Digitally Curious

S5 Episode 20: Unraveling the Future of Self-Sovereign Identity with Marie Wallace from Accenture

Chief Futurist - The Actionable Futurist® Andrew Grill Season 5 Episode 20

Consumers are beginning to understand that their personal data has real value, but it is still held in the hands of big technology companies.  The promise of consumers managing and owning their own data will become a reality thanks to decentralised or self-sovereign identity (SSI).

To delve into this topic, I'm delighted to welcome onto the podcast Marie Wallace, Digital Identity Lead at Accenture.

Marie and I both had the chance to work together at IBM and I've always enjoyed our discussions about analytics and data, and this conversation explains SSI in a very accessible way.

Self-Sovereign Identity, or decentralized identity, is a model where individuals have full control over their personal data.

During the episode, Marie debunked the common myth that implementing this model necessitates a blockchain, and we looked at the concept of "streaming trust".

We also looked at Marie's instrumental role in projects like IBM's Digital Health Pass and New York's Excelsior Pass during the pandemic.

A fascinating part of the discussion revolved around the concept of verifiable data, and the potential of AI in offering personalised career advice, primed with our own personal data.

We also examined how companies might interact with customers to provide incentives for releasing individual data and how LinkedIn is starting to verify profiles to allow individuals to have more control over the data they own.

This episode also looked at the integral role of trust networks, the need for secure digital wallets, and the exciting prospects of verifiable data.

We also covered topics such as

  • The concept of "streaming trust" & how SSI works
  • Sovereign identity & worker onboarding
  • Trusting the trust provider
  • The need for secure, trusted digital wallets
  • Using SSI to validate my LinkedIn profile
  • Exploring the Concept of Verifiable Data
  • Empowering consumers with their own data
  • The role of AI with SSI & personal data
  • SSI drivers: risk, cost, fraud reduction
  • Where do I store my SSI data?
  • The Philosophy of Self-Sovereign Identity
  • Examples where SSI is working already
  • Self-Sovereign Identity and AI Explorations
  • Embedding trust with the supply chain
  • AI uses in SSI
  • Empowering Individuals with Self-Sovereign Identity
  • Who needs to drive SSI adoption?
  • The biggest challenge in SSI
  • What are the steps to take to control my own data?
  • Being more data literate and caring about your identity and online safety
  • Three actionable steps to manage your own identity


More on Marie
Marie on LinkedIn
Marie on Twitter
Marie's blog
Marie's TED talk

Resources mentioned
1Password

Thanks for listening to Digitally Curious. You can buy the book that showcases these episodes at curious.click/order

Your Host is Actionable Futurist® Andrew Grill

For more on Andrew - what he speaks about and recent talks, please visit ActionableFuturist.com

Andrew's Social Channels
Andrew on LinkedIn
@AndrewGrill on Twitter
@Andrew.Grill on Instagram
Keynote speeches here
Order Digitally Curious

Speaker 1:

to the Actionable Futurist podcast, a show all about the near-term future, with practical and actionable advice from a range of global experts to help you stay ahead of the curve. Every episode answers the question what's the future on, with voices and opinions that need to be heard. Your host is international keynote speaker and Actionable Futurist, andrew Grill.

Speaker 3:

An area I haven't covered on the podcast to date, but is an important and evolving space, is that of self-sovereign or distributed identity. To dive deeper into this topic, I'm delighted to have on today's show a former colleague of mine, marie Wallace, who I work with at IBM. She is now managing director digital-agent lead at Accenture. Welcome, marie, it's so good to see you again. We're not in the same room, but I always enjoyed our conversations at IBM about data and social and all things in life. This is a fascinating topic. When we met at IBM, you'd already been there for some 13 years. Perhaps you could explain your journey to date, from your work in natural language processing at IBM to leading digital identity at Accenture.

Speaker 4:

I was 20, nearly 22 years in IBM research, technically doing research and innovation. It's all been predominantly around AI, natural language processing, analytics in various incarnations. We built our first smart assistant back in 2007 or 2008. I've been in this for a long time. All the analysis and the data that I was working with was predominantly personal data.

