Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Pandora | Email | TuneIn | Deezer | RSS | More

Let’s talk about digital identity with Colin Wallis, Executive Director of Kantara Initiative, and Charlie Harry Smith, Political Theorist at the Oxford Internet Institute.

In episode 44, we shake things up with a fireside chat format. Colin and Charlie begin by discussing: “Is digital identity for citizens a commodity?”. From their different backgrounds in identity – Colin’s tenure as Kantara’s Executive Director, and Charlie’s work as a political theorist – they explore multiple considerations, including user experience, the role of private organisations in shaping citizen (or resident) identity and how to ensure adoption. As both are currently UK-based, they use the UK government’s historical and future plans around digital identity for context, as well as examples from other countries like New Zealand and the US.

[Scroll down for transcript]

“[Digital identity] can be delivered effectively, securely, and in a way that’s lovely to look at as well. That’s an exciting thing and it’s an exciting time to be in this industry.”

Colin Wallis headshot

Colin Wallis

Colin Wallis is the Executive Director of the Kantara Initiative – the international industry association globally acknowledged for its ethos of no barriers to participation. Kantara is most recognised as a Trust Framework Operator of conformity assessment and Trust Marked schemes for digital Identity, Credential and Consent Management Service Providers.

Colin develops and executes the Kantara Initiative’s strategic plan in concert with the Board and Leadership Council, driving the organisation forward on a broad front with the financial support of private, public sector and individual members from every region of the world and the assistance of a dedicated band of expert volunteers. Colin’s work has been recognised by being named one of the Top 100 Influencers in Identity by independent research company One World Identity.

Find Colin on LinkedIn and on Twitter @KantaraColin. Find out more about Kantara at kantarainitiative.org and www.kantarainitiative.eu. This is Colin’s second appearance on LTADI – find his first episode at www.ubisecure.com/podcast/kantara-colin-wallis/.

Charlie Harry Smith

Charlie Harry Smith

Charlie Harry Smith is a political theorist pursuing a doctoral degree at the Oxford Internet Institute, part of the University of Oxford. In particular, his research considers the normative and theoretical issues surrounding digital governments and the ongoing development of federated identity systems in the UK.

Alongside his research, Charlie regularly consults on digital identity projects. He handles social media monitoring for the Open Identity Exchange and, most recently, has worked with the Digital Equity Association to bring the SMART Africa Trust Alliance – an ambitious cross-continental federated identity scheme – to the pilot project stage.

Find Charlie on LinkedIn, Twitter @charliehrysmith, and on his website – www.chsmith.co.uk.

We’ll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!

­Go to our YouTube to watch the video transcript for this episode.

Let's Talk About Digital Identity
Let's Talk About Digital Identity
Ubisecure

The podcast connecting identity and business. Each episode features an in-depth conversation with an identity management leader, focusing on industry hot topics and stories. Join Oscar Santolalla and his special guests as they discuss what’s current and what’s next for digital identity. Produced by Ubisecure.

Apple PodcastsSpotifyAndroidPandoraBlubrryby EmailTuneInDeezerRSS

 

Podcast transcript

Let’s Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla.

Oscar Santolalla: Hello, and thanks for joining this episode which is going to be quite a different format. First of all, we’ll have two guests. Both are based in the UK, but also the format is going to be more free, so there’s going to be a sort of fireside chat. And so, let me introduce you my guests today.

My first guest today is coming for the second time – Colin Wallis. He is the Executive Director of the Kantara Initiative – the international industry association globally acknowledged for its ethos of no barriers to participation. Kantara is most recognised as a Trust Framework Operator of conformity assessment, and Trust Marked schemes for digital Identity, credential, and Consent Management Service Providers.

Colin develops and executes the Kantara Initiative’s strategic plan in concert with the Board and Leadership Council, driving the organisation forward on a broad front with the financial support of private, public sector and individual members from every region of the world and the assistance of a dedicated band of expert volunteers. Colin’s work has been recognised by being named one of the Top 100 Influencers in Identity by independent research company, One World Identity.

Hello, Colin.

Colin Wallis: Hi there, Oscar. Hello, everybody.

Oscar: Nice having you again, Colin.

Colin: Yes.

Oscar: And my second guest today is Charlie Harry Smith. He is a political theorist pursuing a doctoral degree at the Oxford Internet Institute, part of the University of Oxford. In particular, his research considers the normative and theoretical issues surrounding digital government and the ongoing development of federated identity systems in the UK.

