“You have zero privacy,” Scott McNealy, CEO of then-mighty Sun Microsystems famously said back in 1999, “Get over it.” His words have echoed through the subsequent two decades, too often seeming prescient, as just about everyone began oversharing on social media and personal data-based ad targeting became routine. Now a fatalism has set in among consumers about what companies know about us and how much data is escaping our control.
But even as McNealy uttered those notorious words, many others in the tech industry were working to prove him wrong. Now an entire industry sector has emerged to help companies manage all the consumer data. It goes by the acronym CIAM, for Consumer Identity and Access Management. But its focus has been more on the problems faced by business than on the desire of consumers to see their information protected.
Andrew Nash, who has the very modern title of managing vice president of identity services at banking giant Capital One, explains the challenges that have emerged: “The way it works now involves consumers spending an inordinate amount of time typing in their information and interacting with a company’s front end. On the back end, there is a virtual hallway of private rooms where deals are done and third parties share consumer data without consistent, informed consent.”
Nash calls himself a member of the “identerati,” a clan of identity-obsessed innovators who have been working at the crossroads of identity and technology for decades, through projects including OpenID, the Liberty Alliance, and many others. His tribe has learned the hard way just how complicated it all is. Capital One bought Nash’s startup Confyrm last year. He previously served as director of identity services at Google, and senior director of consumer identity at PayPal.
While the management of digital identity information still faces philosophical and technical challenges, the battle to help consumers regain control has made real progress. And we urgently need it.
“It’s time to resurrect our original vision so the focus on identity for people, not ‘user accounts,’ can make a return,” Nash says in an interview. “All the original tenets we had starting 15 years ago were about how consumers can get control over their own information. But all we ended up doing was getting better at managing accounts and consumer activity within enterprises.” When you log in to Facebook or Google, for instance, you are using the OpenID technology. “But the original concept,” Nash said at the Techonomy conference, was “for every consumer…to be in control of their own identity and manage it directly.”
He is among many identerati who have not abandoned that ideal, and now believes a bank like Capital One, with its strong tech orientation, may be in the ideal position to make progress. “We’re back on an upswing,” he says, “We can move the ball forward.”
Today we have to give up enormous amounts of information about ourselves in order to use the essential services of daily life, more and more of which are digital. That includes social networks, ecommerce, apps for transportation and other daily activities, email and messaging, among many others.
Right now, all kinds of ideas are emerging for how ordinary individuals might regain control of their information. Tim Berners-Lee, the inventor of the World Wide Web, is putting his efforts into a project called Solid, which he calls a “seriously needed course correction” for the web he invented. Solid aims to put people, not companies, at the center of control online, and is, Berners-Lee said at the Techonomy conference last November, “driven by the belief that you should control your data.” That means not just your name, address, phone number, and social security number, he said, but also all your photos, what you do in social networks, and lots more. Meanwhile, many advocates of blockchain, the distributed database approach that emerged alongside Bitcoin, say that systems based on that technology will be the best way to give people control of their information.
The ultimate identity solutions will require more than just good technology. Whatever technology ends up getting employed, it will need to be under the management of an institution you trust. Banks, Nash says, can play a critical role. “You already trust a financial institution with your money. It’s highly regulated.”
Nash dismisses the notion that tech alone will be a cure-all, a notion many blockchain partisans cherish. “You will need a mix of ecosystem and tech to make it work,” he says. And Capital One is a unique institution, in his view. “We have a set of cultural norms around tech for good,” he says. And outsiders concur that the bank is uniquely tech-savvy. “Capital One is positioning itself to become the Amazon of banking more than any other big bank,” Ron Shevlin, director of research at Cornerstone Advisors, told American Banker not long ago.
There are innumerable areas where we will need to parcel out our data and feel good about it. Figuring out how to manage that world will require subtlety and deftness. And as 5G emerges, the internet of things is about to get really big.
Capital One is already piloting a system in which it would, in effect, offer businesses the mechanisms to verify customers, with their consent, so that many easy-to-use new services designed for the digital, mobile era, can be made available. It is operating with the thesis that solving the identity problem will spur digital commerce while protecting the interests of the people.
In the end, Nash and his colleagues at Capital One believe banks could be your best ally for managing identity. In the system he envisions, you will decide when your information is exchanged for access to the goods and services you want.