Identity Management: brace yourselves for some disruption!

Are we on the brink of a disruptive moment in the field of identity management?

There is undeniably much excitement in the field of digital identity these days. Some people say it is broken and needs to be fixed. Other reply it is working, albeit non-consistently and lacking standards. One thing is for sure though, it is a bit messy and rightfully perceived as one of the main challenges holding back people with ideas.

So, what is new and worth reporting?

Dozens of start-ups have started to work on self-sovereign identity management solutions. This is mainly pushed by the growing enthusiasm surrounding the fintech and the new use cases offered by the blockchain technology. Indeed, the efficient and secure management of private keys linked to individuals is clearly stamped as a major hurdle to implementing blockchain-based solutions.

So there is a bit of room (understand: money to make) and some are determined to take benefit of it. Microsoft-backed uPort made an impression when presenting their model for decentralized, blockchain-based identity a few days ago at the Devcon2 event in Shanghai. Thomson Reuters are reportedly developing in-house online identity management Ethereum called BlockOne ID. Evernym will showcase their own technology on the 29th of September in London. And those are only a few examples: many more projects are being nurtured in incubators and within big firms, including established banks.

Let us remain cautious though. Like always, we ought to keep our sangfroid.

While it is possible that the über-centralized fashion of managing identities might have lived, the governments will not let it go so easily. There is still an offline world, and decentralization might also not solve all problems.

The real reasons why the governments have been so reluctant in implementing ambitious ID schemes is I believe (1) the lack of understanding of what is at stake and (2) the multiplication of hacking cases that have led to the leak of vast amounts of personal data (this year only: Commission on Election of the Philippines, and national ID database in Turkey for a total of 100+ millions of records lost to hackers). The already sluggish governmental initiatives around e-services certainly did not need another layer of fright. Some have realized they did not have the means to protect sensitive data: business and security experts are better off in the private sector!

On the other hand now, legal identity is and will remain the sole prerogative of the State. And the State will always have the final word in what is considered legal, or not. Lastly, and even more importantly, identity is like money: it is based on trust. How many of you would place more trust into a private company than an institutional body? Here you go.

Furthermore, it is the government that controls the most trustable forms of identity documents commonly available (unique IDs, national ID smartcards or ICAO-compliant electronic passports). Those identity documents are getting harder to counterfeit or forge (cf. polycarbonate cards/datapages, advanced security features, security in chip design, centralization of ID documents’ production and/or personalization, etc.). Lastly, unlike tokenless identification, their issuance is increasingly backed by an accurate NIST-certified biometric de-duplication.

On a side note, the already existing gap between developed countries and emerging economies could further increase. Creating pompous IT agencies is not sufficient, there is a blatant need for developing countries to understand what is at stake in a time when smartphones are selling like hot cakes.

In a nutshell, disruption is at the doorstep but it is hard to see how the private sector will obsolete governments in the field of identity management. Trust is of the essence, and trust is something that the governments alone can seed. It is only by getting all stakeholders working hand-in-hand that we will manage to overcome the last stumbling blocks, and eventually bridge the legal identities to the service providers while ensuring a satisfactory level of privacy. But that of course requires the governments to ramp-up fast.

In the meantime, money is pouring in (the Fed as well as central banks across the globe are “helping” a great deal by making sure money remains cheap) and bubbles are forming already. There will thus be blood, but that is the price to pay in order to open up new horizons or that is, new ecosystems on which many of us will hopefully thrive in a near future.

Exciting times ahead!

Do follow, comment and get in touch with me on twitter at @biometricsWB

#identity #IDM #digitalIdentity #biometrics #fintech #blockchain #ethereum #devcon2 #UID #Aadhaar #ICAO #NIST #COMELEC #Evernym #uPort #ThomsonReuters #BlockOneID

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.