Competing to prove your identity

While spending my last few months in government working on a service to help people prove who they are, GOV.UK Verify, I noticed something:

Everyone is competing to prove your identity. Deliberately or not.

Facebook login API, Yoti, Twitter Sign in API, password managers, documents scanners at nightclubs, council tax letters, Login with Amazon API, Student Beans, GOV.UK Verify, Bumble, European Union, NUS Cards, Google Identity Platform, work ID cards, your Finnish bank, Sign in with LinkedIn, share driving licence information, utility bills, payment with facial recognition, passports. The list goes on and will get longer.

Not only do these services prove your identity in different ways. They provide different types of identity.

This is important because that changes how, when and if people trust them.

Vouching

My name is this. I look like this. I was born on this date. I live here. Your basic details.

These services are basically one organisation vouching to another that someone is telling the truth. For example I can tell an estate agent my name, but it takes showing them my passport for them to believe me. I can tell a bank my address, but it takes a showing them a water bill letter to prove it. I could tell Tinder my age, but takes logging in with Facebook to accept it.

This information ends up duplicated in multiple places, which makes it harder to track, let alone control.

And interestingly many of these things, often objects like letters and cards, were never designed to be used for the purpose of sharing and vouching.

Proving

I work for this company. I am a student. I have right to work. I can drive. I can contribute to a code repository. I’m on these benefits. I’m allowed in this building.

Unlike my basic details, this data changes moves more quickly. It’s more specific. It can often only be vouched for by one organisation, be it an employer, university or government. We don’t have a choice who provides this information.

The main users of this data are the organisations themselves. But other organisations need this data to deliver services to people; be it renting a car, free prescriptions, discounted shopping or employing someone.

However these specific identities are rarely designed to be shared outside the organisations they originate. This means they are hard to share or prove, which delays people’s lives.

This has created a market for third party companies to document, verify and make sharable this information. From apps to discount cards to passport scanners in nightclubs.

Accessing and protecting

Some identities are platforms, used to access other services:

paying tax, dating apps, renting holiday homes, concert tickets, giving to charity, online games, on-demand TV.

These platforms serve the need to protect my data. Making sure that only I see it or those I consent to use it. Not to mention the lessen the faff and risk of having to remember dozens, if not hundreds of login details.

They also help services reduce duplicate accounts, misuse and fraud.

Context is everything when deciding to trust a identity platform. People will ask ‘what do they get out of proving who I am?’.

In the future people will be able to move from one identity platform to another. As they do now with bank accounts. Lock-in might be legislated against. Identity providers could well be regulated how banks are, to ensure users have choice in a competitive market.

And with software eating everything, trust will become one the remaining competitive advantages, as Kevin Kelly argues in The Inevitable, which I recommending reading by the way.