Are you seeing a mass acceleration of ID and personal data technology? On this week’s State of Identity podcast, we welcome David Morgan, Visionary at AerPass to discuss the efforts of a consumer-led economy, “Age of Expectation.”
Cameron D'Ambrosi, Senior Principal at Liminal
David Morgan, Visionary and CMO of AerPass
Cameron D’Ambrosi [00:00:03] Welcome to State of Identity. I’m your host, Camara D’Ambrosi. Joining me this week is David Morgan, visionary and CMO of AerPass. David, welcome to the podcast.
David Morgan [00:00:13] Cameron Thank you very much for having me on. It’s it’s an honor to to do this with you, having listened so intently to so many of your podcasts in the past.
Cameron D’Ambrosi [00:00:22] Thank you for the kind words and really excited for the conversation. You know, in our preamble that we were just doing now off recording, we were talking about which direction we kind of want to take this. And I think our decision to anchor this conversation on some of the kind of go to market factors around digital identity is really going to make for a great conversation because this is where we’re at, I think in the industry is we have the right tools. I think we know that the technologies are there. It’s a question of how are we going to get scale, how are we going to get communities bought into these ecosystems and actually make them relevant for the average consumer, which I think comes with getting that network effect and getting as many end points in that network as possible. So. Without too much further ado, tell me a little bit about our past. You know, what are you about? And 15,000 feet for someone who doesn’t know what Aerpasses is never heard of you. What have you built?
David Morgan [00:01:27] So we have a personal identity network and we base that on the concept that we should be one person and one identity, which we believe is a unique and revolutionary innovation in that. How we assert our digital identity and how we control and then to operate using our identities. Solves a significant user issue or user experience issue. Which then in turn I think gives us a next generation customer identity and access management system. So we straddle both sides. I think of of the issue that potentially is is is on the horizon.
Cameron D’Ambrosi [00:02:16] Yeah. You know, I think we are at this critical inflection point where I think consumers are ready and the enterprises are ready. And I think we know governments are ready because we’ve seen governments, you know, whether it’s the EU with EAI Das or whether it’s other nation states kind of rolling out their digital identity platforms like everybody agrees we need something. I think the question is, you know, what shape is that going to take and what role does the private sector have to play? I think, you know, here in the United States, the argument that the private sector needs to play a larger role, I think is a reasonable assumption just owing to those cultural factors, again, shall we say, where? I hold that I do not think we will ever see a national, federal digital identity in this country just because Americans fundamentally will not accept that. It’s just anathema to our notion of of liberty. And that’s a whole different ball of wax, of like what is a more pernicious threat to our civil liberties. You know, a well-designed federal digital identity program or, you know, a more balkanized approach that involves private sector players. But I think to some degree, that’s that’s neither here nor there. This conversation, I think we both agree the private sector is going to need to play a role. If you had your druthers, you know, at a broad level. And then I would love to kind of get into some of the more particulars around your go to market strategy. But what role do you hope that the government is is going to play in the deployment? And what role do you think is best suited to platforms like Aerpass?
David Morgan [00:04:04] Well, I think I think the the social and the cultural issues that you that you identified, I think are key drivers in terms of the the the adoption of of new technologies. And I think that as citizens were potentially more likely to put trust in a private sector business that utilizes. Government identity or centrally held government identity credentials because they exist and we accept that they exist. But it’s the the access and the freedom of movement that I think is as a layer, puts our pass into into a really important position in that we can assert or you can assert your identity, you can assert, assert your credentials without transferring or storing any of them from the source of truth. And that gives you the opportunity to to to, as I said, demonstrate who you are. Prove to the counterparty that there is that trust there. And and there is a valid and verified credential without any sort of government intrusion or any kind of sort of. Extra extra sets of eyes on on what you’re doing is as a citizen. So essentially, we can call on on these identity documents or credentials that exist and then we can represent them on your behalf with the consent of you. So it’s a user controlled identity provider, which is because of the way it works, is completely reusable and interoperable. So we can utilize, you know, the point solutions. That’s what they do. That’s fine. We’ll work with them. There are certain of that lower level elements of identity. I think that you have to that you have to have such that we can we can put forward on trust. But essentially, I think the government document, the government identity credentials will exist. We will exist to draw from them and give citizens a a comfort that there’s no intrusion from from any of the party.
