Big Bang: Identity, Edward Snowden, and Business Models

The amount of news, ideas, and opinions that flood our digital feed, typically, feel disjointed. From the author’s perspective, they are making a timely contribution to the progress of an idea, individual, or industry (well, sometimes they just want likes). For the rest of us, it’s one more data point within the dizzying task to connect all the dots and make the information useful.

For me, last Monday wasn’t disjointed. It felt like a big bang of information. I was attending an identity conference listening to Edward Snowden and my phone buzzed letting me know that Stratechery’s Ben Thompson had sent his weekly article (Disclaimer: I subscribe to Ben’s daily e-mail and he is a personal favorite. Highly recommended). I’m hoping you can learn something from my cosmic fortune so this article doesn’t become just another data point. Let’s start with the conference.

The ‘dry heat’ industry of identity

Identity is on fire these days. It’s what I call a dry heat industry; it’s not sexy (dry) but it’s really important and really hot right now (heat, obviously). Plus, it has its own conference! (Yes, I know, conferences can evoke that same disjointed information overload feeling – the only difference is they make you walk around to get that same feeling.)

The inaugural K(NO)W Identity Conference was different; it was cohesive. OWI’s hyper-focus on identity made it feel like every conversation built off one another. It’s something special when everyone in the room is interested, engaged, and is excited about learning. I’ll certainly hope to attend next year and I’d recommend it if you are interested in the identity industry!

Aside from the clever wordplay in the title, the K(NO)W Identity Conference started with its own bang. Edward Snowden, the headline keynote was the first speaker on day one. Snowden popped up on stage (well, on screen) for an interview with Manoush Zomorodi, host of Note to Self. Regardless of your feelings on Snowden, he raised some thought-provoking points about identity, data, and the future.

Snowden’s keynote used WannaCry, the global ransomware cryptoworm, to highlight the structural flaws and challenges the global identity industry is trying to address. The discussion covered a lot of ground and would take several articles to unpack: KYC/AML, IoT, blockchain, a database of ruin, and the psychological effects of not owning our own identity (spoiler alert: not good).

Two ideas stood out:

  1. Most transactions don’t need a true identity and precise knowledge. Snowden challenged the audience to approach their business as if true identity didn’t exist – what do you really need to know to get the job done?
  2. He made the observation that today’s internet-connected world (and IoT) has broken the liability chain. As an example, a medical device manufacturing is liable for faulty surgical equipment but connected device makers – like computers, wearables or cameras – in the hospital are not. The civic, legal, and business frameworks haven’t caught up to the avalanche of new, connected devices (and there are more coming!).

The danger of misaligned incentives in business models

As I’m walking out of the main hall, I open my e-mail from Ben Thompson.

To overly summarize, Ben uses the WannaCry ransomware attack to highlight the danger of misaligned incentives in business models (I strongly encourage reading the article). Ben exposes how the structural flaws (and murky liability chains) in the software ecosystem, set into motion years ago, lead to poor decision-making from all sides, creators, and buyers. Software creators (like Microsoft) must take on the cost to support software for which they’ve already been paid, like Windows 7.

Meanwhile, for the buyer, Ben states, Computers and their associated software are viewed as capital costs, which are paid for once and then depreciated over time as the value of the purchase is realized. In this view, ongoing support and security are an additional cost divorced from ongoing value; the only reason to pay is to avoid a future attack, which is impossible to predict both in terms of timing and potential economic harm. Ben’s solution is the SaaS model, aligning ongoing delivery of value with continued payment.

Ben ends with, Expect little progress and lots of blame, the hallmark of the sort of systematic breakdown that results from a mismatched business model. Which brings me back to identity and FinTech...


There is a lot of blame going around in FinTech for the lack of progress: regulators, core banking providers, and industry culture to name a few. Meanwhile, the identity industry is full of entrants trying to solve a fundamental aspect of FinTech, business, and society in general. It’s easy to get consumed by new selfie authentication software, machine learning KYC models, and IoT frictionless payments. This technological progress is truly awesome and needed. But aside from talking about customer experience, it seems like a lot of FinTech is still searching for its identity and the accompanying business models to deliver on the promise of a new financial services industry.