How do you trust someone you don’t know, can’t see, and isn’t actually in front of you?
That was the question raised in an article I read recently on establishing a system for trust in the digital world. It got me thinking about what’s missing from the modern marketplace that is challenging potential users like me to have a trusted relationship with service providers, such as my New York Times electronic-only subscription, when they don’t know me, can’t see me, and are not present when I make a transaction.
Most people of my generation remember when there was no internet. When you wanted information, you went to the corner store to buy a newspaper (with cash) or to the library. If you wanted to open a bank account, you walked into a local branch and presented multiple forms of ID, such as a paper Social Security card, a library card, and a utility bill with your address listed. Then you used a pen to sign some forms and got a carbon-copy receipt for proof of your transaction.
That might sound burdensome to younger readers, but consider that we’ve traded all of that manual access to information and money in the bank for online access based on our ability to manage hundreds of digital forms of identity and authentication – something which is also burdensome and unreliable. For me, these digital identification tools are in my possession only because I have the education and resources to have ubiquitous access to the internet and some tech-savvy people in my life to show me how things work. There are millions of people on the other side of the digital divide who can’t buy a newspaper or lack transportation to the library or a bank branch, so don’t have the manual access that I had 40 years ago to these same resources.
So far, there’s no solution for how a user like me can establish trust with a service provider when that service (called a relying party) does not know me, can’t see me, and isn’t present when I’m trying to access the service. What is missing is the connecting tissue to support that trust between two unknown (and untrusted) parties.
Someone who already has a relationship with me, and who knows something about me, could represent me to that service provider, if that service provider had some type of business relationship with that someone who knows me. That someone is considered a trust provider because they are in a position to assert that I am who I claim to be. That trust provider can do this for many people like me. A trust provider could be my bank, my employer, my local government or a Federal government entity like the U.S. Postal Service. The trust provider could establish terms to satisfy the needs of the service provider so that the service provider has greater confidence doing business with me, an unknown user. To automate the exchange of digital identity information about me, the trust provider could look for a digital identity service provider to bridge the information exchange between the user and the service provider.
A network is needed to enable this digital trust exchange between users and service providers on a larger scale. A network like this already exists and handles trillions of payments transactions per day between consumers and retailers and banks – it is our global payments network. Maybe we should begin by looking at this network and asking ourselves, why reinvent the wheel to solve this digital trust problem?