Digital identity today is fragmented and disjointed.
We share personal and valuable identifying information in a variety of locations, hoping that it’s safe. This process of transacting online involves a lot of effort, risk and frustration for both consumers and businesses.
More often than not, privacy is sacrificed in the name of convenience, mostly because there are no standards for the types of data that should be shared to execute transactions.
This creates a huge economic problem as poor identity verification has led to data breaches being increasingly common—more than 3.4 billion records lost or stolen in 2017 alone. In reality, crooks often have more information when compared to their victims, especially when it comes to answering the questions we use for registration processes today.
Simply, the ability to use our digital identity to securely transact online is expensive, rare, privacy-destructive and unreliable: the opposite of what it should be. In more ways than one, it’s a lot like electricity in 1869.
Before the introduction of the standardized electrical grid in 1870, the biggest factories each had electrical generators. The original use for the generator was to power lightbulbs so that the factories could run two shifts and increase productivity and output.
That was it: electricity was used to power lightbulbs.
When the electrical grid was constructed there were massive efforts to convince businesses to join it. When a salesperson came calling, the typical response to a pitch came in one of two versions of yes, or two versions of no.
Those that responded with “no” fell into two camps.
The first were businesses that had their own generator and believed having a generator was core to their business. These companies were worried about relying on a third party for a key resource to their business.
The second were businesses who liked the idea of the electrical grid but had recently invested in a new generator. They liked the long-term benefits of the grid and would take a wait-and-see approach while using up the committed investment of the new generator.
Those that responded with “yes” also fell into two camps of their own.
The first version of yes came from smaller businesses, who did not yet have a generator because it was too expensive and complicated. Their decision was easy: they could join the grid at reasonable cost, and it would allow them to compete with bigger players by enabling them to run two shifts as well.
The second group that said yes were businesses that had a generator, but hated the distraction it represented from the core business of making products. The generator was complicated to run, broke down frequently, and required specials skills to keep it running. They ran the generator because they needed light – but it was not core to the business, so they joined the grid to focus on more important matters.
What is interesting is what happened in the end: everyone joined the grid.
From an economic and a simplicity standpoint, the offering was so compelling that running their own generator everyday just did not make sense. Scale efficiencies in the economy came from everyone having cheap, abundant, reliable electricity.
What is more compelling is that once this happened, the number of use cases for electricity grew very quickly. Electricity was no longer about the light bulb anymore, at least not exclusively. Electricity was put to so many different uses that it transformed the economy. Most of the uses were not foreseen when those initial salespeople began knocking on doors.
So, what does any of this have to do with digital identity?
Every online service delivery organization on the planet is currently running its own digital identity generator. The first digital identity grids are starting to emerge, and today, businesses don’t have to run their own identity and authentication services anymore.
As today’s market develops a digital identity framework, we are hearing the same rationale for saying no and yes, but here is the thing: no one doubts the days of every web service running its own digital identity generator are numbered.
There is no question that we are at a tipping point in which every day users can’t manage all their passwords, registration and recovery credentials. Businesses are suffering data breaches week after week because no one can afford to make the massive investments required to make digital identity verification safe, convenient, and private for customers.
The problem is, that like the electricity grid, interoperability of systems is key to delivering a cost-effective and improved digital ID user experience. We don’t want to be told that one company requires two special characters in their passwords any more than the hardware store of our forefathers would have wanted to stock lightbulbs for dozens of voltages.
The current approach to identity and access management has produced the result we have today, and a very different approach is required if we want to fix it for tomorrow.
A new digital identity framework is launching in Canada to address these problems. It will provide better business confidence for identity registration, use less data and lower costs. What’s more, possession of user data will no longer be enough to allow imposters to masquerade as legitimate users.
In the end, every service delivery organization is going to join the digital identity grid, and once we have cheap, abundant, privacy-enhancing reliable digital identity, it is going to transform the economy.
Like electricity nearly 150 years ago, we cannot guess all the ways digital identity will transform the economy. But with its ability to take friction out of transactions, the biggest opportunity is likely something we haven’t even imagined yet.
Andre Boysen is Chief Identity Officer of SecureKey.