The Shape of your Identity

Episode 265

State of Identity Podcast

03/17/2022

Episode 265

The Shape of your Identity

How are personal data and digital identity reshaping society? On this week’s State of Identity Podcast host, Cameron D’Ambrosi is joined by Michael Becker, CEO of Identity Praxis, to discuss the evolution of the identity industry, the latest trends to follow (or flee), and predictions for the future of both consumer and enterprise digital identity.

Host:

Cameron D'Ambrosi, Managing Director at Liminal

Guest:

Michael Becker, CEO at Identity Praxis, Inc.

Share this episode:

Cameron [00:00:05] Welcome everyone to State of Identity. I’m your host, Cameron D’Ambrosio. Joining me this week is Michael Becker, advisor to the Mobile Ecosystem Forum and CEO at Identity Praxis. Michael, welcome to the podcast.

 

Michael [00:00:19] Hey, Cameron, thank you very much.

 

Cameron [00:00:21] So, you know, we had the pleasure of of hooking up in the context of the Mobile Ecosystem Forum had some really great in-depth conversations around kind of the current and future state of identity. Pun intended, I suppose. And so glad to to have you on the podcast here to continue the conversation. Yeah, I appreciate it. Before we get into the meat, if you will, we’ll set the set the table with some appetizers. I do always love to ask my guests, you know, to run through their CV share. You know, those those unique on ramps, those early experiences in their career that kind of shape their perspectives around digital identity and kind of put them in the position to be where they are today. So would you mind taking a little walk down History Lane with us and talking through some of your career evolution and how you ended up advising the mobile ecosystem for a minute and leading identity praxis?

 

Michael [00:01:13] Yeah, and I’ll try to keep this quick. So in the in the mid-nineties, I was actually was my first foray foray into mobile, where I was helping build the custom satellite custom power supply test systems for the Iridium satellite program. And so I started getting involved with mobile around then and started thinking about identity, like how do we understand this individual that’s connecting up through the satellite system? And then in around the late 90s, I started getting involved with e-book publishing and authors wanting to have attribution for their content. Then started talking about rich media, all media messaging through mobile devices around ’99 2000. Everyone thought I was insane at the time because who would ever want to do video or rich media content through a mobile device? And the early 2000s I started one of the first commercial text messaging programs in the United States, a company called Loop Mobile, which is very clearly tied to identity. When you think about all messaging apps associated my phone number. At that same time, I was one of the founding members of the Mobile Marketing Association. I sat on its board for 10 years and then ran it as its North American managing director for the last four three years and then the last eight years, I’ve been running Identity Praxis as a strategic advisory that is helping Fortune five hundred three hundred startups and trade associations like the Mobile Ecosystem Forum on how do we understand and navigate this world, this personal identity world? And what does it mean to help give individuals individual self sovereignty to their data? And that’s really what I’m spending the last eight years commercially on. And in that time frame, too, I’ve also been working on my doctorate that’s looking at what will it take to help people adopt systems that will give them control and ownership of their personal data. So I’ve been really focused for the last twenty five years on all things identity, personal data and what does it take to give people ownership and control of their personal information?

 

Cameron [00:03:11] Amazing. I mean, you know, the the satellite stuff certainly really, really cool, maybe a bit out of my technical depth, but I think a really fascinating entry point into the world of digital identity as well in thinking about, you know, for for our listeners who are maybe not as familiar with the Mobile Ecosystem Forum, you know, what would you say the mobile ecosystem Forum’s mandate is, I guess, for lack of a better word.

 

Michael [00:03:40] It, like other trade groups in the in the around the world, it is a big tent organization that brings players from every aspect of industry, whether or not they’d be mobile operators, mobile carriers, brands, infrastructure and infrastructure providers. You know, people like myself who are advisors and consultants to the industry. And the idea is how do we help make an impact? How do we help create interaction? And how do we help generate insight within the particular context that in the mission that Mobile Ecosystem Forum represents, which is creating a responsible and thoughtful mobile ecosystem so that people can safely and reliably use these mobile devices to go about their life? And it’s it’s really exciting because what it does is it brings players from every aspect of the industry worldwide to talk about the issues at hand, whether or not they be technical, whether or not they be economic in the business model context, the legal regulatory issues, that kind of the moral cultural issues. And then also obviously the politics that revolve around those. I actually call that the five five pillar polymath approach to analyzing and evaluating in an industry. If you want to be successful, you could try to look at an industry or a topic through the technology, economics, legal, regulatory, moral, cultural policy, political lenses. And the more you can do that, the more successful you’ll be into understanding what’s going on. And that’s where participation in membership in a trade group like the Mobile Ecosystem Forum really helps you accomplish because no one person can be an expert in all five of those pillars. But you can certainly try to be, you know, an expert and at least one incompetent and maybe two or one or two others.

