The Future of Digital Identity is Simplicity, Decentralisation and Control

March 20, 2019

Blog

Last year was a complicated one for digital enterprise, with highlights and more bracing moments – and at the centre of that developing picture has been digital identity. On one hand, eCommerce is now forecast to reach a total value of $2 trillion by the end of 2019, a growth rate of 20% on the previous year.  This has unfortunately come, however, with increased levels of cybercrime: there are now around 3 billion data breaches per year, bringing the total losses through digital services to $600 billion. What this does mean, though, is that as the headlines fill with the details of the latest hack, consumers are becoming more aware of the need to fight back and protect their data.

And, as public perception grows increasingly wary of social media networks with respect to privacy, there has been a growing recognition that more secure means of logging into online services are needed as standard. The shape of that future in digital identity was the focus of discussion at our seminar in Barcelona last month, The Future of Digital Identity: From Revolutionary Technologies to Social Acceptance.  As the GSMA’s Global Head of Programme Delivery Richard Cockle pointed out, Facebook recently acknowledged that around 200 million Facebook accounts – over 10% of the global total – are not who they purport to be. And when 1 million of the 17 million identities stolen over a year in the US are children, the urgency of the matter is plain.

Operators have a range of assets to bring to the table in this fight, and the business case for doing so is increasingly clear.  “No longer is this something operators have to convince their boards to take part in just for the sake of staying relevant,” Richard observed – “the actual commercial opportunities here are now widely understood.” User attributes – where they are, their account type and usual activity, and so on – are established tools to this end, but there are ever more ingenious and sophisticated options on offer. Increasingly important for instance are checking user attributes for consistency – one firm in the UK can now detect when the habitual keystrokes on a device are out of step with the approved user.

It’s innovations like that which allow digital identity to offer ways of working which don’t add complexity and disturbance to the process, but which protect it all the more effectively nonetheless. “If we’d been having this conversation five years ago, we’d be talking to users who wanted nothing ‘in the way’ of their digital services – they wanted these to be completely frictionless. But there’s now increasing desire to see these safeguards put in place: recent research shows 67% of people concerned about their online shopping, and 89% of them were happy to see a little more friction in place to help – now it’s up to us to establish how much friction they’ll tolerate.”

And the success of forums like ours to helping those conversations yield fruit is perhaps more important now than it’s ever been. Andy Tobin, European Managing Director at Evernym, went so far as to suggest that IoT should stand for ‘Identity of Things’, so crucial is reliable and efficient digital identity to the IoT’s ability to thrive and grow. Mr Tobin predicted that this will be achieved through increasingly decentralised means, as identity is verified between organisations on the go. “If every smart thing, every connected device, needed to phone home to some central server or database to verify users before it could be used, the IoT simply wouldn’t scale. But if those devices can know seamlessly that a user is allowed to control them, that’s a different matter.”

That means methods currently mysterious to many, though they may have heard of them – distributed ledger technologies (DLT) like blockchain, for instance – may soon become far more commonplace as demand not only for that efficiency, but for ownership, too.  “There’s often misunderstanding here – self-sovereign identity doesn’t mean self-attesting identity. It doesn’t mean I can claim I’m the King of Spain – it means I have ownership of the credentials that verify who I really am, where today, like everyone else, I carry credential issued to me by third parties. Digital credentials like that are what digital identity has been building towards all this time.”

Principal Program Manager at Microsoft Ankur Patel was clear that operators are the natural enablers of that decentralisation. “The world is already made up of multiple trust frameworks – but the way the world works now, with usernames and passwords, means that you only need to know one or two things and you get access to everything.”

What changes with decentralised solutions like DLT is that no-one can walk around with that digital skeleton key, regardless of how legitimately they came by it: users can instead be required to confirm any number of facts or attributes, on the spot, to confirm their identities. “So it doesn’t have to go through everyone – it just has to work between two parties. Operators are the brokers of that in just about every scenario in the planet; you’re the gateway bringing end users and businesses together in the digital world, so if we can have you guys saying how the specifications can work and still be open, then these methods can really begin to scale.”

