A Solution Looking For A Problem? NOT!

When it comes to exploring new technologies, it is common to hear the phrase “a solution looking for a problem” thrown around the boardroom. Sometimes it’s hard to distinguish the use cases from the useless cases: The idea that fire departments, for example, might use the blockchain to fight fires more effectively than by using a database (one of my favourite useless cases) might reasonably be criticised in this context.

When it comes to the new technologies of identification, authentication and (in particular) authorisation though, this criticism is wholly misplaced. In the identity world, we have not one but a million problems looking for the same solution: Digital identity.

A million? Yes, I am confident in this prediction. Here in the UK, a woman who took around 150 driving tests for other people has just been jailed for eight months. It seems to me that if the driving licence test centres are incapable of determining the correct identity of their customers, there is absolutely no possibility of (for example) volunteers at polling stations validating the identity of voters.

I can illustrate this with the story of a pilot who was sent to prison?in Britain for lying about his flying experience to get a job with British Airways. The fraudulent flyer entered false details and altered entries in his flight logbook so that he could appear more experienced than he actually was. He got the job and was flying for two years before he was found out.

Two years!

Now, it’s one thing to lie about credentials to get a job flipping burgers but it’s quite another thing to lie about being able to drive or being a police officer or qualified as an anesthesiologist or as a pilot.

But how can someone prove that they are a police officer or a pilot? The police in London are thinking about adding QR codes to their identification cards but I don’t know if that will be good enough?as QR codes are too easy to copy. In any case right now there are at least 2,000 police identification cards that are missing and could be used by anyone, since there is no authentication.

The lack of any identity infrastructure is manifested in the out-of-control fraud we see on both sides of the pond. The fact that Miami street gangs are now competing to control identity theft instead of boring old guns and drugs tell us that we are long overdue a practical identity infrastructure.

VCs

The general problem statement here is, not about proving who you are but about proving what you are. I need to know you have a line of credit, a pilot’s licence or a diploma from a top ten dental school. I do not care who you are, unless something goes wrong, in which case law enforcement or professional bodies take over.

Here, then, there is most definitely a problem looking for a solution and we already know what the solution is: verifiable credentials (VCs).

It should be quite straightforward. You walk into the doctor’s surgery and there is a certificate on the wall. You tap the certificate with your phone (or scan a QR code on the certificate) and your phone either shows you a picture of the doctor, if the qualification is valid, or a big red cross if it is not valid. If the process is anything more complex than that, it cannot help the general public.

Given the evolution of smartphones, contactless interfaces and verifiable credential standards, this takes us beyond tap-to-pay and towards what Jerry Fishenden calls the “tap-to-prove” world, which I think we need to get to as soon as possible. We are undoubtedly making some steps in the right direction here: For example,?The Post Office and Yoti have become the first government-approved digital ID providers, allowing UK citizens to prove their identities with an app instead of physical documents for the specific purposes of applying for a job or renting a property.

Mass Market

I rather like the tap-to-prove idea, because it introduces the possibility of a standardised mechanism for demonstrating credentials not only at the technological level but also at the human level. Identity experts often talk about the need for a “ceremony”. It’s a concept I rather like: It means that the actions that two people need to take in order to engage are well-known to both of them so that it provides confidence in the outcome. If the same ritual is applied in all circumstances and venues, then not only do you begin to do it automatically but if someone asks you to do something out of the ordinary, your suspicions are aroused.

This is what I mean by ceremony. If you go into the bar, you tap your phone on the doorman’s phone and the doorman gets confirmation that you are over 21 and you get confirmation that the doorman is licensed by the city to perform such a function.

It is one thing to have the digital identity infrastructure that we need to function in the modern world, another thing to make it deliver for the populace. Ceremonies are a way to do this.

Book Dave

Are you looking for:

• A speaker/moderator for your online or in person event?
• Written content or contribution for your publication?
• A trusted advisor for your company’s board?
• Some comment on the latest digital financial services news/media?