22 June 2018
Matt White

Matt White

Matt White - Finextra

85Posts 332,020Views 180Comments
Information Security

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...
A post relating to this item from Finextra:

A new approach to digital identity

03 December 2009  |  10932 views  |  2
David_Merker_GTC_2.jpg
The Global Trust Council is a non-profit organisation working with governments and businesses in a bid to create an international legal framework that will help protect digital identities.

Shaking up digital security

03 December 2009  |  5219 views  |  2

As Finextra community members are well aware, digital security is a hot topic of debate and there's little consensus out there. Enter the Global Trust Council, a non-profit that is proposing a serious shake-up of the way we conduct our digital lives.

It argues that we are forced to hand over far too much personal information when going about our digital day and this usually ends up on central databases that are expensive and unsafe.

The Council wants to replace this approach with one that sees the customer put in charge of their identities, using "relationships" for verification. The proposal would see each party choose the references (country you're from, mother's name, membership of clubs etc.) which they need to gain the right level of trust to interact digitally with another.

When requested, references are provided instantly and automatically, enabling identities to be checked in real time. Crucially, the customer keeps and manages the data, not the government, bank etc. Want to make a payment? No need to hand over your card details - just communicate with your bank, sharing information that identifies you that no other party can see.

When you enter into a transaction, an independent, blind, witness takes a snapshot of the moment the contract is agreed that can be stored and produced in the event of a legal dispute. The snapshot is an encrypted description of what the contract looks like 'digitally', not what the contract actually is, meaning it cannot be unencrypted to create a copy.

So, the promise is an interoperable system that improves security and privacy for the customer and removes the burden of cost and responsibility for governments and companies like banks.

The Council has already signed up the governments of Sweden and Switzerland to pilots and is talking to many more, including the UK's, while we're told news from some major banks can be expected fairly soon.

What do our security experts think of this approach?

TagsSecurityRetail banking

Comments: (2)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney 06 December, 2009, 06:39

The GTC is certainly saying the right things about privacy.  It is indeed all about putting users in control of the information that is revealed about them.  I very much like the stated focus on relationships (I've previously written about why relationships may be a more powerful way of thinking about "identity"). 

I'd now like to know more about GTC's technology intentions.  Do they plan to develop and promote an architecture?  Or a service?  Many user-centric identity management proposals in fact turn out to be centralist, and can lead inadvertently to new aggregations of identity data and behavioural metadata, threatening privacy after all.  The Microsoft Identity Metasystem for example turns many service providers into "identity issuers", and this changes the relationships they once had with their customers, in ways I don't think have yet been worked out.

I think it's important that users have the ability to reveal verified identifying details about themselves directly to each second party they're trying to strike up a new relationship with.  The recent ENISA discussion paper on eIDs and internet banking makes some valuable and progressive points about the potential for government issued ID cards to carry trusted attestations about the cardholders' details.

In the video interview, GTC's David Merkel does mention technology as an important part of the mix.  And the GTC stresses "interoperability" too.  At this stage it's hard to comment on the security of this approach, without being able to take a deep dive into the technology.  The GTC website so far focuses on policy and legal.  I look forward to hearing more about their technology vision, and the sorts of working groups one would expect will be formed.

 

Be the first to give this comment the thumbs up 0 thumb ups!
A Finextra member
A Finextra member 10 December, 2009, 07:48

"The Council wants to replace this approach with one that sees the customer put in charge of their identities,..

Crucially, the customer keeps and manages the data, not the government, bank etc. Want to make a payment? No need to hand over your card details - just communicate with your bank, sharing information that identifies you that no other party can see."

Decision makers in control. Brilliant. I like it already. How do I sign up?

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Latest posts from Matt

The future of fintech: Money2020 v BAI Retail Delivery

18 November 2014  |  6642 views  |  2 comments | recomends Recommends 0 TagsPaymentsInnovationGroupInnovation in Financial Services

Wonga bad, Zopa good?

06 June 2012  |  7770 views  |  3 comments | recomends Recommends 0 TagsRetail bankingGroupInnovation in Financial Services

f!?kberks

21 May 2012  |  5105 views  |  1 comments | recomends Recommends 1 TagsRetail bankingGroupCringeworthy marketing gallery

EBAday: a single migration end-date for Sepa?

16 June 2011  |  6127 views  |  0 comments | recomends Recommends 0 TagsPaymentsWholesale bankingGroupEBAday

EBAday: online payments - it's all about mobile

15 June 2011  |  6595 views  |  0 comments | recomends Recommends 0 TagsPaymentsGroupEBAday

Matt's profile

job title North America editor
location Toronto
member since 2007
Summary profile See full profile »
North America editor

Matt's expertise

Member since 2006
85 posts180 comments
What Matt reads

Who's commenting on Matt's posts