Written by [Dave Birch] It’s hard to validate — I mean really, really validate — someone’s real identity in a transaction. By “hard”, of course, I also mean “expensive”. That’s why transaction mechanisms that don’t validate real identity (eg, credit cards) are easy to use and cost-effective. Luckily, we don’t often really need actual identity validated to conduct a transaction. What we need is reasonable assurance that the parties to a transaction are authorised. So, when you are conceptually carded, it should be to see that you are over 21 (or whatever), not who you are. There’s a big difference. Over time, the credentials that are being presented begin to acquire a history, a reputation if you like. Once can certainly envisage markets in which transactions depend on that reputation: not “snapshot” credentials or identity no matter how well validated.The thing is that proving our actual identity is a special case: in almost all of the transactions we take part in every day, our real identity is immaterial. It is generally used a proxy for some other credential — you’re an employee, you’re allowed to park here — because it’s the key that’s used to look up that credential in a database of some description. Now, if it is possible to carry that credential around with you in a token capable of supporting a reasonable degree of authentication, then not only do we have a more secure system overall, we also have a much cheaper system (since we don’t need to manage or control the proxy database).
This is why we should try and change the paradigm around identity management. Many people still think in terms of people proving who they are to log on to a web site rather than what they are: British, over 18, an eBayer with more than 100 stars and so on. The latter example indicates why I’m curious about the potential for paradigm shift. When I buy things on eBay, I don’t care who people are, I care about their stars. It’s a reputation economy.
I remember writing about this in the past, using the emergence of stock markets as an example. The first modern stock market began in Amsterdam back in the seventeenth century. One of the interesting lessons from that time is that the courts had no mechanism for dealing with the transactions that were being undertaken: the contracts could not be enforced in court. Yet the market grew and traders began to experiment with new instruments. This market worked because contracts were self-enforcing with the group and the means of enforcement was reputation. As Adam Smith noted later that century in the UK, “when a person makes 20 contracts in a day, he cannot gain some much by endeavouring to impose on his neighbours, as the very appearance of a cheat would make him lose”. Much like eBay today, a trader’s reputation was the basis of their earning power and a low-overhead enforcement mechanism for the community. Systems based on reputation do seem to work, although without the “security infrastructure” they are open to abuse. They are also open to non-technological abuse, if you see what I mean (authors recommending each other’s books and that sort of thing) which is another topic in its own right.
At a personal level, reputation is a good basis for competitive advantage. For one thing, it’s long-lasting. It’s hard to forge a useful reputation — not that people haven’t succeeded: remember Frank Abagnale and the movie Catch Me If You Can — and difficult to buy one. When I’m calling a plumber, I’d be much happier choosing one with lots of stars: thus, the plumber’s livelihood depends on having the stars and (the subject for another post sometime) taking away stars might be a more effective form of sanction than taking away some money. If plumbers, policemen and everyone else had tokens that could give up (and verify) credentials, then it seems to me that many business models would be changed.
Imagine going to buy a car and having the dealer’s “stars” verified by your own ID card, phone or PDA at the same time as the dealer is verifying your “stars” from the bank.
Creating a security infrastructure that means that the eBay stars and the plumber’s recommendations can be audited and confirmed to be “real” therefore creates a platform for efficient transactions.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
Or are you pressing for a system which gives the incumbents an advantage, offers a field day for libel lawyers, block rehabilitation of offenders and automates malicious undermining by unscrupulous competitors?
This could also be a field-day for libel lawyers, automation of malicious rumour by unscrupulous competitors, and way to stifle new business by giving an advantage to the incumbents. How to balance the 50 ‘good’s from those who think you’re nice but have no idea about plumbing from the one job when the pipes burst just after you left?