Speaker 4:

I got increased in the interest in the ethics of data science, privacy and just generally in a digital society when a lot more data is going to be flowing around right now. People don't have the same agency over their data. They don't know what happens with their data. They don't really understand anything about their data. It's fundamentally going to be more used more and more. There's more risk associated in the ethics. Anyway, make a long story short. This got me really interested in this idea of self-sovereign identity Less about the identity piece and more just about self-sovereign data. How do I have greater agency over my own data? That's really what got me into this space. In the last probably six years, I built something called the IBM Digital Health Pass when I was at IBM, which was used as the Excelsior Pass in New York during COVID. Subsequently did a variety of different projects Essentially the reason I joined Accenture and why I'm really excited to be here is we've now got to the stage where it's not mainstream yet it's not market adoption.

Speaker 4:

People are slowly realizing the value and the importance and the challenges of a digital society and the need to have a decentralized identity approach. Why joined Accenture is because really, it's about reinventing the enterprise, reinventing the world, reinventing digital society and thinking about how we do this in a really ethical, a really previously preserving way, with empowering people with their data. Accenture has lots and lots of clients across pretty much every industry and every geo. We're working with them. I've got some really interesting use cases that we're exploring with a variety of our clients that all rotate around and decentralize their density.

Speaker 3:

I'd love to get into some of those use cases that you can talk about. I've been talking about the fact that we will own our own data for some time. As the technology evolves, as the future is, my predictions become true. I kept saying. When that whole Facebook Cambridge Analytica thing happened a few years ago, I was surprised at how blasé many people worry about their data. Initially there were lots of headlines, you know oh my goodness, they did this without data. Now it's fallen back and people, I think, have forgotten the amount of data they have out there. I want to own my own data, but there are challenges around that and SSI will help solve that. How do you explain SSI to my mom? On your blog and a number of colleagues you've been talking with on LinkedIn? You talked about SSI with the example of streaming music like Spotify or Napster. You coined the phrase streaming trust, maybe using that as an analogy. How does self-sovereign identity work using that analogy?

Speaker 4:

If we think about the music industry, there's a few things that are interesting. One we all remember actually the older of us remember, some of the youngest maybe double. We remember buying big stats of CDs and you'd have a big CD case in your living room with all the CDs that you had bought. Then if you wanted to have a dinner party you'd have to take out a CD and put it in. So you bought all the data, all the songs, even though there was maybe only three or four songs or maybe on the CD you might want to listen and you might listen to them not that often. Then you had to keep buying more and more CDs. So that's kind of the old analogy and I create that very much to the way things work today in terms of data. People buy data. They might be buying it from a third party data aggregate or they might actually be effectively buying it or getting it directly from you. They ask for a stack of data and then they stick that stack of data in a big MDM somewhere and then they have to manage about, manage security and risk of data theft. So they have all the costs, the same way we did, of managing a big stack of data. What streaming did for music was allow people to say I don't need to own any songs, I don't need to have stats of CDs, but what I can do is I can get the song when I need to. So when I'm sitting down for dinner I can say this is the song I need and you basically pay on demand. So that was basically the model, and we all remember the content battles that content providers did not want to go down this route and what happened is they went out of business and a new generation of companies came around that really took advantage of the streaming model. And I think this is the same thing with data.

Speaker 4:

If we take a very simple analogy, we're doing some really interesting work around the kind of work of credentialing. And let's just take the simple analogy Back in February, I joined Accenture and I had to go through the onboarding process. And what you do today with onboarding, you have to have proof of prior employment, so it's a letter of proof. When you work for a specific company, you've got your transcript or you basically tell them. You self attest you got it from this college. So all this data, you provide them photocopies or you self attest and then they either themselves go or they have to pay a third party to go verify all that data. Go to the college and what happens is you go back to these institutions that verify academic data and they'll get all the academic data and then they'll pass back the data. So now what you have is don't know this manual work and the reality is you share all this data about, say, academic credentials as an example that you don't need.

Speaker 4:

Now what we're proposing is with a fair file potential. When I get, when I qualify, or when I, when I work for a company, I get proof of employment. When I leave it, I still have proof of employment, but it's just expired. You know the data of employment was this date and this date. When I then want to get a new job, I just have to exchange for our five credentials. It happens as I need it.

