Identity is Broken — Let’s Fix It
“What are the last four digits of your social security number?
“Which of these streets did you live on in 2001?”
“We can’t give you a Visa because it says here you were born in Pakistan.”
“There is a bubble over this image in your Nigerian passport — we’re going to need to hold you for questioning and conduct a cavity search.”
— Real quotes from people attempting to identify me or someone I know.
Where is the Automation of Identity?
Peter Reinhardt the CEO of Segment wrote in 2015 that most management jobs are being replaced by dividing work into decisions made by programmers “above the API” and physical tasks carried out by people “below it.” Over time, he predicted that many of these tasks themselves would become automated.
We have seen the automation of marketing, stock trading, credit scoring, traffic routing and we are now witnessing the second stage of Peter’s prediction as self-driving cars appear on the horizon. But the way that we prove our identities in the world is a still hodgepodge of secure and insecure methods, analog and digital, single factor and multi-factor, zero-knowledge proof and full monty. This process varies dramatically not only between mature and developing economies, but even within them (the above quotes span both), often without much thought given to user experience or privacy.
Despite the fact that algorithms are making decisions better and faster than humans can in major parts of the economy, including in financial markets and public safety, outside of the corporate environment and email, we have made relatively little progress building and propagating new systems of automated identity management. Innovation is sorely needed in this area to facilitate the expansion and continued improvement of higher value services like banking and the shared economy, while still maintaining user privacy and security.
It’s a Global Issue
Unlike most markets and segments of technology, this issue affects the global north and south, almost simultaneously. Despite radically different economies, one needs only to look at the parallel challenges facing the U.S. after Equifax’s breach of 143 million social security numbers and those in Nigeria as regulators struggle to make identification ubiquitous and the country’s largest telecom is fined billions and forced to shut off millions of subscribers for failure to properly record KYC information. Whether you live in Atlanta or Abuja, the status quo isn’t working.
That does not mean however, that solutions do not exist. The tiny nation of Estonia has pioneered e-residency and e-citizenship tools that allow anyone to prove their identity online, use their digital credentials to open up bank accounts in Tallinn, sign contracts and documents digitally (even non-Estonians), vote from their computer (if they are Estonian), and access government services without setting foot in Estonia.
They Aren’t Limited to Wealthy Countries
India has successfully scaled the world’s largest national identity system, “Aadhaar,” to over a billion people, permissioning access to food and fuel rations while cutting billions in corruption and waste. “IndiaStack,” a set of protocols built on top of Aadhaar, is now being used to isssue hundreds of millions of SIM cards and bank accounts each year, and approve tens of millions of daily mobile payments, all enabled by a simple fingerprint or one-time PIN sent to a phone number registered with biometrics.
Stuck in the Past
Excepting these exciting examples, much of the world is still stuck in the 1990s when it comes to identity proofing — relying on human judgment, signatures, magnetic stripes, pieces of paper, physical tokens, or at best, QR codes and special biometric hardware requiring in person physical proximity.
But with new solutions available and on display why haven’t we seen a revolution in identity management resulting in simple and universal ways to prove your true identity online?
Why are we still proving our identity by memorizing usernames and passwords or recalling the name of our favorite pet?
The Status Quo
One reason is that true identity is typically the purview of banks and governments; institutions that are often slow to take advantage of new technology. Another is that problems like fraud often persist in certain industries because though multiple companies or institutions would benefit from a shared solution, few want to share data directly with competing actors.
But just as we no longer rely on humans to make lending decisions by interviewing us, we should no longer lean primarily on human judgment when deciding whether someone is who they say they are. Especially when cheaper, more convenient and often more accurate digital solutions exist.
Let’s Fix It
In 2017 I co-founded a new company, Smile Identity, with the ambitious goal of expanding trust in underserved markets by making it easy for people to prove their identity, anywhere in the world. For the past year, we’ve been heads down building our first products to help achieve these goals.
This year we’ll begin sharing our views on how together with our partners, we believe it is possible to build stronger, more secure and more user-friendly systems to address the digital identity needs companies and countries face as billions more people and devices get connected.
In a world where the services people want to access are increasingly provided through the cloud and controlled “above the API” (credit, ecommerce, payments, jobs and transportation) no one should be unable to prove their identity or be locked out of services. We can build solutions that allow access to the things we need, wherever we are, just by being ourselves.