In my keynote speech at KnowID 2019 in Las Vegas, I said that we needed think about the big picture around digital identity. I said that digital identity should be seen as a fundamental defence in the cyberwar that we are already in and that has no imaginable end. It’s possible that some of the people in the audience felt that I was being hyperbolic and that this piece of conference rhetoric was for entertainment purposes only. In which case I must refer them to the recent comments of General Sir Nick Carter, Britain’s Chief of the Defence Staff, who said that our nation is “at war every day” due to constant cyberattacks. Even more interestingly, he then went on to say in the modern world there is no longer a distinction between war and peace (my emphasis).
This is precisely as the great media theorist Marshall McLuhan predicted. Indeed, I quoted him in my speech. In Culture is our Business, written nearly 50 years ago, he said that “World War III is a guerrilla information war with no division between military and civilian participation”. This is why we need to take digital identity seriously, as strategic infrastructure and as matter of national urgency. It’s not about making it easier for people to log in to The Daily Telegraph or Woking Council, although that should surely be a by-product of a well-designed system, it’s about keeping our people, our institutions and our democracy safe.
(I saw Paul Chichester, the Director of Operations at the UK National Cyber Security Centre, speaking about this at the P20 conference in London. In addition to telling the delegates that “cybercrime paid for that North Korean submarine launch”, he observed that it is the centenary of the Government Communications Headquarters (GCHQ) and that they have special exhibition about this over at the Science Museum. Since I spent formative time in my career working on secure networks for GCHQ, I’m really looking forward taking at look at this when I’m in London next!)
So what should we do?
I don’t think the answer for us it to build a centralised identity service (such as Aadhar in India) or a centralised reputation management system (such as China’s social credit score). I think we need to think about more sophisticated and more flexible federated options. I think we should start building an identity infrastructure for the modern world and that we should probably start with the banks. Citi put out a paper about this last month: it’s called “The Age of Consent” and it discusses the idea of a federated financial sector solution, something along the line of the Scandinavian bank ID services. (I contributed to the paper.)
You can see the author, Tony McLaughlin of Citi, talking about it here on Finextra TV saying that “if we fix digital identity, we fix payments”, and he’s got a point. Banks have an obvious and significant interest in creating the new infrastructure because it’s good for banks. But it’s also good for everyone else, so it’s not only a way for banks to save money, it’s also a way for banks to create new products and services that mean new revenue streams. In fact, it could be that digital identity is not simply an additional revenue stream in the future but that identity is bigger than payments to banks. You can watch Alessandro Baroni, CMO of equensWorldline, saying just this today on another Finextra TV interview.
In the UK, it is time for the regulators to demand action from the banks. When I was last asked to log in to a web site to buy something (last weekend) I was presented with the option to “Log in with Amazon” and “Log in with Facebook” but no option to “Log in with your safe and trusted bank digital identity that is part of a regulatory framework designed to protect you and your personal information and comes with expectations of redress, ombudsman, accountability and, ultimately, a physical presence to resolve issues”. Why not?