The Month in Digital Identity – Decentralisation takes Centre Stage

It’s shaping up to be a fairly eventful month in digital identity. Blockchain in particular is quickly continuing to make its way out of the realm of think pieces and online discussion groups, and into mainstream consumer markets. Earlier this month five Canadian banks announced they will allow customers to verify their identities digitally in a “privacy-enhanced and secure way” using blockchain technology.  SecureKey Technologies’ Verified.Me system is now available to customers of Royal Bank of Canada, Totonto-Dominion Bank, Bank of Nova Scotia, Canadian Imperial Bank of Commerce and Desjardins Group – and will be coming soon to Bank of Montreal and National Bank of Canada.  The Canadian Bankers’ Association has been calling for wider use of digital identity solution as part of the country’s revitalisation of its online payment systems, as the central government considers a system of ‘open banking’, which would see paper-based systems abandoned entirely, and a ‘federated model’ of digital IDs adopted which links federal and provincial systems.

Microsoft too has taken another step towards decentralisation of digital identity, with the launch this week of a preview to its new Identity Overlay Network infrastructure Project ION – a public, permission-free, open network anyone can use to create digital ides and manage their Public Key Infrastructure.  Billed as ‘like Bitcoin, but for identity’, ION is based on a set of open standards developed with Microsoft’s partners in the Decentralized Identity Foundation, and is built directly on the Bitcoin blockchain.  “We believe every person needs a decentralized, digital identity they own and control, backed by self-owned identifiers that enable secure, privacy preserving interactions,” explains Alex Simons, Vice President of Program Management at Microsoft’s Identity Division. “This self-owned identity must seamlessly integrate into their lives and put them at the centre of everything they do in the digital world.”

It is heartening to see major players in the tech world put serious R&D resources behind digital identity measures in decentralised technologies such as blockchain – for all the encouraging progress to note, we are still seeing some stark reminders of just how much this space needs enhanced security.  This month saw the record-setting sum of $75.8 million awarded in damages for cybercrime, with the victory in court of tech entrepreneur Michael Terpin, who had been a victim of a SIM swapping scam which led to millions of dollars of cryptocurrency being transferred fraudulently into an account controlled by a gang in Manhattan.  Losses from cryptocurrency theft surged in the first quarter of 2019, according to cybersecurity firm CipherTrace, reaching 70 per cent of the total level for 2018. “Crypto crime has gotten worse because regulations are still weakly enforced,” reflected CipherTrace’s CEO Dave Jevans at the end of April. This comes as a reminder that the technology can be there, but without whole-system collaboration to ensure it is properly implemented, the benefits will not be realised in full.

Despite these remaining challenges – and they are not to be underestimated – digital identity’s development appears to be continuing with some aplomb this month.  India’s vast digital identity breach last year – in which the personal information of around a billion Indians was compromised from the country’s national identity system Aadhaar – saw a sequel earlier this year, when a further 100,000 Aadhaar numbers were leaked.  The country’s digital transformation initiative India Stack has nonetheless seen ongoing rapid engagement and adoption, allowing for the opening of bank accounts in as few as 55 seconds, and decreased customer on-boarding costs for telcos.  Across Africa, too, digital identity approaches are quickly becoming more prominent, with Kenya’s ambitious biometric ID registration now well under way, Senegal’s steps to use digital identity platforms as a means to access healthcare, and South Africa’s rapid adoption of biometric ID. While breaches and fraud can cause some shaking of confidence in digital identity systems, the bottom line seems to be that adoption will not ultimately suffer; even in hotspots of such incidents, people generally want to complete the process of securing their identities online as a response, and with good reason.  The GSMA very much looks forward to continuing its role in convening those discussions between ecosystems players to help in bringing that about.