As a digital society, we’re in the midst of a privacy reckoning and a crisis of confidence. The egregious data collection by tech companies has infuriated users, sparked regulation like Europe’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and prompted Congress to summon Google, Facebook, Amazon and Apple executives to testify about their customer data practices. Enter Identity Authentication.
Meanwhile, consumers are losing faith in the ability of online companies to manage their data respectfully. Data breaches have become a common and widespread occurrence, leaving personal information exposed. According to Pew Research, 70% of Americans believe their personal data is now less secure than it was five years ago, and, according to Cisco, 84% want more control over how their data is being used.
Particularly at risk is the data used to verify and authenticate people so they can use apps and online services. Login credentials are attractive targets for cybercriminals and fairly easy to steal without advanced protections. Even two-factor authentication is vulnerable, and if you authenticate someone masquerading as the legitimate account user, the system has failed. What’s lacking is authentication with a high degree of assurance and validity because, when it comes down to it, we’re basically assuming that people are who they say they are. Why do we rely on assumptions with something as critical as identity authentication when other systems are held to 99.999% accuracy and availability levels?
Personal Identity
What we need are systems that let people prove their identities with the highest degree of certainty and maintain ownership and control over their information. People should also be able to select specific data to share with apps based on what the apps need to know. Think of it as a “personal identity” that puts the power over the control of data back into the hands of individuals and provides them the capability to confirm their “selfness” without revealing more than they want.
Identity In Your Pocket
Aspects of this vision are already in the market. Digital identities for banking are popular in Scandinavia and can be used with phones or physical ID cards. Colorado officials have approved a digital driver’s license, which has authentication built in and is used to prove the user’s identity at any state agency. And there’s the Token ring, a smart ring that contains an individual’s credentials and can be used for contactless payments and building access. The encrypted data is stored in the user’s account and only the data necessary for a specific function is shared at any given time.
The pandemic has created an opportunity to test out this concept on a large scale. The Private Kit: Safe Paths, developed by MIT researchers, uses anonymized GPS and differential privacy, a method of sharing information gleaned from a data set that does not identify the individual who is connected to it. With this app, public health officials can see the location of people who are infected with Covid-19 but not their names or other personal information.
The use cases for this type of personal identity include:
• Account security: Account theft has exploded, with consumers losing data and businesses losing credibility and reputation. Every single account compromise is an opportunity to use digital identity to preempt this threat.
• Elections: We can eliminate any concerns about the validity of a voter by having them disclose their choice of digital identity at the polling place.
• Financial transactions: Authenticating at the time of transaction protects both the user and the bank. This use case by itself will prove the value of personal identity by cutting down on the vast amounts of fraud that occur in the banking industry.
• Immigration: U.S. Customs and Border Control have already created a “digital you” as part of the Global Entry program, based on an individual’s passport.
• Government benefits…
Privacy 2024 Recap – some significant decisions, slow progress for reform
The past year saw a few court decisions of note as well as halting progress toward privacy…