Technology & Innovation

Digital identity – a precarious balancing act

June 20, 2017

Global

Digital identity – a precarious balancing act

June 20, 2017

Global
Frans Labuschagne

Country manager, UK and Ireland

Frans Labuschagne is country manager United Kingdom and Ireland at Entersekt, heading operations and business development in the region. He has over 15 years’ experience developing and managing technology businesses in Europe, the Middle East, Africa, and Asia-Pacific. Prior to joining Entersekt, he worked in strategic business development and general management roles at enterprise software industry leaders. Frans has broad knowledge of the payments and financial services industries and has participated in a multitude of initiatives across other industry verticals. Frans holds a B.Com Honours degree in Economics from the University of Johannesburg (South Africa).

 

People leave digital footprints everywhere; and this can become a problem as technology evolves.

According to , smartphone owners use, on average, six to ten apps every week. , a password managing service, says that the number of online accounts is doubling every five years. It estimates that the average Internet user already has over 90 accounts and will have more than 200 by 2020. Moreover, it says that the average number of “forgot password” emails per inbox is 37.

Passwords proliferate, security barriers mount and the user experience degrades, even as more and more data leaks from the myriad of accounts we maintain online. Having one digital identity would make our lives infinitely easier. We could quickly and painlessly gain access to whatever service required us to prove our identity. But who would own that identity? Who would ensure its security?

Potential for abuse

The countless mass data leaks and hacks, Edward Snowden’s revelations of a global surveillance infrastructure, as well as our growing sense that we no longer have control of what we share with strangers and what we don’t have, exploded into a global debate about the ethics of collecting, storing, and sharing citizen and consumer data. Pivotal legal judgments such as the so-called ruling and the CJEU’s invalidations of the regulation in 2014 and the US agreement in 2015 have given regulators and legislators pause for thought. Added to this, the (GDPR) demands the renegotiation of the roles and power balance between civil society organisations, the private sector, and governments.

Digital identity ecosystems

The has taken a particularly keen interest in digital identities. Since so much digital access now relies on mobile phones, the mobile standards authority is understandably invested in this issue. It has loosely categorised four digital identity systems in place worldwide:

Government-driven centralised systems, where an individual’s identity attributes are stored in government databases and a state-issued e-ID is used for most digital transactions.
Examples: Belgium, Germany, UAE, Italy, Pakistan, Malaysia

Semi-centralised, federated systems of multiple, government-endorsed digital identity providers. Here, citizens are free to choose between multiple trusted identity providers (banks, mobile operators, etc.) and use these credentials to access both public and private digital services via an identity gateway that facilitates authentication across multiple platforms.
Examples: Sweden, Finland, the UK, Australia

Decentralised, open identity markets without any national scheme. In this system, public and private sector organisations create, utilise and manage their own digital identities on the basis of a self-regulated framework.
Example: The US

Self-asserted digital identity ecosystems driven by the largest online players. In this ecosystem, users choose their own digital identity attributes and no verification against official identity documents is required, resulting in a lower level of assurance.
Examples: Facebook, Google, Yahoo

Do financial institutions hold the answer?

Financial services companies are particularly well placed to deliver identity as a service, as many have pointed out. Dave Birch, a UK fintech consultant, says that this is a natural move for banks to make. In his 2014 book, , he argues that the question of identity is central to the future online world, and that it would be natural for consumers to have their digital identities managed by a heavily regulated institution that already protects much of their sensitive information – and their money. This prospect would be far more palatable to consumers than having a company like Facebook take ownership, he believes.

A change like this would bring about a large shift in how people view financial institutions. It may encourage greater customer retention, a very attractive outcome for banks, but many consumers will be reluctant to place all their eggs in one basket, so to speak, without certain assurances. It goes without saying that security would be a central concern, but challenges related to interoperability or portability would also need to be overcome. If someone decides to switch banks, how difficult would it be to change their digital custodian?

Co-operation is key

Public sector agencies such as the European Committee for Standardization (CEN), and NIST, as well as private and non-profit organiSations such as the ISO standard body, Open ID Foundation, FIDO Alliance and Secure Identity Alliance are all weighing in on the issue. The goal of these bodies is to increase interoperability and build open and scalable identity ecosystems. It’s widely argued that the answer may well lie in some sort of public–private partnership.

Developing a broad-based digital identity system would undoubtedly benefit consumers, businesses, and governments alike. Governments could deliver, track, and manage services efficiently and transparently. Companies could rapidly deliver very meaningful improvements to the user experience in a consistent manner across multiple channels. Consumers would enjoy how quickly they could move between their various accounts.

The challenge we all face is how to design, deploy, and regulate digital identities in a practical, secure, and equitable way. The scope and impact of something this fundamental to daily life requires that all involved investigate seriously the ethics of the digital future we are building.

 

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views of The Economist Intelligence Unit Limited (EIU) or any other member of The Economist Group. The Economist Group (including the EIU) cannot accept any responsibility or liability for reliance by any person on this article or any of the information, opinions or conclusions set out in the article.

Enjoy in-depth insights and expert analysis - subscribe to our Perspectives newsletter, delivered every week