Over a coffee a few weeks ago with a banker, she commented on the poor tools used to validate bank customer identities. I then told her about a column I had written two years ago on identity verification and which I will review here since what I said back then still applies.
In today's digital world and planet that can be traversed by air in 24 hours by commercial planes, there are many challenges in validating identities. I personally believe that the next 20 years are going to see even more pressure on validating identities as human clones come into existence.
In the past, much identity validation could be done based on someone attesting for you. This is the foundation upon which notary acts and notaries are based. In the digital world, I believe that digital notaries will become common place over the next decade. For many legal and commercial transactions, having a person attest that you are who you are is enough. But, this doesn't cover what is coming at us in the future.
As human cloning comes onto our radar screens along with genetic engineering, I predict that there will be many new situations arising for which our existing identity validation techniques will not suffice. It will become a necessity in many situations to biologically validate one identity from another.
Whether you agree with me or not, then there is the existing poor identity validation tools in place that the banker I had coffee with referred to. She was referring to the driver's licenses, birth certificates and passports they currently use.
All of these identity validation techniques use paper. It is not hard to get a SSN/SIN number and then to get a driver's license and then to get a passport for a person who is not the real identity presenting themselves at the government counters. The pieces of paper they issue don't really validate the person biologically presenting themselves. Instead, they are weak forms of attestation that an identity is whom they claim to be. In turn, financial institutions then rely upon these pieces of paper as ways of legally defining their customers.
Add to this the current situation of people searching your identity online. In today's world, you have no idea when your name is searched online. This works for many legal and marketing companies but it erodes an identity's privacy. How can an identity preserve their privacy in today's world?
I can see the general direction of the answer. In my paper "The Challenges With Identity Verification" I laid out a general plan to take DNA samples from an identity when they are born. This would be digitally stored in a central birth, name and death registry. Next, I said that anyone doing a name search would require the identity's permission to do so (with some judicially approved exceptions). This would then bring the identity some form of privacy that they don't have now.
Many people took issue with my paper. They said it was "big brother". The fact that your DNA is falling off you every second didn't persuade folks from arguing what would the government do with this?
Others made more valuable points. Some pointed out that DNA wasn't enough to differentiate identical twins. Others pointed out that DNA techniques were not 100% effective in differentiating identities.
Sir Alex Jeffries, the founder of DNA analysis for identifying humans, agreed with my general strategy.
I am not an expert but I can see the future. It involves using biologically determinants taken when an identity is born and then using best science to create a digital national and international birth, name and death registry with strict restrictions over who can do a search on you. Something that today is not hard to do and over which you the identity have no control.
This registry then becomes the foundation upon which other government credentials are issued.
Then new laws need to be created over the use, storage and retention of biometrical authentication used elsewhere in the workplace and for entrance to logical and physical areas. There are few laws in existence today that protect an identity. How do you know that a biometric finger scan you gave seven years ago, is destroyed after you left your employer? What legal safeguards do you have to protect you?
The world is dramatically changing. Our methods of identity validation also need to evolve.