Identity starts with people. People are what it is all about. People’s views, wants, and expectations should be the starting point for Identity.

Too often, people are deliberately misrepresented by ideologically and commercially-driven technology interests for their own gain. This needs to stop.

Here are my four people propositions based upon:

• my understanding of the current identity world and

• my reasoning for the conclusions I make.

I invite you to invoke your own understanding and reasoning as you read these propositions.

People Trust Government and Organizations

So much of Identity development is influenced by the bizarre notion that people do not trust governments and organizations. Of course, people do not always like or agree with these bodies, but the big question is how people perceive of their trustworthiness. And they TRUST them!

I base my proposition on our current reality. Today, people trust governments to keep track of citizens. Today, people trust banks with their identities and their money. Today, people trust organizations with personal information. Today, people empower organizations to act on their behalf financially.

Today, that is what people do. We do not see street marches protesting against government managed identity. We do see most people engaging with identity services provided by governments and organizations.

We do not live in a world of distrust of governments and organizations. People have trusted these bodies for a long time and there is no indication that this is about to change, no matter how many misleading and inflammatory surveys are done.

Don’t believe me? Ask yourself.

People Expect Governments and Organizations to Maintain Our Identities

Yes, that’s right. People do not want to be responsible for maintaining their own Personal Identity Information (PII) – they EXPECT governments and organizations to do that for them!

This PII is held centrally in large IT systems and locally as physical documents issued to individuals (passports, drivers licenses, university degrees etc). For an individual, being responsible for the security of these physical documents is neither a rewarding nor edifying experience. The perceived value of the documents means that storing them and carrying them involves some risk we would be better off without.

So, the idea that we now go to the next step and ask the public to manage the original copies of their PII, the source of truth, is ludicrous.

We know that is what governments and organizations are there for! That is what they are good at. Ok, I feel the ‘but the data breaches’ brigade reaching for the reply key, but such breaches are extremely rare for governments, are not as prevalent as reported for organizations, often involve information that was publicly available, and the situation is improving as one should expect.

We know PII is important and we expect others to maintain it on our behalf. Is that your experience?

People Want Utility

That’s right, UTILITY is what people want – functionality that is easy to use and achieves its purpose. For example, the ‘identity hell’ called Multi-Factor Authentication (MFA) wears people down. It is frustrating. People want a better way. The lack of age assurance is problematic. People do not like what is happening to young people because we lack online age checking. People are scared of being defrauded of their life savings – they want a solution that authenticates those claiming to represent organizations.

These are all examples of utility and are what I want, and I expect that others do as well. It seems relatively straightforward, but the accepted view of what people want is skewed by biased surveys. Asking an individual if the security of their identity information is important will elicit a positive answer. Ask them if they want to be in control, and they will answer yes. Asking people about the integrity of big business is likely to evoke negative responses. But this doesn’t mean that people want self-sovereignty. That extrapolation is just dumb (who would really like to be the monarch of a realm of one person?)

In the end, we just want it to work! Do you?

People Will Expect Perfection From Identity Solutions

It needs to work PERFECTLY, that is 100%. As the world moves to forms of Digital Identity re-use, will 99% be ok?

Payments and Identity are two very similar processes and the public judges them in a similar manner. How would you feel if payments were correct 99% of the time and 1% of the time you were charged the wrong amount?

For Identity, think about age assurance. Imagine if your 13-year-old beat the age check for buying alcohol only 5% of the time. It is only about one weekend every six months. Happy with that?

How about on-line fraud? What if only 0.1% of people looking to invest are fraudulently robbed of their life savings annually? It is probably only 0.1% of the population trying to invest, so in NZ this is only 0.1% of 5,000 or only 5 people per year! Is that acceptable?

Would you accept 99%?

Summary

Identity is about people, and it should be driven by people:

1. people trust governments and organizations with their identity

2. people expect governments and organizations to manage their identity

3. people want utility

4. people expect solutions to be 100%

There are no technology imperatives in any of these propositions - technology flows from what people want from Identity.

What do you think?

Addendum - Fallacies

To highlight these propositions, here are some fallacies:

1. people don’t trust organizations so we must develop other solutions

2. governments are untrustworthy so we must remake the Identity world

3. people want full responsibility over their identity data

4. small steps in Identity will be fine, just make it a little bit better

Are these just some shame justifications to the right-handside in the graphic immediately above?

What do you think??

The Bottom Line

Identity development should be based on people and on our current Identity context.

Do you agree?

Regards

Alan