Iain McCallum, mobile industry veteran and MEF Advisor shares discussions from the MEF Connects personal data and Identity sessions held in London at the end of last year.

The MEF Connects London event was a great opportunity for the Personal Data & identity Working Group Members and other interested parties to review what is happening in the sector and how MEF plan to help move the sector forward after experiencing several years of ecosystem complexity and the lack of a clear vision in terms of preferred Trust Framework(s) or globally agreed and implemented standards.

The session kicked off with MEF Chairman and CEO of iProov, Andrew Bud highlighting the key elements of the Identity ecosystem, some of the players within it and the role that biometric identity attributes, amongst others, play in the Identity firmament.

Andrew’s session was followed by Julian Ranger, MEF Board Member, industry veteran and CEO of digime who used the example of the increasing requirement for the sharing of individual’s health data to ensure that efficient and workable health service strategies can be developed to ensure the optimal management of scant financial and human resources and to deliver world-class health services and remedies to users based on the appropriate review of that user’s medical history and the myriad of data points that a qualified medical practitioner might require to make an informed and personalised diagnosis and treatment plan.

  Naturally, citizens and regulatory bodies are very nervous about the security aspects sharing of such rich and detailed data as the recent spate of large data breaches indicates that they should be alarmed, but that they are also concerned at where such data might end up“

Naturally, citizens and regulatory bodies are very nervous about the security aspects sharing of such rich and detailed data as the recent spate of large data breaches indicates that they should be alarmed, but that they are also concerned at where such data might end up if it enters the opaque and often quasi-legal trading of such data between corporate entities both large and small.

But, it is imperative if we are to maximise the possibilities afforded us in the digital world, that the industry find a way for this to happen and to break out of the current restrictions imposed upon it in governments and regulatory bodies attempts to minimise data breaches and other malfeasance by ‘bad actors’, be they individuals, criminal gangs and/or hostile governments around the world.

It is no longer acceptable for corporate entities to merely provide an ever-increasing line in their annual accounts to cover online fraud and other criminal activities, the reputational damage incurred by such activity damages us all and reduces still further consumer confidence in online transactional activity.

So what is the answer?

Julian answered this question by firstly sharing what his health service customers have told him they need;

• Single Source of Data – business don’t want the job of collating/aggregating/rating multiple data sources as this detracts from their core business focus
• Wide Reach of Data Points – social, health, finance, wearables, media, web browsing etc
• Historic Depth – as long and as full a data timeline as possible
• Accuracy – validated data direct from primary sources, not inferred or third-party
• Normalised – multiple data languages normalised/mediated to one single ontology

So, what is the business opportunity here for MEF Members?

No one organisation today can even begin to satisfy these customer requirements, so there is a huge amount to play for here, both financially and strategically. MEF Members can see the rest of Julian’s presentation here along with other speakers and panel session from the day.

In introducing the afternoon panel session, MEF CEO Dario Betti compared mixing the two elements of personal data and identity often seemed to be like attempting to marry oil and water, with both stubbornly refusing to shed their constituent natures to somehow merge and miraculously create something new, anew paradigm that consists of both formative elements but that allows them both to happily co-exists, both serving the needs and requirements of the other in a symbiotic manner.

Asking the guest Panel of James Moar of Juniper Research and Andrew and Julian, if they had seen anything during the days presentations that they fundamentally agreed or disagreed with or that required further explanation and illumination…

Moar highlighted Andrew Bud’s presentation and asked about ‘Intent Measuring’ and posited that this was a relatively difficult thing to measure, perhaps given humanity’s unfortunate habit of telling half and untruths to get what they want.

In answering, Andrew spoke a little on SSI (Self-Sovereign Identity) and how the fundamental question to ask when searching for the optimal route to a secure and flexible digital Identity solution should be – ‘who owns my personal data and the associated attributes?’. In the SSI model this is unquestionably the user.

Julian expanded this point stating that the technology solution and/or framework must be divorced from the actual ownership of a users personal data (in digi.me’s model, the data is stored on the users own personal cloud) and that any Trust Framework, be it SSI or Federated in overall nature must work equally well regardless of the technology medium used to access or interrogate it – in summation it must be technology agnostic.

Andrew then proffered his own passport as the perfect exemplar of SSI, using it as it does a chip that contains all currently relevant identity attributes including your photograph along with a digital signature of the issuing authority, in this case the passport office itself, asserting its authority.

Admittedly, it is quite a crude use of identity attributes in that the user cannot decide which bits to share – it’s all or nothing – but that this is mere detail of the passport checking mechanism/process itself which is governed by existing technology and the fact that a passport is a real-world-physical object and not a digital version of one – this is an important distinction it clearly makes a more nuanced and flexible sharing of identity attributes impossible with these limitations in place.

The more sophisticated mechanisms currently being debated and refined by the industry will allow much greater flexibility on what data and attributes can be shared and with whom, dependent on the requirements of the individual use case and its attendant Level of Assurance classification.

An interesting safeguard within the current UK passport process is that in order to be able to read what is embedded in the passport chip itself, whoever is checking the document must already know what information is – or should be – on that passport chip, as the process requires that said information must – in order for the data to be checked and ratified – be written into the chip first, this being done by existing technology and processes. This process was developed to avoid the casual illegal scanning and uploading of passport holder’s attributes.

So, when you hand over your passport you are, knowingly or not, giving your consent for a third-party (the UK or another country’s Border Control), to access and read your identity attributes stored on your passports chip. Obviously, this is quite a crude example as the only choice you have in this particular use case is to either agree or spend an indeterminate amount of time in a small, featureless room, (perhaps with a two-way mirror), at the pleasure of Her Majesty until such time as you do agree to sharing your passport identity attributes!

A question from the audience asked how the Panel saw the development of personal data and identity solutions outside of the Facebook, Google, Apple, AliBaba sphere as this is a big concern not only for MEF Members whose businesses seek to address this market, but of society as a whole as there is a significant number of informed groups and individuals for whom the spectre of such industry global giants owning the PD&I space is a terrifying and completely undemocratic one. Facebook’s new Libre online currency play, according to the audience member, coupled with the ownership of their users PD&I would give them an unparalleled and excessive concentration of power and influence in the world.

Julian Ranger answered that even current laws and regulation are starting to severely curtail the types and usage of personal data by global internet players and that, whilst they have proved adept at monetising the currently available data they have access to for advertising services, the type of scenario outlined is extremely unlikely to be allowed to exist in developed countries, at least, pointing to GDPR and similar regulatory regimes globally.

He also says that even companies like Facebook realise that the days of freely available personal data being hoovered up are coming to abrupt end and that there is a realisation and acceptance on their part that a new model of exchange is required to enable them to provide services to their users in exchange for limited data exchange using informed consent.

I provide the above so that you can get a feel for the types of questions and ideas being addressed by MEF at its MEF Connect and Programme Working Group sessions and that these feed directly into the Programme activities and outputs for which MEF is renowned

MEF Connects 2019 – Member Resources

MEF Connects 2019 brought together members from MEF’s different working groups to exchange updates and explore key trends across the mobile ecosystem, including digital identity and personal data, Mobile IoT and payments, blockchain use-cases & industry trends and innovation pitches.

Exclusively for MEF Members, watch videos and download the presentations from day’s sessions and discussions.

Member Resources >