More human identity? We need open-loop identity
Our identity tools are broken. We need to meet our human needs, not just business ones. We need open loop identity.
Our identity tools are broken.
For all the benefits that our digital economy has brought about, it feels like things are getting ever-more complicated with life online. Too many forms to fill out. Too many passwords to remember and keep safe. Too many hoops to jump through when speaking to a call centre or creating a new account online. And frankly too many news cycles about data hacks, privacy breaches, rising fraud and identity theft. Not to mention the fear-mongering about how our mobile apps and devices are spying on us or leaking our data to third parties.
It’s clear that our digital identity tools — on which most of our lives, businesses and economies now depend — aren’t working; they are no longer fit for purpose. The increasing amount of data hacking, security breaches and fraud all stem from the same root cause: we can’t trust who’s on the other end of a digital connection. I’d go as far as saying that many of the issues we face in the digital economy are a direct result of this difficulty to prove who we are, and our out-of-date identity solutions.
It’s fashionable today to talk about being customer-centric, user-focused, customer obsessed. But when it comes to digital identity, we are miles and miles away. So many aspects of our digital economy have left the individual behind, and we’ve tipped too far in favour of the needs of the organisations we interact with — helping to sell more, to save costs, or simply helping them monitor what we do as customers and citizens.
It’s time to build an identity tools and infrastructure that can meet our needs, too; citizens, customers and consumers.
When thinking about the future it’s sometimes helpful to look to the past, to what has worked, and to understand why.
If we take a step back, you can see we’ve been using the same identity system for many hundreds of years; it works internationally, it’s interoperable and scalable across organisations, and it’s almost always reliable: paper credentials.
We need to meet our human needs, not just business ones.
We’ve been using paper to capture identity data ever since we started writing things down. To me it’s clear that paper credentials have been used so widely, for so long, and have become so stubbornly embedded in our society, for a single and critical reason: they effortlessly meet a number of human requirements, not just organisational ones.
I think paper credentials have at least six characteristics that meet our human requirements for identity: they are centred on the person; they are accessible; they are varied; they work across contexts; they are private; and they can be used in limitless combinations.
Let’s take a look.
1. Centred on the person
Throughout our entire life we are given various pieces of paper by others — usually trusted public institutions — who can vouch for us when we present those bits of paper to others. We are the holders of those credentials: we look after them; we replace them when they are lost or stolen; and we organise them, often in folders, wallets or purses. Put simply, these pieces of paper are organised around ME, not some other system or product or solution.
Anyone, anywhere can issue or accept paper credentials. Paper credentials have been good enough for most people, for most uses, and in most places. They are relatively easy to issue and are very easy to hold and use (just read what’s on it).
Paper credentials come in a gazillions of formats, types, shapes and colours, and can meet multiple needs, and comply with many standards, all whilst being based on the same physical infrastructure: folders and wallets.
4. Seamless contexts
We can use our paper credentials over and over again in as many different places and times as needed. I may be a patient in the morning, an employee in the afternoon and a sports coach at night, and our paper credentials can travel with us from place to place, and be shared, under our control, wherever and whenever it makes sense.
Whilst our paper credentials work across these different contexts, they can’t track us across those same contexts. I can use my passport to apply for a rental apartment, prove my age at a bar, or open a bank account, but none of these groups will know about the other (and nor should they unless I choose to tell them). This speaks to our fundamental right to privacy. Critically, paper credentials are private by default.
6. Unlimited combinations
If someone needs to know more about me, then they can ask me for as many additional credentials as they wish, until I can meet whatever level of trust they need. When I open a new bank account, they can keep asking for utility bills, council records or government ID until I can provide a proof of my address from a source they trust.
We need open loop identity.
It’s these simple characteristics that make paper so useful and scalable. I like to describe paper credentials as forming an open-loop identity ecosystem.
What does that mean? In an open-loop identity ecosystem:
The individual holds their own identity information, and they can share what they want with whom, whenever and wherever they like;
Anyone can accept identity credentials from anyone else;
There are unlimited variations and combinations;
We are empowered to re-use the same credentials in different places; and
We can put different combinations of credentials together to create an even stronger proof of who we are.
This seems such a simple idea. Just like paper, our identity tools should be as simple to use anywhere, and under our control.
Yet so many of today’s digital identity solutions are failing. Failing to scale. Failing to be trusted. Failing to create the value they promise. I believe it’s because they have forgotten to address these simple human requirements above.
In the next post I’ll look at why this is happening, why these failed digital approaches are having a disastrous impact on our digital economy, and what we might do about it.