Independent strategic and technical consultancy Consult Hyperion, is pleased to announce the following new appointments:
Victoria Saporta, BoE executive director for prudential supervision, has said recently that minimum resilience requirements should be required for the tech giants’ (and others’) hosting services, before they may process and store banking data. We strongly support these comments. We have identified this issue as one of a number of new risks arising from modern financial systems architecture, in recent Structured Risk Analyses that we have carried out for financial and retail organisations in North America, Asia-Pac and EMEA.
In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.
Today marks the 10th anniversary of Safer Internet Day in the UK. Each year Industry, Educators, Regulators, Health & Social Care workers and Parents rally to raise awareness and put into action, plans to tackle findings from significant research on the topic of trust and safety on the internet. This year one of the research pieces talks of the challenge ‘An Internet Young People Can Trust’. As a mum of two school age children, I am sat here wondering if the internet will ever be safe … for them or me.
If I think about life BC (before COVID), my eldest used social media for broadcast communications to her friends. She was guided on the appropriateness of certain apps and our acid test on the content she was posting, was always ‘would you go up to a stranger in the street and give him your name, age, location and a photo of you in a bikini’ … her reaction was always ‘err, no’. My youngest had never been online apart from BBC Bitesize for homework assignments. We’re not online gamers so have never had constant nagging to go online. Additionally, you have to remember the internet (and mobile internet) has been significant in my work world since 1990 so I have a heightened understanding of the pitfalls and have seen many fall foul of their online reputation, tarnishing their in-person reputation.
A couple of weeks ago I wrote a piece for our friends at Smartex; ‘Brexit and the UK Finance’s proposed £100 contactless limit’. Perhaps a title more worthy of grabbing readers would be ‘Will Brexit make stealing bank cards attractive again?’
The pandemic has accelerated consumer behaviour that has been teetering for the last decade. The desire for contact-free (and therefore contactless) transactions, has meant a significant trend in consumers becoming comfortable with tapping their cards and perhaps more interestingly, their phones (devices/wearables). We’ve seen merchants switch from hand scribbled ‘cash only’ signs, to ‘please use cards (devices etc) wherever possible’. Some stores have completely rejected cash altogether.
At the (sadly, virtual) Fintech South event the year, I was asked to chair a discussion on identity and privacy with three extremely well-qualified experts who had informed perspectives on the state of, and trends in, those important pillars of a digital society. These were Adam Gunther (SVP, Digital Identity for Equifax), Andrew Gowasack (Co-Founder and President at TrustStamp) and Megan Heinze (President, Financial Institutions, North America for IDEMIA). It was great to talk to a group of people who were not only well-informed on these topics but had some passion for them too.
I won’t go over everything that was discussed, but I do want to pick up on a comment that was made in passing when I was chatting to the panelists: someone said that a guiding principle should be “no scary systems”. Hear hear! But what is a scary system? It is, in my opinion, a system that privileges security over privacy. This is not how we should be designing the identity systems for the 21st century!
When consumers install software on their devices, they often perform some sort of risk evaluation, even if they don’t consciously realise it. They might consider who provides the software, whether it is from an app-store, what social media says, and whether they have seen any reviews. But what if once a piece of software had been installed, the goalposts moved, and something that was a genuine software tool at the time of installation turned into a piece of malware overnight.
This is what happened to approximately 300,000 active users of Chrome ad blocking extension Nano Adblocker. You see, at the beginning of October, the developer of Nano Adblocker sold it to another developer who promptly deployed malware into it that issued likes to hundreds of Instagram posts without user interaction. There is some suspicion that it may have also been uploading session cookies.
What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.
The rise of facial recognition technology and the erosion of privacy
In the 2002 movie Minority Report, Tom Cruise’s character has his eyes surgically replaced so he can avoid being identified by the all-pervasive retina scanning system that the state uses to track people… and of course, uses to show targeted ads to people. This is a rather dystopian view of the broad application of biometrics technology. However, judging by a lawsuit targeting Macy’s for their use of Clearview AI’s facial recognition technology in their stores, it seems that staying anonymous in the bricks and mortar world is becoming a little more like the movie. Whilst you may not require surgery, you may soon require something akin to glasses and a fake beard to avoid being tracked. The issue here is that Clearview AI has been scraping images from publicly viewable sources on the web for a while, enabling them to create a database of facial biometrics against which to match captured facial images. Amongst the sources of this data are Facebook, Twitter, LinkedIn, YouTube and Vimeo, with some of these companies having sent cease and desist letters to Clearview AI for breach of their terms of service. The aim it seems is for Clearview AI to create a one-to-many facial recognition solution that can identify an individual from only an image of their face from anyone who is in a photo or video on the web. Based on a report on Buzzfeed, they were working with over 2000 companies as of February 2020, and they are probably not alone, so perhaps we should be concerned.