Forum Magazine: The New Age of Digital Identity — How Attorneys & Compliance Officers Might Adapt to New ID Models

Topics: Artificial Intelligence, Compliance, Cybersecurity, Cybersecurity & Data Privacy, Data Privacy, Digital Identity, Financial Crime, Forum Magazine, Government, Government Regulation

Our current form of identity is dead. Or at least, the system that declares you are who you say you are, legally, is under extreme duress.

In fact, the Equifax breach that exposed the names, addresses, Social Security numbers and credit history of 143 million US citizens is only one of hundreds of thousands of worldwide breaches. At a minimum, about half the people in the US have had their Social Security number compromised, leaving it floating in the electronic abyss.

A government-issued identification number is only one component of what comprises an “identity.” Nearly everything you do today contributes in some way to your identity. For example, if you “liked” more than 300 posts on Facebook®, then that platform’s algorithms know your tendencies and preferences perhaps even better than your partner, husband or wife.

China has developed the Social Credit Score System, tying facial recognition via 600 million cameras, to how their citizens act in public. If you light a cigarette in a nonsmoking area, jaywalk or speed, then your “social score” goes down. Continuous “deviant” behavior could prevent you from boarding an airplane or applying for a loan. China aims to have “scored” all of its 1.4 billion citizens by 2020.


That information will likely be housed in a digital wallet and stored on an immutable secure blockchain. The public key can be used to verify who you are when someone asks – think of it as flashing a QR code such as a digital loyalty rewards card at a retailer. The verifier then can validate that public key on the blockchain.


As these examples illustrate, identity is a complex amalgam of data, which combined in parts or as a whole, can directly identify you – and if you are not careful with it, provide opportunities for bad actors.

The European Union’s General Data Protection Regulation (GDPR) is attempting to put the control of identity back into the hands of the individual, but that is proving challenging because of the porous nature of our current technology solutions. And it is unlikely that GDPR will be the last attempt to place government regulations around how identifying information can be used. Nor will governments be the only entities attempting to improve how identity is managed.

According to the World Bank, 60% of the world’s GDP will be digitized by 2022, underscoring how digital identity will continue to be the foundation for everything we do personally or professionally. As a result of this rapid advancement and the challenges it presents, several new philosophies have taken shape to resurrect our identity from its current trough.

The Juncture Where Digital ID Meets the Law

Sovereign Identity

The first model that lawyers will encounter is one where each individual controls and owns their own data. The individual controls the release of it and access to it, and it is otherwise completely encrypted.

With sovereign identity, a trusted source issues the credentials. In the US, for example, the Department of Homeland Security (DHS) is likely to become that trusted source, issuing a new universal identifier that could replace your Social Security number within the next five years. DHS would issue this to you and simultaneously to a distributed ledger; and as an individual, you would receive a public key and private key for your information.

That information will likely be housed in a digital wallet and stored on an immutable secure blockchain. The public key can be used to verify who you are when someone asks – think of it as flashing a QR code such as a digital loyalty rewards card at a retailer. The verifier then can validate that public key on the blockchain.

This model can be scaled to verify healthcare information, birth certificates, driver’s licenses and all pro le information, including things like sports team preference, favored leisure activities and any professional licenses held. All of this information can be lent to companies of the individual’s choosing, and individuals could even be paid for advertising they see, based on their specific interests. The individual would also be able to expire those relationships on demand.

The challenge that may arise for law enforcement and lawyers is access to this information for investigations. Without a central repository of data in the clear, gathering such information during an investigation can be far more challenging. In addition, lawyers will have to learn to integrate this identification verification into their workflows. Notary public jobs will be at risk, as the fundamentals of this model essentially verify that someone is who they say they are, using this technology.

Tokenized Identity

The second model that lawyers will likely have to grapple with is tokenized data. TrustCommerce, a payment processing company, has created an algorithm which renders customer data unidentifiable and untraceable, making it impossible for anyone to misuse sensitive information. This process of replacing sensitive information with algorithmically generated numbers is called the tokenization of data.

This tactic has been applied to credit cards but is now being applied to all sensitive information or important documentation. In the figure below, the risk is vastly reduced so that vendors or point of sale organizations never see private information. The token is used one time and is worthless if stored and accessed later.

Forum

Forum

Compliance attorneys will see this solution as a boon to their industry, reducing liability. The burden on organizations will be reduced as sensitive information is tokenized and not stored in clear text. In addition, tokenized data is not considered sensitive information, so the assumption is there will be less fraud and fewer opportunities for hacking.

Decoding the Future

As countless companies, government agencies and individuals contend with an identity system in crisis, new models are rising.

Increasingly, attorneys will have to deal with the cross section of where technology meets the law. Digital identity is the baseline to do anything going forward, impacting various aspects of transactional and litigation practices. And these newer solutions will rely on systems that are built on increasingly more complicated code.

Lawyers will find themselves decoding these models for compliance, constructing and deconstructing contracts, as well as for conducting investigations and pursuing litigation.