matteo-rizzi-about-privacy

Identity & Privacy for dummies

I never realized that 1.4 B people in this world don’t have any proof of identity, at all.

It’s incredible how something that looks so mindless, like showing your passport or simply being able to prove in real life that you are who you say you are, is actually impossible in other parts of the world.
We “lucky” guys in the developed world (using the commas on purpose) we have other problems : we are the constant target of many big companies, brands, organisations tracking our data and – in most cases – using then without our knowledge or consent.
Interesting enough, data protection (I mean the lack of)  is concerning a HUGE chunk of the population (7 out of 10 Britons, just to report the fastest data you can retrieve on Google – talking about data again :)) but not many of us know :
1) to which extent we can do something about it,
2) what are the real consequences,
3) what how deep and vaste is the amount of data “someone” has on us and many other basic questions.
Identity and Privacy goes hand in hand, in this hyper digitalised world.
WhatsApp made a big move, recently, disclosing the phone numbers to Facebook.
What happened ?
  1. we agreed to the n+1 Terms and Conditions we never read,
  2. few of us unchecked the box on WhatsApp settings allowing that data transfer to happen,
  3. few of us canceled WhatsApp from their phone (I know at least one of them and will probably read this post)
Truth is : and so what ?
WhatsApp has our numbers anyway, Facebook owns WhatsApp anyway, are are absolutely positive that this data porting won’t happen in any case ?
I am not.
Not even sure I have the means to detect it and even the day I will be vaguely suspicious, what weapons would I dispose (admitting I will have the perseverance to get to the bottom of it ?) ?
Our dear European Community came to play in this space, with the GDPR Regulation.
By May 25th, 2018, every corporate in the EU holding the smallest piece of your data will be not only obliged to give it back to you if you request it, but also demand an explicit consent if and when they need to use these data of yours for whatever purpose.
This brings to live a super interesting economic puzzle, because :
  • technically speaking, this is not a piece of cake, as the majority of the large stakeholders of our data were not specifically equipped to this
  • the costs related to this compliance measure have to be absorbed by the industry, and you can bet they will need to find a way to monetise that big shift they are enforced to implement
  • some of our data are extremely sensitive (heath data, financial data, medical records, etc) and their leakage (if now all of us become owners of our own data) can be potentially even more dangerous
I have been fortunate enough, recently, to work a bit in this space, curiously catching up with a number of great minds that back in 2009 worked together what we called at SWIFT, within Innotribe, the Digital Asset Grid (one of the coolest code names of a project ever, if you ask me).
Back then, the goal was to create a fully distributed, consent based personal data store empowering the individual to become the center of its own data world, and releasing the appropriate subset of these data to a counterpart that would have to ask an explicit authorisation to use/see the data.
Think of it : something that happens a lot in the US is to get ID verified before entering a club, to make sure you are over 18 (or 21) and are allowed to be served alcohol.
We, old guys, sometimes get ID’ed as well and we are so vey proud of it, it happened to most of us, but…WHY do I need to show my ID to demonstrate I am over 21 ?
In my ID, or passport, there are a number of details that are completely unnecessary to that verification. The only thing I need to prove in this case is that I am over 21.
SO why show also my date of birth, my nationality, my address, etc. ?
This is a very simple example of the un-matched offer and demand of data, related to a specific purpose.
I will write more about this subject, for the moment just letting you guys know (with my own words) why this matters to all of us.
The topic is incredibly vaste and articulate, as you can imagine with different problematics varying on geographies and business purposes.
What I can say, already, is that identity and privacy eco-system is gearing up in terms of nation-wide identity programs, startups entering the space, capital poured into technologies, and infrastructure innovations.
I almost managed to write the whole post without mentioning blockchain, but the time has come now : you cannot deal with identity and related data at scale without a distributed database (which is what most of distributed ledgers applications are, in simple words).
The technology exists for a while already, but it has finally reached a mainstream tipping point where truly scalable solutions can be implemented without the CIOs of the large organisations going out of their minds.
Beside the last maybe cryptical paragraph, I hope I achieved the objective of putting simple words around what I believe is going to take a good chunk of my time and brain cells going forward.
Stay tuned
Matteo

2 thoughts on “Identity & Privacy for dummies

Leave a Reply

Your email address will not be published. Required fields are marked *