Is ‘owning’ a single identity really possible in the near future? This week, Alan Goode, CEO Goode Intelligence examines the current state of authentication and authorisation in the context of identity. He explores the potential of a truly unified digital identity and the pathway to global interoperability.
Who should be responsible for creating a digital identity that relates to, for example, access to services? Is it the job of technology companies or government?
It’s a very interesting question, and there’s obviously a lot of debate about this. In terms of responsibility, it’s a dual responsibility for the identity holder – which is me as an individual – and the identity provider or the service provider. There’s a hell of a lot of different models in terms of who is it, who is creating the identity, who’s verifying the identity, who’s issuing and then storing and authenticating. So there can be situations where you will have a number of different owners and providers in this space.
We do have a little bit of lag from agile technology companies who can establish very easy-to-use, convenient and secure services that allow us to federate our identity; it allows us to use that identity in other places. And then there’s government, who are slow to react, are more auditable and they have to obviously consider a lot of different things.
I think there is a situation where we have a bit of a gap in between what government should be doing and then providing that gap so that the agile technology companies can come in and fill that space.
Do they have different remits? Does government want to create digital identity to then streamline access to government services, whereas a technology company may want to create digital identity to allow a person to authenticate into private services? Are there different agendas in that regard?
Yes, there are. But the confusing part is the fact that identities are very powerful and they provide the ability to know exactly who a person is – that’s verified identity. So if you have an identity that is near-100% verified as that particular person, then they can follow that individual through different services. It’s all about that valuable data, which has been very important to technology companies.
Data is the new oil, and it has a value. Monetisation of data and knowing exactly who is accessing particular services and data is one of the big drivers for tech companies.
Do you think culture plays a part in terms of adoption of something like a national identity?
Very much so, and I think the cultural thing goes back quite a long way. In my own country, the UK, they’ve attempted to establish a national identity scheme. It’s failed many times. I think there was some cultural reticence – perhaps fears of Big Brother. And the UK is not the only country that has an issue with a national ID scheme.
We see very different models around the world, and I’m fortunate enough to be in a position to speak to people in South America and Asia, for example. I can see they don’t have those cultural barriers that perhaps other regions do to a national identity scheme. I was talking to an identity expert based in Bangalore, India recently about privacy being an issue for identity; it can be seen as a barrier. I was saying, “What are the privacy issues surrounding India’s national ID scheme?” And she’s told me that people generally do not have an issue with it because it’s enabling them to access services they were previously excluded from.
There are definite regional variances at play in terms of the design and deployment of identity systems.
For the pathway to interoperability in Australia, we’ve got the Digital Transformation Agency setting the foundations for having a ‘rules of the game’ for identity and authentication services. Given your global exposure to the pathway to interoperability, what’s your opinion on it?
If we’re going to play identity lingo-bingo, the next one I can say is ‘islands of identity’. There are very good regional programs going on – we have that in the Nordics, we have that in Canada, and we also have that with different vertical industries like the airline industry or border control.
But I think perhaps we’re trying to run before we walk. There is a desire to have that global interoperability, to be able to have one identity in my wallet, which I can then use internationally to buy a SIM card in Pakistan or to book a hotel in the UAE. There are forums and groups around the world attempting to establish greater global interoperability, and we’ll see more examples of it around the world.
To answer the question, there is a lot of good work going on in many regions to try to solve the problem. I think we all know what the problem is. And I think we do have the technology standards to make that happen. It’s a case of doing things in an evolutionary way rather than trying to jump ahead.
Where do you see the identity industry going?
It’s the vibrancy of the industry at the moment. We can talk about culture – yes, there are cultural issues, but you’ve got to identify what the cultural dynamics are in terms of the regions you are working in.
You also cannot ignore the commercialisation of this sector. If you don’t have a way of making it worthwhile for an identity provider from a commercial perspective, then it will be very difficult to scale that particular solution.
I think we will see governments look at the traditional identity documents they currently create and distribute and manage – passports, driver’s licences, national identity – and then they will look to digitise and commercialise them.
Years ago, the web was trying to recreate paper-based things. So you used to have these really annoying things where you were reading an e-book and it was replicating turning the pages of the book. The technology service emulates what it’s trying to replace, so I think that we will see that, and in the next five years we will have digitisation of traditional identity documents.
We will then see identity morph into something more dynamic, more active. The ‘digital exhaust’ of our lives will be collected, analysed and we’ll have a far greater accuracy in terms of, “Yes, this is Alan Goode at 7:53am on a Tuesday morning trying to access his bank account from a particular region.”
So I think that’s what we’ll have. We’ll have greater pragmatism in what can be achieved in the short term and an evolution into digitalisation of what we currently have. Then we will move into something that is much more dynamic and much more active.
Want more insight into the world of security, identity access management, biometrics and more? Get your weekly fix with the Identity Today podcast, hosted by Daltrey MD Blair Crawford. You can start on Episode 1 here or listen via Apple Podcasts, Spotify or your favourite podcast app.