The future of trust and scaling digital identity
As a society, how can we build and scale trust quickly?
According to World Bank’s estimate, almost 1 billion people globally lack any form of legal identity. At the same time, over 4.5 billion of the world population uses the internet, with this number growing at a rate of 7% last year. Covid has further accelerated this integration of our physical and digital worlds — data regarding our identity and behaviour online have become the fuel of the digital economy, enabling provision of increasingly personalised offerings and value creation. On the other hand, Big Tech continues to dominate our online presence — detailed user profiling and associated privacy concerns have risen to the top of regulators and consumers’ agenda alike. Our trust in how companies and organisations handle this sensitive data is becoming increasingly inseparable to our overall brand experience.
Digital Identity is the key to both worlds — enabling innovation to flourish with improved data access, while protecting and sharing our privacy to only the trusted few. It is therefore no surprise that investment in a range of identity solutions have increased over the past years, fuelled by promises of emerging technologies such as blockchain, biometrics, and machine learning. What is exciting is not the verification and authentication infrastructure itself, but what this unlocks — new business models and ecosystem interactions, seamless online-to-offline experiences, all coupled with enhanced security, privacy, and user control.
As ID2020 puts it, an ideal digital identity solution should be Personal, Persistent, Portable, and Private. As it currently stands, our identities are fragmented across identity providers, brokers, and service providers — we are yet to glide smoothly between our physical and online worlds. From the debate of privacy vs control in Test & Trace apps, to tackling disinformation online — appropriately designed identity solutions are key in the digital age.
Build ecosystem and superior data sharing to drive interoperability and scale
For any identity solutions to reach a meaningful scale, obtaining recognition and interoperability from a critical mass of ecosystem players are essential. In the digital age, this means more than the traditional identity issuers and service providers, but also providers of network infrastructure, hardware, software, and services that connect between our offline and online worlds. Take Belgium’s itsme — started by a consortium of leading banks and mobile network operators, the combined strength of identity verification from banks, secure SIM and network provided by mobile operators, and authentication software provided by third party partners have facilitated the success of the scheme. From initially a limited use case for e-banking verification, itsme became recognised by the government and evolved to support a range of public and private services. Similarly, South Korea’s DID Alliance brought together banks, mobile operators, and hardware manufacturers such as Samsung and LG to develop standardised technologies and interoperable frameworks for digital identities. Whether through API integration of identity-as-a-service, or developing standardised protocols like DID or X-tee that underpins the success of Estonia’s e-ID, involving a range of players and superior data sharing and standardisation are key to driving interoperability and scale.
User-centric solutions need to be radically transparent
Estonia’s e-ID scheme is known to be world leading, and offers citizens the ability to vote, pay taxes, set up companies, access almost all public services as well as private services online. Through the cryptographic data exchange protocol that connects across the ecosystem, all actions and access to citizen identity data are logged, viewable through a central portal. Along with supporting legislations to protect user privacy, this creates a high level of trust and user ownership over individuals’ data.
Decentralised technologies such as blockchain are also fundamentally shifting the way identities and data are stored and shared. An emerging design principle that sets the bar for user privacy is the concept of self-sovereign identity (SSI).
SSI aims to create a high level of trust by putting the control and generation of identity credentials back in the hands of the user. Users are able to decide to whom and how much of their data is shared, have full transparency and access to their data, and are able to transport identity credentials across entities without the problem of vendor lock-in. Increasingly, SSI principles are adopted on different levels in the development of digital identity solutions, as can be observed in DID and Estonia’s case. In this age where calls for open data sharing converge with those demanding user privacy and protection, SSI principles emphasise the need for trust goes both ways. As secure digital identity solutions become the new gateway to our wealth of data, we, the consumers, and ultimately to whom the identities belong, should remain at the centre stage.
Identity is the new business moat for platform players
The breadth of third party service access enabled by online platforms such as Google and Facebook, alongside what is termed “Super-apps” such as Wechat and Gojek, via a single login meant that authentication credentials with these platforms essentially became a source of identification. Whether via provision of Single Sign-On (SSO) or integrating third party services within the platform itself, the wealth of data visible to the platform providers unlock significant opportunities to personalise customer experience. The ability for platform players to seamlessly integrate our online and offline activities would be the next step to being truly ubiquitous and sticky in users’ lives.
WeChat is a good example that has gone beyond e-commerce and online engagements to enable access of offline services in all aspects of life. Users of Wechat are able to book medical appointments, make bill payments, access municipal services, and even file for divorce via the app. In order to fully benefit from these services, users need to obtain verifications from their banks and link ID details to the account to prove its legitimacy. Google, Apple, and Facebook are increasingly heading in this direction, with identity being an inseparable part to their payment efforts. Android and Apple Pay are bringing passports and driving licenses into the e-wallets, and with it, the ability to bridge online and offline activities with just your phone in hand. Facebook’s Novi (ex-Calibra) intends to be tied to an ID from the get-go, starting as a means to prevent fraud, but really is part of Facebook’s longer term ambition to set a new identity standard for how we interact. On similar veins, identity also plays an important part in Fintech’s business model. The combination of easier data access enabled by Open Banking with streamlined identity verification is facilitating the vision of Monzo and Revolut — the future marketplace and personal hub for your financial needs. For platform players, owning this identity relationship means holding the gateway position between consumers and an ecosystem of services — identity is becoming the new moat.
The world moves at the speed of trust. — Thomas L. Friedman
In his book Thank You for Being Late, Thomas Friedman studied the effect of digital transformation on people and communities. As everything accelerates, human’s ability to connect would be fundamentally based on the speed at which we can trust each other. As a society, how can we build and scale trust quickly? One thing for sure, our identities, and being who we say we are, would be a cornerstone to this trust.
