| |

Digital identities - how and why we are where we are, what it's proposed we do about it and whether it will work.

The fintech world is at last waking up to the biggest problem facing real-world businesses: how to perform KYC on customers you will never physically meet and who live lives which do not intersect with your own except for one specific purpose - the provision of a service. Of course, being tech-driven, fintechs are looking for a tech solution and they've even got a name for it - Digital Identities. The world is full of "White Papers" but there are no practical applications nearing real-world testing, so far as we can ascertain. It appears that, as in so many cases, people are starting with the tech and trying to make the problem fit it, rather than looking at the problem and trying to build tech around reality, says Nigel Morris-Cotterill.

Long read. Free for seven days.

**This article has been updated for spelling, grammar and one or two additions or amendments performed to improve clarity.** 11 November 2019.

Allen says

"PGP (1991) offered one of the first hints toward what could become self-sovereign identity. It introduced the 'Web of Trust', which established trust for a digital identity by allowing peers to act as introducers and validators of public keys. Anyone could be validator in the PGP model. The result was a powerful example of decentralised trust management, but it focused on email addresses, which meant that it still depended on centralised hierarchies."

Even for a technophile like me, PGP has always been a step to far in the direction of complexity. I have honestly never been able to work it. But if one looks at what it does rather than how it does it, one can see two elements that are highly useful in the current debate: validation is done on a peer to peer basis. Secondly, there was "decentralised trust management."

Peer to peer validation can be viewed as a sort of wiki where anyone can insert and edit data. We now know, as the dark side of social media and comments appended to newspaper articles show, that there are sufficient people around who will post anything without fear of consequences that any form of peer to peer identity validation would lose its integrity and value very, very fast. Therefore a great possibility is lost because the very resource that the system relies, i.e. many contributors, on is unreliable.

What about the "decentralised trust management" point? FIrst, for our purposes, the criticism of specific data undermining the concept because it "depended on centralised hierarchies" is in fact a feature that supports the prospect - if we want governments to support such a project and to encourage financial services etc. businesses to use it, then some kind of fixed identifier that can be authenticated is essential. Much of industry uses a mobile phone number for that but in the great pattern of stupid ideas, that's close to the top. Only last week, I had a photo of a stranger pop up in my WhatsApp listing. Why? Because she is the latest owner of a phone number I can't delete because WhatsApp won't let me. Yes, it says I can "block it" but that's not the same (oh, and by the way, now I have her photo and name and other details on the updated profile page and her "status" to which I am absolutely certain she has not given her consent to be passed to me, just as I have not given my consent for the reverse to be true. But, hey, it's Facebook, who wants to provide accurate verifiable data to support its Libra project because, you know, it already knows everything about everyone.).

---------------- Advertising ----------------

| | | |


World Money Lau...