Digital identities and how they are evolving
The average European has a good 90 digital identities, and the number is rising. This makes it increasingly difficult to manage these identities securely. How do we come to have so many digital identities and what are scientists and industry doing to better organize them?
Analog, digital and mobile identities and how they differ
Whether ordering from Amazon or online banking, the team calendar for a soccer club or the ‘Elster’ tax form from the tax office, whenever we register for the first time as a user, a digital identity is created that allows us to login again later.
But how exactly is an identity created?
- Generally speaking, an identity is basically a defined set of data that belongs to an individual. These attributes can be the name of the person or their address, their fingerprint or eye colour.
- In the case of a sovereign digital identity, these attributes are confirmed by a state authority and recorded, for example, in the person’s ID card.
- Digital identities are created, for instance, when a user registers for an online service, enters their personal data and links this data to a username and password. Digital identities are not just for people but also for objects, such as the vehicles of a car rental company.
- Mobile identity refers to when digital identities can also be used on mobile devices, such as smartphones or tablets regardless of location.
Data silos – A confusing jumble
As a rule, users create a new account for each online service that requires them to enter their data for the first time. This leads to countless data silos with each respective provider in which our ID data is stored. This kind of redundancy can pose risks and as the number of platforms with their different levels of protection grows, so too does the risk of data theft.
Banks, for instance, normally use the Video-Ident method to identify new customers, so that new customers can easily open an account via a video call. They do this by holding their face and ID card up to the camera. The bank clerk at the other end decides whether the caller and the picture on the ID card look sufficiently similar to be classified as one and the same person. No further identity check is necessary. This is very convenient, but it can be a gateway for fraudsters. Disguised as alleged bank clerks, landlords or employers, they steal the applicants' digital identities and use them for criminal purposes, such as money laundering or to open fake shops. This often leads to years of unpleasant consequences for the victims. It also shows that trusted, secure identity systems are the only way to form a foundation for people and companies to communicate efficiently and carefree on the net.
Data as merchandise
Single sign-on is becoming increasingly popular when logging into an online service. With a single login, users can login to several systems at the same time and spare themselves the trouble of entering data several times. This field is currently occupied by several globally active companies, such as Facebook or Google, which have developed into dominant providers of digital identities. The Facebook ID is used more often in this country than the eID function of the ID card. The downside from a user perspective: Facebook and Co. have acquired a dubious reputation as data leeches with a business model that ultimately involves merging and commercially exploiting digital identities, thereby overshadowing the data sovereignty of the individual. It is almost impossible for users to see what happens with their data and they ultimately lose control over their digital identity.
As simple as Facebook, as secure as your ID card
The solution to this are secure solutions based on sovereign identities, a legally regulated context and an independent infrastructure. Solutions like these protect against intransparent use and data misuse. Several projects in Germany are currently dedicated to combining security, data protection and user centricity in digital identities. An overview: