Today we are used to companies wanting to collect as much information about us as possible. Data breaches in an increasingly digital economy may, paradoxically, reverse this trend. Companies that collect data on us could be mandated by law to keep it secure, and be held liable if they cannot. That could turn personal data into both an asset and a liability that, far from collecting, companies may look to offload.
As companies collect more information about us, there is a greater chance that spurious data enters their systems without our knowledge, erroneously influencing their decisions. We can expect this to lead to more and more problems for consumers, and so drive calls for more control by individuals over their data. We think it likely that awareness of digital identity issues will increase calls for privacy and anonymity online, along with increased ease in sharing identity attributes when desired.
We can imagine specialist firms arising to provide it, or existing trusted sources – banks, for instance – adding attestation as a service. This could in turn lead to a marketplace in which attesters compete with each other, with the competition furthering technological progress.
We can also foresee a number of specialist ancillary identity services. For example, we might see the rise of identity brokers that assist users in managing their identities, perhaps by helping them aggregate their identity data and use it in different contexts. Such brokers might also help protect users of identity by keeping up-to-date details of reliable identity attesters. Furthermore, such brokers may become the makers of identity marketplaces.
In such a self-sovereign identity platform, the individual takes on the role of identity provider, collecting all of his or her available attestations and attributes, and keeping them in a digital vault or other system (similar to the way we keep our passports and birth certificates at home in safe places). We already have technology and techniques that could make such systems viable, for example, UBS Safe. Through cryptographic means, for example, we can safely store and share attestations while ensuring that they can’t be falsified or misused.
This is not to say that we think banks should be the sole providers of identity platforms; quite the contrary. But as we work towards a digital identity future, banks can supply their expertise and infrastructure. We think that banks are also in a position to take on a number of roles in a digital economy, for example as identity attesters or identity safeguarders, that go beyond traditional financial services.