As digital ecosystems have become more integral to society, we have seen our identities carry across into the online world. But without real life verification how can anyone be sure that you are who you say you are online? William El Kaim, Chief Enterprise Architect and Cybersecurity Expert, BCG Platinion and Johnatan Uzan, Associate Director at BCG Platinion, explain how your online identity could be the answer and become the verification itself.
Who are you? And how can we know you are who you say you are?
Our identities are perhaps our most fundamental assets, dictating how we move through the world, what privileges we enjoy and limitations we endure. Society is built around our identities, and everything we do is underpinned by a trust that our identities are universally proven and objectively true.
And as digital ecosystems have become more integral to society, we have seen our identities carry across into the online world. From social media to online shopping to browser history, our digital identities are wide ranging, complex and unique.
Of course, in the virtual domain proving your identity is a much tricker prospect – without real life verification how can anyone be sure that you are who you say you are? As the infamous meme goes: On the Internet nobody knows you’re a dog.
Perhaps the answer lies within the question: What if your online identity could be the verification itself? And as society increasingly becomes digital-by-default, could things flip entirely, with your virtual identity becoming the most effective way of authenticating your real-world identity?
Your authenticated self
It seems likely, then, that digital identities will become the default form of authentication – a source of trust for people, companies, employers and everyone else.
Though while the concept may be attractive, the reality is something else entirely. The challenge will be to bring together an individual’s multiple different identities – whether that’s through their use of government services, their education institution, their financial services providers etc – to create a single, transparent and informative identity. From credit scores and date of birth to education and employer details, each of our multiple online identities can verify the other, eventually creating a strong, trusted identity.
But despite the technical challenges, there is real appetite to make the change. In the Financial Service sector, for example, regulators and institutions mandate increased transparency as well as stronger security and fraud detection – and the best route to this is through identity authentication. What’s more, as society begins to demand that social media profiles are held to account, we may see some social networks require digital identities to access their platforms, helping ensure individuals can be held accountable for what they publish and say.
Key to the success of this will be the work of ‘trusted identity providers’ whose role will be to collate and authenticate the digital identities. From here, these identities can also be incorporated into the IoT ecosystem, creating digital avatars for consumers and employees – making it simpler to access services such as travel or to simplify financial service background checks.
Who owns your identity?
The potential here is huge: Looking beyond the day-to-day improvements that digital IDs could bring, the most exciting is the potential to create a global certified identity system, which has the capability to collect data on a common identity from multiple places.
Today, individual countries are still the primary trusted provider of identities but looking ahead we must imagine a decentralised system with no central governing body. By adopting a unique way of characterising every person on earth – whether that’s through biological information such as fingerprints or a combination of other factors – it would be possible to create a worldwide decentralised database of identities, which could not be copied and would act as a uniform means of accessing services across the world.
Here we may find the first critical use of Blockchain outside of cryptocurrency. In a world where we each want to manage our own data, Blockchain could be the ideal way to facilitate significant change in digital identities, by successfully anonymising and decentralising an individual’s data – thus improving its security as well as reducing the reliance on a centralised body to control the identities. These sorts of solutions will be critical for ensuring the mass adoption of digital identities in the future.
Building for the future
Already we’re seeing enthusiasm for this (of a sort) within the UK’s public sector – in recent weeks the government has kick-started plans to introduce a single sign-on and identity assurance system that will run across all its public-facing services. The plans, however, are already provoking controversy with concerns of how the tracking of individuals across multiple sites may impact user privacy and data protection.
And in practical terms, Estonia’s own e-ID scheme has run into its own issues. As it is tied to the country, it only applies on a local scale, and it is possible to forge false identities; two fatal flaws that serve to deeply undermine the entire enterprise.
Once again it all comes down to trust. Whatever we do in identity, we need to ensure two things: First, that there is a unique way to reliably prove who you are, and second, that we can trust the institution responsible for creating that identity. Data privacy will always have a critical part to play in the debate, with the ways in which an individual’s data is to be gathered and how it will ultimately be protected need careful consideration. In the long term, overcoming these concerns will require creating a low cost, non-forgeable way to prove who people are, which removes the need for a certification body at all.
As society becomes increasingly digital-first the need for a unique, non-forgeable digital ID, which is recognised globally and required to operate both online and in-person, becomes increasingly essential. However, making this a reality will not be easy, relying on the co-operation and collaboration of multiple different organisations and services. And, of course, at its heart it’s a debate about trust.
With a digital identity an individual is easier to track, more can be known about them and the data itself can easily become intrusive if collected unchecked. Ultimately, opting into an ‘official’ digital identity will be a choice each of us needs to make and if it’s going to be a success, it must be simple, it must be safe and it must feel worthwhile.
Click below to share this article