Speaker 4:

The receiving company, accenture, doesn't even need to store. They can store, record the record, but they don't need to store all the data. They only need to store the minimum amount of information they needed to complete the transaction, which was to hire a marine to make a permanent employee. So it completely changes the dynamics, both in terms of the user experience. How easy and quick it is to onboard with the company or to get a new credit card or whatever the process might be the minimum data that the receiving company actually really needs to hold, because, as one of the example I'll give, which I always think is a really nice one, is your address.

Speaker 4:

People's addresses change all the time. Why do banks need to store addresses? The only time they need the address is when they want to send you a letter, which they should be able to send a quick proof request, check your address and then send you your letter if they have to physically send you a letter. So there's all this data we're holding on to that we don't need to be, and that's really how I equate music to this kind of streaming data and streaming trust. We get the data on demand when we need it, and it's a whole different business model.

Speaker 3:

There's a recent example where this went horribly wrong in Australia and one of my former employers, optus, had a data breach. People then realized that Optus had been storing their full driver's license. Now in your world if you then the driver's license verification here in the UK it's the DVLA you basically have to say do you have a valid driver's license and are the credentials correct, yes or no? It's almost a flag. What people were surprised about is that Optus had stored the full driver's license number and everything else. Of course, when that was compromised, people's driver's license was exposed. Optus, I think, had to pay something like $300 or $400 per person. There was literally a line up outside the motor vehicle registration for people to get their new driver's license numbers In your world. What would have happened there is that there would have been exchange of verifiable credentials between the government and the telco provider to say, yes, andrew Grill has that license, and all they'd be storing would be a verifiable check mark rather than the driver's license. Is that how it work in practice?

Speaker 4:

You're coming to really what differentiates the decentralized model? The way decentralized works is the individual is issued their data. If I want to rent a car from Hertz, I go to Hertz, I self-attest my driving deeds and I have to give normally a lot more information than they need, because they then have to use that data to go back and verify with the DMV or with the driver's license, either using an API or something. I give a load of data and then they have to go verify. Then I have to give consent so that they can consent to share the data. You get all this plava of consent and security and privacy because these two companies are sharing your data, whereas in the self-solving identity world they don't talk to each other at all.

Speaker 4:

It's not the business of the DMV. Whether I rent a car at Hertz, the DMV issue me my driver's license. I have my driver's license in my wallet as a cryptographically verifiable document. I then in turn, share that directly with Hertz. As an example, as a proof exchange, what Hertz store may just be yes, the proof exchange was successful. They might, for example, before you can rent the car, they might need you to prove that you are. You say you are, so proof of identity, proof of a driver's license and maybe it might even be proof of insurance, if you can use your insurance. You respond to three proofs and then they give you your car. It could be as simple as that, moving forward. The person is the agent that does the exchange of data, not two organizations sending your data back and forth without your visibility.

Speaker 3:

I hold the credentials. How can you trust that the credentials I hold are real and verifiable? Who trusts the trust provider, or is that an unfair question?

Speaker 4:

It's actually the number of the question. To be honest with you, andrew, I think there's a couple of things. Something was said to me. They're really surprised.

Speaker 4:

Accenture was interested in this because it's in this like anarchy. No, because there still is trusted issuers. There still is the DMV issuing drivers. That fundamentally doesn't change. The DMV, as an example, is issuing a cryptographically signed document using their private key that nobody else has to. Marie. None of the data elements within that document can be changed because otherwise the verification will be possible. That's one protection.

Speaker 4:

The other critical thing is how does the DMV know that it's issuing the data to, indeed, marie Wallace? This is where you have to have a digital wallet which is tightly bound to that individual's identity. Very often, you also actually probably want to bound to a device so that if Marie's data or wallet or something was stolen, you'd have to get her phone and you'd have to get her biometrics to get into the phone, and then you might have to get a passkey. You'd actually have to do a lot to try to get into our wallet and then to be able to use it. Critical thing is you need a super secure wallet and the issuer needs to be issuing to a secured, trusted wallet. The verifier then obviously needs to trust the wallet and they need to trust the issuer. That's where the trust network comes into play. There isn't a single network. It's ultimately a network of networks.