And what that means in practice, among other things, is that users will gain the control over their identities needed to parcel out aspects of it as they see fit. As CEO of Summit Tech Alido di Giovanni pointed out, this could include fractional identities whereby users can share aspects of their identity such as particular habits with connected devices, which can then act on their behalf, while retaining ownership of the whole. This could mean authorising a chatbot to control automated functions of a smart home by instructing it in a specific range of behaviours that allow it to fulfil that function, without enabling it to go beyond what is required.

“But it has to be frictionless,” warned Mr di Giovanni. “If we achieve that, we’re on the edge of this becoming reality at scale.” Evernym’s European Managing Director agreed: “2019 is the year decentralised identity comes to life – from pilots into production. Banks, governments, credit unions – we’re seeing millions of such credentials being realised as we speak.” If the demands made on users are not too great – if these innovations can be brought to them in such a way as to avoid distraction from or delay to the task at hand – those numbers are likely to grow rapidly in the years ahead.

Back

Report: Mobile Connect Turbocharges New Services How Turkcell’s mobile authentication service is helping Turkey’s start-ups to grow This case study explores how Turkcell is harnessing the global Mobile Connect authenticatio...

Read more | See all Identity Resources

Identity Hangout: Decentralised Identity – Material The GSMA Identity team was joined by Andrew Tobin from Evernym to discuss the role of identity and the mobile industry in decentralised identity. Presentation Audio...

Read more | See all Identity Resources

MWC19 Barcelona Seminar Presentations The industry seminars at Mobile World Congress have developed a reputation for being one of the leading ways in which to discover the plans and motives of any given market. Below...

Read more | See all Identity Resources

Mobile Connect Platforms & Operations services The GSMA offers a series of technical platforms and services designed to help mobile network operators and service providers deploy Mobile Connect successfully. This document co...

Read more | See all Identity Resources

The Identity Guide to MWC 19 Barcelona With mobile internet traffic accounting for more than half of all global online traffic, the nature of digital identity is changing. Our impressions and personal information are ...

Read more | See all Identity Resources

Presentation: Identity Hangout Delivering Identity Services The first Identity Hangout: Delivering Identity Services on 5 December explored the value and commercial scalability of mobile-based identity services. The online event was targ...

Read more | See all Identity Resources

News Flash: World First For Online Age Verification UK government to introduce controls to stop children from accessing online pornography A new UK law, which comes into force on July 15, will require commercial providers of onlin...

Read more | Visit Identity Blog

Biometric authentication is getting stronger – so we’ll be seeing David Pollington, Head of Service Access, Identity, GSMA Biometric authentication has been around for some time but is now becoming mainstream. Why? It’s mostly down to the wea...

Read more | Visit Identity Blog

Digital Identity: if you Streamline it, They Will Come Digital startups face all manner of challenges, and identity is no exception.  However strong the service offering, if registration and login processes detract from the user exp...

Read more | Visit Identity Blog

Flash News: Multi-factor Authentication Gains Traction Report says SMS is the most widely used method of adding an extra layer of security Almost 30% of businesses are now using multi-factor authentication to enable customers to acce...

Read more | Visit Identity Blog

News Flash: Big Names Back Digital ID Start-Ups SoftBank, Salesforce, Microsoft & PayPal make strategic investments in ID innovators SoftBank Investment, Salesforce Ventures and M12 (formerly Microsoft Ventures) all partic...

Read more | Visit Identity Blog

News Flash: Australia Accelerates Digital Identity Push Federal government allocates additional funds for myGovID system Australia’s government has injected a further AUS$67 million (US$48 million) into the development of its myGovI...

Read more | Visit Identity Blog

Identity Hangout: Controlling fake online identities June 12, 2019 Hear what´s new in the identity space. This Hangout will focus on fake online identities and how the mobile industry can help control it....

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2019 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.