Cameron D’Ambrosi [00:06:28] Yeah, I think it’s I mean, where I have felt that the role that the government must play in even the most libertarian digital identity schemes is hopefully directly connecting to the platforms to provide a non implied, you know, creation of an identity in the ecosystem. You know, I think the notion of when you talk about true self-sovereign identity and the folks who fundamentally believe like, hey, this should be completely user centric, you should have no direct relationship with the government because you know, the government can revoke your identity. And what happens then if you’re on the blacklist? Well, you know, on paper, I suppose I endorse all of those sentiments. But in practicality, you know, if the government decides that you’re persona non grata, that you can’t get on the plane, you can’t open a bank account, you can’t do anything with your identity, you know, does it really matter that you are in control of that credential and that they didn’t revoke your wallet itself? If any time you go to present that your name is on the sanctions list or or whatever, a no fly list, what have you. So I’m sensitive to those concerns. But, you know, I think the European Union style approach, which is, look, we are going to give users complete control over their wallet in their account, but we are going to tie that credential directly to an issuing database as opposed to having to have the, you know, the necessary kind of vulnerability of a middleman, like a document verification document scanning player. I think in some ways, that’s I’m trying to think of an analogy. You know, it’s like you can either have a whole new Humpty Dumpty or you can have a Humpty Dumpty that you kind of drew from someone describing to you what Humpty Dumpty looked like. Obviously, you know, getting that new in-box, Humpty is is, I think the preferred approach.
David Morgan [00:08:29] Going down a child’s toy analogy, rabbit hole. Now, I think I’m about to bring a Rubik’s Cube, so we’ll carry on with that in a minute. The I guess the. The those threats or those those instances that you mentioned exist in the physical real world as well. You know, if you’re if you’re driving licenses revoked, your driver’s licenses revoked, you know, if you’re you’re on any of the physical documents that we had there issued on behalf of or authorized on behalf of a a typically a government or a government department. So I think the ultimately what we need to do is replicate the real world as much as we can in the digital.
Cameron D’Ambrosi [00:09:15] Yeah, I know. I completely agree with that. And in some ways, you know, we’re I think we’re we’re putting the cart before the horse. In some ways as an industry, if we expect these digital identity systems to be in and of themselves, a hedge against tyranny, I think putting privacy centric principles. At the front and center and making sure things are user centric and that all access and data sharing is fully permissioned makes a ton of sense. But an identity document in and of itself, I don’t believe, can be a hedge against, you know, misuse or abuse by the government. As much as I wish that were were not the case, you know, I would love if we had a kind of a magic technological silver bullet that would prevent things like, you know, civil liberties abuses and mass surveillance. And, you know, to some degree, if that surveillance is of electronic technologies, certainly we can we can design hardware and software safeguards, but it’s going to take a more concerted and holistic approach as citizens. And I think I hope that we don’t let the perfect be the enemy of the good with the rollout of some of these technologies. You know, as an American, I think it’s a unique point of frustration around digital identity when we look at trying to move beyond, for example, Social Security number. And you have groups that are vehemently opposed to government agencies, whether it’s adopting things like facial biometrics or using different technologies for authentication, you know, folks kind of blowing their lid about it. And I think those concerns are valid. And I think enhancements should be made to these platforms and to these technologies to address some of those concerns. But, you know, just going back to the way it is now is not a viable path forward. Like, if you look at the problems the IRS is facing, it is I see the threat as much more pernicious of someone with just knowledge based authentication can log in to the IRS website, download my entire tax return and steal my tax refund by filing it before I do more so than, you know, a private company getting a copy of my facial biometrics, for example. Like one of those things is a more abstract threat and a violation of my privacy in certain ways. But the other one is a very real and tangible threat that’s happening to like tens of millions of Americans on an ongoing basis. And I think we would be remiss to not take action in a way that patches some of those most pressing vulnerabilities. So I think there is a path forward and kind of to this. Statement. I made it at the beginning of our conversation. I think from a technology perspective, we have most of the tools we need. And I think now it’s it’s a consensus building problem. It’s a community building problem. It’s a challenge of getting stakeholders, you know, institutional stakeholders, government stakeholders, consumer stakeholders, aligned and scaling, you know, more so than it is like let’s find the new technology breakthrough. So that’s a long way of saying, you know, from an Aerpass perspective, you know, this chicken egg problem I think is one that’s fundamental across the industry. Consumers want use cases before they join an ecosystem. Relying parties want users before they commit to the capital required to deploy an ecosystem. How were you thinking about solving that cold start challenge with our past?