 

Cameron [00:05:25] And, you know, the mobile industry, I think, has such a unique and exciting role to play in digital identity. I mean, I don’t think it can be overstated the degree to which the mobile device is now, you know, maybe the single best, you know, digital proxy that each of us have. It’s always on. Effectively, we carry it with ourselves everywhere. It’s in a constant state of connectivity. And that lens, I think a really powerful velocity to the identity signals coming off the device, which, you know, I don’t think we have fully tapped yet, shall we say, in terms of the power that this can create around digital identity. You know, how is the Mobile Ecosystem Forum thinking about this? What trends are you seeing and where do we hope that the mobile players are going to be have more of an impact as we move into 2020 here?

 

Michael [00:06:19] Yeah. And just to be clear about that, too. So I’m I’m a member of the Mobile Ecosystem Forum. I am a an advisor to the mobile. Ecosystem Forum, but to be clear, I don’t speak on their behalf. Right, so anything I express at this point going at any time is my personal opinion that may or may not be supported by them. So it’s kind of like the disclaimer just, you know, protect them. So if I say anything, the know egregious that no one agrees with me about, you know, they’re not they’re not taking the brunt of that. So I want to respond really quickly. I agree with you. So the mobile of the mobile ecosystem, the mobile device, as you put it, is, you know, absolutely instrumental to everyone’s life. Today, the vast majority of people on the planet have some form of mobile device. You know, we’re on the path to getting the next two billion people on the planet connected through the internet. It’s more likely that they’ll be connecting through and with a mobile device than, say, traditional online computers or such that we look to do so. The mobile device is absolutely the central cornerstone of really identity going forward in the world. But I want us to be careful when we talk about the mobile device because it’s so easy just to consider or perceive the mobile device that that rectangle sitting in your hand. But mobile is so much more than that. Mobile is also all of your connected devices. Mobile is your your watch, mobile is your tablet. In the future, it will be your connected contact lenses or any other type of IoT device that you have associated with you that is, either know, collecting data and then either directly communicating that through a mobile carrier network, which is what we often refer to as mobile and or through some other form of internet connection. So I think it’s, you know, it’s I think it’s really important for your listeners to understand that mobile is more than just that little that rectangular box in your hand. It is an all pervasive underlying infrastructure throughout society. That, to your point, is generating unprecedented signals for us to be able to resolve identity for individuals and not just people, but things and enterprises. And, you know, really anything that we want to consider to be a unique, identifiable entity.

 

Cameron [00:08:44] Yeah, I, you know, I couldn’t agree more. I think what has maybe been the biggest impediment is, you know, collaboration, I guess for lack of a better word, which, you know, maybe is overly simplistic in many ways. But you know, you have in the mobile ecosystem what has been, I think in many ways, a triumph of open standards and interoperability. I think, you know, it’s still pretty remarkable to this day that I don’t know. I was just in St. Martin a few weeks ago before Omicron shut the world down again. And you know, my phone just works like, I can go pretty much anywhere in the world and I can count on my phone being able to talk to the local carrier. And more importantly than that, behind the scenes. You know, my carrier and the billing associated with it can communicate with that local carrier and say, Hey, like this guy is visiting, we’re going to let him roam on your network. He’s still going to be reachable at his same number. But then, more importantly, you know, we can collect the money behind the scenes. I think what has proven more elusive is in the digital identity sense, trying to collaborate as well. I remain hopeful that we’re going to kind of break through some of those roadblocks. But it’s been interesting to see how I think a similar challenge, a similar set of problems to the ones that we’ve solved in that more traditional roaming sense has been a bit more of a barrier when it comes to getting everyone on the same page supporting, you know, the future of digital identity.

 

