This is a new identity newsletter from my Kiwi friend Alan Mayo - it’s the start of a journey he is embarking on talking about Identity 2.5. …. wait what? … 2.5?
Don’t fret - I’m not going to steal Alan’s thunder and get into what ‘2.5’ is - but Alan and I have had enough conversations for me to know that if you have an interest in identity - this short series is going to be well worth your time and his 2.5 solution is really rather clever.
“This is about Identity, not Digital Identity.”
And no - that is not code for the newsletter being deeply philosophical - exploring the Id etc … but rather recognizing the challenge that most tech conversation is about digital identity and essentially ignores ‘real world’ identity … and this is true even if the blockchain does finally solve identity.
Let’s assume that we crack ‘digital identity’ - and in case you don’t know - we are a long way off that - but stick with me - ‘when’ it is solved what happens when you (say) catch a plane, phone a call center, walk into a store, visit a bank, get a mortgage … then what?
If you have explored these scenarios, you already know that it’s a mess and digital identity is not going to solve for those scenarios - except by morphing the real and digital worlds. Beyond that, ‘real world identity’ is
- across industries and markets
- across multiple organizations
- even in a single organization
… which typically means that organizations have to create - and support - multiple workflows and systems.
A Gas Company Call Center
A certain Gas company in Southern California has a ‘call center’ security level that goes as follows …
- I tell them ‘my’ name … any name
- To validate who I am … I have to tell them ‘my’ address
That’s it. At that point I am free to meddle with that account as much as I like.
How do I know this? Because I have done that three times in the past week. THREE times. I am not asked for ‘social’ - though why that is ever considered secure in this day and age is beyond me. The number I call from is detected at their end - and it is NOT the phone number they have on the record for that account. That doesn’t matter. No secret questions were asked. No texts sent to the number on record.
Full disclosure - I did this for a friend who was traveling and had full knowledge and permission from him (the account holder). Why? Because it was a simple issue that needed to be resolved. BUT had I used my real name I wouldn’t have even been able to have a conversation - because my information wouldn’t have correlated.
Bottom line however - if you find anyone else’s gas bill you could play havoc.
I wrote a piece recently called An Afternoon With Kafka
It was meant to be a fun piece describing the trials and tribulations of renewing my US drivers license. In the end I got my license.
Key point … the official address they have on record for me required me to prove my identity by providing third party utility bills. BUT, that address is up in Northern California - and I am currently in SOUTHERN California - so I asked if they could send my license to a local SoCal address.
No problem …. it was done - BUT - in DMVland, what that means is that my US Drivers license now has that temporary, non official address on it and I did not have to prove it was connected to me.
I was asked recently to show my license to ‘prove my identity’. I ignored the oxymoron, showed them my license and they dutifully wrote down the address. On that occasion, it made no difference - but what happens if that address was important?
Most people would look at the ‘official government doc’ and take it at face value.
Identity is clearly a mess.
Ok - that’s it - do please subscribe.