One of Australia’s Big Four banks, NAB, recently convened a roundtable intended to uncover insights to help facilitate “collaborative co-design of the Australian digital identity ecosystem”. Participants were invited from industry, government, and academia. I was honoured to be amongst them.
NAB has published the proceedings (PDF), along with a news release. This blog is my independent review of the proceedings.
The roundtable was conducted under the Chatham House Rule, meaning that the discussions can be quoted and used but not attributed. All the passages in quotation marks in this blog come directly from the published proceedings.
In my view, the roundtable took a fresh step forward in critically appraising how we regard digital identity. A serious framing problem “pervades both the private and public sector”, as the proceedings put it.
In the digital realm, I reckon we have become fixated, for various reasons, on “real identity”. Refreshingly, however, the roundtable recognised that it is “very rare that individuals need to prove who they are”, strongly endorsing a reframing of digital identity efforts in terms of identification or verification.
In the physical world, counterparties don’t usually focus on broad identity, but instead look to specifics which are germane to the business at hand. These naturally vary from one application to another. When designing transaction systems we should ask “What do we need to know about an individual for a particular purpose?”.
A modern ecosystem to support the digital economy should therefore have tools and services to help businesses (a) find what they need to know about customers, members, and other end users, and (b) verify that information to the business’s satisfaction.
For example,
- How does an online liquor retailer verify that a shopper is 18 years old, when a number of different digital proofs of age and age-proofing laws are now rolling out at different rates in different states?
- How does a sports club prove that a new coach from interstate has a current working with children check?
- How does an aid organisation prove that an applicant for disaster relief resides in the declared disaster area?
- How does an employer of casual staff determine whether an applicant has the right trade qualifications and safety permits?
Is this an identity ecosystem? Or can it be the beginning of a general-purpose data sharing and verification marketplace?
“Identification” boils down to checking particular facts about someone. It might be a bank onboarding a new customer by verifying multiple photo IDs, or a bouncer at a pub checking that a customer is 18 years old — and checking absolutely nothing more than that. All of these actions take pieces of data and verify their quality.
This basic data verification pattern is common. The elements of ingesting data, checking metadata, and then deciding whether to accept or reject the data are important building blocks of the digital economy.
I was delighted to see the NAB roundtable concluding in effect that “identity” is not the best way to frame the challenges of digital trust and authenticity. Identification — the process each organisation undertakes to make sure they know enough about new customers and end users — doesn’t always “identify”, and it rarely provides an “identity” that can be reused at other organisations.
Identification boils down to verifying data about a person (or a thing or other “subject”). In another blog we will look at how every organisation inevitably does identification differently. Yet, while the details vary, a common data verification platform can be built to support customised identification.
Lockstep’s Data Verification Platform is a scheme to rationalise and organise data flows between data originators such as government and the risk owners who rely on accurate data to guide decisions. Join us in conversation.
If you’d like to follow the development of the Data Verification Platform model, please subscribe for email updates.