Michael [00:10:23] Yeah. And a great great great, great comment. And let me kind of paint that picture a little bit. So when you’re looking at what you talked about, you know, if you go back to my phone, my five, my five pillar polymath approach to looking at the world you brought up to make what you just talked about the interoperability of communications across mobile operator networks worldwide as we travel, that really fundamentally only addresses, you know, two and a half, if you will, of those pillars fully the technology and then partially economics and then partially legal, but in the context of legal legal contracts in between the respective parties. So if you think about it in that regard, it’s that’s a pretty simple problem to solve. But yet it’s one that’s taken us 20, 30, 40 years. And if you go back to the nature of the evolution of the mobile operator networks, you know, when we go all the way back to the early, say, late 70s, early 80s, you had no. CDMA networks you had, you know, GSM networks, you had networks that did not communicate with each other at all. What really moved the ball forward from a mobile perspective was, you know, the European countries coming together and saying, Look, we need our citizens to be able to travel cross-border. So that’s why they created the GSM network. So and then the CDMA and the LTE and the other kind of networks that existed there was the DoCoMo network in Japan. They were started modeling off of that European GSM model to then create interconnectivity among among the networks. But that whole process and a great person you should probably speak to in the future to really talk about that and see that evolution is guy named Paul Rupert, who is arguably one of the most, smartest and, you know, legacy people I know in the mobile messaging industry and really understands that evolution. But the evolution of making the interconnectivity of the carrier networks and to make sure that the phone calls don’t drop and the messages get sent. That took us 30 40 years, and now it’s become self-evident and the technology’s become invisible, invisible. In order to make that happen, it’s required standards that then required interoperability. And then one of the a term that I just recently learned that I really love is adversarial interoperability, and that was coined by Cory Doctorow. So essentially, what standard say is, you know, you’ve got Connector A and we want it to be able to interact with Connector B. We’re going to set up a standard and allow that to connect. And then the allowing that to connect is the interoperability. So standards where we all come together and say, yes, we’re going to do it this way, let’s let it connect. That’s the interoperability now where evolution where the market really has evolved is when you get adversarial interoperability, because when you have standards and interoperability, it’s both parties are all parties agreeing to do it this way. What happens in the adversarial interoperability environment, which is really what’s happening from an entrepreneurial perspective, is the parties don’t necessarily agree. Someone starts in a operating with my system, whether or not I’ve asked them to do so or not, at which point I either break it or I or I break them, or they break me, and then we work together to solve those problems. And so that’s the other aspect that has created that innovation, and I think that’s often not not considered as recognized as important as it is. And that’s again where forums like the MTF and other trade groups around the world really enable that ability to establish standards, facilitate interoperability, but also encourage the dialog to make adversarial interoperability really work. Now. That was, you know, think about it, take us 30, 40 years to do that for the mobile operating operator networks, and we’re only dealing with two and a half three of the of those five pillars. When you bring in identity, you’re bringing in so much more. You’re also bringing in regulation. You’re also bringing in cultural issues. You’re bringing in, you know, tons and tons of politics. You’re bringing in other issues that can cause an individual absolute material unrecoverable harm if that identity is misused, whereas in the context of you traveling to on your vacation and your phone working. Yeah, I mean, if you can’t make your phone call, if your message doesn’t go through that, you have alternatives. But if you mess up the identity issue for somebody, that’s pretty significant as critical as problems. And so I think that’s one of the areas where we need to really think about when we think about leveraging and managing and using identity is really what that what identity is and how that identity resolves itself within society in a way that actually gives the subject of that identity sovereignty. Because one of the key issues and maybe I’ll pause here for a minute, let you respond is, I believe, because of mobile, because of all of the things we’ve been going through, we’ve actually become digital beings. We are no longer just digital, being physical beings, we’re actually digital beings. And in the fact that our digital self and specially are digitized identity has more economic value to us and society than our physical self today. And so really, we’re digital beings and we end on our kind of legal, moral, cultural, political, technical ideas don’t really yet understand how to grasp that. And again, that’s part of the reason why it’s it’s taking so much time for us to kind of get to that. Some of the points that you were talking about

 

Cameron [00:16:14] phygital, I like that, you know, mostly makes me think of how I get when I maybe have one too many cups of coffee and I and I start vibrating from excess caffeine. But no, I really appreciate that notion because, you know, taking this more holistic approach to digital identity, I think, is something that we really take to heart here at Liminal in talking about digital identity and communicating with, you know, we’ll call them, you know, non digital identity practitioners, the the regular industry folks who, you know, remain so, so critical to getting some of these standards and interoperability off the ground. Because, you know, for digital identity to be successful, it needs to incorporate all of these different facets of our identities. And I think it’s easy. You know, the word identity in some ways is such a loaded term. I mean, it’s one of the reasons why we rebranded oneworld identity to liminal is that the word identity itself just carries so much weight. You know, so many unique kind of cultural elements that in some ways can be distracting when you were leading a conversation around the future of digital identity because I think people, you know, can get hung up on thinking about, you know, I don’t know, a passport, for example, like you start talking about identity. And I think people immediately, oftentimes in the states at least start thinking about, OK, you know, a driver’s license and really pigeonhole in many ways around, OK, this means identity is legal. Deterministic attributes like What is your name? What is your birthday, what is your address, what is your Social Security number? And not any of these other elements which could be, you know, almost ethereal in some ways like, you know, what is your what type of transactions are you executing at this moment in time? What is an academic credential that you have or, you know, certification that you have that might have an expiration date on it? Even something like write your your COVID testing status, like if you have an attribute assigned to your digital identity regarding your COVID testing status, that is, it references a point in time. But at the same time, like me, if I tested negative for COVID a year ago, that’s not really helpful now. So you need to be able to kind of process and understand not only what are these attributes, but what at what frame of time frame of reference are they applicable, which really makes this a bit more complex and multifaceted than just the word I think identity brings to mind for people, which which makes the challenge. I think that much more difficult when you’re trying to bring stakeholders together in this collaborative sense and trying to get it right, especially because the stakes are so high. You know, all of these attributes that. And oftentimes extremely sensitive and to your point, like the value of our phygital selves is is almost greater than the sum of its individual parts, and I think that raises the stakes for everyone who’s involved.