David Morgan [00:12:58] Yeah, I mean, it is it it is a very. Philosophical question and you ask at the end of every podcast, what’s your crystal ball? What are your crystal ball predictions? And I think the the majority of responses from particularly the point solutions people is that there would be some kind of digital wallet that can facilitate or bring together all the functions of the of the digital identity Rubik’s Cube which is coming back to our toys analogy. And the I guess ultimately we have to look at a number of things and yes, there are edge cases and there are, you know, difficult, you know, serious potentially serious breaches of of of identity. But then. I’m very keen to just look at the flip side for for actual deployment and scale. How do we do that? Well, it has to be something that users can use and actually has a benefit to users in the whole. So, you know, taking it right back, there’s probably two or 300 digital versions of me everywhere. I’ve created an account or, you know, submitted some kind of identity or made a purchase in, in, in the ether. There’s innumerable faceless versions of me that have been scraped up and harvested by, you know, big tech companies who have a knowledge of my identity and what my preferences, all my locations and search history, etc.. And, you know, that’s how they are successful. You know, they package that up and sell that to to to businesses and enterprise and merchants that, you know, want to sponsor ads for me. So we take it all the way back and just say, well, look, how do we how do we act? How do we interact online? We’re now digitally native. Last three years of have accelerated that process. But. Do I need to, you know. What do I need to do to book a restaurant? You know, the the the concept of of just locking in and shopping and creating accounts, registering. Is that really necessary? You know, can that be circumvented? Can that be more efficient? And I think the the the point solutions are excellent. And I think there’s some very competent solutions and technologies out there that do solve significant problems. However, I think they are aimed mainly as insurance policies for for for business. I don’t think what is being missed is the probably one of the top conversations that’s happening in the boardroom, which is this is the age of the consumer. This is the expectation economy. How do businesses become more customer centric? And I think looking at the the the overall operation of how we deal with people and how we deal with users online is something that needs to be or can be looked at and can certainly be improved with things like IPOs. You know, I watched a there’s very few Siam demos online on YouTube, but there is one which involves how you enroll to take a quote on or to get a quote on your car insurance for car insurance. There was 26 steps and 20 data points that needed to be entered to actually get that. And that’s I think there is a potentially an acceptance that that is what we have to do because that’s the way it’s always been done. So our mission and and how we want to change the world, if you like, is to say, look, that that’s not necessary. With your single identity through our pass, you don’t have to enter email addresses and register accounts. Put your address in, put your date of birth and verify. Click through, verify an email, put a one time password in, create your password, confirm, etc., etc. And there is no need for that MFA because if we can, if we can guarantee and assert that the both sides of the parties are genuine parties so that there’s a, a creation of trust in the middle by our Aerpass, then we can eliminate almost all of the user friction in any transaction or any interaction. So I think the, the, the, the key point here is how do we change the way that we access sites or access different places online? And that’s where our purpose comes in as a single point of entry with user, you control your use your user data. You have security that’s built in. You have privacy because you only consent to to do what you choose to. And effectively you can go you can access and exit with virtually no keystrokes. Looking at the user journey itself, I think there’s significant uptake and personally for me something like Aerpass that was ubiquitous would be an absolute dream, just in terms of my own personal online life. And let’s not forget, everyone’s a user. Everybody is a consumer. Everybody’s a customer online now. And if I could do that with one click, then I would certainly choose that over the current methods, which I think are built around the infrastructure that is 60 years old.
Cameron D’Ambrosi [00:19:10] Yeah. I mean, I think user experience remains the the place that is the, you know, the lever that kind of multiplies the force of the impact of digital identity. And I think, you know, a challenge and a mistake we’ve made to some degree as an industry has been anchoring on kind of the risk elements as opposed to growth. I think growth is the is the thing that is going to turn, you know, key stakeholders heads much more so than, you know, the risk pieces because as someone who formerly worked in risk and compliance, your budget is the first to get caught. You’re seen as a cost center. And that’s just not a key motivator for, you know, top level executives. But, hey, we’re going to see 20% less drop off out of the top of our funnel because folks can come in with one click. That is a compelling argument.
David Morgan [00:20:02] And also, you know, it’s a zero password system. So, you know, we don’t have to look too far to see what the cyber attack vectors are. Against against businesses. If there’s no password, if it’s not visible, then it can’t be manipulated and it can’t be hacked. So we firmly believe that the best technology is seamless and invisible. So from a business perspective or a merchant perspective or an entity perspective. You know, we we can guarantee that the person that you’re dealing with is the person that they say they are. We can eliminate the password issue, support costs, password managers, etc., etc., and take customers on a journey for whatever reason that may be from start to finish. Realistically, without inputting anything. And anything that’s visible is a taxable. So you know whether that’s you know we’ve seen passwordless password managers being hacked recently we’ve seen so far being attacked recently. And again, that’s because it’s visible. If it’s visible, then it can be taken.
