Decentralized Identity moves fast, don’t let keeping up feel like trying to drink from a fire hose.
By Tim Spring
In this rapid fire review we will take a look at, and break down, the biggest recent stories in digital identity and what they could mean for business and the average person using the internet.
Martin Kuppinger, the founder and principal analyst of KuppingerCole, weighed in on the recent European Identity and Cloud Conference (EIC) that concluded May 13. For those unfamiliar this is a conference, while the title says European, it brings together people from all over the world in the identity space, and as Martin describes, is a place where best practices and thought leadership around digital identities and IAM (Identity and Access Management) meet. He summarizes his biggest take away as the new trend of decentralized identity and traditional IAM converging, sounding extremely positive about the possibilities, and ending with the statement “It is time to explore the new possibilities and utilize DIDs to leverage your IAM to the next level.”
We couldn’t agree more with Martin’s assessment! EIC was an awesome event that Indicio was lucky enough to send a couple representatives to and present at, you can watch our recap video of the event here. One of the biggest takeaways that our team had was how many people had decentralized identity on their radar, but were under the impression it was a few years out at least. As one of our team at the conference pointed out, this point of view was because this was the first large identity conference where decentralized identity has had a sizable showing, and it was great to see, people couldn’t wait to learn more and talk about it. This conference had a huge impact on moving decentralized identity more into the public eye, and we are hopeful that for those that thought they had more time this came as a much needed wake up call, make no mistake, the technology is here today! It’s time to start thinking of how to implement it into your identity strategy.
Buenos Aires is planning to establish a non-permissioned, blockchain-based, digital identity platform that includes biometrics for public and private sector use. The platform will use decentralized identifiers (DIDs) and follow the W3C’s DID-CORE specification. The blockchain element is intended to maximize transparency, which is a key concern following a headline-grabbing hack of Argentina’s digital ID system last year. The digital ID system could be used by Buenos Aires residents to access city services, as well as transact with financial services providers, including enabling tax payments in cryptocurrency. The launch target is late-2022 or the first quarter of 2023.
This is a massive step forward for large-scale adoption of decentralized identity technologies and highlights a key problem that blockchain can solve: transparency across the network. Blockchain creates multiple ledgers for data transactions, allowing anyone with admin access to see what has transpired across the network. This is important for many use cases, but in Argentina, specifically, the government has had issues with police accessing facial data records to essentially track the greater population, which they shouldn’t be able to do. By using blockchain other users of the network would be able to see who is misusing their access.
Indicio is a proponent of starting simple and scaling to expand the benefits of these types of systems—because that approach has worked time and again with our clients—so starting with one city makes sense. The fact that they are looking at ease of use is key for end user adoption, as is maximizing the number of services that citizens can access, and pay through a variety of means. The more digital credentials can be used for day-to-day purposes, the greater the value they’ll be to people and the more they will be used. This plan signals forward thinking and we will be very interested to see how it develops.
Casino players at Les Ambassadeurs will soon be able to transfer their winnings by using verified identity credentials. The aim is to improve customer experience, enhance safety and compliance, and reduce costs and administration. Set to be trialed this year, this solution will provide a secure way for casino players to withdraw their funds, or transfer them to another casino within the system. “Gambling is one of the big drivers of technology. Over 20% of the world population gambles and the global industry is worth over $711 billion”— Rick Schmitz (LTO Network CEO)
With staggering numbers of players and money involved, the gambling industry will show many people how this technology can make friction disappear and both the end user and the casino’s life easier: One no longer has to deal with the process of cashing out or managing their chips, while the other reduces the risk of fraud and lowers security costs. The adoption of decentralized identity in a leisure activity is also not to be overlooked, it’s one thing to implement decentralized identity into your life grudgingly because a government says you need it to access the things you need, it’s another to take it onto yourself to make sure you have it for something you want to do.
The United States government recently announced its vision for the Internet and digital technologies. The goals include protecting human rights and fundamental freedoms online, promoting a global Internet that advances the free flow of information, and ensuring that all people can benefit from the digital economy.
There is a lot to unpack in this article, and if you want a more detailed interpretation, our own James Schulte did an excellent job in a recent blog post. The cliff notes summary: what the Biden administration is promising to work toward is largely delivered by decentralized identity technology. Concerns over user privacy and data protection is one of the biggest reasons many of the organizations we work with have turned to decentralized solutions. With 60 global partners signing this declaration, we see an uptick in blockchain identity solutions coming soon.
This recent report by Javelin estimates that 42 million Americans were victims of digital identity fraud last year. It points the finger at pandemic-related shifts to digital services in the U.S. economy as the driver for the 109 percent jump in new-account fraud and 90 percent leap in account takeovers. The research firm ends by suggesting that banks add behavioral biometrics tools to personally identifiable information and device-based controls to shield customers.
This article is a great reminder of why enabling people to prove who they are online in a privacy-securing way is so important. Biometric tools and device-based controls are a good start, but keeping this information in a centralized database will always come with a level of risk. As more personally identifiable information (PII) is needed to manage user accounts for e-commerce and online financial services, the risk of fraud and data breaches is only going to keep increasing. Human nature being what it is, most people will choose frictionless convenience over time-consuming, multi-step security procedures. This is why the simplicity of verifiable credentials is the way forward: not only does it mean that PII doesn’t have to be stored to manage user authentication, the process of verification is frictionless.
A leader in the Australian government recently shared his thoughts on its digital ID program, concluding that it was over-engineered and has cost too much for what has been delivered. He said that there were many failings, a big one being that they missed their own deadline to introduce legislation designed to underpin the digital ID to Parliament in spring last year. Without the legislation people did not have a reason to adopt and the government did not have a reason to switch from legacy systems. Another problem was multiple identities for different governments causing confusion and inefficiency, with one person saying you may have up to 30 different logins for different government services.
This is an unfortunate situation but definitely one that everyone can learn from. Successful implementations of digital identity systems need a clear direction and multiple organizations to come together to make sure they work. At Indicio we direct customers through this roadmapping and can’t stress enough the importance of giving the end users a good user experience and a compelling reason to adopt. Buy-in from every stakeholder is critical; for example — in our successful proof of concept for Aruba it took coordination between the government, local businesses, and the airports to implement a single verifiable credential; a digital ID for multiple government services is absolutely doable, but arguably should be implemented incrementally, with each success becoming an opportunity to recruit new stakeholder buy in. If you’re curious about the work that went into successfully implementing that credential, you can read more here.
If you want to be kept up to date on more interesting articles and events around the Indicio community we recomend subscribing to our bi-weekly newsletter!