 

Michael [00:19:34] Yeah, and I want to kind of I want it even with the definition that you just provided. You were referring to, you know, fairly specific use cases of attributes and an attribute is nothing more than a a value associated for a particular purpose. But I believe you were referring to more identifiers than necessarily even identity. So like when I’ve done interviews with consumers and we talk about identity or business professionals, invariably too, sometimes it gets really metaphysical. Like, What do you mean? What am I as a human being? You know, my identity as a a business professional, as a father, as a an athlete or wannabe athlete? You know, I how do how do I identify with the world? And I think that’s one of the really critical challenges that we have within this industry is you have issues of I want to identify essentially there is how I identify myself with the world or how I want to be considered or recognized. And then there is how the world wants to recognize me and to identify me. And I think that’s where we really want some of the challenges happen as well. And one of the biggest problems we have in society right now right now, especially in the digital context, is I, as a sovereign individual, have very little or no control to influence how this big bad digital world out there is choosing to identify me or resolve me or define my identity within whatever context. And I think that’s one of the biggest challenges. And the question is, then how do we control that? And so I think as we go through this idea of identity, for me, identity is really nothing more than kind of that was metaphysical concepts that we were just talking about. I think what really you were referring to and I think what most business professionals start thinking about is not identity, but identity management. And so then that talks about then how do we resolve with a certain level of assurance, a.k.a. confidence level that when I’m interacting with some entity digitally, how do I know? And what confidence do I know that that that entity, that individual is actually who they are or that car is actually who it is? And I think that’s really the the kind of key concept is what we’re really driving into is identity management. And then the steps that we take to actually resolve that identity or that, you know, and then the way we go about doing that is using identifiers and a three stage process. Really, what is ID authentication and verification? We can go through that as well if we want to get a little bit more technical. So I think those that are kind of resetting that lens of how do we actually look at identity, realize that it’s identity management and that that identity management is a process that is applied to give us some level of certainty from zero certainty to one hundred percent certainty that the other end of the the entity at the other end of that digital connection is actually who I think it is. And one of the key points that we need to be realizing is for now, most of the industry is resolving to do that on behalf of and for enterprise. So how can an enterprise know that it’s me on the other end of that commercial connection or transaction that I’m trying to do? And the reason why they want to know that is ones that they can do proper billing, but also to mitigate fraud and then to quote unquote personalize their experience for me are the primary three engagements, one trend or one thing that work. And a lot of the times what industry will call that, especially in the banking environment, is like, know your customer models and there’s a regulatory lens to that as well. But the idea is, I really want to know who this person is with great certainty. Now, one of the trends that’s going to come in coming down the pike very quickly is we’re going to be flipping the script where me and the individual will actually have technical capabilities to know the entity, you know, the organization. So for example, let’s say I’m doing business with Amazon online today. I have very little. I’m kind of going on faith and I’m actually connected with Amazon or I’m actually connected with a Best Buy or, you know, your Barclays bank or something like that. I’m hoping that the brand image that I’m seeing, I’m hoping that that, you know, https or secure lock on my connector is showing that I’m actually connected to to the right company. But the problem is fraudsters and cybercriminals are getting really quite advanced. And so we’re going to actually see new technology coming into play that will with also higher levels, if not 100 percent certainty. Allow the individual to actually practice. No, your no your enemy, no your organization, no, no. The company processes as well so that both parties on both ends with as much certainty as possible know that they’re working with the respective appropriate entities.

 

Cameron [00:24:53] So I think a little bit of a follow up there, you know, I think a lot of what you’re driving at around this kind of zero trust environment in both ways aligns with kind of, you know, the W3C and, you know, did approach to digital identity, very user centric, but in many ways, placing more responsibility on the end user for things like, you know, key management and maintaining their credentials and things like that. I think that is poised to be a pretty marked shift in in how things have been previously in this space, which is centralization points of recovery for consumers who do things like lose their credentials, lose their password, don’t have a recovery seed that they’ve been maintaining themselves. I think from my perspective, that remains one of the key challenges in moving towards this paradigm is preparing consumers kind of both mentally almost, but as well as educationally to kind of take charge of their digital identities, be more responsible and eliminate some of these fail safes, if you will. That can be convenient from a user experience perspective, but also are the source of a tremendous amount of risk today because you know that account recovery process remains vulnerable to attack from bad actors, you know, are you a believer in the the did you kind of open standards approach to these identity challenges? Or do you think there is going to be an opportunity for, you know, mobile operators or other key stakeholders to maybe play some of this federating role and have a more user friendly recovery format, for example, when it comes to key management and things like that as we get wider adoption of these technologies?

