There have been innumerable attempts to build a universally acceptable and scalable federated identity management system. A system that if and when becomes feasible will aim to replace all other forms of real-world identity superimposed on the virtual world, as well as become the single-sign-on or SSO across all digital assets. Viewed from the perspective of identity, all transactions – commerce included – become a form of identity exchange.
Independent of whether there is a single identity or multiple identities, the issue of security is paramount; the risk is directly proportional to scale. As the Internet has permeated further and further into our daily lives, facilitating finance, retail, health and other personalized services, the opportunities for abuse and misuse have increased exponentially.
Before the Internet, one had to physically get hold of the credentials and tokens, for example, the mag-stripe on a credit card. After the Internet, there are now so many ways to get hold of the same token without having any access to the physical card. What's even more worrisome, as exemplified by the recent spate of data breaches across the western world, is the ability of rogue players to amass a significant number of consumer profiles without the knowledge of the parties entrusted with the data. If that was not enough, once the profiles are in the hands of these rogue players, they can choose where and when to post transactions across the world, creating systemic fraud the likes of which have never been witnessed before. The Internet is truly a double-edged sword.
Intrinsically interwoven with credentials, tokens, identity and security, is privacy. Rightfully so, fraud mitigation and risk management are industries in themselves. The technology to secure the most mundane to complex systems is very much there, whether it is in the hands of private industry, white and black hackers, or government agencies. While the cat and mouse game of building secure systems and breaking them will constantly keep pushing these technology advances further, the more pragmatic approach is to ensure that the underlying business model incentivizes – or conversely penalizes – all the players in the value-chain that have a need to access sensitive data.
Stated slightly differently, rather than a personal matter, protecting an individual’s privacy should become a community concern. As convoluted and controversial this sounds it may be the only defense in an increasingly flat socially networked digital world. There are enough indicators that convincingly prove that while privacy is of paramount importance, what most people cringe about is the lack of knowledge about where and by whom their data is being accessed, and then not knowing what they will receive in return for this access. The issue is less about access and more about a fair return in lieu of the access.
There is a growing movement around the world to start sensitizing the consumer on the commercial importance of their personal data. Taking it a step further, to help individuals directly manage their personal data, and subsequently, monetize third-party access to their personal data. While it is common practice to pay individuals to participate in a clinical trial, soon there will be products and services in place that will allow an individual to monetize all the different data sets across different industries, generated directly by themselves or indirectly by their designated IoT devices.
As these initiatives grow in strength, they will turn the traditional view of privacy on its head.
Check out Mehul Desai’s August of Money.