Alongside his research, Charlie regularly consults on digital identity projects. He handles social media monitoring for the Open Identity Exchange and, most recently, has worked with the Digital Equity Association to bring the SMART Africa Trust Alliance, an ambitious cross-continental federated identity scheme, to the pilot project stage.

Hi, Charlie.

Charlie: Hi, Oscar. Thank you for having me.

Oscar: Yeah, it’s a pleasure having you. And, well, nice. I have to say that this fireside chat we’ll have today started actually from Twitter, from social media. There was some short discussion there, which we decided to contact you and bring you to hear your voices in some of the topics related to that. So I will just let you talk. But I will just shoot the first question for you and you continue with this conversation. Feel free to talk in this chat we’re going to have today. So the first question is, is digital identity for citizens a commodity?

Colin: Yeah. So this was the subject of our Twitter exchange, wasn’t it Charlie, if I recall?

Charlie: Yeah. It was quite fun to get into it with you, actually. And I’m glad we have a bit more of an opportunity now to explore a bit more, I suppose.

Colin: Well, that’s right. And the interesting sort of triangulation here, of course, is that you were reacting to a tweet from Ubisecure. So, we should have realised then when we started off on this, that it would end badly like having a podcast. [Laughter] Yeah, so interesting. Now, let me just think back because it was – as Ubisecure was sort of talking around commoditisation and you reacted to that in a certain way in the tweet saying, “Is it really a commodity, what about user experience?” Wasn’t it? Something it was along those lines, yeah?

Charlie: Yeah, I think sort of what I was wondering is, is thinking about identity as a commodity really the best way of going about it? And I think maybe what’s motivating my question there is whenever you start talking about something like a commodity, that kind of affects the way you talk about distributing that good. And I think clearly, with a commodity system, you’re talking about marketplaces, really. And so I think this links into kind of wider questions about whether marketplaces are the best way to distribute things like identities to people.

In this instance, I think we were particularly talking about governmental identity, which is one of the ones where I think there’s an interesting question there. I think about whether governmental identity, which is possibly one of the most sensitive kinds of digital identity you can have, you know, about whether that should be distributed through a market or not? Yeah, I guess that’s where we started, wasn’t it?

Colin: Yeah, it was. Yes. And that was – I think it was Ubisecure’s comment that it was a commodity and you questioned that and I pushed back I think in saying “Well…” (or not push back exactly) but I was trying to really interpret what Ubisecure was getting at. And my take on it was that it was ubiquitous that they were trying to get to a point where identity was, as important as it is, digital identity is exceptionally important for trade and so on, on the internet.

But should it be something that folks have to actively think about, rather than, you know, because when you’re in an online digital situation, you’re looking for a service. Identity can seem to be a challenge, a barrier, a piece of friction, to get you to the particular service that you want access to but it’s a very necessary one. And there have been different views over the years about the extent to which it should be ubiquitous.

Some folks have said, “Look, particularly for a higher-level transaction, you know, in terms of risk and monetary value or whatever, that you actually should place some friction, specifically in the way, if you like, of a transaction, or particularly if you’re doing a step-up authentication.” One of the industry’s current Identerati is Steve Wilson from Australia – he has particularly this view, I’ve heard him express this a number of times. And there’s some, certainly some merit in that idea. And then, you know, you go kind of “Is user experience the key element here?” And there’s something in there. What’s your thought?

Charlie: Yeah, I mean, in terms of user experience and stuff, I think that’s a really fascinating angle on it. That’s definitely not the way I was thinking. But perhaps you could tell me a bit more about sort of – in a ubiquitous system is the idea that there would be almost no friction to getting into your identity and accessing the service? It kind of melts into the background and becomes something that’s just transparent, almost.

Colin: Yeah, that’s been the notion. And the notion is that it probably arises from the fact that historically, there hasn’t been, in terms of the general populace, they don’t recognise the issue of digital identity until they defrauded or, you know, something bad happens and so you’re kind of in that, “Well, you know, I don’t care. I’ll put all my information out on Facebook and Google and I don’t really care what I’m – what happens. And people have a lot of attributes about me. And it’s – somehow it’s all going to be taken care of.” And because you start typically with a kind of a notion that, “It won’t ever happen to me. I hear about all these stories, but it never happens to me.” until it does.

