Before I continue with the Privacy and Trust series, Ins I wanted to summarize what I learned at the Inside ID conference in Washington. In my presentation I tried to set the stage for the conference by speaking about how the evolution of the networked world presents a staggering necessity and opportunity for organizations of all types to provide the means to establish who they are and who they are dealing with, whether it is across the counter or across the Internet. The Inside ID conference then drilled down in great depth as nearly 100 speakers and more than 60 vendors discussed the systems and technologies that facilitate identification — ranging from digital identity to identity management. There were a lot of detailed things I learned but what I want to share is the big picture of what I learned.
I would summarize what I learned into the following…
We are at the very beginning and the needs are urgent
Digital identify and iIdentity management represent emerging disciplines. Identification has been at the heart of human interactions for thousands of years, but the rapid pace at which we have automated and globalized our lives has far exceeded the advances in implementing the basic function of identity. Traditional methods of identification are straining under the realities of global terrorism, rampant identity theft, rising financial fraud and soaring numbers of insecure digital transactions in cyberspace. Meanwhile users of the networked world are tiring of having dozens of ID’s and passwords with different rules and expirations and no effective way to store and retrieve them. The need for digital identity is urgent.
The technologies and solutions are emerging
The vendors and speakers at the conference made it clear to me that digital IDs can be implemented today. The iris scanning, face scanning, holographic printing, middleware, smart card and other solutions are working. Not perfect, but working. State governments, countries, and companies around the world are using these solutions in real applications today.
Biometrics are essential
It is clear that everyone wants a biometric solution. The Magtek technology can bind the mag stripe to the card. Verisign bind email addresses to messages or transactions. Various solutions can bind a digital ID to middleware and applications. The missing link is to bind the digital ID to a person — to a physical, living, breathing body. Without that we will not have the perfect solution.
Waiting for perfection
There are many skeptics and their voices were loud and clear at the conference. It reminded me of ten years ago when people said the web was not ready for serious use in business or government. More than one speaker from a government agency openly challenged the vendors to come forward with a biometric solution that is ready. By ready they mean scaleable to tens or hundreds of millions and 100.0% accurate and reliable. I equate this to challenging the industry to say that they will buy a new personal computer once they get faster and cheaper. Wait for that and you never buy a PC. Wait for perfect security and you will never have good security.
Start simple, act bold, grow fast
There are many uncertainties in the digital identiy space, but one thing that is clear is that there will never be a perfect solution. The need is urgent and the solutions available today can go a very long way toward making things better. Not perfect — but much better, maybe 90+% better. The time for leadership and action is now. Pilots and prototypes can show the way. We should have a grand design in mind but not be hostage to it. Starting with simple applications with low risk can yield success and confidence. Then something more bold can be tackled. A lot of baby steps will get us much further than planning the grand leap but never being quite confident enough to take it.