Our digital world is increasingly unsafe. Digital scams are increasing all the time, taking advantage of vulnerable citizens as well as some of our most prominent organisations. A report by McAfee puts this into perspective: the annual cost of cybercrime is now US$600 billion – a massive 0.8 percent of global GDP, up from US$445 billion in 2014.
Having personal data lost or stolen has become so common that people almost view it as inevitable. And as new technologies, like autonomous vehicles and devices, enter the mainstream, they’ll doubtless bring with them new digital threats.
We need to address these threats more actively. What can we do?
Government is in a unique position to create the structures that can protect us from new digital threats. I believe there are three areas where they need to focus their efforts:
- Digital identity – a government-sponsored digital identity to strengthen trust in the digital world
- Digital security services – a national framework to define how we should protect our digital assets
- Digital police force – new policing structures to patrol the digital world.
Perhaps the most important of these is a digital identity. In the non-digital world, we rely on government-issued identity – like a passport or driver’s licence – to prove who we are. But there’s currently no digital equivalent in Australia.
A government-sponsored digital identity would provide the foundation for how we identify ourselves in the digital world. That would boost trust in the digital community and create efficiencies by avoiding complex Know Your Customer (KYC) processes. The identity doesn’t need to be owned by government – but government can and should be the trusted authority of digital identity.
Why should we trust a government-sponsored digital identity? Two good reasons. Government departments already issue documents that are the foundations of our identities. And government can be trusted not to exploit citizens’ identity data, whereas commercial entities are not under the same obligation to protect personal information.
Government needs to be careful not to compromise this trust. So, for example, where a citizen interacts with their bank through a digital identity, government should not use that information for tax reasons. Government can discover compliance information without needing to rely on any implicit knowledge of the use of identity. After all, that’s what happens today. We use government-provided IDs to prove who we are, but government doesn’t have to be involved.
Using a government-sponsored identity to support interactions in the digital world would also help reduce our exposure to scams (provided there are systemic changes in technology that leverage the digital identity). For example, we could automatically block emails from people who don’t provide their digital identity. The use of a strong identity would also improve platform business models (which rely on peer-to-peer trust): we could make sure that the people we dealt with were both real and known.
A trusted government-issued identity would also improve business efficiency. Rather than each organisation having to execute its own process for KYC, they could rely on a government-issued identity. Second, the commercial risk associated with dealing with an unknown customer would be reduced with a stronger foundation in place for the identity of the person or business in question.
What about keeping a balance between privacy and trust? For a trusted relationship to be established, we have to prove our identity. But providing that identity compromises our privacy.
There are ways to address this, such as techniques like Zero Knowledge Proof (ZKP) which allow us to avoid sharing our identity while still providing confidence in who we are. The question is: how do we want to shape our online world? Do we want more trust built-in, or the freedom of privacy and anonymity? What sort of online world do we want?
I’d be interested in hearing your views. Please get in touch.