Last month I had the privilege of attending the ID2020 summit at the United Nations in New York. Having been focused on identity within financial services for the last year or so it has been a while since I was at a more general identity event. ID2020 reinforced for me the increasing importance of identity and the Perfect Storm we have seen building over the last six months.
Cofounded by John Edge the summit was based on the need to bring emerging technology to the challenge of stateless and vulnerable children. A challenge reflected in the commitment by world leaders and 193 member states of the United Nations in a 2015 pledge to provide legal identity to all by 2030 (the UN’s Sustainable Development Goal 16.9).
ID2020 opened with a great opening message from Don Thibeau, President and Chairman of the Open Identity Exchange (OIX), who described two groups of people in the “identity world”- those that create policies, treaties, agreements and such, and those that create the tech and platforms. Both he said would provide the code for which identity in the future would be built on.
The morning was focused towards appreciating the global impact of identity with some big statistics and moving messages that highlighted just how important and far reaching the lack of Identity is becoming. The World Bank estimates over one fifth of the population, or about 1.5 billion people are without a legal identity. This includes the 230 million children under the age of five that haven’t had their births registered and are at risk of exclusion and exploitation, as well as 60 million stateless people or refugees separated from their sovereign identity that are unable to access health and educational services.
The afternoon was more practical and focused towards coming together as an industry to build solutions. There was a huge amount of support, willingness and motivation to start addressing some of these issues. Various panels explored ‘What makes up Legal Identity,’ what can be done to support it, how to approach it and what role technologies like Blockchain can play. There were some common threads including one which is close to my own heart – trust. How do you know, how can you trust, a person is who they say they are?
The overriding message as the day ended was that together we can make a difference and the more we do to solve these global identity issues, the more pressure there is on governments to support it and get it right.
Small steps toward Trust Online
This is where I believe our team is making a difference. While we have been working to create trust online for almost five years now, and have learnt a lot along the way, there is still a long way to go. And though we certainly cannot solve the world’s identity issues tomorrow, we are taking small, focused steps and making steady progress.
For the past 18 months we’ve focused on building DirectID for stronger online verification in financial services, and through a project for the US National Strategy for Trusted Identities in Cyberspace (NSTIC) led by Morpho Trust, we are taking driving license credentials and including them in our consumer identity product miiCard for a more extensible service.
In both our products we take a consumer-centric approach, allowing those of us fortunate enough to have online bank accounts to use the trust and traceability they contain, to connect our physical and online identities for when we need to prove we are who we say we are. We can do this for some 500 million people, in over 30 countries today.
Now with the Payment Services Directive 2 (PSD2) opening up the market in Europe, and a history of bank verification in the Nordics and North America, the relevance for banks as a source of this trust is finally being realised. And while I appreciate this is only for a portion of the population, and does not address some of the more pressing issues discussed in the opening paragraphs, it is a start and one we can make today.
Guiding Principles for Self-Soverign Identity
At ID2020 consumer-centric identity was being described as self-sovereign identity, but the meaning is the same, it’s about putting the consumer in control of their identity while providing value so they will use it. On the flight home I reflected on what I thought a consumer-centric or self-sovereign identity needs to have. My own list of first principles or requirements include:
- The individual can register independently and keep their identity forever.
- It belongs to the individual, only they can own it and it cannot be deleted.
- It is available to everyone and is recognised as a legal identity, globally.
- It is created, managed and controlled by the individual.
- And it’s all about context. We have many different aspects to our identity and many different use cases, and this identity should respect and support that.
As for the technology this sovereign-identity will be built on? I’m not sure it matters. My guess is that it will be a hybrid of technologies, blockchain, OpenID Connect and other authentication protocols for example. The identity itself is also of lesser importance. It’s what it enables that really matters. How it allows us to do more, be it online or off, as individuals with a greater level of trust and with our own personal control.