So, it’s one of those stories like that. And so I think that that has been not a – I don’t know, not a widely held industry view, but a industry view. And of course say, you’ve got to remember that the circles that we move in are typically the identity industry, and I think from their perspective, the identity industry want to make a big deal about digital identity and bring it to the forefront because they’re wanting to see this ecosystem develop of which they are a part and making a living out of doing so. And there’s sort of kind of room for both. That’s my sense of it anyway.

Charlie: I think the idea you’ve raised that the kind of context really matters is definitely true. And that if you’re just trying to access, I don’t – let’s say Facebook or something online, maybe you do want identity to be this very transparent and frictionless experience. But like you said, I think when it comes to more important things like banking or government perhaps there possibly should be some kind of some friction to that and obviously, a higher level of assurance and all of that kind of thing.

But in that situation, then I think that’s where it gets into some of the things that I was worried about. Yeah, I mean, perhaps it will help if I just briefly give an overview of the UK situation, because that’s really what I know the most about. I’m sure, obviously, Colin, you know, all of this, but…

Colin: Well, it’s a good, good place to start. Because then we can, you know, see how that compares to other places. Yep. Good idea. Go.

Charlie: Yeah, I just – I think the UK has this very weird and interesting situation, where it’s kind of tried the two main approaches, architecturally at least, to digital ID at scale. And they’ve kind of both failed. And this is a very kind of interesting position to be in.

So, on the one hand over 10 years ago now, the centralised approach, which was ID cards, which would have a big centralised database of all the digital identities and people would carry cards that linked into that database. That was shut down, you know totally rejected by public opinion, basically after a big campaign by many people involving the LSE and civil rights campaigners, and, etc.

Colin: Yeah. Yeah. I remember, yeah.

Charlie: That was all this kind of public fear around data centralisation, and privacy and security and surveillance. And to go from that, I think the coalition inherited quite a difficult problem. And they ended up doing what I think was quite a brave thing at the time. In 2011, setting up the government digital service and saying, “Well, we’ve rejected the centralised approach, what are we going to do?” And turning to federation, which had obviously been around in the private sector for a while, but to my knowledge, I don’t think many governments had really tried it yet.

And so I suppose it was then quite brave of GDS to turn to a fully federated model with the GOV.UK Verify scheme, which I know had been done in the private sector before. But I think they were one of the first governments really to think about doing this for governmental identity. So it was then a bit of a shame when Verify never really managed to take off properly. And I think arguably due to market failures, which were probably largely the government’s fault, and as well the IdPs’ inabilities to actually verify thin file applicants and the scheme ended up failing.

So yeah, I suppose in that respect, I think the UK is a very interesting model, we’ve had a centralised attempt that’s failed. And then they’ve also tried here a federated model and seen that fail. And the Johnson government is now kind of trying to do both at once here, they seem fully convinced that marketplaces for identity have a role to play. And they’ve reconfirmed this a few times recently in their first budget and things like the Africa Trust Framework that we talked about earlier. And all these rumours about the identity and attributes exchange, or whatever Verify’s successor end up being called, federation and private sector involvement is clearly here to stay.

But then on the other hand, the government hasn’t totally moved away from centralised systems either. And I think, Colin, you mentioned this, that there is this kind of appetite within government for a unified governmental identity system that’s not run by the private sector, which we’re seeing through the development of GOV.UK accounts.

Colin: Yeah.

Charlie: So yeah, there’s all that kind of data that you know, government have realised is very potentially useful and important. And they’re talking about personalising experiences online through GOV.UK accounts when people access governmental services.

Now, I think in both of these cases, there’s arguably the government might be to blame for both of the failures. That could be an argument for giving it over more to the private sector. And I know that a lot of private sector CEOs and stuff that I’ve talked to for my research are just desperate to get maybe a little bit more control and to, you know, fix things as they see easy solutions to some of these problems. But…

Colin: Well, I’m not sure – I’m not sure, they may consider it easy. I’m not sure this – that easy as it’s easy to actually shout from the side-lines, quite another thing to be in the middle and are less the identity providers that necessarily at scale than the numbers shouting from the side-lines.

But yeah, it’s interesting. I mean, I totally agree with you that it was very brave to do what they did at the time. I could understand that was the – that they brought in identity cards that was sort of like 2005 to 2010, something like that. And given the closeness to Europe, and then Napoleonic, the sort of law that operates those member states, you could understand them wanting to sort of kind of go that way. But on the other hand, perhaps they weren’t listening to the fact that the common law of countries generally don’t like this and you didn’t have to go very far. But look at the five traditional allies, and all of them are in that same space.

