digital identities will define our
future lives they will determine if we
will be able to freely move through the
world or if we will live in one of total
surveillance and control I will talk
about both the opportunities and risks
of digital identity and of two possible
ways to realize them one that is
straightforward but dangerous the other
is more complex will take more time to
implement but is much safer digital
identities already are an omnipresent
part of our everyday lives currently
they encompass our messages our calls
our pictures and videos as well as our
social networks all these have already
gone fully or mostly digital in a few
years however digital identity will also
refer to pretty much everything we still
physically keep safe in our wallets cash
credit cards social security cards
driving licenses and even passports and
in this world of duality digital
identity on one hand no longer remains
within the realms of the digital but
already starts entering the physical
world now many people are starting to
working in computer security myself I am
a very off and truly understand those
fears honestly I share some of them
however I also see the potential
benefits of digital identity so let’s
first look at the two sides of the coin
there are many such potential advantages
both in terms of convenience headed
terms of security works of science
fiction such as for example the 2002
movie Minority Report I so many have
seen that have visualized a world in
which we can move without apparent
borders all without carrying any forms
of physical identity tokens with us
unlocking our homes or our office doors
using public transport entering and
starting our cars visiting a hospital
checking into a hotel making payments or
even crossing country borders simply
based on who we are can become possible
when we digitize our identity
information and make it available via
internet services this digitization
enables seamless identification of
humans across the planet and could
clearly be a win in convenience and for
everyday lives probably the most
immediate gain inconvenience would be to
get rid of pins and passwords I need to
come to the frontiers that I can see you
please just a quick hands up who loves
entering a pink coat every time you want
to look at your phone I count it too and
I’m amazed because I’m not raising my
hand here maybe another one who likes
remembering hundred different strong
passwords one for every web page that
you tend to use okay there are a few
weirdos in here sorry about that I’m not
raising my hand leader here with
universal biometric authentication we
would no longer need those pins and
passwords we could use not only digital
but also physical services simply just
opening a door based on who we are or
what we do
there are additional advantages in terms
of security and privacy imagine a
digital passport running on an Internet
service that cannot be forgotten lost
stolen or destroyed an online wallet can
verify if it is the owner who is trying
to make a payment and more easily detect
theft or abuse a digital driving license
can prove its owners age without
revealing any other details of their
identity in fact most interactions in
real life do not require a person’s full
name address date of birth or
nationality yet checking into a hotel
with her passport or showing our driving
license to a car rental agency reveal
all these and many more details of our
identities digital versions of such
documents can be made to reveal only
those aspects that are relevant to
current interaction such as for example
the vehicle classes a driver is
certified for many ongoing projects
currently demonstrate various use cases
of digital identity on our smartphones
mobile payment is already a reality in
many parts of the world vilas door locks
with associated smartphone apps are
already being sold and by 2017 my
research group will demonstrate the
Austrian driving license on Android
smartphones with all the legal
additionally we will add the
capabilities of privacy sensitive use of
specific attributes what all this means
is that a bouncer or a vending machine
should only get proof if the owner is or
isn’t over 16 years old but no other
details of their identity on the other
hand the same ID should be suitable to
for example open a bank account or to
prove your real identity when renting
property this digital identity on
smartphones is happening already the
next step that I want to primarily talk
about today is to move such digital ID
from smartphones carried in our pockets
into the so called cloud this will
enable even wider use of digital ID in
the physical world the obvious path to
do so the obvious path to implement this
is a global centralized database with
our biometric information our faces
voices fingerprints and iris patterns
can be used to authenticate all of our
actions in the digital and physical
worlds different so-called verifiers
such as border guards hotels or public
transport could rely on this
authentication without having to perform
their own identification and
verification procedures or over such a
system would most probably even be
completely free of charge to end users
Facebook Google and others would happily
build and run the database with the
biometric information of the whole world
population it would be for free it would
be a global service now there are two
main concerns with this approach
first after about 18 years working in
computer security I have no idea how we
would possibly keep such a database
secure it would be the main target as a
successful attack would enable taking
over any identity second and more
importantly a central database of
digital identities would give immense
power to whoever controls it and now
imagine such agencies or chosen no such
agencies gaining access to not only your
digital communication but also all of
your physical world interactions keep
that mental image it gets worse because
whoever directly or indirectly controls
such a database would not be limited to
only surveillance censorship of a
digital identity would mean a virtual
death cutting a person off many of the
services required for daily living
science fiction has also portrayed these
implications and many dystopian visions
built exactly upon such a central
identity database so we may want to gain
the advantage is offered by digital
identity but we should in any case avoid
this centralized control with all its
risks so let’s try to decentralize the
whole concept this decentralized model
is maybe not as obvious but it’s much
safer in many ways to allow all of us to
move throughout the world freely without
carrying any forms of identity tokens
without remembering long passwords
biometric authentication indeed seems
the best approach so we will still need
by
metric identifiers in the environment
these identify artist biometric sensors
will be run leader by the verifiers can
be run by ourselves or by independent
third parties these sensors can and
should be as decentralized as possible
as long as they provide live data they
can be used for digital authentication
the main difference however is to
decentralize digital identities
themselves instead of a global database
a centralized database I propose to
associate every individual with what we
call a personal agent this is more than
an entry in a database it is an active
piece of program code acting on behalf
of its owner this is a digital shadow
cracking and at the same time enabling
the owners interactions in the digital
and physical rods it is the only
instance that is involved with all these
interactions and so can act as the
authority of the individuals or entities
this should be the only place that
stores a person’s biometric templates
and uses them to authenticate their
actions based on life biometric sensor
data in such a system a three-way
communication will be required between a
verifier a verifier that needs to
authenticate certain aspects often
individuals identity the available
biometric sensors end the associate
personal agent after being triggered by
verifier a biometric sensor will forward
its measurements only the respective
personal agent which in turn can use
those measurements to authenticate the
required attributes of a person’s
identity to the verifier I have to admit
in practice this will be a tiny bit more
complicated it will require
cryptographic protocols with
bidirectional network communication it
will require secure hardware such a
smart card chips and independent
valuation certification of the
respective implementations yes this is
more complex and no I don’t have all the
answers yet there are still some sub
issues that we feel need to solve in the
next few years but by decentralising the
components and their communication among
each other a verifier can only receive
those aspects of a person’s identity
that are relevant to the current
interaction at hand it is clear that
those personal agents still need to be
executed MP available by Internet
services however in a decentralized
model their owners can choose where to
run them on their own smartphones in
their own homes or with the cloud
service provider of their own choice and
every owner can choose when to
temporarily or permanently turn off
their personal agent disabling the
advantages in terms of convenience and
there are so many opportunities that we
should no longer debate if we would like
our identity information to become
digital or not while we have that debate
many will already be implementing it
instead we should influence how this is
being done we should design digital
identities in a manner that support the
advantages but prevent bradley’s
minimize the risks associated dangers to
security and privacy
we should take into account different
views on privacy and freedom of speech
and this I cannot emphasize enough we
need to do this now as long as it is not
too late to change the course let’s not
accept one or only a few large
organizations to take control of our
identities we should design digital
identities to be as decentralized as its
users and use cases will be we should
demand to remain in control of our own
digital shadows thank you [Applause]