 

Michael [00:26:52] Yeah, we only have 15 20 more minutes left on this conversation. So I specifically did not bring up the WC three did in the verify credentials and all self-sovereign identity infrastructure, simply because that could take us another in the hours days, two three days tops or years, depending on your background. Yeah, I am a firm believer that that’s going to exist. But at the same time, I am also a firm believer that you will have centralized authorities that will are going to be representing me will also exist. And those two things aren’t mutually exclusive, exclusive. You know, the what you’re referring to is what many will call the self-sovereign identity movement or approach to data management. There are standards out there giving back a nod to our earlier point of the conversation standards that have been underdeveloped now for about 18 years and they’re just now coming to fruition. And you’ll find that through like, for example, the iAd a program or the good health pass. There are actual global implementations of that model in practice in working in market today. Now, you know, just like it took, you know, say, 20 years or so for the smartphone to hit, to actually evolve and then hit mass market penetration, it’s going to take some number of years for these capabilities to make their way into mass mass market penetration. And if we industry do it right, the technology and how it’s done will be will become invisible. And what we’ll focus on is the why it’s happening and the value that can be created. And Drummond Reed from Eminem, which was just recently purchased by Avast. I just recently did an interview with him and he really talked about how when we ultimately are successful in getting this kind of concept in that you were just talking about into society, that’s going to allow us to move from a position of distrust, which we are with the internet today. And if you’re not, then you’re you’re being naive. I mean, the internet’s like going to Vegas. The system is gamed and you know, at the stand there long enough, you will eventually lose your the protections in the industry just aren’t there yet for the individual. So in Drummond’s view, by the way, another great person for your podcast to talk to is, you know, the self-sovereign identity movement is going to allow us to move from a position of distrust to a position of trust with in the, you know, this new digital world, which will primarily be driven by mobile, as we’ve talked about. So I absolutely think that’s going to happen. However, there will be interim steps in the process as well as society moves more and more towards that. There will obviously be some adjustments and there’ll be speed bumps along the way and we’ll need companies to help us facilitate that. And again, the concept of that type of exchange have been in the works for years. And in fact, the first individual that’s been tagged as having thought of this ability of being will have have total control of the right. Any personal information was a guy named then in our bush in nineteen forty six, then you had Alan, where or where? I think it’s Alan, where in nineteen seventy three he was preparing for the West Allen West and not I’ll have to look up his name again was preparing for the 1970 for Privacy Protection Act, and he was talking about how we needed to have the representative some form of ombudsmen in society to help the individual manage this. But you know, technically we can’t do it today. So we’re just going to write our privacy protection regulations in the 70s without taking that into context. And then in the mid-nineties, you started getting people like Kenneth Loudon and Hegel and Rapport, who start actively talking about a national information exchange marketplace or info media areas. That’s haggle. The rapporteur on the former one was allowed and start to be able to facilitate having organizations like you just said, be that representative me as the individual and help me navigate on this new big, bad digital world. So again, I think we’re getting there and we’re going to get there faster than we can possibly imagine, because the evolution of these standards in these conversations have been going on for long enough that many of these threads are now starting to mature as we speak in the concept of data and the good health passes are referred to earlier. And there you’ll see exponential growth and change. So what has taken 20 30 years to get to this point will take maybe five, perhaps 10. And so we’re going to see fundamental shifts in society. Another example analogy I’ll use is if you think about Facebook, you know, social media started around twenty five twenty seven yet really hit that multi billion person critical mass say, let’s say, twenty nineteen. So what took Facebook 15 17 years? Social media as an industry to evolve will take this next evolution half that time. So not 15 years, but probably five or seven years. And the reason being is the the blockers are gone. When and when the social media channels first started, people had no idea what it was. We are still learning the internet. There wasn’t broadband connections, smartphone adoption with three or five years away for mass market penetration, really trusted streamline online commerce was not there yet. All of those impediments are gone now. The only thing that we’re really dealing with is kind of the regulatory and compliance issues for that most. And then to your point, the biggest one is the awakening consumer. And this is where I’m going to give a nod to the Emmy at the office for the last seven years and where I’m working on the eighth one with them right now done a consumer trust study. And two years ago we found that the consumers worldwide across ten markets have woken up and said, Wait a minute, Houston, we have a problem. I’m concerned about my data. I want control of my data and I’m going to take action to protect myself. And that and the steps that people are taking and the awareness that has been growing over the last two to three years is increasingly growing more and more significant. And businesses really need to wake up to that. I’ll pause there, but I have another analogy I’ll give you just a minute to help you think through this.

 

Cameron [00:33:31] Yeah, I mean, look, these are the these are the most exciting questions for me to have conversations about because they are so forward looking and and impactful. And obviously, you know, I think there’s tremendous value in having some more, you know, tactical type conversations. But these big picture strategy questions are, are the ones that that do excite me the most. Intellectually, I do want to be cognizant of time, so nobody who’s listening dozes off once we hit our three. So would love to hear that analogy and then to bring us home. You know, I do love to always ask my guests to take out their magic crystal ball and make some predictions for the future of digital identity. I think, you know you’re uniquely positioned to make some really poignant and hopefully impactful predictions. So would love to hear your thoughts in terms of what you hope to see over the next one to two years as well.

