Security – the Missing Piece in the Reimagined Digital Identity
The World Economic Forum (WEF) recently published a community paper Reimagining Digital Identity: A Strategic Imperative (January 2020). The paper covers the strategic concept of transforming digital identification into a collaborative, reliable ecosystem allowing individual data ownership, and in turn, businesses would no longer be considered owners of their customers’ data.
While WEF focuses on the economic side of innovation and the business opportunities it could create, we’ll discuss the privacy and security challenges this model faces.
Digital Identity Systems Today
In our current online ecosystem, most identity verification occurs on a per-service basis. Our Digital Identity (dID) is fragmented across a number of user accounts – a situation that is both inconvenient and insecure.
Identity validation systems are complex and different from one another even within a single organization. To add the difficult task of ensuring maximum security while not losing points on user experience, it becomes clearer why global unified digital identity systems don’t yet exist.
Consumers desire seamless and secure online experiences. Regulators and organizations require security and privacy protection through service providers. Service providers need innovative data privacy and security solutions designed for scale because the reimagined digital identity model is a collaborative ecosystem that unifies digital identity across business units and multiple sectors.
Pillars of the Reimagined Digital Identity
Interoperability, user empowerment and trust are essential for the reimagined dID model, and they rely strongly on the technology available.
Interoperability enables dID to reach its full potential for application. It means that the identity validation system works as expected across domains and use cases.
User empowerment, or user centricity, would resolve the negative experiences related to the prioritization of business functions over holistic user value and experience. It also means that users gain control and ownership of their data and make informed decisions regarding what data they share with what entities. Digital identity systems that provide users with direct control over their data may also significantly reduce data governance obligations that businesses deal with today.
Trust is at the heart of the problem with digital identity – individuals and organizations must be able to trust that others are who they claim to be in every online transaction. The prevailing security issues and risk of identity fraud cause the lack of trust in validating digital transactions. And this is a serious blocker in the reimagined dID imperative.
Society requires trust to function. In a world that relies increasingly on the storage of information in digital form, digital identity constitutes an essential component of trust.
What keeps the progress away?
Getting these pillars right is where the need for a systemic change emerges. Today most businesses build and maintain their own identity solutions centered around their needs, offering and delivering products and services based on the accepted norm that owning users’ identities will provide a competitive advantage.
On the other hand, the most responsibility lies with the privacy and security dimensions of dID – regardless of who owns the data, if transferring and using it involves security vulnerabilities, neither businesses nor users win. Therefore, ensuring security and privacy is the top priority. And there are multiple problems to overcome in this area.
- Looking for solutions that can work transnationally raises the issue of vulnerability for data abuse by governments that don’t respect user privacy.
- The venture space has a generally lax attitude toward regulatory compliance, and the tech market is riddled with products that were released with poor security due to their rush to market.
- Balancing the need to make services usable against the need to make them secure is a challenge.The most technologically secure dID solution is a custodian-less blockchain service. However, users of such services are permanently locked out if they lose their login credentials, making them useless for large-scale identity solutions. The fact that blockchain data cannot be erased is also at odds with the GDPR’s right to be forgotten, as well as with the CCPA and GDPR’s data minimization principle – the amount of identity data held on a blockchain can only ever increase.
Getting Digital Identity Right
It’s inevitable that privacy and security must be seen as an integral part of the dID development. The required interoperability implies security solutions be designed for scale, with user experience in mind.
When it comes to business benefits, a trusted identity can:
- Generate new markets and lines of business
- Deliver better customer experiences and higher-quality data
- Provide protection against fraud while protecting consumer privacy
For both producers and consumers, a good digital identity system can open the world of online commerce to new jobs, supply chains, partnerships, products, services and experiences.
To summarize, the increasingly connected world needs a fool-proof digital identity system that would allow the possibilities of online transactions without posing a risk to user privacy. The strategic imperative is intended as a base for designing such a system.
Further Reading
The World Economic Forum: Reimagining Digital Identity: A Strategic Imperative (January 2020)