Identity theft has become a widespread concern in the digital world. There are many ways in which electronic identity can be put at risk, like while verifying one’s identity and sharing content online, during online transactions, through communication channels, etc. The good news is that cases of (digital) identity theft can be quickly detected and remedied through identity protection technology. FE spoke to the global head of cybersecurity firm NortonLifeLock Research Group (NRG), Petros Efstathopoulos, on how identity theft can be checked via the use of decentralised digital identity technology (DID) and the future of digital identity in India and the world.
Consumers, businesses and institutions are all realising the need for electronic identity reform. According to Efstathopoulos, the Covid-19 pandemic has been a catalyst for such reform, given the switch to remote working, and growth in digital healthcare, identity verification, and online transactions. What consumers need is robust, dynamic digital electronic identity (eID) protection, which allows them to move past ‘wet signatures’ or physical credentials.
Efstathopoulos stresses that technology offers us the capability to initiate this identity system reform, creating a next-gen, standardised system. “We’re simply at the cross-roads, with technology ready to support this digital identity revolution,” he adds. This is due also in no small part to the appetite of governments to support the development of electronic identity systems.
So, what are the ID threat issues in India and what can users do to combat them? The global head of NortonLifeLock Research Group lists the key issues:
Oversharing of personal data: This is the primary weakness of most existing eID solutions: the lack of control over data during verification. This is where a next-gen solution would allow for selective attestation, minimising data exposure and oversharing.
A highly fragmented, susceptible landscape: Many existing eID solutions are susceptible to tampering and theft and people use multiple accounts to prove their identity. This makes the process overly complex, and creates room for human error and security weak points for identity thieves to target.
An overly complex ecosystem: Regulatory compliance at the international level is complex and hinders the transmission of verified credentials. Reform would simplify the process, and enable cross-border compatibility and self-sovereignty.
Speaking of decentralised digital identity technology (DDI), how does it offer a way forward? Says Efstathopoulos, “it provides users with greater control over the data they expose, streamlining the digital identity protection process.” Also known as self-sovereign identity, it consolidates credentials within a digital wallet and reduces complexity. Once the credentials are stored in a digital wallet, DDI technology enables its cryptographic proof to be shared with verifiers.
Significantly, only specific elements of identity are shared, rather than sets of personal data being revealed.
The technology is highly processable, offering enhanced transmission security and increased privacy. This solution would also promote and streamline options for user consent, besides standardising verification in general. DDI has already been standardised by the World Wide Web Consortium (W3C) and is supported by many other key stakeholders, enhancing its prospects of success across different entities.