So yeah, it’s interesting that all the Anglo-Saxon common-law governments don’t have identity cards. So, very brave indeed then to go to the federated space. And I feel to a great extent, I feel a little bit sorry for the team, because they arrived at a time when it was towards the end of SAML as a protocol and the very early stages of OAuth and OpenID and OpenID Connect. But it wasn’t mature at that point. In fact, I’m not even sure that in 2011 OpenID Connect was a thing. I think it was OpenID2, and you know, you could drive a bulldozer through there from a security perspective.

So a lot of work was done to build OAuth to make it robust and then on top of that was, you know, OpenID Connect and so on, but a hell of a time to be able to go and to do a government scheme. There was that. They were brave and ambitious. And I think probably the School of Government use case for Verify will be an interesting one because it – but it does contain some of the classic old learnings that perhaps should have been applied here. That if you’re going to do an ambitious project, have an off ramp and fail quickly and get on with it. And I don’t think that necessarily was a plan B, or somewhere along the way there was so much conviction that plan A was going to succeed that the off-ramp kind of got quickly forgotten and the staff churn and institutional knowledge drain or whatever. So yeah, it’s an interesting one.

But the place they’ve found themselves is interesting. And I do see that you’re right with that sort of, you know, both federated and the work with the trust framework and so on. It – creating that market of – creating conditions for a private sector market to exist and to some extent, and how that plays with public sector as well. And then the public sector after the Gove announcement, there was a talk about GOV.UK accounts doing a little lightweight identity. I heard that in the early days, you know, it was just going to be a login, basically an authentication, pretty much nothing else, which I thought, ah yeah, I can understand that, you know, New Zealand was doing that with the government login service in 2007. And much later, the US have done that with login.gov. In each case, they’ve done late binding to add identities. So you start off with a very lightweight, “Hello, you don’t know who I am, I could be Mickey Mouse, but I’ve logged back in here again.” And there’s no real binding, it’s very low levels of assurance and no real binding. And then you do a late bind, when you get up to looking at a higher risk transaction.

It’s interesting. I do see the development towards what they’re doing now is interesting. And in part, I think, perhaps, is learning something from Verify is, don’t be too ambitious and follow a little bit what other people – and of course, you know, trust frameworks, the Australians with the trust digital identity framework began that work in around 2016, ‘15, maybe, you know, finished it 2018 and started launching it, albeit with fairly short consultation periods and everything, but they got it done and got it out there. Pan Canadian Trust Framework, much more consultative, but, you know, it has been, what? Five years, six years, I mean, they’re only putting it into alpha now.

But I could understand how they could be feeling well, if other people have done trust frameworks, then we should too. And there are some good things about trust frameworks. Kantara has, you know, operated a trust framework for its digital identity assurance framework for- from since 2011, starting with FICAMP, the Federal Identity Credential and Access Management Program for the US federal government. And there was actually really one of the first trust frameworks, right? And that had a pretty complicated process, and so on. And they started pulling back on it in about 2016.

And today, I mean, it’s – we have to wait for the final policy announcement, which I think is coming maybe this month, maybe next month, but they’re not following a trust framework. They’ve said too complicated, too hard for people to understand, too difficult and expensive to maintain. And yeah, so it’ll be interesting to see how this all plays out. They’re actually going for a sort of a kind of a – my understanding is almost like a, you know, kind of a lightweight conformance to standards. So basically, you have accredited bodies that you take your service through, and it must conform to some standards that the government is mandating that you need. But of course, that’s just for federal government. And of course, states and private sector do what they like. But I think the UK – I think in the US – this, you know, folks will look at what the feds are doing, and to some extent determine if it works for them or not.

Charlie: Yeah, I mean, I think you’re definitely right. There’s a much more collaborative desire to work with the private sector rather than against them with this new stuff in the UK that’s coming out. And the consultation processes are much more inclusive, it seems. And government actually do want to listen a bit more, which I think arguably was one of the problems with Verify was that, as you said, there was this kind of “this is how it’s going to work. And we’re going to stick with it no matter what.” And when that didn’t really work out, it was – I think there was some confusion in government about why and what went wrong. And hopefully, they’ve learned enough now, and can develop alongside the private sector in consultation with them, that we might end up with something that’s workable for both parties. And that hopefully ends up working for citizens as well, because I think that’s what a lot of this stuff needs to do is just work for normal people.

