You see it outside of bars, restaurants, and theaters: A car pulls up, and a potential passenger opens the door, ducks her head inside, and says: “Are you Jim?” Or, “Are you here for Jen?”
“Yes,” the driver says. And the passenger climbs in. The vehicle drives away.
Most of the time, the passenger arrives at her destination without incident. But as ridesharing has grown in popularity, the number of fake drivers has increased as well. Sometimes, tragedy has ensued. In recent years, fake drivers have attacked at least two dozen people in publicly-reported incidents, and one allegedly murdered a college student in April.
Ridesharing isn’t the only arena where potentially dangerous strangers have begun entering our lives. The broader “gig” economy—in which strangers do critical tasks like deliver your food order through DoorDash or run errands through TaskRabbit—frequently allows unknown people into your home. And you may meet strangers through online classifieds like Craigslist or Facebook Marketplace, or dating apps like Tinder, Bumble, and Grindr. But there’s no way to verify you’re meeting the same person you previously messaged.
Some companies are developing mechanisms to protect users. Lyft encourages people to check a car’s license plate number and verify that the driver matches their in-app photo before entering the vehicle. The app also recommends that people ask basic questions—who a driver is picking up, for instance—instead of volunteering that information.
But these fixes don’t go far enough. They place too much burden on customers. In reality, consumers rarely trade away convenience for security. It’s also difficult to apply such tactics to the larger gig economy. You can ask a DoorDash delivery person’s name through a closed door, but people currently have no other easy way to authenticate them in the few minutes between an order and delivery.
This is a problem uniquely born from technology—and a problem technology can solve. Here are some specific things that app companies and the broader tech ecosystem must do:
1. Accept that platform and app companies are responsible for protecting customers
The burden of safety has to fall on the companies creating these apps. It’s the industry’s responsibility.
When security becomes inconvenient, people typically find workarounds that compromise that security. That’s almost surely what will happen if people have to check license plates or match a photo ID to a face. For example, what happens when people have to change a bundle of passwords every week? We may write them down on a sheet of paper and stick it to the bottom of our keyboards.
As for safety-related notifications, too many of them can create “security fatigue” and desensitize people to the risks they face. Consumers tend to avoid doing more work, and will generally assume the apps they use are safe.
2. Create a new kind of verification with two factors
We’re all familiar with two-factor authentication, in which our phones receive a code verifying we are who we say we are. The implication is that passwords don’t work and are easy to guess. Just as passwords aren’t enough, jumping into a random car on a certain street corner is clearly not safe.
We need to meet consumers where they are. We need some sort of two-factor verification technology that follows the same familiar pattern as two-factor authentication but doesn’t put any extra burden on customers. This technology must be able to verify the other party before we give up our personal safety.
3. Use cryptography and mobile technology
A host of mobile technologies can make verification seamless. Near-field communication, Bluetooth, and Wi-Fi Direct allow phones to communicate securely. Cryptography ensures each device belongs to the right person, with a digital signature that can’t be altered in transit.
The end result is a quick, easy confirmation that the person you’re looking at is the person they say they are, and it’s conveniently verified in the app you’re already using. When the driver, delivery person, or date arrives, the app automatically notifies you that their identity is confirmed. Consumers need a simple process that reassures them that it’s safe to enter a stranger’s car or open their door to someone they don’t know.
With each added layer of security, more people might be inclined to trust services like ridesharing, mobile delivery, and online dating. If every company builds two-factor verification into their apps, people will quickly come to rely on it, and they’ll hesitate to open their door or get in a car if the other person’s identity isn’t confirmed.
It’s time for the founders and executives behind ridesharing, gig economy, and dating apps to take responsibility and add convenient safety to their services.
I’m an investor in a company called Powch, a company that aims to integrate greater safety and security into popular apps in a way that doesn’t sacrifice convenience and asks little from users. By using each person’s phone as a unique identifier, Powch—which is expected to formally launch in late 2019—can give people all the benefits of these gig economy services without any of the anxiety over their safety.
No one should have to sacrifice their personal safety for convenience. But companies in the digital economy have been punting the issue back to customers for far too long.
Essam (Sam) Abadir is an inventor, investor, and expert in IoT and AI. He is managing partner of Aspire Ventures.