Over the last year I have had conversations with governments, think tanks, influencers, companies such as banks, telco’s, media, and actual people about digital identity. I have been astonished at the first major hurdle – defining what digital identity is. People of course, have the broadest approach; our view of our own digital identity is a 360-degree view of ourselves online. However, no other party holds the same view, other parties see only the elements of a person’s digital identity that pertains to their services or needs, which causes challenges, as many of these parties would also claim to own our digital identity, so who does own our digital identity?
Right now, global surveys coalesce around the view that the average digital user has over a hundred online accounts. That’s hundreds of entities all owning a piece of our digital identity, some of it overlapping, others unique. Some correct, some out of date, and some of it incorrect e.g. we gave the wrong date of birth/ address etc. Privacy regulations like GPDR, CCPA etc. will allow us to see which elements of our digital identity is kept by an entity if we ask them, but there is no register to look at who has your data in the first place, and who can lay claim to your digital id.
Looking across the online world, digital identity can essentially be broken down into 5 buckets:
- What I am - verified attributes, name, address, formal relationships age etc.
- How I am – informal relationships, inferred likes, dislikes, hobbies etc.
- How I am valuable – both net worth and marketability
- What I do – habits which in turn create offers from companies
- What I need – digital and physical goods and services
If we look at the other side – the entities we interact with online, they fall into 2 categories:
- Collectors – these are entities who create or enhance our digital identities
- Consumers – these are entities who use our digital identity as part of a transaction, or interaction
Using examples of entities who would be defined as Collectors across the different digital identity buckets:
What I am
In many countries , and over centuries Governments have been the “owner” of identity - they issue birth registration documents which mean we exist, and from these documents we can prove eligibility to work, be able to access other services such as welfare, and can gain further proofs of identity such as passports and driving licenses. Today governments are looking to digitalize their approach, but does that mean they own our digital identities? I would argue no, we can exist, and move some-what freely in the digital world without sharing our government-initiated identification, and in many cases these formats are not the ones we would want to share with digital service providers due to privacy considerations.
How I am
Whichever platform(s) you choose to communicate across social media is well known to be strewn with identity crumbs which, if combined, will give a very different view to the Government one, more of an indication of how I am, than what I am. Nevertheless, these platforms form an important component part of the 360 view of our digital identity. These platforms are morphing into identity plays - be it WeChat or Facebook acting as proxies for our identities. Do they own our digital identities? Well there is a strong argument that WeChat does in China, given the Government tie in; but with that exception no, we can choose (knowingly or unknowingly) who we are on social media, and so the social media companies cannot own digital identity without also verifying validity, an intrusive and negative-return option.
How valuable I am
Let me start by saying this is purely a monetary valuation and talks nothing of the soul of the humans we all are, and our contributions to society. Since their inception, the role of retail banks vis a vis identity has been to act as an expert witness in our ability to afford goods and services. This means they have to hold 2 identity elements – who we are, and what’s our financial position (now and future potential). In the digital world they are under increasing competitive threats, and one way to maintain their relevance is to perform the same role for digital identification. Through regulation they need to ingest the government identity piece, and so they can perform a dual role of government identity verification as well as the traditional banking verification of our relative monetary value in society. Banks today have a very specific view of our digital identity, the role they perform online mimics their role in the physical world
What I do
Mobile providers have a well-rounded view into our digital ID, albeit though a single device lens. If we are users of more than one device or use alternative medium like laptops then their view becomes blinkered, and related digital identity compromised. Similar to Social Media, mobile providers do not always verify identity and so any claim to own identity is misleading.
The final element of our digital identity is very much in the Consumer category
What I need
All online entities
Digital Identity consumers are all digital companies who are looking to deliver a service or product and are looking to know part of your digital identity in order to do this. Examples would be merchants, on demand businesses (Uber, Airbnb), and indeed governments, banks, media, and telco’s who would all fall into both categories, at different points in our digital lives - as they only have a limited view of an individual’s identity. Currently digital identity consumer companies also lay claim to owning our digital identities, and I would argue this needs to change.
We have all unwittingly outsourced our digital identities, not in a conscious effort but instead spread it to the 4 corners of the earth, sometimes because we had to, sometimes because it was convenient to, and sometimes it was just taken from us. With hundreds of companies each owning a piece of our ID, self-policing GDPR is impossible for most folk, and our identities can be exploited and morphed to the extent we cannot control our digital selves.
So how to begin? The first step at that we at Callsign would argue for is for digital identity collectors i.e. Governments, Banks, Media and Telco to offer identity services for digital identity consumer companies. This would make them digital identity custodians and would reduce the number of entities “owning” our identities to less than 10 for the majority of people. For full management, we as individuals could choose who we would nominate as custodians and point all other entities to them – albeit governments would still have to retain their status if they weren’t the nominated bodies. Of course, the marketing folk from the consumer companies would still want the ability to provide great customers experiences, and personalized messaging. This could still be done, managed by each of us through the identity custodians offering a simple service. These pilots are beginning already across the world – think government schemes, log in with Facebook, and now financial services companies offering identity management services.
These services still don’t give us full ownership of our own digital identity, we need the self -sovereign technologies to become more mainstream, but it will allow us to take back control and management of how we appear digitally, to whom and when. It is debatable how many people will choose the self-management of digital identity over the serviced offering and will likely differ by culture, and other socio-economic factors. With our lives increasingly being lived online, reliance on identity grows, and so the clock is ticking to exert our own digital identity, rather than succumbing to hundreds of interpretations.
Either way, if we take back direct or in-direct control of our digital identities, the buckets will look very different, and from my view a whole lot more palatable.
What Role Can Callsign Play?
Callsign addresses identity fraud, authentication and authorization. We provide the technology to enable Digital Identity Collectors (Governments, Banks, Media and Telco etc.) to verify that the person requesting to the service is who they say they are. We do this at every interaction in a secure and unobtrusive way; so, there is minimal customer impact either through inconvenience, or fraud.
In practical terms Callsign’s software passively analyses the customer’s location, device and behavior as they enter their username. In nanoseconds we identify whether this is a genuine request, and if it has been coerced, or manipulated. Once identity and intent are established, our clients then use our platform to dynamically construct a personalized user journey depending on what the user wants to do, their needs and our client’s risk posture surrounding this circumstance.