And, yeah, I mean, I suppose if I could be a bit provocative at this moment, I would maybe point to some quite old research now. I think from 2014, something like that, that was carried out sort of around the time when GOV.UK Verify actually first came out. And they basically found that basically, whenever you told focus groups that commercial interests were kind of being built into these public identification systems like Verify, the overwhelming response from these focus groups was that people didn’t really like that. They didn’t really trust it, and they didn’t really get it.

And I wonder if that’s a – I mean, it could be UK-specific problem. But I do wonder if it might also be just people don’t understand it. So until they realise how this technology works and how it can be privacy assuring and secure, maybe then people would be more into it. But I do think a lot of people share this general scepticism around companies making profits from these very intimate, digital relationships we have through our digital identities. And it’s – I think it’s…

Colin: Yeah, it’s interesting, because, you know, just when you – once you mentioned that just coming into my mind was with the Verify IdPs, I think the most popular one was the Post Office, right?

Charlie: Yeah.

Colin: Putting aside, there might be few, you know, quite a number of not particularly satisfied sub postmistresses and postmasters, you know there’s, from a general population public sense, perhaps they trusted the Post Office brand more than no or didn’t have a relationship with.

Charlie: Yeah, exactly. You see the Post Office almost every day, and people do have this deep trust of it as an institution. And I think it was really interesting to see that. And when the alternative was kind of credit agencies and banks, which I think people often have a little bit more of a nervous relationship with. Yeah, it was interesting to see.

Colin: What would you have done there? Would you going back and would you say, what you needed is sort of almost like a national publicity campaign – sort of a 20 million pound TV and press campaign or something? Would that have fixed it, or is it just the time, 2014 just too early?

Charlie: Yeah, I mean, I do think a lot has changed since then. People have become used to using digital identity even if maybe they don’t realise that’s what it is. When they’re online, and they’re logging into services and now that federation more generally is kind of this very normal thing on the internet. You know, if I sign up to a service, I might log in with Google or log in with Facebook, or whatever it is. I think, possibly now people would understand some of that a bit better. But yeah, I mean, at the time, I think, considering that Verify had this very privacy centric design where there was basically no data leakage in theory.

Colin: Yeah.

Charlie: You know, it was a really, in some ways too privacy preserving for the government, that they couldn’t get any useful data out of any of these transactions, because they couldn’t see any of it, it was all double blind to everyone. So maybe if people had understood that that’s what the system really was about, then they’d had less issue trusting some of these private providers.

Colin: You make a good point there. Because, you know, I mean, New Zealand began with its service in 2007, the government login service as I said, and to a great extent, we had sort of a similar case there. We were using, you know, the architecture was double blind, as it’s called now, but it was, you know, use of pseudonymous key pairs, pseudonymous key pairs of meaningless in bonds, they’re called, you know, that meaningless unique numbers. And there was no sharing. In fact, and one of the things in the focus research that came out of it was, “But we always thought the government shared.” No, it doesn’t. The health department know what my tax situation is and unpaid taxes or whatever. And, of course, they were – the agencies themselves, were working at such a high bar, that they, you know, because they didn’t want to have that leakage. So I do commiserate with that taking the buck up with you. It is interesting.

Charlie: Yeah, I mean that desire to kind of break down silos in government just seems to re-emerge every few years now, doesn’t it? Because it just hasn’t really been solved in many places apart from perhaps Estonia or maybe China. In a lot of the sort of mature democracies, there’s this kind of deep silo-isation, if that’s the word, of government isn’t there. And there is a lot to be gained, I think, from connecting up some of that information and making it flow a bit easier.

Colin: Yeah. And of course, they tried to do that with things like life events, they actually tried to connect together agencies in kind of life journeys, because it was a way in which you could get collaboration to a different scale. But it’s interesting. I mean, the agencies themselves, they have their own budgets, their own turf wars, and there’s all of that sort of kind of agency politics going on in the background as well, which is not necessarily really seen by the public.

And you go back to well, how is government funding, you know, how are they delivering those budgets? Znc I remember this was a really hard, I think, for all the Westminster governments where as soon as you put in – in New Zealand’s case, it was the State Services Commission, kind of vaguely equivalent to the cabinet office that basically had enforced club funding, basically, from the other agencies forced to provide funding. So not dissimilar from the UK situation, which then sort of got them aggravated because their own projects were put on hold, because they had to divert the money to the central thing.