Cameron D’Ambrosi [00:21:24] Yeah. You know, I always like to joke about, you know, the the worst part of the car, the most dangerous part of the car being the behind the wheel. I think you can safely say that with regard to things like user credentials, the vulnerability is is the user, you know, and that’s not to it’s funny and we can all have a laugh about it, but that’s not to say that that is something that we should be dismissive about. Right? Like just because I am someone who has chosen to dedicate my life to technology and these challenges doesn’t mean that my grandma needs to have done the same, you know, to be to be safe and to be protected. I think it’s you know, it can be easy to kind of fall into a bit of a smug rabbit hole as technologists, to say, well, like, you know, these users just need to get smarter. And it’s not that hard to do this. But in reality, like you, you know, you don’t have to know how an engine works to use a car every day. You should not have to understand how, you know, public key encryption works in order to keep your data safe. So I think we do have an obligation as an industry to make it, you know, I know the term idiot proof is again somewhat derisive to the user, but for for these purposes, make it as idiot proof as possible, because data security is something that everyone deserves to enjoy. Even someone who who has no idea what encryption is or what what public keys or private keys are.
David Morgan [00:23:03] No. And. You know, social engineering wouldn’t exist if it wasn’t for users. So you know that there are I think it’s it’s a double sided. Industry. And I think, as I said, I think the users perhaps being overlooked a little bit and I’m very much on the end and we airports are very much on the side of the user to enable them to work through and go through digital life as easily as possible. I think the so just the easiest way to to describe how Airbus works is there are. Three keys to your safety deposit box. The merchant or the entity has one key. The user has a key, an Aerpass as a key, and only when all three keys are presented that will the deposit box be opened. Then they’ll be sight of whatever the credential or the information needs to be or should be. And that can be, like I said, from. Booking a table at a restaurant all the way through to buying a piece of real estate. And with the. With the. With the facilities and the partners and the back office that we have. You know, we can verify that both sides. So it’s know your customer and know your business. And it’s a legitimate transaction or a legitimate interaction that’s taking place without transferring or storing any data. And again, I think there’s a level of protection there that you don’t need to understand how it happens. For it to work and for it to be effective and for it to be attractive for users to want to use it. Which gives you adoption. Which gives you scale. And for businesses to see the benefits of it to have, because everybody wants a better user experience and this significantly improves the user experience. That exists currently.
Cameron D’Ambrosi [00:25:13] I couldn’t agree more. I think it’s it’s so, so critical. And again, I think we as an industry need to get over to some degree of fetishization, for lack of a better word, of complexity that, you know, simple is better, easy is is better. And I think we’re really going to to hopefully see some dividends paid out by sanding those those rough edges off to bring us.
David Morgan [00:25:44] Oh, go ahead. No, I think I think this simple is great. I think simple is is that being called a simplest in my days, in my time. But I truly believe that that simple is the most efficient way. And, you know, having looked and been in the industry in the last three years, I see a lot of very good, like I said, point solutions. I do real, real, real interest in your the honeycomb that you produced and to see there’s 30 different elements that make up the honeycomb. You know, as an infographic, I thought it was great, but it also highlights, I think the the the, the differentiators of and players in the digital identity percent personal data network.
Cameron D’Ambrosi [00:26:34] So to bring a son home here, I would love to hear some of your thoughts around future predictions for the market space, whether those are things that you believe we’ll see or maybe some aspirational thoughts on, on what you hope to see and what you think needs to happen to really see some progress in this in this critical, critical space.
