When the internet debuted to the public, no one could have foreseen how important identity would become over the next few decades. Perhaps, if they had, someone would have built it into the internet protocol, jokes Jumio CPO Philipp Pointner.
But it’s one of those jokes that isn’t really a joke. Identity is becoming more and more of a problem, and not just because so many of them have been stolen thanks to data hacks and lackluster security. Today’s people live in a digital world, yet when it comes to proving they are who they say they are, the best means of doing so are still physical.
Governments, Pointner said, are laying down the law in terms of standards and regulations that organizations must follow for identifying customers – yet until now, they haven’t been offering a whole lot of guidance in doing so. Luckily, he said, that seems to be changing.
The chief challenge in the identity overhaul will be creating something that is not only secure and trustworthy, but that offers interoperability and portability, Pointner said.
A U.S. driver’s license is portable and can get Americans onto domestic flights and into government buildings, but it is of little use for identity purposes elsewhere in the world. A passport may be valid anywhere, but Pointner noted that they have their own problems, and sprang from a particular point in history that likely can’t be replicated.
In a recent interview with Karen Webster, Pointner detailed how he thinks it will all shake out, and the role that private firms like Jumio will have to play in making the pieces fit.
The Passport Precedent
The problem of validating identities has become a huge challenge the world over, and even if someone solves it, the odds of every country agreeing to use the same solution are pretty slim, noted Pointner.
The closest the world has come to a global, interoperable and portable identifier has been the passport, Pointner said, but that was a product of a different time and attitude. Back then, governments were intensely interested in tracking people’s international movements, so motivation was high to come up with a way to do so.
It would take a very specific set of variables to recreate the same initiative in the digital world, Pointner said. It would also require a lot more cooperation than is currently happening. Although most governments seem to recognize the importance of updating identification for the modern world, he said they all seem to be going about it in their own way.
“There’s no sharing of learnings or best practices,” Pointner observed. “Every government is trying to figure it out by themselves. There are going to be 250 different versions of the digital identity.”
On top of that, Pointner added, passports aren’t perfect. Even though every country follows the same security standards for creating them, some do so with greater rigor than others. Even though there is a minimum standard to meet, there is still a lot of wiggle room in terms of how to create the document, and that has created space at the lower levels of security for fraudsters to pry their way in.
Learning from International “Pilots”
As different governments start moving toward a global digital identifier, Pointner said, others can begin to learn from what they’re doing.
In Australia, for instance, the government has nailed down an extensive framework around who can participate in the network and is launching a new enrollment process in the fall, in which private companies can take part – this has been piloted with the postal service and transportation industry.
In the European Union, Pointner said the electronic signature regulations have had a positive impact, encouraging many countries not just to replace pen and ink signatures on documents, but to provide something like a real electronic identity.
These identities rely on three things: An identifier, such as a phone number or Social Security number; a password or phrase to initiate the transaction; and a certificate that takes the place of the signature by sending a push notification to the consumer’s phone for authentication.
Pointner said there’s no reason those same mechanisms couldn’t be used to prove someone’s identity. There are just two things missing: a consumer-friendly onboarding process and comprehensive data review, akin to what is possible when someone looks at a physical identity document.
Meanwhile, in China, citizens can now enroll in the national ID program at selfie stations to obtain access for low-risk things like logging onto the internet – although a more onerous process is required if they wish to use that ID as a source of truth in higher-risk scenarios.
One Does Not Simply Stroll Into Global Digitized Identities
Pointner said one issue with China’s approach is that it requires consumers to go into a government branch for hours at a time to have their national ID certified and validated as a source of truth. This process makes proving one’s identity a prohibitive task.
Yet without that layer of face-to-face assessment, it is difficult to guarantee that the ID presented truly represents the person who is holding it. There is a capability that allows citizens to take a picture of their national ID and have it authenticated to their mobile device, but going that route means running the ID through a third party to ensure it’s not fake.
On top of that, Pointner said there is always a downside to any identification system. China’s approach means that the government holds credentials on every individual in the country, a system that could easily be abused.
What if the government decides people must authenticate just to use the internet? All of a sudden, by making participation mandatory, a tool that was intended for security could be used for surveillance and to control public opinion.
So then, how are billions of global citizens supposed to be onboarded into a new identification system? Forget the entire planet – how is even a single country’s worth of people going to get onboarded? The process would take decades, Pointner said, even assuming that newborns are assigned digital identities at the moment of birth going forward.
Pointner said that ultimately, each country will decide for itself which tradeoffs it is willing to accept – and that means every country will come to a different conclusion. So even if these future identities are stronger, interoperability will remain a challenge.
That, said Pointner, is where the private sector’s role begins – or at least, where some kind of third party will be needed. He said this perfect storm of challenges creates a prime opportunity for an organization to step in and help drive cross-border interoperability by accepting all types of digital identities and acting as the switch between systems.
“There are many ways to go about this,” Pointner said, “and there will always be many – there will never be just one identity scheme, because there will always be people who have a paper driver’s license or governments that haven’t opened up identity services to the private sector yet. As long as it’s the government doing it, they’ll take it slow – and that’s good in this case. The bleeding edge of identity schemes is where things go wrong.”