And, you know, that was actually one of the things you know, one of the several things we tried to impart from our learning from being- going a number of years beforehand was one of our learnings. And of course, New Zealand now is working on its second iteration, which of course is a trust framework.

Charlie: I think there was this – I mean, obviously, I wasn’t really alive in the ‘80s. But in the ‘80s, ‘90s and 2000s, I think there was this real feeling across much of the world that the way you got efficiency out of government and stuff was by starting to contract out and you get government to focus on its core responsibilities and then make sure the rest is delivered through basically a marketplace that is going to be more efficient. And you know, you can get value for money for taxpayers and rely on these mechanisms that should be driving innovation and development and keeping costs down for citizens. And I think that that has – that continues to exert a lot of influence over people’s sort of general opinions in this space, I think.

Colin: Yeah. Yeah.

Charlie: And that you know the market will efficiently find solutions and reward the best players in the market etc. But…

Colin: That’s true. Yeah, I think you’re right.

Charlie: I think if you’d let me be a political theorist for a minute, which I’m always keen to drag the conversation in this direction, I think my worry about that is that it does start to shift, especially when you marketize identity, governmental identity, you know, our most fundamental political relationships. I think what it does start to do is shift the focus away from identity itself, and from adequate identification being this thing that like a government fundamentally owes to you as a citizen. And it kind of moves government away from being an authoritative source of your, let’s say, digital citizenship or something and standing in the political community. And perhaps to being just a kind of market regulator, that kind of seeds a part of government’s political role to corporations.

And I think that’s possibly where I then start to be a bit worried, not because I think the private sector is inherently bad or anything. But we kind of move away from being citizens in a country that are owed rights and duties and obligations from the state to being basically consumers, or customers that kind of demand value for money for our tax dollars, or, you know, pounds, whatever it is, and when we sort of complain when we don’t get a good service. But that’s kind of all we can do because we’re no longer citizens, we’ve become these kinds of consumers, these customers.

And in a private sector context, I think that’s totally fine. If I’m in a supermarket or shopping online, that’s how it should be. And I think that’s totally OK. But I suppose my question is – our very relationship to the government and the state through who we are and all that something like a passport or perhaps a future digital identity will give me, all of that is very, very important. And states have to work for everyone and be fair and equal and just. And we’ve seen that markets don’t always achieve that. The beginning of the pandemic here, the coronavirus pandemic, there were hundreds of thousands of people being let down by Verify in huge queues, because they were thin-file applicants and 60% of people were being denied identities through Verify, because the system, the market was failing to recognise them. So, yeah.

Colin: It’s interesting you say that, I mean, yeah, the – and of course, I think there’s a lot of nuance in here. I mean I do see – I absolutely agree with you that there is a role for government and I’d seen this so many different sort of kind of angles you can bring this to, but one is the work DWP is doing specifically to address part of its clientele, you know, with their thin-file clientele, you know, with its own solution, which is focused on that is a good example of kind of that – where government should be there, private sector certainly being a choice.

But I totally agree with you that there has to be some kind of denominator where the government does pick it up. And you know, potentially, that’s what we’re going to see with GOV.UK accounts and what they do there, this notion of a single thing, though, I thought the DWP, I thought the other agencies with their identity schemes, were doing OK, actually. Maybe it’s going to end up with perhaps some multiple ones there and the private sector doing its own thing, though, the larger brands and even the smaller ones, specialty cases, you know, not everyone is going to be a mass market player in this thing, so there should be room for everyone and the notion of the government being the regulator. They kind of…

Yeah, I get that, it almost feels to me a bit like the rail. That you franchise that to train companies, right? And who are you going to complain to? Your train set on time and if you don’t get a satisfactory answer from whoever it is and – but because it’s Network Rail’s problem. And then you have, then you have the Ombudsman, right? And you go, it starts to – seems to be a little bit more like that model, except is that – it’s interesting to look at the trust framework and think, is it going in that direction? And of course, you know, that’s a first thing and then, of course, thinking that we must just get on to get along a little bit is, you know, will – whatever is built will residents adopt, and you know, the notion of being able to move fast, and will the private sector be trusted?

It’s an interesting conundrum between usability and UX and trust. You have Facebook and Google and so on who have really stunning- they’ve got the money to be able to make a very slick federated log on, effectively. You can log on with Facebook and log on with Google and so on. And it’s seamless trust? Hmm, I’m not so sure.

Charlie: Yeah.

