We had a fascinating chat about digital identities at the Innovate Finance Global Summit today. It was a private roundtable with members of government, central banks, the banking and Fintech community and commentators/observers. Listening to the dialogue going to and fro, I realised that this is one nut that’s too tough to crack. Here’s the lowdown.
The over-riding reason for a digital identity is for trust, and there are degrees of trust. A sign-on to a website or booking service does not need to have a uniquely verified identity but if it comes to more important matters – travelling across borders, driving a car, claiming benefits, tax collection, storing money – higher degrees of trust are needed, which is why we have passports, driving licences and bank accounts verified through Know Your Client (KYC) rules.
A great point was made that KYC to open a bank account may be a pain in the arse – filling in pages of forms, providing utility bills and proof of address – but we need these things and it doesn’t prove to be such a great pain that it brings down the global economy. That raised the first question.
What would be the motivator to create a digital identity system?
That question relates, for me, to the need that government has to use the financial system to police digital crime. Physical crime can be policed by the bobby on the street, but digital crime is through the financial system. Terrorist funding, money laundering, tax avoidance and illicit arms deals can all be made easily if there were no financial police. Because the financial police manage our online identities, alongside the aforementioned government issued documents, the criminal fraternity have to rely on cash for their illegal activities.
Or maybe not. Now that we have bitcoin and the Dark Net – oooh, scary! – criminals are focused far more on digital anonymity than digital identity. In fact, there is as much a focus on creating digital anonymity as there is on digital identity, and that then raises the next question.
How will digital identity counteract digital anonymity?
The answer is it won’t, but governments will do all they can to ensure that any digitally anonymous activity is monitored, and wherever online goes offline, it gets caught. This then extends into a different discussion, as in how to get cross-border standards of trusted identities. No two countries manage identity in the same way. Our passports have different formats, and some governments are moving to edentities but even there, they’re all different.
Nordic countries have digital identities, but they are struggling with interoperability as you move across borders. The UK has started various programs, such as the Open Identity Exchange, but a pan-European standard for identity management is still a long ways off. Equally, some countries are trying to use central control structures for identity whilst others are using federated structures. This point is a key one, as a central digital identity structure is fatally flawed as it creates concentration, and concentration can lead inevitably to a single point of failure. That is an issue, and so a federated structure is far more robust, reliable and secure. Federated structures implies distributed ledgers and blockchain therefore.
Will the blockchain solve all the problems of digital identity?
Absolutely not. Herein lies a confusion that is starting to annoy me, in that when we talk about blockchain everyone thinks we mean bitcoin blockchain, which we do not. In my case, I mean taking what Satoshi Nakamoto offered and developing it into a shared internet database, a distributed ledger, that can be used for digital identities. Now this is plausible and companies like Shocard and OneName are working on it, but there is a challenge, as alluded to earlier.
The challenge is who is sharing the database? If all governments and financial parties agreed on a shared ledger for identity, it would be fantastic. But they haven’t yet and, if it were that easy, we would already have one. If it were that easy, SWIFT would have its KYC Register rocking and rolling across the world, but it isn’t, yet. And remember that digital identity is not just for you as an individual, but you as an individual in a company. Make that a large multinational corporation with 1,000s of staff and the question arises as to how I can verify that all the individuals in that company are authorised to transact as they want, and have no questionable past, present or future. That is a tough ask, and one that cannot be solved through technology, although it might be solved another way. For example, if Facebook and Baidu or Yandex and Alibaba or Google and Tencent collaborated, then maybe we could have a system working for billions of people.
In other words, government, financial markets and technology innovators will solve the digital identity challenge?
Not necessarily. Already we see divergence between different countries and different markets. I’ve already mentioned the Nordic view, and there are several other major identity program rollouts out there, and they are all different. India has given every citizen a biometric ID card, as many citizens cannot sign their name due to illiteracy, that is visionary and works; many African countries are building up digital identities through mobile wallets and mobile credit history, that also works and is usable; whilst European and American governments are starting to find that an identity via Facebook and LinkedIn can be as usable as a KYC profile.
There is diversity out there, and so no one digital identity will work. Instead, we need multi-layered identity structures that can be used across borders through interoperable standards, allowing each government, institution and company to use as little or as much as they need. Then we need to future proof it, as that’s just as important. After all, a digital identity based upon a distributed ledger for the Internet of Things makes absolute sense, but only if it is component based and standardised for all to access and use as they see fit.