Speaker 4:

Ultimately, the verifier does indeed need to trust. They either need to directly trust the issuer. If the DMV is publishing their keys, then you as a verifier can say I want to keep my own trust registry. Or you might want to trust a third party registry that's like Yellow Pages that is managing onboarding of all these different entities to say, yeah, these are entities.

Speaker 4:

Trust beauty is in the eye of the beholder. If I'm in some country I don't know some country somewhere, they might, for whatever reason, decide we're not going to trust the DMV. It's not like a rule you have to trust. The only critical thing is you have to be able to identify the entity to know this is indeed the DMV that is the official issuer of driver's license for the United States. The trust network and the trust registries are a critical component of this system working. These can be something that an organization maintains for themselves. That works actually in cases where you have small ecosystems. But for very large ecosystems, obviously, what you're going to end up having is networks of trust registries and maybe even government mandates or government managed trust registries.

Speaker 3:

You mentioned the word wallet. When I think wallet, I think blockchain, but we talked off air and there's actually no link between the two. Could you do some myth-busting that self-solving identity doesn't need a blockchain?

Speaker 4:

No, it doesn't. Now this is maybe not the most secure way of doing it, but during COVID, as an example, countries around the world Europe being a good example wants to be able to issue COVID passes. They didn't want to have to build everything on blockchain, but they wanted to have a wallet, they wanted to have verifiable credentials, they wanted to have the individual having the agency and they wanted it to be peer-to-peer. So, on the edge, they wanted everything that is self-solving identity. But in the case of that, for example, in Europe they basically had the public key directory. The trust registry for Europe was the EU gateway. It was an actual gateway, a centralized system. That was the trust registry for Europe.

Speaker 4:

Now, in the United States, on an example, they didn't have that sort of centralization. If we look at, for example, new York. So the Excelsior Pass in New York, new York State, had its trust registry for its Excelsior Passes. That was in. I think might have been a database. Then, when we built the Digital Health Pass, we built, indeed, it on blockchain. You can use many different technologies in different ways. Blockchain is one of them. In certain cases, it provides some very, very nice characteristics, but you don't have to use blockchain. So people use different technologies for doing that, and that's perfectly fine. For me, the key thing about the concept of self-solving identity is essentially the philosophy, the concept, the design. That's what has to be respected.

Speaker 3:

For a while now, I've been talking about the concept of tokens and I've been using the example of a blue tick against the roles of my LinkedIn profile. You know that I did actually work at IBM in the roles I had from 2013 to 2017. Let's look at how that would work in practice. I understand the whole trust network, but IBM would have to be able to issue a credential to me or to LinkedIn and LinkedIn would have to verify that. How would that work in practice? What's the incentive for LinkedIn or me or IBM to even offer that service?

Speaker 4:

Funny that you should mention that, because this is actually something that we're really in the process of exploring here within Accenture. I've had some interesting conversations with a number of our clients over the last month the incentives around releasing individual data to them, respecting your customer and there's a surprising amount of interest from the companies I speak with with releasing data to their customers for a number of different reasons. One is they want to minimize the footprint of PII that they're holding. There's the risk element. They don't want to be holding a loaded data about you that they don't need to be holding. There's a really attractive about you having more and more autonomy over your own data. There's a real differentiation if you're a company that empowers individuals with their own data.

Speaker 4:

I'll give you a very, very simple example. It seems trivial, but it could be very powerful. Most companies, if you're a customer, they generate a risk profile or a credit score of some description. How good is Maria paying her bill on time? All companies do that, so they know which customers are. Very good, they pay the bills on time and things like that. That's never data that I get. Just imagine if the company released it to me Then if I'm renting an apartment and they want to. Well, I can prove that my local telecom provider or the electricity supply board or whatever here's to verify that I've always paid my bill on time. That's a very simple example of the incentive to the individual is this is a company I do a business with that is giving me value in and above the service that they're also giving me.

