the White House’s National Strategy for Trusted Identities in Cyberspace. He’d like to see NSTIC underpinning all sorts of things – connected with modern technology like mobile phones. He wants to see driver licenses and the like transformed into digital identities.
Recall the example in the bar. “If I have a digital identity that’s given to me by my bank, which tells the bar in a cryptographically secure way that I’m a state resident and I’m over 21, they never need to know my name. My identity remains protected, locked up in the bank vault where it’s safe,” he says. “What’s actually passing around in the great wide world are the attributes to that identity – authenticated credentials that enable me to do things.”
Don’t dump the cash or the passwords just yet
Stephen Shoaff, CEO and co-founder of UnboundID Corp., an identity data platform developer, agrees with Birch and sees problems with digital identity that won’t be solved anytime soon.
“Birch is really talking about the mobile phone as the keeper of this digital identity,” Shoaff says. “There are still segments of our population that are socioeconomically distressed that can’t afford to carry around this digital thing.”
Another challenge is how to handle non-citizens – like the recent surge of immigrants at the Texas border.
“These people have no digital reputation to bring with them. I’m not so sure we to cut them out of the economic system because they have no digital reputation to assert,” Shoaff says. “So what happens then? I just think there’s hurdles that we can’t anticipate yet.”
Shoaff suggest the solutions to these hurdles may be a generation or two away. Eventually, he suspects digital identity will be handled internationally via an exchange, the way the Swift Exchange handles currencies and regulations between countries.
He doesn’t anticipate the disappearance of cash within our lifetime. He says digital currencies like Bitcoin aren’t immune to criminal enterprises, and moving away from physical currency won’t put a dent in criminals misusing money.
“Sometimes I just like paying with actual cash because it protects anonymity,” says Shoaff, whose birthday surprise from his wife was ruined when he saw the credit card bill before he got the gift. “There are all sorts of implications where the experience can actually be impaired by having everything traceable and recordable.”
Like cash, Shoaff thinks passwords will be around a while. “The problem is I personally can’t see a way around something you know being used in combination with something you have or something you are to unlock a credential,” Shoaff says.
Shoaff says any change in thinking around identity should include transparency, trust and control by the individual – things that he says are absent today in most of the identity economy.
“I think it’s something that’s owned by the individual, and banks and whoever else that has it are stewards of it — but they think they own it, and that’s got to change,” Shoaff says. “Technology has got to be put in place so that the individual ultimately has control over the data and how it’s used.”
Shoaff thinks a digital identity infrastructure will happen, but the transition to get there will be lengthy.
“We should all go into this cautiously,” Shoaff says. “Not everything that technology enables is good.”