The price of freedom
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
There is too much confusion over who "owns" an individual's identity, says Information Age's editor Kenny MacIver.
There can hardly be a clearer justification for investing in technology: companies are coming under increasing pressure from partners and customers to make interactions as smooth and painless as possible; meanwhile, survey after survey shows that security fears are deterring people from online transactions.
What is often missed by security professionals – a group justifiably concerned at the current state of affairs – is that these threats also present an opportunity: when customers feel more secure, they are more likely to use online services and spend money.
But while it is easy to get hung up on business cases or technology preferences, it is easy to overlook some simple, but fundamental issues: Who should pay for security? And, who should manage it?
If an organisation implements security to protect the individual consumer, logic might suggest that the consumer should pay for it. Common sense dictates otherwise: It would be a brave bank that holds its customers responsible for having their account “phished”.
That economic model becomes even more complex when looking at multi-partner relationships. Every participant needs mutual security to create a trusting relationship that benefits all parties. Are all costs shared equally? And who is liable in the event of an expensive breach?
Using a third party to federate identities across different companies and channels might help alleviate some of these problems. But this is a major undertaking for all involved. The system must be able to deal with the many different facets to an individual’s contextual identities – as an employee, a private individual and a family member, to name just some examples – and also with permissions for the access rights they are granted to third-party systems.
Some technology vendors are promising to build an “identity metasystem” – Microsoft’s Infocard system is one – which puts the individual in control of the management of their many different digital identities. With so many options for securing identities, the likelihood of a single agreed system prevailing appears slim. But this type of advance gives hope that control over an individual’s identity might lie not with fraudsters, banks, service providers or security vendors, but with the person to whom it ultimately belongs.
