Our regular review of recent news from around the decentralized identity community. In this edition, we look at some predictions on what 2023 will hold for digital identity, increased interoperability between countries, and an interesting new intersection of AI and digital identity.
By Tim Spring
6 Digital Identity Predictions for 2023, Mike Engle, Security Boulevard
This Security Boulevard article by Mike Engle offers several useful insights into the ties between digital identity and security for 2023; we’re going to summarize the top two.
1.” US regulators will require tech giants to adopt non-proprietary identities.”
Proprietary identities are widely used across the internet today; they refer to any time you log in with a third-party application — such as Apple, Facebook or Amazon — and a defining trait of these identities is that all your data is stored centrally on one of the provider’s servers. Non-proprietary identities give more control to the user over where their data is stored — usually locally on one of their devices — and how much is shared with others when interacting online. Pointing to the Improving Digital Identity Act nearing passage, and federal government agencies already transitioning to a more secure approach to identity management, Engle thinks it is only a matter of time before regulations hit large corporations to drive more secure identity practices for all consumer-facing businesses.
2. “VPNs will give way to identity-based perimeters for the virtual workforce”
Engle’s main point here is that there are simply too many people using corporate networks from insecure locations, and VPNs are almost worthless if login credentials have been compromised. Offering some terrifying statistics such as 2 billion passwords were leaked in 2021 alone, and that roughly 70% of breached passwords are still in use, it’s easy to see how an identity based solution with more robust verifiable credentials tied to biometrics might be a better way forward. (Chase Cunningham —aka, Dr. Zero Trust— recently did a more in-depth look into this issue in an article for Indicio.)
Deal Between Philippines and Singapore Could Herald More Digital ID Interoperability, Chris Burt, Biometric Update
Chris Burt reports for Biometric Update that the governments of the Philippines and Singapore recently signed a memorandum of understanding (MOU) that will allow each nation’s digital ID to be recognized in both countries.
“The MOU covers digital cooperation on digital connectivity, particularly in inter-operable systems and frameworks that enable electronic documentation; cybersecurity, such as organizing training courses and technical programs through the ASEAN-Singapore Cybersecurity Centre of Excellence to develop and enhance skills related to cybersecurity; and digital government/e-governance, such as in the areas of digital government strategy, digital government services, and digital identity,” — Singapore Minister for Communications and Information, Josephine Teo.
This announcement mirrors the global trend of governments looking to make their digital credentials more interoperable with one another and, therefore, more useful to their citizens. For example, the Philippines has also signed deals with Belgium and China, and Singapore is exploring opportunities to collaborate with India. These partnerships are hugely important for the advancement of digital identity, offering the opportunity for interoperability, but also for nations to learn more from each other about technical approaches and best practices.
Nvidia’s AI-Based Digital Fingerprinting Addresses Identity Attacks, Nancy Liu, sdx Central
This article by Nancy Liu, Editor for sdx central, takes a look at a different approach to security just announced by Nvidia — Artificial Intelligence (AI) based Digital Fingerprinting. This AI is designed to build a digital profile of the data you typically interact with at work, and how if you — or someone with your credentials — does anything suspicious or out of the ordinary, the security team at the organization will be alerted.
As the team looks ahead, Bartley Richardson, director of cybersecurity engineering and R&D at Nvidia, predicts “a detailed digital identity model [using AI] that knows how fast a person types, with how many typos, what services they use, and when they use them” for creating secure digital identities.
This is an interesting probabilistic approach to digital identity. At Indicio, we have been working on a decentralized digital identity approach to employee verification in an effort to provide additional security for organizations, require little maintenance, and also to put that data back in the user’s hands. This AI based solution is still in its early days but will certainly be one to watch.
How Government Can Keep Up with the Future, Derek Robertson, Politico Magazine
Derek Robertson, a reporter for Digital Future Daily and contributor to Politico Magazine, discusses a conversation he had with Jordan Shapiro, an economic and data analyst at the center-left Progressive Policy Institute, in which she weighs in on where the American government stands now in terms of IT, and what generally gets in the way of keeping its systems modernized and accessible.
Some of the biggest issues Shapiro calls out for the government are that there are hundreds of agencies, all with their own technologies to keep updated, and that there are so many new solutions coming out that regulations are being created often without proper research or knowledge of how they will affect the real world. She also discusses how the businesses creating these products and the government have inherently competing interests, with the businesses often focusing on income and productizing as much as they can, and the government focusing on safety and privacy.
With the government’s main priority being security, safety, and privacy they are often slower to adopt new technologies. Shapiro points to President Biden’s recent executive order and the “time tax” — the sheer amount of paperwork necessary to enroll in benefits such as Medicare, Medicaid, or the Health and Human Services — Biden calls out as being problematic for Americans in the document. One solution Shapiro proposes is better digital identity systems to fix this problem, providing a more streamlined and secure process for accessing government programs.
The good news is that some governments are already hard at work on implementing these solutions! For more information about ongoing efforts you can watch the video of a recent Indicio Meetup where Indicio’s CEO, Heather C Dahl, sat down with representatives from several different government organizations to discuss their efforts to use decentralized digital identity and how they arrived at this solution.