security privacy identity

K(NO)W Identity: Day 1 – A Conversation on Privacy and Security

The inaugural K(NO)W Identity conference was launched yesterday by One World Identity (OWI), a group begun by former Googlers and government and military advisors who saw a glaring problem in how the world interprets identity.

Currently, governments and enterprises across the world define identity, particularly digital identity as a monetizable commodity, leveraging it in financial services, healthcare, education, marketing, and beyond. This creates a disparity in how the average consumer sees their own identity. On one hand, we have the documents and real-life facts that act as our identity in the day-to-day world. But, on the other, we have the social media and bank accounts, health records, purchase histories, and browser histories that act as our identities in the digital world.

This disparity is creating large problems when organizations like Facebook attempt to monetize our digital identities. OWI is looking to address these problems and in that effort brought together identity experts, thought leaders, and leading vendors in this space to discuss and explore the potential that identity has to expand beyond its current uses and move past the problems that plague it today.

Blowing the Whistle on Privacy

To kick off the event, OWI brought in Manoush Zomorodi, host and managing editor of Note to Self from WNYC Studios to discuss what identity is, and if our current definition of it is broken, with none other than former-NSA whistleblower Edward Snowden.

Snowden used the opportunity to begin the discussion with the recent malware “WannaCry” attack on a vast array of companies and government organizations across the globe, which has since been attributed to an exploit in Microsoft Windows developed by the NSA itself.

“They knew about this flaw, the National Security Agency, in U.S. software, U.S. infrastructure, hospitals around the world, these auto plants and so on and so forth, but they didn’t report it to Microsoft until after the NSA learned that that flaw had been stolen by some outside group,” Snowden noted.

He went on to compare the incident to the theft and use of conventional weapons of war. The tools were developed to protect people, but once they’ve fallen into the wrong hands, can be used to cause great harm.

Zomorodi used this as a launching pad to ask Snowden if he feels that the idea of trading privacy for security is a false tradeoff and if we need to reframe this concept in a modern era. Snowden agreed. The issue isn’t a battle of security against privacy. In fact, if you increase privacy, he believes, improved security will follow. The problem lies in privacy vs. surveillance. It’s been shown time and again that increased surveillance does very little to increase security, but it does negatively impact privacy, especially with the tools for surveillance are misused. Furthermore, surveillance opens the world to new threats – video and audio footage can be stolen through man-in-the-middle attacks for example. Or, it can be sold, innocently enough, for marketing purposes.

But in order to fix this problem, we have to take a look at how we define identity. Snowden noted that there are several different ways to define what identity is. From a network perspective, the concept falls more onto identifiers, rather than “identity” itself. Names, tokens, credentials, these are our digital identities on a core level. We then claim that identifier, stating that it’s ours, and represents us in that digital medium. What we need to do is fix the structural flaws that are affecting these identifiers, allowing them to be stolen or otherwise compromised. One way of doing this is allowing institutions, such as government entities, to say “your identity is what we give you, and all other identifiers are seeded from it.”

Solving the Identity Crisis Won’t Be Easy

This concept is a core value in forward-thinking identity and access management firms – fixing the structural flaws that are plaguing identity management. Some look to blockchain, others are looking to biometrics. Ultimately, the answer will likely fall into a combination of some existing, and some yet to be developed solutions.

Part of solving this problem will be offering more reliable ways to prove identity and secure that proof. This was a continuing theme throughout day 1 of K(NO)W Identity, and the discussion with Snowden sparked many conversations later on. Snowden criticized some efforts, including more recent areas of focus like Know Your Customer and blockchain, as not going far enough or being effective enough to provide both security and privacy. However, he also counseled that it’s important to continue with these developments as ways to continue developing the new standards that will go beyond the existing ones that simply don’t apply to an evolving digital space.

As we enter day 2 of the conference, we’ll see many more discussions on these topics and more. The thought leaders in attendance are considering the key technologies and tools we already have at our disposal for protecting our most valuable asset – ourselves – and the new ways we can leverage them to keep our identities safe from those who could misuse them, even those with good intentions.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Veridium The True Passwordless Enterprise

Veridium The True Password-less Enterprise In February 2017 when I joined Veridium as CPO, I recognised and appreciated one of the biggest challenges for Enterprise