David Morgan [00:26:58] So I think for for for Aerpass, I think we will be taking a lot more seriously with a significant user base. We are depending on when this goes out, we are alive or just about to go live with our first customer who, you know, potentially could give us access to up to 5 million users. I think that will be great leverage for us into other potential customers. I think once you get to sort of medium scale, I think the Aerpass button will be an equivalent button for social login, social sign on. So hopefully, you know, we’ll be up there with Google and Facebook. But you know, the, the, the log on of choice for people who don’t want to to have a for businesses that don’t want to have their customers data scrutinized and for users who likewise would like to to retain their own information. So I think we can we will scale with with users. I think once we are demonstrating what we’ve got and what we do, I think it’s a natural progression that that button will appear on more sites. But without ending it there in the roadmap for the very near future is to really look at personal data. To take almost the individual micro server perspective for each user who can store their own preferences, who can store their own data that’s currently being shared. You know, across who knows where? And within a network. Clearly the value of a network goes up exponentially with every node. So for every user that comes online or every entity that comes online, there’s an opportunity there to share personal data and see value from personal data. So I think there’s a real opportunity for what is called conversational commerce. So let’s say I want to book a holiday to to Spain. I’m going to go on a cycling holiday within the network. There’s a a cycling shop that can send me a notification saying it looks like you’re going cycling. Would you like some inner tubes or, you know, a new set of shorts? So within a a networked environment, I think there’s a real, real opportunity for people to improve how they interact with brands. And I think that has a lot to do with brands being able to demonstrate value to them, to value their loyalty. And, you know, there’s. Every business should know what the cost of customer acquisition is and what the value of customer retention is. So again, I think that giving. Zero party customer data as an option to to brands will significantly add value to the whole proposition whilst also just giving the user control. Giving them the opportunity share to share or not share what they do and how they do it. So I think there’s a there is a natural extension beyond just identity and to personal data. And I think that will come very soon.
Cameron D’Ambrosi [00:30:41] I love it. You know, I think I agree with almost all of those markers you’ve laid down. And, you know, I wrote about in an email blast to our members this week about the coming pressure that we expect to be put on. Data brokers know FCC, FTC already cracking down on mobile networks, on data brokers who are already under the gun to cut off these third party data streams. And I think first party data is certainly a viable path forward. But to your point, is zero party data, as you call it, I think is where I would love to see the market headed so fantastic all around. Thank you so much for your time. I feel like we could go for for another hour at least, but we’ve we hit the end of the road here before we wrap. For folks who are listening, who want to get in touch with you, want to learn more about Aerpass, are interested in anything you’ve laid down and want to know more. What is the best place for them to go and how would you prefer that they reach out to you?
David Morgan [00:31:48] You can see us past dot com and that’s a e r s. My email address is David at Aerpass dot com or you know, just look us up on LinkedIn and reach out on LinkedIn and we’d be happy to to continue any conversations or certainly give you an insight into what we’re doing and a little bit more details.
Cameron D’Ambrosi [00:32:11] Amazing. Thank you again. Enjoy the rest of your week and looking forward to hopefully catching up with you again soon to hear about all the progress we’ve made.
David Morgan [00:32:20] I would love to, too. Thanks very much for your time, Karen.
In the latest State of Identity podcast, hosted by Cameron D’Ambrosi, we’re joined by Laura Spiekerman, co-founder and president of Alloy, a global identity risk solution for financial services and a Liminal 2023 Company to Watch. We’ll discuss its pioneering role in the orchestration-centric approach to Digital Identity in Fintech. Spiekerman delves into the challenges Alloy addresses in the fintech space, where compliance and fraud often hinder innovation. Join us to explore the evolving landscape of digital identity in Fintech, trends in fraud prevention, and the critical intersection of customer experience and security.
In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management (CIAM). Join host Cameron D’Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of FusionAuth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.
Tune in to the latest episode of the State of Identity podcast series, where Data Security expert Shane Curran, Founder and CEO of Evervault, dives deep with host Cameron D’Ambrosi into the intricacies of data security. Discover why basic encryption methods aren’t enough, understand innovative data security strategies that ensure functionality, learn how encryption safeguards AI model training without compromising customer data, and grasp the significance of prioritizing current cybersecurity threats over quantum computing concerns.
In the latest episode of the State of Identity podcast, host Cameron D’Ambrosi is joined by Gadalia Montoya Weinberg O’Bryan, an ex-NSA crypto mathematician and the Founder and CEO of Dapple Security. Learn about Gadalia’s remarkable journey from the National Security Agency to the forefront of identity-focused cybersecurity. Learn about the limitations of current passwordless approaches, particularly in scenarios involving lost or stolen devices, and delve into the crucial distinction between authenticating the user behind the device rather than the device itself. Gadalia introduces Dapple Security’s unique solution, which involves generating an on-demand passkey using a user’s fingerprint—emphasizing the company’s commitment to user privacy by avoiding the storage of biometrics on the device or in the cloud—and how this approach is a key element in enhancing overall security posture.
In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.
In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.