A new model for digital identity that enables trust and reduces friction
In the previous post, I wrote about how digital trust online needs a reboot. The web today puts consumers at a disadvantage, and businesses face a tradeoff: growth or trust. Today, we’ll dig a little deeper into how we can solve this thorny challenge and why it will be a breakthrough for social media companies.
Let’s start by considering the ‘digital identity’ challenge, as an excellent example of trust versus growth online.
If a new media or social platform business wants to drive growth, they need to remove friction. They need to minimize the data collected and remove the barriers to registration, often at the expense of being able to truly understand who their customers are (‘don’t ask, don’t care’). Although this path-of-least-friction results in huge volumes of new users, it provides no way to weed out the bots, fake accounts, and impersonators from the real users.
The alternative is to maximize trust and double down on digital identity verification, often requiring users to present their official government documents (so called ‘Real ID’ policies). Facebook, for example, asks users to do exactly this if they want to unlock a frozen account.
It’s all led to difficult questions about what personal data is really needed to run these social networks. Should we require users to display their real names online? If we start collecting this data about real people, how (and where) do we keep it safe? Can these giant tech platforms be trusted to use this data responsibly? And who will have access to it? How many accounts should one real person be allowed to run (consider all those businesses and content creators that need several different social channels)? The questions go on.
This challenge of solving digital trust has eluded us for decades. And it’s because companies have been using the same logic that’s led them to this digital dilemma—having to choose between digital trust or growth.
But we’ve had a breakthrough, and it’s beautifully simple.
Give the data back to people, the users themselves, so they can hold and control it, and share only what’s needed.
This approach means individuals can prove different things about themselves while not having to give away all their data. They can even remain anonymous if they want to go by an alias, while still sharing important facts (for example, that they are 21+). Rather than businesses collecting data about people in hidden and potentially expensive ways, they can ask users for it directly. Studies have shown that if a business demonstrates enough value for the user, consumers are willing to share data with them, as long as they can see that it will be handled responsibly and safely. (Because we also know the opposite is true: when digital trust is absent, consumers simply stop engaging with brands).
Here’s the best bit: this new approach not only gives people their data back; it also gives the data ‘superpowers’ that makes it easily verifiable. So any business receiving the data can now verify where the data came from and can decide whether or not to trust that data based on the source.
Most excitingly, this new technology also means we can share less data, but still get the same outcomes. For example, we no longer need to reveal who someone is in order to verify information about them. Businesses can ask for just enough information to meet their needs. Perhaps “IS_A_DOCTOR,” or “IS_A_STUDENT,” is all that’s required. Or, considering the social network ‘bot problem,’ the data coming from a user could be as simple as “IS_A_HUMAN.” So it turns out that digital trust doesn’t necessarily mean that users have to share their personal information at all. It could be some simple ‘Yes’ or ‘No’ statements as long as a business can rely on that claim.
A user should be able to prove they’re a real human, without having to share their real name. Yes, there are times when sharing more information helps, but the choice should be left to the user. For example, if someone (perhaps a notable figure worried about being impersonated or a scientist looking to show credibility) wants to prove that they’re really who they say they are, this same technology can be used to prove that a name on a social account matches a name on a government document… without the person having to share the government document. Any such disclosure should be left up to the user to decide whether or not they want to have their name verified or maintain the freedom of anonymity.
For the first time we’ll be giving users their own new digital tools. Ones that they themselves control. And it’s the user–the person, the citizen, the consumer–who decides what data they store and what data they share. It’s akin to today’s leather wallet or bag, where we carry around bits of paper and plastic so we can prove things about ourselves. So too will these new digital customer tools–digital wallets–hold all manner of things.
Apple and Google have had digital wallets for payments for some years now, but it’s time to go further to make them more useful in individuals’ everyday lives – to support a broader set of use cases and data types. To add much more personal data. More private data. More rich profile data. And to enable users to control who gets what, even subsets of the data rather than it all at once. This new approach–this new way to share data–will be private and secure and will foster digital trust. It’s a way to address many of today’s thorny privacy and security questions around collecting personal data.
It’s going to open up a whole new world of digital opportunities
While this user-centric approach has been around for a few years now, it’s really only since the global pandemic that businesses are realizing its potential. Only now are they beginning to see the possibilities to crack open solving digital trust online. It’s in part because a number of different threads are now coming together in a way they haven’t to date.
First, governments around the world have started to pass real regulations around the concept of privacy-preserving portable identity. That’s most obvious looking at the privacy regulations around GDPR in Europe and the CPRA in California. And of course the introduction of eIDAS (electronic IDentification, Authentication and trust Services) 2.0 in Europe.
Second, we’ve seen hundreds of organizations and technologists coming together to lay the foundation for an internet-scale trust architecture. At the World Wide Web Consortium, new specifications around user-centric identity have been approved as official web standards to define an interoperable and privacy-preserving path forward. Meanwhile, organizations large and small are collaborating at nonprofits like the Trust Over IP Foundation and the OpenWallet Foundation to ensure that these digital trust systems work for everyone, everywhere.
Third, data standards and technical groups, who have been debating and scrutinizing the technical choices, are beginning to reach consensus about how it all can work together. And fourth, there are now compelling regulatory tailwinds driving policy folks and business decision makers to look for new models for handling personal data. To offer smart digital wallets that handle personal data way beyond payments. To not only empower people with many different types of data, and in many different places across the web, but to do so safely and privately.
It’s time for a digital trust revolution. It’s time to deliver digital trust AND growth.