Digital identities: how secure are they?
Chair: Martin Gill
Richard Marshall – Director of Sales, EMEAR at Identiv (UK)
Andrew Churchill – Security Consultant & Researcher at Technology Strategy (UK)
Pauline Norstrom – CEO at Anekanta Consulting (UK)
Pauline Norstrom takes a critical look at how digital identities have developed. A particular focus is the role of big technology companies, and the ways in which they misuse, including illegal use, their clients’ data, and their poor adherence to the need to implement effective protection protocols. As Pauline says, verifying identities can be done well and she points to the work at borders as a case in point. The use then of unverified digital identities, which are not safe, should not be commonplace. The public have rested their trust in big technology companies and this is misplaced. Credit check agencies offer services, but the Government needs to lead with the need for change and focus on education, although this does not free individual organisations from the obligation to ensure they have good policies and procedures and they implement them effectively.
Richard Marshall agrees that often digital identities are not that safe. He in particular points to the skills sets of hackers which are, unfortunately, very good indeed, and they are very resourceful and are able to identify and exploit the vulnerable. He highlights the benefits of multi factor identification, which he argues is essential, as the only deterrent against determined hackers. The problem is that there are costs to implementing and managing these effectively, and the move will require a change in mindset, including from law enforcement which is too often are focussed on firefighting. Technologies offer options, but it will take governments to influence a different approach including from the big technology companies. The security flaws to digital identities are a major problem, an epidemic, and it needs a much more concerted, informed and focussed response.
Andrew Churchill notes that it is up to everyone to protect their identities and those of others, albeit there is more responsibility on some. He believes that the financial sector is setting the best example, although you will witness an interesting conversation where Andrew addresses the question, ‘does it really matter anyway?’ when so many of the feeder documents to establishing a digital identity are easily forgeable. Moreover, for Andrew the issue is not just about having multi factor authentication, it is about doing it well and references an example where chip and pin when it was introduced resulted in an increase in some types of fraud; the approach was not sufficiently thought through. He too sees an important role for government in leading on changes.
In another engaging webinar involving three experts with different takes we learn about the fragility of digital identities, the blind trust placed in big technology companies and others, the benefits of multi factor authentication but only when done well, the need for a lead from government to drive change and the imperative that we all need to take the issue seriously. There is every reason to suppose, at least on the evidence of this webinar, that collectively we are too complacent – even negligent – and that is exactly what skilled offenders wish for.
23rd February 2021