Colin: But I mean that’s one of the things, isn’t it? Since 2014, where maybe people didn’t know enough about what those big platforms were actually doing with the data and to where we are today. I think there’s much more awareness, out of bad comes some good. And, you know, maybe there’s a role – I certainly see it in Kantara’s operations in Europe, and I hope it’s going to be the same in the UK as well. I think it is that, you know, there’s a deliberate push towards a support of other platforms that – compete is too strong a word against Google and Facebook and the, GAFAs, GAFAMs. But it’s sort of something towards niche marketing, you know, some niche players can get in and do some work. I really do certainly see that in the UK, and there’ll be some large-scale ones in the UK as well.

Now, one of the things that I see actually with the UK is some really good innovation going on in the digital identity provider space, if you look at those folks that are seeing in the public, so often, you know, Yoti and iProov and so on. And I do see some really good things. And but of course, you see I see them overseas, because I’m operating and Kantara is operating in other parts of the world, and I see them playing in those spaces as well. And so that’s great. We’re getting some export out of it as well.

Charlie: Yeah, definitely. And I, you know, just quickly add, I would say, you know, I think you’re right, that the Facebook and Googles of this world have, in many ways, sort of tainted it for those smaller players who are doing really cutting-edge stuff that is really beautifully designed, and it works well and has the potential to integrate really well into these systems. And there is this kind of fear of big tech now that I think has become a bit overbearing because of these regular abuses by Facebook leaking 533 million accounts last week. It does nothing to help these smaller companies who often are putting out really interesting products, that I think have a lot to do and a lot to contribute. I think it will get tarred with the private sector brush, which is a real shame.

And maybe circling back to what we said earlier, I think there needs to be a kind of educational public awareness campaign or something, to kind of address this balance a little bit, and put a bit more positive spin on a lot of these things and show people how they can be really useful. And yeah, a fundamental part of their digital life that is it can be delivered effectively, securely and in a way that’s really, you know, lovely to look at as well. And that’s a really exciting thing. And it’s an exciting time to be in this industry, I think.

Colin: Yeah. Well, let’s hope that there’s been some budget set aside this time around. I wonder if Oscar is asking us to finish soon. I suspect we can talk all day.

Charlie: Yeah, I’d love to do this again. It’s been really interesting.

Oscar: OK. That was a real amazing conversation between you two, Colin and Charlie. Thanks a lot for this very insightful conversation. I would like to hear finally, how people can still if they want to continue the conversation with either one of you, how we can find you, if they want to continue the conversation with either one of you, how we can find you on the net? Let’s start with Charlie.

Charlie: Well, my website is chsmith.co.uk. And there you can find links to my Twitter and all sorts of other social media as well if you’d like to stay in touch, I suppose. Twitter is the main one. That’s where all the good Identerati debates seem to be going on these days. And that’s obviously how we got involved with the podcast. So yeah, reach out to me on there. I’d love to talk.

Oscar: Fantastic. Colin?

Colin: Yes. Well for me, [email protected]. But be aware, you know, in the public domain that I’m stepping back into semi-retirement in the summer, sort of June, July period – well, July, August. So do it soon. I’m also @KantaraColin, I’ll have that handle at least for the next three or four months on Twitter there and also on LinkedIn. So please find me there and happy to engage and carry this debate further. It’s been terrific. I’ve really enjoyed it. Thank you, Oscar for bringing us together. And Charlie, you’ve been a great sparring partner.

Oscar: Yes, indeed. Indeed. So, now that you mentioned yes, that your years in leading the Kantara Initiative are ending in the next months. Yeah. I also like to tell you how amazing it has been this journey. I’ve been also participating in Kantara. We’ve been in this – in some of the events together across Europe at least I didn’t – you travel more outside but at least in Europe we have in some events together. So excellent job you have done and all the best in the future, Colin.

Colin: Thank you.

Oscar: And Charlie, definitely it’s the first time we are talking but I feel it’s an amazing conversation and I think you’re a new friend from you and I’m sure we will have in the future more opportunity to exchange ideas in this fascinating industry of digital identity. Again, thank you to both and all the best.

Colin: Thank you.

Charlie: Thank you very much. I really enjoyed that.

Thanks for listening to this episode of Let’s Talk About Digital Identity produced by Ubisecure. Stay up to date with episodes at ubisecure.com/podcast or join us on Twitter @ubisecure and use the #LTADI. Until next time.

[End of transcript]