Years into the era of digital society, personal identity remains locked in a primitive state of crisis. Nothing is more fundamental than how a person proves their identity and yet with the odd exception the system for doing this is still based on paper documents - passports, driving licenses, birth certificates – that are easy to fake, steal or lose. As cybercriminals exploit the system’s slow implosion through a gamut of crimes from anonymous trolling to wholesale identity theft, it's as if the world has simply decided to put up with this pain for want of obvious alternatives.
This is surely about to change, joltingly so in fact, even if many have yet to twig as to the deeper implications of what is about to happen. Digital identity is on the edge of getting serious and nobody will escape the first ripples of change in the next half decade.
Large firms such as payment processors, banks and ecommerce firms have taken big stakes in the future of digital identity but, surprisingly perhaps, so have a small but revealing number of startups. This is where the story gets interesting because the role of startups in this industry could be absolutely crucial. Put broadly, big companies like to scale new technologies and then convince people to use this stuff because it’s already big. Of course they do – they see identity as the servant of their own commercial interests rather than the user’s. Startups and smaller firms, to wit, are forced to do things on a more human level, building from the bottom upon the basis of a popularity that history tells us often leads to more rapid change.
In digital identity, startups could be the best short-term hope of inventing a new system that people can actually use without tying themselves in conceptual knots or ending up caged a new elite of digital middle men.
Who are you? - an identity app called Yoti
Pitching a digital identity startup into this ferment still sounds like a hard job to pull off but that’s what London-based stealth startup Yoti has taken on. The firm’s big advantage since it was founded in 2014 is that it is still funded by two of its founders Robin Tombs (CEO) and Noel Hayden who made their money founding UK online bingo firm Gamesys in 2001, one of whose sub-brands was sold on for £425 million ($640 million) in 2015. (The third founder and investor is Duncan Francis.)
The team doesn’t rule out seeking funding elsewhere in future but so far they’ve put their own money on the line to build the company they believe can solve a big part of the digital identity puzzle.
The idea behind it is disarmingly simple, taking the path of least resistance for the end user. The user enrols for a digital identity named after the company – a ‘Yoti – using a smartphone app to take a picture of their biometric passport, capturing via NFC the cryptographic key inside the embedded chip that verifies the issuing Government’s private key. That proves the passport is real. The user then takes a selfie with the same app and facial recognition is used to score the passport and selfie images.
It’s based on the same technology that is used by passport systems to verify people when they enter rand leave countries and is similar in principle to a number of other systems already being developed for a range of identity-based applications. The difference with Yoti is that this identity is not a point solution to authenticate a transaction (MasterCard has taken developed in this direction) or event but an entire digital ID that can be used across a wide range of possibilities.
“It could be a login to a website, it could be corporate authentication used alongside something else,” shoots CEO Robin Tombs, before suggesting more radical ideas such as using Yoti’s simply to prove someone’s identity to a stranger they meet in the street, perhaps to buy a second-hand car.
“A lot of people are thinking about how they sort out [identity] for a business. That is useful for the business but it is painful for me,” he continues. “That is the wrong way – I should own my identity.”
It’s a subtle but critical point. Big firms want digital IDs to take off as a way of reducing the risk of fraud and cybercrime for themselves, just as governments want them for security reasons. But freed from corporate platforms, a radical digital ID would be free for anyone to use to their own advantage, as a way of verifying their identity on all sorts of contexts.
Intuitively, this feels right. Digital identities should be at the service of the people they represent. Doing it in the manner of current systems such as MasterCard, Facebook, Google and Amazon could end up with those IDs being trapped inside proprietary technologies. They will succeed to some extent but users will end up accumulating different identities to use different platforms. That defeats the whole point in the long term.
Tombs uses the example of someone trying to prove their age to enter a nightclub. Yoti’s smartphone application could be used by a clubber to transfer proof of age (and only that data) to the same app running on the smartphone of a bouncer. No big firm would offer such a feature because its financial value might be zero but an independent app such as Yoti can because it makes more people use the app, an end in itself.
If the app grows in popularity, Yoti makes money as a provider to the websites and companies integrating it into their operations. That is the business model in a nutshell – the app is free to the end user.
Data security? Is this a new point of weakness? “There is no way for Yoti to look into the user’s data or identify anyone,” says Tombs. “We have designed a black box. However, both the user and the partner will have a receipt.” The latter is necessary so that users can prove that an identity exchange was carried out.
Tombs recalls being inspired to solve the hassle of modern identity after attending an all-comers ironman event in the US where a long line of people were trying to prove their identity to cover legal bases.
“It was a pretty painful process. Nobody liked it. I went home with my two co-founders and we said that we needed to look into the tech on the smartphones and work out whether we could put identity onto a phone.”
The first hurdle is that despite the recent creep into the mainstream of digital identity systems such as passports, the initial barriers to entry are still technically high.
“People have found it a really difficult thing to solve. It is a graveyard,” quips Tombs.
Assuming Yoti’s engineers could vault those formidable hurdles they knew they would discover a secondary set of challenges beyond that in terms of integrating the complex security gubbins on which every identity system stands or falls. There could be absolutely no room for glitches here and any solution had to operate without exhausting the end user. Take too long to enrol or verify users and digital IDs quickly fail.
Yoti’s team persisted and still persist – the app is in selective beta right now and is not due to appear in a form a wider audience can test out before the summer of 2016.
Which providers might be interested in Yoti? According to Tombs, the firm has a number of trials the names of which remain confidential but key sectors will be nightclubs, classified ads, recruitment, fintech, payment processing, sports and ticketing, education, offline delivery, gaming, dating, charity and even councils.
It turns out that a lot of sectors have a challenging identity problem that needs an answer and there seem to be plenty of potential takers.
Who are you? How Yoti wants to solve the digital world's identity crisis
Yoti still has a lot to prove with the beta app key to all of this because it will prove that the idea works off paper. However, the technological enablers are falling into place.
“Smartphone ownership becoming ubiquitous. The quality of cameras in phones is going to improve. Quality of biometric services has been coming on significantly in the last two or three years,” says Tombs.
“It is sad to say it but the amount of security breaches when using user names and passwords has made it unceasingly clear that I [the user] can’t afford to have strong passwords because I can’t remember them. But if I have weak passwords I am open to being hacked.”
Tombs is spot on here. The future of passwords and usernames will be as authenticators at best (data I know) but not on their own. Multiple biometric data input will be required to actually authenticate human beings as real people. Yoti is simply one way of wrapping all of this up in a system built on whichever variables the system can be built to use with voice recognition mooted as the next stage after selfies.
“We always knew there was a chicken and egg effect here.” Winners in digital identity will need users to be taken seriously. But users will need big brands to make enrolment worthwhile. Which comes first and how fast will decide this market.
If only the large providers could see this beyond the ends of their noses. “The winners in this market will be those who are most consumer-centric.” Yoti has a chance.