What We Learned at the K(NO)W Identity Conference: Part One
May 25, 2017
Identity is the New Currency, Biometrics is the New Black, Blockchain is Bringing Sexy Back (Maybe) & Spoiler Alert – Edward Snowden is Still Not an NSA Fan
The first annual KNOW Identity Conference was well attended last week in the nation’s capitol, bringing together industry leaders, organizations and individuals that are shaping the new currency: Identity. Industry topics included Biometrics, Blockchain, Machine Learning & Artificial Intelligence, Fraud Prevention and Verification with a central theme on growing security and privacy concerns (enter Ed Snowden). Dissenting viewpoints were heard, predictions made and concerns shared. One thing was clear – we all need to pay more attention to how we transact in the burgeoning digital economy, minding who we do business with and who we entrust with this precious commodity – our identity.
Part One: Edward Snowden
So what was Ed doing there (via video conference from Russia on the clearest bridge our team has ever seen), what did he have to say and how did he look you ask?
As you see from the photo Ed is holding up well, seeming not to age a bit and keeping his signature look. Whether you view him as a hero or convict, Snowden was a prime choice to speak on the topic of identity at K(NO)W. His thoughts in a nutshell: Identity is broken, there are no easy answers and we need to be concerned about privacy, acknowledging that as we address solutions for identity- we will have to address how privilege and access (rather lack thereof) to things like a smart phone play a role in shaping the future.
Snowden stated that what matters most for computer/digital networks is your name which is acknowledged via token, credential, or password. There is a critical point of knowing “this is me” in order to gain access & have a voice that everyone wanting to transact must satisfy. He said in our society, your identity is the token we have given you; all of your other identifiers must be granted from this token. For example, this token may be a government issued ID or social security number. Ed argued that even though this is our reality, popular and lawful are not the same as moral. He went on to state that we have a lot of top down laws- but should we? His view is that it does not have to be this way.
Snowden asked and answered: if identity did not exist, how would you do your business? We can survive in that world according to him. If we rewind 100 years this was the reality. His view is that we should be moving towards this instead of creating a world that is less free & less fair because fewer people are able to transact. He believes most transactions are legitimate and should not be restricted to the privileged and capable as this is a negative thing for free & open society.
Regarding privacy, Ed spoke about the infamous U.S. government phone surveillance program stating that an independent study found it to be illegal and stated it should end. The study found that there was no instance where knowledge of a threat found through this method of surveillance made a difference to the outcome, nor contributed to the outcome. It was found that anything positive could have been done via traditional means according to Snowden. His view: when surveillance increases, security decreases. Not obvious, he noted, but true. In a borderless network and economy, we need to be focused on preventative measures, not offensive, otherwise we leave ourselves open for exploitation.
Snowden acknowledged that some censoring is justified- i.e. Facebook censoring videos. He stated that you need some level of knowledge but you don’t need precise knowledge when it comes to verification. For example, certain industries may need to know you are old enough but not your exact age, or someone known to you vouches for an unknown identity and this happens again and again- this was the idea of a web of trust. The web of trust didn’t take off but the idea was that this is good enough to establish trust.
The idea of good enough has and is changing and requires a different consideration level to address the level of risk associated with transactions. It used to be that if someone was issued a passport by a government that was a sufficient level met for travel. We know today this doesn’t work and have watch lists and various other methods to screen travelers. Snowden is a fan of tech solutions that don’t make you present a bucket of verification when it’s not needed. For example, if you are online shopping, the digital economy should be like the cash economy he believes- with less friction – the verification standard should be good enough, allowing more access for people who may not have government issued identity documents. He feels you should not have to have this in order to interact with digital economy. Further, Ed argued that dumb criminals & terrorists get weeded out of the system very quickly, so relying on Know Your Customer (KYC) laws is not enough nor can government mandates safeguard us. He cautioned we should beware of what you truly need to collect for data because someone with access will abuse this at some point; it’s simply too tempting.
And let’s not forget the biggest headline of late (that does not include President Trump) – Snowden called it the greatest cyber security crisis in history. He was of course referring to the Wannacry virus and noted that this is the first time that the media is naming the NSA directly. His viewpoint is that hackers now have inertia and are using tools stolen from the NSA. The stockpiling of data that the NSA allows with vulnerability is happening around the world and creating ripe targets for hackers and organized criminal groups. He informed us that NSA cyber security spending is 90% dedicated to offensive operations and that this is a big mistake and a massive problem. He believes the attack could have been curbed if the U.S. government acted years ago– punctuating that sentiment saying “It’s hard being right.” He went on the say the NSA has done a lot of harm to U.S.- but stated no one doubts their intention and good people often do bad things. Interesting choice of words Ed.
While there may have been a lot of bleak talk at K(NO)W, there was also the ever-present message of hope and news of exciting new tech solutions in the works by many, including Acuant of course. Stay tuned for coverage of more hot topics from the conference!