Speaker 4:

When I was an IBM, gili Rometti quoted as data is the new currency, or data is the fuel that's going to drive our economies. And if it's a currency, if it's a fuel, it should be leveraged, it should be utilized and I as a citizen should be able to leverage the data for value. So I would argue there are a growing number of incentives. If we look, say, to the proof of employment, so just think of it. So okay, proof of employment can be very useful for companies in just simply giving access to systems, giving access to the building. I'm an Accenture employee so I can get into the Accenture building, so there's that kind of obvious benefits. There's also benefits for how I represent myself on LinkedIn and the incentive for me as an individual is to increase the trust of people looking at me in LinkedIn, so increase my reputation. The value to LinkedIn is they have trusted more valuable data that everybody's going to trust, and the value to my company, as an example, might be, you know, increasing. Okay, there's a risk that if my profile increases, I might get poached by other companies. But again, I think of it as, like you know, if you love somebody, set them free and if they love you, they'll come back to you. If they don't, they never loved you in the first place. So there is an element that you have to trust people with this data. If you go a step further, you mentioned things like checkmarks for other types of data. So we're also doing some really interesting work to look at employees and what other information would they really benefit from?

Speaker 4:

I think about developing my career. How do I identify? Do I have the right skills and what sort of training should I do? What sort of job should I do? What sort of project should I do? Just imagine if I'm collecting, over time, all the data that represents the work I've been doing, the formal education I've done, the certifications I've taken, maybe even the jobs I've done within a company. So, while I may not be able to expose the fact that I worked with company X on project Y. It could be issued as an off the scale of verifiable credential Because, again, all of our five credential needs to prove is you worked with a Fortune 500 company in the automotive space doing X and you got a five star rating, so you can.

Speaker 4:

Over time you can. Your CV isn't the static piece of a snapshot, it's every data element. So we think about AI. So now we think about AI and the role of AI and, as basically a career manager helping me with my career, you're actually having a wonderful set of data points that I can now really get personalized career advice and really figure out what jobs I could win I could be going for. Both me as an employee, but also the employer will have a much, much easier time of finding the right employee. The potential is huge but, again, ai is only as good as the data that feeds it. We need really good data and this is one of the interesting challenges around credentialing.

Speaker 3:

And then if I own my data and I can choose to give it to another downstream system and I have much more control over that. So I think that's fantastic. Just back to LinkedIn, they're starting to do a level of verification. I've seen people now with verified profiles where they basically send an email to your work address and say well, do you work there? And if you have an ad extensioncom email address, then you must work there. So they say that that's correct. At least they're starting to do that. But I think the next phase probably requires effort on both sides, and they're owned by Microsoft. Why wouldn't they want to do it?

Speaker 4:

And they are actually doing it already. There was an announcement a few months ago. So Microsoft Entra, which is the new rebranded set of Microsoft Identity offerings, and they have Entra Verified ID, which is indeed a Solve Sub-In Identity solution that issues verifiable credentials. It can be sent directly to your authenticator app. So if you have the authenticator app, you can get your verified credentials proof of employment, as an example and indeed LinkedIn leverages that. So LinkedIn is already providing support for verifiable credentials. So this is where we are seeing use cases emerge. We're seeing companies starting to adopt.

Speaker 4:

Sometimes it's not immediately visible, because the average Joe on the street doesn't care whether this is a verifiable credential, but they care about a more seamless, frictionless user experience. And that is, I think, where the value is really going to come, where this concept of verifiable data is going to enable these more frictionless user experiences. And the other critical thing is as well I don't talk so much about privacy these days. I think more about safety, because when you talk about privacy privacy, well, I have nothing to hide it's not about something. That is about you being safe as you move through your digital world, and I think safety is the more important issue for everybody out there, the amount of fraud that exists, the amount of money it's mind blowing the amount of money on these things like phone scams, all sorts of scams. The reality is, verifiable credentials can solve all those problems as well. So I think there's a really interesting set of drivers at this point in time between risk, between cost, between fraud, between frictionless experiences, that's starting to make verifiable data really relevant and really timely.

Speaker 3:

If I now own my own identity, where does it get stored and who should store it?

