Identity is the new Black
I was invited to a one day event on Identity at the US Dept. of Treasury this past Friday. Treasury officials had invited a healthy cross section of identity management and solutions practitioners ranging from startup founders, technologists, scientists involved with standards settings, officials from various US governmental entities such as the Dept. of Justice, the IMF, the World Bank, FinCen, USAID, several bank representatives, executives from telecom, payments or social media companies, academics from various universities, current or former representatives from the governments from Estonia, the European Union, Pakistan or the United Kingdom, lawyers, institutions such as Brookings or the Pew Charitable Trust and the Treasury of course – I am sure i am missing a few. Who would have thought Identity was such a sexy and trendy topic. All in all, and from my own count, we were shy of 90 in attendance.
I was seated next to an official from the Dept. of Homeland Security and another gentleman with a buzzcut and no identifiable badge for the first part of the day. Needless to say I was on my best behavior, ready to flash on command my ultimate proof of identity in the US – my green card. Given the convivial atmosphere I realized my identity had already been vetted and I started to relax and soak in the proceedings.
The event was masterfully organized with a variety of panels that touched upon what legal identities were both from an US and a global perspective, the role of international standards when building identity solutions, the technology solutions at hand to make optimal identity solutions a reality, the issues around identity as currently experienced and the ways government and the private sector can collaborate to bring to market viable digital identity products and services in a compliant and legal way.
I took away the following points from the day’s proceedings:
1) Identities are as diverse as human beings, their cultures and modes of social organization. Therefore digital identity solutions will have to be as diverse as possible given the contextual nature of what an identity means both from a structural and dynamic point of view. In other words, there is no one size fits all identity solution.
2) Standards are crucial if we have to have the appropriate level of interoperability both within a country and between countries, assuming there will be more than one identity solution brought to market.
3) Cooperation and coordination between the private sector, not for profit organizations, standards setting organizations, consumer advocacy groups and the government is a must. Digital identities and their related data sets – legal, static, dynamic, social, digital, in real life – are too sensitive for one group to take the lead without any cooperation.
4) Digital identity solutions are by definition multi-faceted as they have to take into account how an identity is created, its baseline, how it evolves and is managed over time, how it can be kept trustworthy throughout the lifetime of the human being or entity it represents and how a framework is built to enable its assurance and verification in context.
5) Digital identity solutions have to empower either individuals – retail solutions – or entities – wholesale solutions – and allow them to retain control in legal and compliant ways. Any identity solution that does not have the needs of its users at its center is not an adequate and appropriate identity solution. One of the logical paths towards identity solutions that empower individuals/entities leads to self sovereign identities constructs. (My personal views here.)
6) Fraud, theft and all kinds of illegal activities are being combatted vigorously by several US entities. the battle is far from being won, but we are well protected by US govt entities that fight the good cause.
7) Our current means of assuring one’s identity, authenticating one’s identity belong more to a universe of misfit toys than to a rational and organized approach. Much can be done to make our identities safer. Much is available too. Why is the private sector, as well as us as consumers, so complacent is a mystery though.
8) Advanced technology solutions are being developed or have been developed – biometrics, various blockchain technology stacks, cryptography amongst others. Few are live and operational as of today. Only a matter of time I guess. Yet, I could not shake the fact the advanced technology solutions are neither a silver bullet nor should be an excuse for us to wait to see solid identity solutions come to market in the US.
9) Indeed, it was clear that various identity solutions have already been deployed to great effect in countries as diverse as Pakistan, India, Estonia, the United Kingdom, seemingly without the use of advanced technology solutions. Except for the United Kingdom, most of these countries have national identifying schemes such as a national identity number, or national identity card. The cultural and genetic aversion for such a scheme within the US may explain why this country is behind when it comes to digital identities. The fact that the United Kingdom is also working very effectively towards government enabled digital identities shows there is no excuse for the US to remain a laggard.
10) Natural identity solutions providers are financial institutions, banks or fintech startups.
11) Two strong themes emerged towards the end of the day. First, there is a natural tug of war between the yearning for protecting privacy and the craving for transparency and disclosure to combat illegal activities. This natural tug of war is exacerbated by the sensitive nature of identities in commerce. Indeed, the private sector stands to monetize data – our data – in myriad of ways in the digital age, which renders the issue of privacy, ownership and legality even more important. Second, especially in a country like the United States, the private sector both dislikes overt government interference and abhors uncertainty. As such to the question of how government could help which was asked by one high ranking Treasury official, most in the room, a cappella and in perfect musical harmony declared it important the government help the market create a framework to foster identity solutions. I interpret this pleas as the quest for the right governmental nudges and an active avoidance of rigid mandates.
12) Finally, although we did discuss a variety of subjects ranging from privacy concerns, legal and compliance issues, enforcement, technology solutions, identity vs data, the plurality of identities, one subject was notably absent from the proceedings: Identity rights. By identity rights I do not mean the right to an identity. I mean rights akin to property rights. In as much as property rights have been one of the foundational blocks of economic prosperity during the industrial age, I believe Identity rights will be a key engine for growth in the digital age. One needs to know his identity and the data associated with it are secured and that one owns them outright. In this sense data privacy is not enough. I have blogged about this in a previous post already. I suspect the issue of identity rights will be settled in different ways depending on context, via the courts in an organic way in the US, via legislative fiat in Europe. Be that as it may identity rights will emerge as currently our identity and data are neither tangible property nor are they intangible property and more than not are regulated by the various Terms of Service we seldom read but often agree to when signing up to use the various digital applications we spend more and more of our time with online.
13) One parting thought: I view this one day event in a very positive light, as a proof that the thorny problem of digital identities is being taken seriously at the highest levels of government in the US. a very positive sign indeed. The private sector, along with standards bodies, now needs to come up with proposals and submit them to various US govt bodies. I eagerly await the next chapters and hope I will be invited to follow on events at the Treasury or which other entity takes up the challenge.