Last week, Facebook demanded that the LAPD stop creating fake “dummy” accounts for surveillance. Don’t impersonate others the Facebook policy says. The same week, media reports of other fake Facebook accounts that amplified an Israeli politician’s lobbying also surfaced.
MIT Tech Review and many others have reported on the advanced algorithms and processes that Facebook uses to find and eliminate malicious accounts. But still, Facebook’s mostly automated after the fact verification routines don’t require documentation like the regulated Know Your Customer (KYC) processes financial institutions must comply with to open accounts. Should Facebook (and others) be doing more to enforce digital identity? Verified communities are generally more trustworthy but fake or anonymous accounts allow for privacy and experimentation for anyone with concerns about long term unintended use of personal data. How important is verified digital identity to Facebook’s brand or any brand for that matter? With Thanksgiving and the holiday season here, many are reminded that even with challenges, most of us are drawn and receive the most long-term fulfillment and value from our real, verified (non-digital) communities.
In 2017, the UN’s Sustainable Development Goals recognized that “Every aspect of human development rests upon the bedrock of trusted identity” – and the ID2020 plan to give every person on earth a digital identity by 2030 is a welcome message in a world that can sometimes seem like machines, algorithms, artificial intelligence, robots, and automation are in competition with our own identity. In 2017, the World Bank reported that around 1.1 billion people worldwide—particularly in rural Africa and Asia—still lacked legal identities.
To be clear, the internet was not designed to verify identities of people or things (computers, phones, etc) – “the internet was built without a way to know who and what you are connecting to” [Kim Cameron, Microsoft, 2005]. Today, most people struggle with too many identities – hundreds of accounts (identities) for health, shopping, reading, telcos, technology, work, government, taxes, services, deliveries, and even one-time throwaway transactions. With all these accounts and identities, who do people put most trust in? Probably the identity that holds the largest bank balance.
Emerging research from Mastercard suggests that 90% of consumers would trust a company that commits to data responsibility principles. People want to understand how identity is managed and maintain control over their information. Yes, verifying identity creates friction and takes time, even on a trusted platform. But imagine if a platform like PlaceSpeak, and others that put strong focus on verifying identities, was adopted by a government, with strong data principles in place of course. Geo-data and feedback from actual verified citizens strengthens communities and could transform community engagement like urban planning with a much more accurate use of data instead of political interpretation. Organizations need to understand how different approaches to digital identity for its customers, products, services (and employees) will impact value, brand and long-term competitiveness.
Identity challenges beyond human identity are growing as well. In 2021 US banks reported $20B in losses related to synthetic identities and fraud –fake identities created from a mix of identity elements stolen from real people (often deceased) including names, social security numbers, addresses and other verifying information. Detecting and protecting against synthetic identities is already an issue for large employers, healthcare systems and services. Fake doctors seeing fake patients, billing insurance. Fake employees accessing sensitive information, customers and projects.
Beyond humans, identity of connected “things” (IoT) is in its infancy – sensors, equipment, alarms, appliances, heating, elevators, transportation, electricity, phones, security systems, computers, and especially critical aging infrastructure. Two computers exchanging information, for example sensors on a pipeline or electrical grid, need to trust and verify one other – just like a smartphone or access system that opens a front door lock, or a secured top-secret lab. As one Las Vegas casino knows well, the unprotected fish tank thermometer (with very weak “identity”) was a great entry point for a hack into core casino systems. Who wants to ride in a plane, elevator or car, with that an unverified person or thing could connect to?
Yes, digital identity is a long term complex political, social, and technological issue. But the emerging theme of digital identity needs to be part of a long-term innovation strategy now – promoting wellbeing of humans and trust in products and services. A long-term innovation strategy must include DIGITAL IDENTITY impact and design for people and things. Identity is not an afterthought.