Speaker 4:

Using the analogy data is currency. I think about it very similarly. To think about banking Like years ago, people put all their money onto their mattress and they felt it was safe there and whatever, and then eventually they started trusting banks. I would argue and this has always been the vision of self-sustaining identity is that ultimately, in the future, what you'll have is you'll have wallet providers and there'll be many of them, so you can choose, the same way you choose what bank you want to go to, and those wallet providers will have secure, privacy-preserving, protected wallets that will also have both a cloud wallet and a mobile wallet, so it will also mean you'll have backups to the cloud.

Speaker 4:

If you lose your device, you can basically break it if you need to. So I think that, ultimately, is what's going to happen, and that way, it'll be much more like having an online bank. The thing that's nice about this model from a, as we start to adopt these open standards if you don't like the wallet you're currently using and the service you're getting and the capabilities you're getting, you just go to another one, so like you would change bank accounts. So that's kind of where I think ultimately this needs to go in order to make this sort of data ownership to kind of offload the responsibility of managing data farm the companies to the individuals. You obviously need to provide them the tools that allow them to do that.

Speaker 3:

Well, just on that. I use one password. I've been using a password manager for about 15 years now and I tell everyone and all my talks that they should look at doing that. They're now adding things like passwordless. They're looking at pass keys. Is that the place if I trust one password and they have two-factor authentication? On top of that, they have a mobile app. I actually had my phone stolen two weeks ago and it was really easy to get everything back because I had one device that I was able to authenticate everything again. Is that the style of provider that I already trust, with thousands of passwords that could become my wallet provider? Is that where things are headed?

Speaker 4:

In theory, I also use one password. I've used them for years as well. I definitely come from the concept of I like to have a vault. I guess the only thing I would say, and I don't know where one password is going or what their vision is. But I think the difference with verifiable credentials is that it's not just about access and authentication. I would argue that when people think of identity today and they think about tokens, they think about access tokens. It's basically a one-trick pony. It's all about access, and access is fine.

Speaker 4:

If you think about all the digital touch points between you and specifically as we get more and more digital, accessing something is actually the fraction of the interactions you actually have with the company. So it's all the other data element that's needed. You're a dress credential that might be issued from the post office, or your banking credentials, your health credentials. There's a whole slew of types of data that you use or that you will use all the time as part of your daily life and being able to make that super frictionless the exchange of that either not necessarily the exchange of data, but it might be just exchange proof requests. I'm ordering food on a menu. How do I make sure that I'm not allergic to anything on that menu. Your phone has the allergies that you have and it basically strips out, marks up the allergies. That's not a difficult thing to do. You don't want to share your health data with the retailer. The data's on your device and then you can basically have this personalized user experience directly on your device.

Speaker 4:

The really interesting thing I think about self-solving identity is it's a philosophy, it's a concept, but it's also a bit of a head-mind-met. It's a bit of a head-recker for people because you have to flip your perspective of the world on its head. You have to look at things completely differently. But once people do, then you start seeing all these really exciting use cases. But it requires a bit of a head-flip for you to kind of see the use cases. They're not necessarily evident.

Speaker 3:

Give me some tangible examples where this is working already and other companies can say oh, we can do that too.

Speaker 4:

Obviously, we know about government IDs. We know about EU EIDAS, for example, europe is going to be issuing a digital wallet to every citizen end of 2024, 2025, and everybody will have digital IDs which will be verifiable credential. So we know kind of governments are starting to do this. There's a couple of areas that I think are really interesting. I mean there's many areas that I don't come back to the worker example. I like that example for a couple of reasons. One is it takes a significant amount of existing cost out of the business, so it costs a lot already, and particularly as we're moving more towards that gig economy. I spent 21 years in IBM, the next generation coming well, we'll spend 21 years at any company. People are moving, so the turnaround is a lot higher, which means the cost of every time you bring people on board is a lot higher. So the thing about worker credentialing that's really interesting is because there's a big cost saving impact and also, as we move toward the skills-based economies and skills-based organizations, optimizing your workforce that becomes a huge challenge. So I do think we're already starting to see LinkedIn was an example they're already starting to support verifiable credentials for proof of employment. We're starting to see Microsoft issuing this to lots and lots of their clients. We in Accenture are starting to look at this more broadly, not just about issuing proof of employment, but looking at things like certifications, academic qualifications, skills. So I think the workspace is particularly interesting and there's a lot of companies that it's a really easy sell because they've got a lot of expense at the moment and this helps them address that.