 

Michael [00:34:26] Yeah, and so let me start with what I believe my predictions are, and then I’ll give you the analogy that will help you see them and understand how and when they’re going to come to come to pass. So my fundamental prediction is I believe we are five to 10 years away at most from individuals being fully awake and being in control of their personal data. We as a society will roll out what today is called personal data stores, which is essentially a database of me that will empower me to to own and control my personal data and identity. I think as a part of society, we are going to realize and really increasingly define what we mean by personal data and identity. And I in many ways, I think the term identity in the digital context is going to disappear, and we’re just going to be talking about personal data. Now let me explain what I mean by that personal data. There’s basically four elements of personal data today, three of which are well recognized. There’s the attribute data that you and I talked about before. There is my behavioral data. For example, my history of my location, my search behaviors, et cetera. There is my report data. My report data are like my financial records, my medical records, et cetera. And then the new class of personal data that’s going to be coming down the line is going to be my capital assets, my my capital data. And let me explain and give you an example of what I mean by that, you know, as we become more and more connected and we bring these connected devices into our lives and we’re buying these devices. You know, we are the own owners of that capital. I’m the owner of my house, I’m the owner of my car, I’m the owner of my phone, my tablet, et cetera. And so I’m fueling that car. I’m maintaining that car. I’m producing the data. And John Ellis in Twenty Seventeen wrote a great book called $0 Car, who noted that the average car will produce about forty thousand connected cars. It will will produce about forty thousand dollars of data in its eight year lifespan, to which today the owner of that car gets none of it. And so I think as part of what’s going to happen in this newer model of the awakening consumer is people are going to say, Well, wait a minute, I produce that data. That’s an economic asset. And why am I not getting that? And so more and more of our data is going to be, you know, recognized as such. The other thing we’re going to realize, and especially within the context of personal data, is, as I mentioned before, is there are certain class of attributes in our data that we call identifiers, my email address, my IP address, my username and password. Going down the sovereignty approach is my my cryptographic verified credential key. These identifiers will be used to resolve identity. But guess what? Those identifiers are actually part of my personal data attribute set. So there are actually, you know, so and again, so we really shouldn’t be talking about identity management. We’re talking about personal personal data management, to which we are then using elements in that personal data identifiers to then feed into an identity management process that will then allows me to, with certain levels of certainty, resolve to how confident am I, who I am working with all of these capabilities, these personal data stores, the resolution of this identity management, the evolution of our understanding of what personal data is and all of the regulatory, technical, economic and cultural and political frameworks that come around that are, in my opinion, all going to clear themselves up within about five, 10, five years at the most and they’ll become invisible to society within 10. The reason why I’m using those timelines is if you think about the nature of the way the evolution of the social media channels, you think about it to say Facebook and the social media companies, you know, fifteen years or so to go from, Hey, I have no idea what this is to it just being an ever present part of society today, and no one can imagine living in a world without them. Well, if you think about the fact that all of the impediments that allowed those social media companies to grow are gone. You know, the impediments were no broadband internet connection, poor awareness and trust in online commerce. The smartphone adoption didn’t hit 50 percent penetration of smartphones until 2010, and that was an inflection point for artificial intelligence and machine learning, which also didn’t exist. And then you had the just consumer awareness and adoption of those services. Once those impediments disappeared. Social media adoption grew exponentially. Well, guess what? Today, when we think about identity management, identity awareness, personal data and where we’re going with all of this, the impediments aren’t there at all. If anything, the impediments are regulatory and some kind of contractual stuff and maybe some economic business models. But it’s not the technology, and the consumer awareness elements are are being addressed dramatically as people are waking up to realizing that their their data has economic value, that when their data is misused, it can cause irreparable personal harm. And then so therefore people are going to start, you know, taking action. We have evidence that they’re taking action based on a trust study we’ve been doing through the MTA for the last seven years, and we’re working on our eighth wonder, which will come out in June. And in the last three years, we’ve noted that consumers have woken up to the fact that their consumer has value and are increasingly expressing interest and actively managing it. The point being, though, and they’ll say, but I don’t know how to do this, and so it’s upon industry to help them, how to give them the tools to help them learn how to do this. On the other last trend that I think is going to happen, and I’m going to steal this from Drummond. Read over at Everton, who said that the new consumer engagement metric is not going to be say, how many email addresses do I have in my inbox? It’s going to be how many unique connections have I made through the cell? Somebody did protocol because that’s a cryptographically established connection with a brand that is non reputable and guaranteed to be accurate. And so you’re going to start seeing in the next three, five years. As that comes, comes down the pike. Brands start reporting their number of unique connections to be able to validate their importance and sway within the audience. So let me talk about then going back to that analogy, I said earlier, how do we as industry get a sense of really what’s going on and how do we manage that? And so I use the analogy of the Amazon River. And so Cameron, have you ever been to the Amazon River, the river, not the website?

