At the end of each year, we like to reflect on our accomplishments as a collective industry as well as to recharge our magic 8 ball and predict what lies ahead. In addition to publishing our 2023 predictions, we also keep ourselves honest and deliberate on whether our crystal gazing was a bellwether of change.
Looking back on the predictions we held for 2022, how did we do?
Apple announced its intention to launch its eID platform in 2021, and we predicted Apple would face difficulty in achieving its target of 50-state deployment in 2022. It’s an unprosperous outcome, given the news headlines offered so much potential for the first wave of eIDs in America. Since Apple’s announcement to support mobile drivers licenses (mDLs) in the Apple Wallet, the initiative has been rolled out across three states – Maryland, Arizona and most recently, Colorado. According to Liminal research, 60% of consumers would be likely to adopt a smartphone-enabled driver’s license irrespective of current local or federal laws. To gain meaningful traction with consumers, Apple will need to offer more use cases – or simply stated, more reasons to flash your ID on the go. (Today, the mDL’s usability is limited to some TSA checkpoints in a few airports). Apple still possesses an enormous advantage in the wallet space given its hardware and existing ecosystems; however, collaboration with various state governments is still a riddle that must be solved. Unlike private companies that focus on servicing an obtainable target market, governments must provide services to all of their citizens unilaterally. For something like a state-issued driver’s license to reach true scale, a digital ID must have full interoperability across all devices and applications. Apple-supported mDLs simply can’t scale for users without an iOS device. Despite Apple’s best efforts to gain exclusivity, we predict that it will struggle to control mDL program rollouts.
Although we have high hopes for mDLs to be universally accepted across the U.S., this prediction was a lay-up. Here at Liminal, we’ve put a stake in the ground that the future of consumer identity rests squarely on the success of Personal Identity Ecosystems (PIEs). We believe there is strong demand for PIEs – and demand for trust and ubiquity across a variety of use cases (beyond TSA checkpoints). The current market is not being met by any one existing solution provider. Instead, the value of PIEs is realized through sustained cross-industry and public-private collaboration. We give ourselves an A.
Although the U.S. is struggling to craft a unified eID plan, Europe remains an established forerunner for governments to offer their citizens electronically-native identity credentials. The latest proposal being discussed across the EU requires member states to offer a digital identity wallet to every citizen who wants one. The proposal also makes clear that member nations will not be forced into adopting any one solution, public or private. The proposal could be entered into force in the first half of 2023, though we at Liminal think there’s a low chance of that happening. The reason for haste in getting the proposal out into the open is to allow private industries and digital identity experts to provide their feedback. Even with this impending timeline, there are still a number of questions that need to be answered. What exact role will private industry play? How will technical specifications be verified and enforced? How realistic is it to demand a similar user experience and performance across borders? How will different countries handle security challenges, like identity theft? The hope seems to be that these questions will have straightforward answers, or at least enough consensus to be practically viable.
At Liminal, our thesis is that reusable identity – as can be demonstrated with the introduction of eIDs – relies on network effects enabled by Personal Identity Ecosystems.To facilitate reusable identities, the current paradigm needs to shift to one that supports interoperable networks, public-private partnerships, and fully fledged ecosystems – with supporting standards, policies, and trust frameworks – that provide consumers with data mobility. It’s no vanity project – if done successfully, we calculate the opportunity for reusable identity as a $32.8B market TAM, growing at a 68.9% CAGR by 2027.
The EU continues to set a high standard for what eID interoperability should look like although there’s still much work to be done to move initiatives beyond the proposal stage. We give ourselves a B+.
Our prediction was identity proofing vendors like Jumio, Onfido, and Persona would extend their product capabilities to include additional identity orchestration throughout the customer journey. Resultantly, we imagined that identity proofing might have a bit of a celebrity moment – earning ‘household name recognition.’ An IPO would have been one of the myriad ways identity proofing could step into the limelight. However, if there was a solution segment that stole the show this year it was Consumer Identity Access Management (CIAM) – with several well-known, public identity providers going private in its listing status. Thoma Bravo was the private equity kingpin, taking three identity giants private:
We couldn’t predict this one playing out as it did, but we do attest that one thing each of these three companies have done extraordinarily well is to find their place pinning capabilities against the Consumer Digital Identity Framework. In a crowded digital identity space, it’s better to excel at one or two things than be mediocre at several things. As digital identity transforms to become something more consumer-centric, the shift from enterprises to individuals is bringing new requirements to the forefront, which means that recognizing and finding a specialization within these five conditions will be paramount for platforms in solving consumer identity challenges. We give ourselves a C and are keeping a watchful eye on evolving consumer identity conditions well through the new year.
In September 2021, the UK’s ICO passed the Age Appropriate Design Code (AADC) or Children’s Code, which poses stricter compliance requirements for not only services aimed at children, but those likely to be used by them. This past August, California passed what is likely the most impactful piece of internet regulatory legislation this year, if not this decade. The California Age-Appropriate Design Code Act (CAADCA) will fundamentally reshape how websites nationwide approach issues of age verification, assurance, and data privacy. In a nutshell, CAADCA mandates that websites afford the highest levels of data privacy to users that are believed to be children and conduct biennial assessments of their approaches in ensuring that this is the case. Many types of data collection are outlawed completely, while others such as the collection of location data are permissible but must be accompanied by obvious indicators to the child user that such data is being collected.
Regulators are taking a good hard look at children's safety on the internet. The FTC announced in December 2022 the issuance of its largest-ever penalty, a $275M fine for Epic Games’ violations of the Children's Online Privacy Protection Act (COPPA). Epic was further fined another $245M over deceptive payment practices. Violations cited in the fine include a failure to protect children from abusive voice and text chats, a failure to segregate children from adults in online matchmaking, and privacy-invasive default settings. Big tech platforms have been aggressively monetizing child users for years, and the regulators have started to push back. If platforms weren't paying attention to age assuance as an issue previously, they definitely will now.
The significant challenges posed by age assurance regulation is an area that Liminal has been focused on over the past year. We give ourselves an A and continue to support that Persona-Based Assured Identity (here’s an Easter Egg for the new 2023 Digital Identity Landscape) will be a digital identity solution segment in its own right.
If 2022 taught us anything, it’s that digital identity has established itself as a critical component of digital transformation. What was once considered to be a nascent, up-and-coming segment of cybersecurity, digital identity has caught the attention of burgeoning consumer platforms, investors, and technologists alike. We’re already pontificating what’s to come in the year ahead and encourage you to read our 2023 predictions coming soon.