The information that organisations hold about us today is typically ‘static’ information – name, address, date of birth etc. But with technology getting smarter and the Internet of Things taking a grip, things are changing. Companies log and track every interaction and behaviour you exhibit in an attempt to make your life better in some way. Facebook is pioneering some new AI bots in their messenger app so you can order flowers with a simple verbal instruction; other companies are looking to use wearables to predict illness and disease well before the symptoms become obvious. A lot of this new information is attributed alongside traditional ‘static’ identity data. This ‘dynamic’ identity provides a much more real-time view of who you truly are.
In parallel, we need to find correspondingly innovative ways of accessing and securing identity information – and quickly. Compromising this new dynamic identity could mean that new types of fraud and privacy invasion reach all-time highs.
So how’s that for a depressing thought? The new world will be full of exciting innovations, designed to make our daily lives hassle free – but we will have to compromise our privacy to enable it.
What if there was another way to balance the demands of privacy and convenience? The only way to genuinely secure this information is to decentralise the ownership of it so no one organisation can unlock it (not even the US government via backdoor decryption methods). The basic principle here is that if there is no master key in the first place, there is no risk of the master key becoming lost. That’s where new technology breakthroughs like blockchain, and of course our mobile phones, can come into play. In this scenario, we could hold our identity data (static and dynamic) and only share the relevant attributes required to complete a process.
For example, instead of sharing all my personal details with an online retailer in order to buy alcohol, I simply share my ‘18+’ authenticated credential and proceed to checkout. The retailer may have other reasons to request further information, but it’s up to me to decide whether or not to share this. Companies will value identity information much more than they do today, as they’ll need to earn the right to use every attribute. One sign of misuse, and the user can quickly and easily remove themselves from the service. It’s the same as you can do today when an app sends you too many notifications; simply switch notifications to ‘off’ and you’ve silenced that company …forever!
What is ‘blockchain’?
The blockchain is basically a distributed database. Think of a giant, global spreadsheet that runs on millions and millions of computers. It’s distributed. It’s open source, so anyone can change the underlying code, and everyone can see what’s going on. It’s truly peer to peer; it doesn’t require powerful intermediaries to authenticate or to settle transactions. When someone wants to add to it – for instance making a payment to someone else on the blockchain – participants in the network run algorithms to evaluate and verify the proposed transaction. If the majority agree that the transaction is valid (in other words that the identifying information and the blockchain’s history match) then the new transaction will be approved and a new ‘block’ added to the chain.