 

Cameron [00:41:25] Unfortunately not, it’s on the bucket list, but haven’t made it there yet.

 

Michael [00:41:28] Got it. So down in the Amazon, there’s this really amazing and exciting natural phenomenon that happens. It’s called the meeting of the waters, and if you look at it from a from a skyline visual, what you’ll see is you’ll see two rivers converging. And because they have different speeds, temperatures and a velocity space, temperatures and densities, they don’t actually merge. So when the two rivers converge, they don’t merge. And it takes nearly five miles for them to come, come together and to fully kind of intermix back with each other. And that’s the exact same thing that’s happening in society today. And what makes this meeting the water’s analogy so stark? And I encourage your listeners here to go hop on the internet and search for it and look for pictures is you have this black river coming up out of the jungle, the Rio Negro, which is all of this black dark material coming from the from the jungle. And then you have this kind of rich milky cappuccino like river, the Amazon River full of clay and mud. You can visualize it. So when the two rivers meet, you’ve got one half of the river’s black half of the rivers. This cappuccino and they don’t merge. They coexist in the same riverbed for nearly five miles in the exact same things happening in society today. You have traditional personal data, personal identity management services, primarily driven by enterprise and then coming together and merging with this new path of consumer cell sovereignty and identity, and consumer awareness of people wanting to be in control of their personal information. And because of the technical, political, economic, legal, regulatory, cultural properties are different. The two rivers of those consumer engagements are not merging. They’re coexisting in the same river riverbed and they will for years to come. And I believe that they will then merge using the analogy I had with social media earlier. They will merge in about three to three to five years. We’ll start seeing the merge more and more, and they’ll become ever present and disappear in society and become fully one river, probably in about 10 years, in my opinion. Now the framework that I’d like to encourage you all as listeners here to use when you’re thinking about these different capabilities is one that I got from Lee Suker over at Synch, who’s the head of a mobile number intelligence and authentication. And there’s some wonderful, wonderful technologies that you can be implemented today to help you with. With managing identity and specifically identifiers. You can use what Lee calls no phone, no intelligence, which pulls a whole ton of really great signals out of the mobile app or network to help you reduce risk, increase such a customer experience and to mitigate fraud within your work, and drive really effective commerce within your customers. It will, and you know, you’ll be able to use single factor authentication, multi-factor authentication capabilities to be able to with great predictability within either depending on your risk tolerance, whether within a relationship to know who that individual is and Ray and leave, one says to use what he calls the res framework RISC. And for me, Ray stands for Raise Your Game by regularly assessing your audience and considering factors like importance, your sway and their expertize. And let me explain those variables. So our stands for regular how regularly are people interacting with you if they’re not interacting with you very, very regularly, they’re not going to remember how to use your really convoluted identity management systems. So you’re going to need to make it easy. You have to think about your audience. Who are they? Are they young? Are they old? Are they? What country are they in? And you’ll need that. You’ll need to think about. Do they have the capability to it to be implementing the type of identity management system that you want to put in? You have to think about the importance of your service to them, the less important your services to them, the less friction they’re going to be willing to deal with. The more important is they’re going to be they’re going to they’ll be willing to, you know, use your identity management processes like an app authenticator. You then think about sway. What influence do you have over that individual? So for example, if you’re just a T-shirt manufacturer trying to sell online T-shirts, you don’t have a whole lot of sway for me, you’re not going to be changing my behavior. But if you’re on my banking, my online bank and you’re holding all of my money, you’ve got a ton of sway on me and I’m going to be willing to learn a bunch of new stuff to be able to do what I need to do to be able to interact with you securely. And then finally, you think about the E, the expertize, what is my expertize? What am I capable of doing? What am I as my device capable of doing? So, as you know, for the listeners here, as we take these strategic ideas that we’ve been putting forth, we think through the tactics like single factor multifactor authentication, mobile number, intelligence capabilities. I love your framework, the honeycomb framework for thinking about the. Different infrastructural pieces that companies need to address. Are you overplayed that these rays framework on that to help you navigate and figure this stuff out? And then just realize we’re we’re for many people, they’re well up river and don’t even know there’s two rivers converging. There’s some, like those listening to this podcast for the first time, maybe realizing that there are these two rivers and they’re coming together. There’s others that have been actively participating in the industry for quite some time and they’re, say, a quarter of the way halfway down the river. But they’re probably two to three years because all of us are two to three years away from those rivers fully merging and converging together. And that’s where we’re at in the industry, and I find it terribly exciting. And it’s just it’s a really great time to be what we’re doing, what we’re doing.