Speaker 4:

I think the other area that is getting a lot of traction is around organizational identity and verification. So we're seeing the likes of Glythe and the work they've done around kind of the whole governance of issuing organizational identities. We're working with some projects which I can't talk specifically about but hopefully later in the year we'll be able to talk about where they're looking to become a network of issuing organizational IDs and then integrating kind of trust within the supply chain. So the amount of fraud we think about fraud with individual personal identities, but the amount of organizational fraud is eye-wateringly large. So how can we kind of take some of that fraud out of the system? So I think organizational identity and credentialing is very interesting.

Speaker 4:

We've also seen the concept of things like how do I make certain information public? So things like green credentials, so if I'm, for example, an organization. I want my E Street credentials and how do I, number one, prove that I've been audited from a trusted provider of these checks? And then how do I share them with other suppliers I'm working with or companies I want to supply to? But maybe I want to also share them with consumers. So you could imagine a while moving forward where you know I might just want to look on a website, but I might want to, whenever I buy a product, check the green status of the company that manufactures the product, and it's not a difficult thing.

Speaker 4:

Again to the example of when you're scanning stuff you check to see what your allergies are. You might check to see how green the company is. We're seeing organization credentials as something that's really interesting as well. And then there's a whole slew of things around the hospitality sector. How do we make the whole travel experience kind of more seamless and touchless? That's the key thing. So those are some of the use cases that we're seeing a lot of interest in.

Speaker 3:

So you touched on AI before and everyone's talking about AI and you can't have a podcast these days without mentioning AI and ChatGPT. Where does it play a part in decentralized identity and what are some typical use cases and what are you seeing the opportunity for AI right now?

Speaker 4:

I've worked in it for 20 odd years. There's so many different use cases of AI when I think specifically about identity and verifiable credentials. I know there's been a lot of hype about ChatGPT and it is very impressive, but at the end of the day, you know, garbage in, garbage out. If you want highly specialized recommendations and analysis and matching or whatever to understand something about an individual data in, data out. So the more reliable, trustworthy data and the more data elements you can bring into the album, particularly because they can now handle a huge amount of data and they can handle a huge amount of complexity the more data you give it, the better results you're going to get out the other side. I think the credentialing is interesting on two fronts. Number one is it releases more and more data to the individual. So it actually generates more data because there's a lot of data that is sitting in silos. So if you think about you know the example I gave, you know companies might have your credit score or whatever, and they have it in a system. Or LinkedIn has a bucketload of God knows what data about us and Facebook all these companies have a lot of information about us. But just imagine if that data was released to us in a way that we can use, so it becomes usable data for us, so that then obviously could feed potentially AI. Now the other thing that's interesting about the verifiable, credential, self-sorbent identity is that how we share that data with AI engine again is putting us in more in the driving seat, so it's giving us greater autonomy and agency is allowing it to be shared in maybe pseudonymous ways, so maybe our actual identity isn't exposed. It can kind of create these really interesting ways of us sharing lots and lots and lots of data, potentially data points, with these algorithms in a way that we choose to share it, whether we want to be completely identified or we want to be identified or whatever the case is.

Speaker 4:

So there's one interesting example that I really like because it's a good example. It was a health care scenario, I think a while ago. The issue some rfp around looking at citizen health Is a really interesting example because it's this incremental idea that I might incrementally be sharing some information about myself anonymously For the purpose of the getting health recommendations and really targeted. You need to think about this diet of maybe you should be on this drug or whatever the case is. You get some, but at some point in time is the engine maybe recognize something concerning. So now I want you to go see a doctor. So now there's gonna have to be some identification. But what is this incremental identification? You can be completely anonymous to start with. You can use these algorithms Completely anonymously. If they share something important that you maybe want to identify yourself, then you can choose incrementally, do that. So I think about potentials just gives you a lot of flexibility In terms of how you're sharing the data.

Speaker 4:

It's not a magic wand. There's still is gonna be a lot of issues around ethics. That goes without saying.

