Identity plays a major role in everyday life. Think about going to an office, getting on a plane, logging to a website or making an online purchase. Identity is the key that determines the particular transactions in which we can rightfully participate as well as the information we’re entitled to access. But, we generally don’t pay much attention to the management of our identity credentials unless something goes seriously wrong.
For much of history, our identity systems have been based on face-to-face interactions and on physical documents and processes. But, the transition to a digital economy requires radically different identity systems. In a world that’s increasingly governed by digital transactions and data, our existing methods for managing security and privacy are proving inadequate. Data breaches, large-scale fraud, and identity theft are becoming more common. In addition, a significant portion of the world’s population lacks the credentials needed to participate in the digital economy. Our existing methods for managing digital identities are far from adequate.
As explained in A Blueprint for Digital Identity, - a 2016 report by the World Economic Forum, - identity is essentially a collection of information or attributes associated with a specific individual. These attributes fall into three main categories: inherent - attributes intrinsic to an individual, - e.g., age, height, date of birth, fingerprints, color of eyes, retinal scans; assigned - attributes attached to but not intrinsic to the individual - e.g., e-mail address, telephone numbers, social security, drivers license, passport number; and accumulated - attributes gathered or developed over time - e.g., health records, job history, home addresses, schools attended.
While mostly associated with individuals, identities can also be assigned to legal entities like corporations, partnerships and trusts; to physical entities like cars, buildings, smartphones and IoT devices; and to digital entities like patents, software programs and data sets.
Data attributes are generally siloed within different private and public sector institutions, each using its data for its own purposes. But to reach a higher level of privacy and security, we need to establish trusted data ecosystems, which requires the exchange and sharing of data across a variety of institutions. The more data sources a trusted ecosystem has access to, the higher the probability of detecting fraud and identity theft while reducing false positives. In addition, an ecosystem with a variety of data sources can help foster economic inclusiveness by certifying the identities and credit worthiness of poor people with no banking affiliation.
However, safeguarding the data used to validate identities creates security and privacy issues of its own. It’s unsafe to gather all the needed attributes within one institution or central data location, making it a target for data breaches. But, it’s also highly unfeasible, as few institutions will let their critical data out of their premises.