 

Cameron [00:47:09] Amazing. What, Michael, before we wrap here. Opportunity for a shameless plug for those listening who want to get involved with you, with the Mobile Ecosystem Forum or, you know, reach out in general to, you know, chew the fat or contribute in some way, what’s the best place for them to go

 

Michael [00:47:26] so they can go to local mobile ecosystem forum dot com and then they can interact with our personal data and identity working group that’s that gets them involved with the Mobile Ecosystem Forum. I’m a consultant advisor in the personal data and identity space, so if they want to do that, they can come to my website Identity Praxis, dot com or hit or hit me up on LinkedIn is the other way to get to get involved. And I would also encourage them to go to you and look at your honeycomb network and actively work with your vote with your activities.

 

Cameron [00:47:54] Amazing. Thank you so much. Always great to talk to you and looking forward to keeping in touch and hopefully having you on again for, you know, an annual recap of of all these exciting things. And then maybe double clicking on some of these predictions and seeing how we’re doing in terms of getting these rivers to converge.

 

Michael [00:48:11] Fantastic. Thank you. I really appreciate it. Look forward to it.

 

Cameron [00:48:14] All right. Talk to you soon. All right. Bye bye.

 

Explore The Podcast Library

Episode 343

In the latest State of Identity podcast, hosted by Cameron D’Ambrosi, we’re joined by Laura Spiekerman, co-founder and president of Alloy, a global identity risk solution for financial services and a Liminal 2023 Company to Watch. We’ll discuss its pioneering role in the orchestration-centric approach to Digital Identity in Fintech. Spiekerman delves into the challenges Alloy addresses in the fintech space, where compliance and fraud often hinder innovation. Join us to explore the evolving landscape of digital identity in Fintech, trends in fraud prevention, and the critical intersection of customer experience and security.

Episode 342

In the latest episode of the State of Identity podcast series, we delve into the ever-evolving world of customer identity and access management (CIAM). Join host Cameron D’Ambrosi from Liminal as he sits down with Brian Pontarelli, the founder and CEO of FusionAuth, to explore the exciting developments and challenges in the realm of passwordless authentication, user data management, and the quest for seamless transitions in the digital landscape. Bryan shares his expertise and unique perspective, shedding light on the fascinating journey of FusionAuth and its pivotal role in this dynamic landscape. Tune in for a thought-provoking discussion that promises to expand your understanding of CIAM and its critical role in the modern enterprise.

Episode 341

Tune in to the latest episode of the State of Identity podcast series, where Data Security expert Shane Curran, Founder and CEO of Evervault, dives deep with host Cameron D’Ambrosi into the intricacies of data security. Discover why basic encryption methods aren’t enough, understand innovative data security strategies that ensure functionality, learn how encryption safeguards AI model training without compromising customer data, and grasp the significance of prioritizing current cybersecurity threats over quantum computing concerns.

Episode 340

In the latest episode of the State of Identity podcast, host Cameron D’Ambrosi is joined by Gadalia Montoya Weinberg O’Bryan, an ex-NSA crypto mathematician and the Founder and CEO of Dapple Security. Learn about Gadalia’s remarkable journey from the National Security Agency to the forefront of identity-focused cybersecurity. Learn about the limitations of current passwordless approaches, particularly in scenarios involving lost or stolen devices, and delve into the crucial distinction between authenticating the user behind the device rather than the device itself. Gadalia introduces Dapple Security’s unique solution, which involves generating an on-demand passkey using a user’s fingerprint—emphasizing the company’s commitment to user privacy by avoiding the storage of biometrics on the device or in the cloud—and how this approach is a key element in enhancing overall security posture.

Episode 339

In this episode of the State of Identity podcast, host Cameron D’Ambrosi talks with Eric Olden, the co-founder and CEO of Strata Identity. Join us as they discuss the challenges faced by today’s multi-vendor/multi-cloud enterprise technology landscape and how forward-looking executives view identity as an opportunity, not a cost center. They also delve into the importance of moving towards passwordless authentication and the role of identity orchestration in addressing these challenges.

Episode 338

In this episode of the State of Identity podcast, Liminal host Cameron D’Ambrosi and Justin McCarthy, the co-founder and CTO of StrongDM explore the dynamic landscape of digital identity and access management, addressing the challenges and trends that shape the industry. They talk about what it means to move towards a “credential-less” world and discuss the complexities of authentication, authorization, and the role of proxies in bridging old and new technologies. McCarthy highlights the imperative for convergence among various tools, including the essential role of AI, providing a unified approach to access control, governance, and policy enforcement.

Filter by Content Type
Select all
Research
Podcasts
Articles
Case Study
Videos
Filter by Category
Select all
Customer Onboarding
Cybersecurity
Fraud and Risk
Go-to-Market
Growth Strategy
Identity Management
Landscape
Market Intelligence
News
Transaction Services