This post is the second in an ongoing series examining the human impacts of “digital identity.” Read the first post that offers foundational definitions and delves into User Attitudes & Psychology and User Behavior & Adoption.
As a reminder, we define digital identity as all information generated by online and device signals and activities, including claims made by oneself or by another person, group, or entity. Specific facets or versions––personally identifiable, pseudo-identifiable, or anonymous––of a person’s s digital identity are used to represent individuals in specific contexts.
Human Impact #3: Use Cases
Consider all of the instances throughout a normal day when you must authenticate yourself to receive a service or use a product. Some of these authentications are digital (eg. unlocking your smartphone with your fingerprint), while many others are through non-digital means (eg. showing two forms of physical ID at the bank to perform a transaction).
As sensors, scanners, cameras, and database technologies advance, any current mode of physical authentication becomes a potential use case for a digital authentication of our identities. You’ll find many use cases and categorizations below, in alphabetical order, as well as offer a couple of sample “deep dives” into the details of how a future-state use case could mature. Did we miss any key digital identity use cases?
- Airport and travel security
- Banking, investing, and stock trading
- Birth registration
- Device (mobile, IoT) authentication
- Education: student verification, transcripts
- Government: identification “card,” passport, gov. services, voter registration, etc.
- Healthcare: patient records, vaccinations, medication dispensary
- Property/business registration and mortgages
- Smarthome and IoT authentication
- Humanitarian: Refugee status, food vouchers, aid entitlement
- Retail: personalized offers, couponing, loyalty program identification, rewards, dynamic pricing, etc.
Interested in more use cases aimed toward those who are without an identity? Check out ID2020, a public-private partnership dedicated to solving global challenges of identity.
Use Case Explored: Government Identification
As reported in Slate: India’s identification project, Aadhaar, issues a unique 12-digit identity number based on demographic and biometric information to all citizens (process photo, at right). Since its inception a decade ago, Aadhaar has become a nationwide acceptable digital identification for 1.21 billion of India’s 1.3 billion people. For many, it was the first time they had an identity, opening the door to basic services like bank accounts, passports, driver’s licenses, and other government benefits. It has also helped combat a major problem in India: people using fake identities to get government subsidies.
Use Case Explored: Healthcare
Centralized electronic medical records stored and updated digitally would allow for patients to have greater control over their health data. It would alleviate the burden of transferring records among providers from both healthcare provider staff as well as patients who must often take responsibility for requesting and funding the transfers. When taking control of our digital health identities, humans could also more easily manage and track drug prescriptions, prescription sourcing, and solicit our consent for medical trials.
In a step toward a future state of patient-controlled healthcare data, MIT partnered with Beth Israel Deaconess Medical Center of Boston in a successful pilot that tracked six months of patient medication data deployed through virtual machines. They recorded blood work records, vaccination history, prescriptions, and other therapeutic treatments on the blockchain, simulating data exchange between institutions. Nebula Genomics enables consumers to sequence their genomes and make them available on the platform, maintaining complete control over who can access it. Data buyers in academia in industry will use the platform as both a marketplace to obtain access to that data, as well as a computing platform for analyzing it.
Human Impact #4: User Interface
As digital identity encompasses data from myriad sources, often decentralized and disparate, nearly any device that collects our personal data is considered a “user interface.” From smartphone apps and social networks, to digital assistants like Alexa and Siri, to Nest thermostats and smart fridges, to in-store facial scanners and augmented reality shopping … digital data collection now pervades the physical world.
To narrow the scope of user interface analysis, this section will focus more on the authenticating technologies, as they are the connecting tissue that bridge our physical selves with the troves of our personal data that, together, make up our full identity.
Though many digital identity authentication interfaces are “new” in comparison to other consumer technologies, they are already widely trusted modes of verification. According to a recent IDology study, 54% of those surveyed ranked biometric authentication as “extremely secure” or “very secure” (see chart, below).
The most commonly utilized biometric interfaces for purpose of self-identification and, therefore, access to our digital identities include:
- Fingerprint scanning (powered by optical scanners and algorithmic analysis). A technology that used to be expensive, but has become more cost-efficient over the years. You likely have used fingerprint scanning to open your smartphone, as it’s available in the majority models in all price ranges. Fingerprint scanning is often combined with another form of biometric or password-enabled authentication to increase security and serve as a “backup” in case the technology (or, user!) fails.
- Voice recognition (powered by natural language processing). Being explored for secure authentication, though usually also part of a two-factor authentication to maintain high levels of security. This is the case with Royal Bank of Canada in its phone authentication of members who call for service and have opted in to the technology’s use. Last year, the U.S. court system recognized that Amazon Alexa voice data was not reliable enough to implicate someone of a crime, so there is room to improve in voice recognition for 100% perfect identity authentication when used as the sole form of ID.
- Facial recognition (powered by computer vision). Many models of smartphones now utilize facial recognition enabled by front-facing cameras to allow users to open their phones. Retailers are also experimenting with using facial recognition to identify shopper sentiment in-store as they interact with associates, merchandising displays, and marketing. Some governments, like China’s, have also deployed facial recognition as a means of identifying criminal activity––without requiring citizen opt-in.
- Other visual bodily recognition that authenticates identity via vein scans (powered by computer vision). Humans will be increasingly exposed to vein-scanning technologies to self-authenticate with businesses they interact with. For example, financial services institutions have been using eye vein-scanning to identify customers via apps (did you know: each eye has two unique vein prints?) and in-branch palm scanning to speed up teller efficiency and lower wait time.
As more mechanisms for authenticating identity go digital, and more data are used to define how we negotiate our real-world identities, both humans and businesses are confronted with many new considerations:
- Convenience vs. privacy
- Safety vs. cybersecurity threats
- Biometric vs. non-biometric data
- Limits on what data can be used for what purposes
- Ownership and consent
We’ll continue our analysis of the human impacts of digital identity in our next post where we explore risks and challenges, and impacts on user experience. Please subscribe to our e-newsletter here, so you don’t miss it!