Governments and the private sector are in a race against time to stave off a crisis of public trust in digital identities. Experts argue that policymakers and businesses must work in closer harmony to develop effective regulation, improve transparency and share best practices.
Deepfake videos and social media bots have undermined trust in the authenticity of our digital identities. The amassing of personal data by companies and governments has raised fears about a Big Brother style abuse of power. Our physical identities are merging with our digital personas.
As governments look towards digitizing national identity systems and companies try to strike a fine balance between monetising user data while retaining consumer loyalty, what steps can be taken now to avoid a crisis of trust in rapidly-evolving technology?
“Governments should look to technology organizations and other countries with a strong track record to learn best practices for developing, regulating and managing digital identities,” said Professor Öykü Isik, IMD Professor of Digital Strategy & Cybersecurity, speaking at a panel discussion on the looming digital identity crisis at the 50th St. Gallen Symposium.
Professor Isik cited figures from the United Nations estimating that more than one billion people worldwide had no way of officially identifying themselves.
“They lack access to vital services like finance, healthcare and social protection,” she said. “This could become a big issue.”- Öykü Isik
But, while governments could leapfrog this global identity problem through digital innovation, solutions must also urgently be found to tackle the three driving forces that are eroding public trust in the digital system: cybersecurity, privacy and ethics.
Are digital identities robust and secure enough? What protections are in place to stop data collectors from abusing their power? Are companies and governments using data in an ethical way? What regulations are needed to build a system that is fit for purpose?
Isik was joined by Katerina Mitrokotsa, Professor for Cyber Security at the University of St. Gallen, Dr. Jeffrey Bohn, Senior Advisor at the Swiss Re Institute, and Damian Borth, Professor of AI & Machine Learning at the University of St. Gallen.
Professor Borth said new digital tools needed to be developed to act as a “substitute for trust, instead of meeting in person” as a way to identify people online with confidence.
“If there is an established relationship, trust exists – that is a good thing – we can proceed with the transaction,” Borth said. “If there is a connection to something new, a new relationship that is being formed and this relationship is not happening in the physical space, but in the digital space … We need tools with more or less the potential to provide trust.”
New technologies such as distributed ledgers and multi-factor authentication could improve cybersecurity for digital identities, said Dr. Bohn, warning against trying to replicate existing authentication systems from the physical realm such as signatures.
“It is not clear to me how safe that is so we need to think in the technology context,” he said.
But improving the technical challenges of cybersecurity alone will not solve the crisis of trust. For many users, the mystery behind the use of personal data and the power that information gives data collectors raises worrying questions about privacy and ethics.
“One of the most important problems is that people are not trusting the service providers,” said Professor Mitrokotsa, citing both public and private sector examples. “There is this centralized collection of data that leads to a concentration of power.”
“When we talk about a social media platform, a lot of data is being collected from us and we have no idea how this data is later used,” Mitrokotsa said. “This concentration of power, if we are talking about governments, creates a fear of a surveillance state. This fear creates this lack of trust from users and citizens. To avoid this, we need transparency.”
Bohn argued that users should be given “the right to review how organizations are tracking their ID, how that information is being stored, managed and monetized – and we are very far away from that.”
Another way to address a lack of transparency over the use of data would be to regulate who is allowed to access information, limit the kinds of data that can be accessed and to seek to harmonize legislation across borders.
“We should have another policy on the collection of data – a minimalist policy,” said Mitrokotsa. “We should only collect data that is necessary for our purpose, not, for instance, to allow Facebook to track my activities online on the Internet, even when I am not logged on.”
IMD is partner of the St. Gallen Symposium