“The only industries that refer to their customers as users are technology companies and drug dealers.” –Yale Computer Scientist, Dr. Edward Tufte.
It’s safe to say that we have unrestricted access to just about everything on the Internet. We search, read, scroll, and watch what we want, without a care—and generally without cost. The thing is, we are actually paying a price for everything we do online. We are exchanging our personal data and identity for that “free” access. Like the saying goes—”nothing in life is free” and our online access is no exception.
At the dawn of the commercial Internet, computers and storage were expensive, dial-up lines and broadband access were rare, unreliable, and costly—so, ‘The Cloud’ was created to consolidate computers and storage in one place. With the use of browsers, the Internet quickly expanded allowing far more people access.
The Cloud created a necessity to separate and store user credentials in order to link relatively harmless metadata with real users. Metadata is defined as data about other data. The earliest examples of metadata were the search results delivered by early Internet search engines like Yahoo! and Google. The anonymous results of Internet search queries were increasingly valuable as indicators of user sentiment, but it was still quite limited. That all changed with the introduction of consumer targeted cloud services such as email, storage and social media. User metadata needed to be segmented to make it usable, and the easiest way to do that was to assign a username and password for each user.
What began as a requirement to allocate cloud resources, morphed into the problems we face with online identity and access today. With the advent of social media in the mid 2000s, the Internet giants dug deep into the gold mine of targeted advertising. To support an advertising-based business model, usernames and passwords became ubiquitous and user metadata was the new resource that powered all technology companies.
Software as a Service (SaaS) was born and we all surrendered our identity and anonymity in the name of convenience. The Cloud transformed the Internet from a communications backbone into an exploitation medium for big tech companies to sell us stuff.
The Price You Pay
When you ‘log-in’ to an app or site you are exchanging your data and identity for the use of that service—while the app may be “free” it most certainly comes at a price.
The username and password are so commonplace on the Internet today that most sites require that you create an account to continue. Sure, it’s convenient to create an account with your favourite service provider and pay with a touch of a button—but perhaps we should start to value our data and identity as much we do convenience.
Every user account you create is another risk you take. As we know, even the largest online service providers do a terrible job of safeguarding user data—as evidenced by the recent 530 million record Facebook data breach that included user account info, email addresses, and telephone numbers.
The Weakest Link
Managing access to online resources requiring user accounts has become a serious challenge. . In an effort to simplify the demands of cloud service providers, the average Internet user regularly re-uses username and password combinations multiple times which creates dangerous linkages between us and the services we access.
User data from a variety of sources can be linked to us by our common personal accounts, leading to the possibility of ‘ghost’ profiles following us around the Internet and linking us to everything we like, search, or buy.
Linking our various online identities makes profiling our habits especially easy with increasingly sophisticated artificial intelligence algorithms to help crunch even bigger data sets. These identity linkages also carry over to the business world with greater than 50% of employees reporting that they use the same username and password combinations for personal and employer accounts.
Managing multiple usernames also created a multi-billion dollar category of single-sign-on (SSO) and Identity and Access Management (IAM) solutions, targeted at helping consumers and businesses manage all the identities we all have at home and work. In fact, protecting consumer and employee data are the top 2 priorities of IT departments everywhere.
Even governments are implementing stricter guidelines on the collection and linkage of user identifiable data—this is a key component of many digital identity projects underway around the world.
Law firms like Faskens are developing new practice areas such as de-identifying customer and employee data. Accounting firms are helping businesses quantify the risk of possessing user data and how they can ensure a minimum of data breaches.
With malware on the rise, data breaches are going to become even more common. Ransomware will continue to target user credentials to gain access into corporate IT environments and place malicious code that encrypts servers and holds businesses hostage. All because businesses demand more and more data—it’s what keeps them running and our usernames and passwords are their fuel.
Self-Sovereign Identity to the Rescue
At the core of all these problems is one simple solution, self-sovereign digital identity (SSI). SSI gives users complete control of their identity and user data, allowing them to access online services with individually issued, un-linkable digital credentials.
If each of us had our own personal digital certificate authority on our smartphone, we could issue and accept metadata linkages without revealing user specific details like our username, password, email, and phone number. In fact, we could support metadata driven business models while minimizing or even eliminating the risk to our personal data.
In adopting SSI, businesses and governments could collect valuable metadata based on an honest relationship established voluntarily, anonymously, and under control of the consumer. True SSI would enable a new, collaborative, voluntary, metadata driven Internet based upon a more equitable sharing of date responsibility and profi..
Consumers, businesses, and governments all have an incentive to make metadata safer and more accessible. The best way to do this is to allow all Internet users to own and control their identity and access to online services through true self-sovereign identity. Empowering users to feel safer and more secure sharing their online habits is the true aim of SSI and for that we should all support the efforts to decentralize identity and access for everyone.