David Pollington, Head of Service Access, Identity, GSMA
There would be little sense in denying that, along with the major strides made in digital identity over the past year, there have been a great many high-profile breaches and data scares too. This results from, perhaps more than anything, the steady digitisation of the everyday. As people’s lives move increasingly online – and daily routines now consist of accessing an ever-wider array of digital services – they increasingly result in our personal data being captured and stored online as websites seek to profile us in order to tailor and refine their services.
It is both an ethical and commercial imperative for the industry to address this challenge – cybercrime costs an estimated $1 trillion in 2017 alone, and in that year personal data breaches exposed 7.8 billion identity records – 45% more than in the one preceding it. The future economic prosperity of the Internet is dependent on establishing trust in an increasingly trustless environment.
Rather than each online service capturing the identity of its users independently (hence creating a large attack surface for cybercrime), self-sovereign identity (SSI) is a concept within which users take back control of their personal data and manage how and where this data is shared, with whom and for what purpose. A new breed of decentralised identity frameworks are emerging which leverage distributed ledger technologies (DLT) such as blockchain to create trust frameworks via which users can assert information about themselves via zero-knowledge proofs, rather than needing to share the data itself. An example would be someone proving that they are over 18 in a commerce transaction, without needing to disclose their actual age, name, or
other personal information.
Decentralised identity frameworks thereby allow users to prove and control their online identities without needing to rely on single identity providers like the social media players – the present anxieties around which, in terms of privacy, hardly need recapping here.
Despite the enormous promise, however, it remains a difficult concept for most people to relate to in their present lives. How these solutions can be brought into being – beyond simply the vision and trial stage, but into common uptake and acceptance – will form a key discussion point at the GSMA’s Future of Digital Identity Seminar at the Mobile World Congress in Barcelona next month, between 13:00 and 15:00 on 26 February. Mobile network operators are poised to play a key role in bringing this process about, principally via their own pan-industry identity solution Mobile Connect, which can connect subscribers to the blockchain via a secure and convenient means with which they are already familiar. Security experts, developers and service providers from leading organisations in this space will gather to chart what has already been dubbed the Hitchhiker’s Guide to the Growing Pace of Identity Services in the Mobile Industry. We hope many of those with a professional interest in this area will be able to attend; to register here.