Speaker 4:

I think empowering people with their own data and making companies kind of putting pressure on companies to release your data back to you, I think is really important and I do think it actually has an interesting positive side effect on the ethics of a I.

Speaker 4:

Just one quick example just imagine if all the insights that a company generates about you they had to release to you. I feel really uncomfortable that a company knows more about me than I know about myself. That doesn't sit right with me. So fine, they can use the data, but they have to tell me, and the thing that's interesting about that is it would actually be a self self managing cycle, because if, if I have to tell an individual, I'm Talk to them because I know they're easy to manipulate and I have to tell them all the reason you're getting this all of a sudden, they're gonna have to be careful about. Do I actually want to use that property? Do I want to generate that? Because I'm gonna have to tell somebody I'm doing that. So even if you don't tell me algorithms, it's really is a self. So I do think there's a really interesting Benefits of transparency and giving people more of their data so I'm a geek, I'm a future, so I want things to happen now.

Speaker 3:

I would love to be able to manage my own data in my wallet right now. And we mentioned chat gpt and you mentioned you've been working for a long time. So I think what happened when chat gpt was launched is it remove the friction. Anyone can now use the tool without having to write a models and scripts and pythons. They can actually play with an a I model. It's a great demo. It's not perfect. What is the frictionless moment where it's another chat gpt moment, where Self server identity just becomes so demand that everyone saying I need access to this, I want this. Is there a frictionless moment like chat gpt or we are long way off, and what I'm really trying to say is who's got to really drive this? Is a government? Is it individuals? Is it companies? How do we accelerate this? I'm sure you're more than excited about this space. How does it become a reality by the end of 2024? One?

Speaker 4:

of the reasons I joined excenture is because I was really interested on the demand side. If we think about the currency example, there's been a lot of focus over the last years on the supply side of credentials, government issuing ideas and you know. So all this kind of the supply side. How do I issue credentials? Obviously nobody gets up in the morning says I'd love a wallet with a loaded data in it. What you do is you need it because you need to solve a particular business problem. I think the demand side is what's gonna drive it and that's where the frictionless user experiences come in. So, for example, it might be you know the telecom providers introduces into the system and Whenever you make a telephone call or you receive a call, you receive a text message, you can see the green check mark to see is this really my bank or is this somebody pretending to be my bank? So you can start to kind of get rid of trillions of dollars worth of fraud out of the system. So that's an example. That's a really big use case which could really start. Say, I'm hanging a second organization have to be having Verifiable credentials because otherwise they're not going to get the train travel and I'm never going to answer a call from a company that doesn't have the green check mark. So that's an example. Maybe other kind of a big use case that could be a chat gtp like kind of transformation. I'm not sure that's what's gonna happen.

Speaker 4:

I think what we're going to probably see is more kind of incremental. So it might be. We have specific types of use cases we see, for example, in the health care space, we see Move on things, like you know, provide a credentialing. So there'll be certain industries that start to introduce this because they need to do for various reasons, might be for for risk, for car savings. So doctors will need to have their wallet with their credentials because I need to get into the operating room or to get into the hospital or to Prescribe drugs, as an example, they'll need to prove the license to basically prescribe certain types of drugs.

Speaker 4:

I tend to think that we might we may not have that big chat gtp moment. You could end up having a big moment where you know, all of a sudden it starts to become this is the telecom private gives me the safest experience that everybody wants to get. Everybody has to get on board. All the other child providers have to get on board. I don't have an answer. It's hard to know what is going to be Big or incremental. I tend to think at the moment we see something a bit more incremental what do you think is the biggest challenges in a decentralized identity world?

Speaker 4:

the biggest challenge is probably the very fact that it's decentralized means you have multiple parties participating. A wallet the critical thing is the wallet. So you think about the dissent. You have an issue of data, your dmv or whatever. You have the issue of data. You have the verify consumer, you know who's gonna request the proof and you got the wallet.

Speaker 4:

To make this really, really frictionless, seamless. You ideally want to have multiple wallets that people can choose and that can interact with issuers from different types of issuing technologies. So interoperability. So I guess, if I was to think about what are the big challenges today, I think interoperability I mean the this is something everybody knows. I'm not saying anything. Somebody doesn't know. We're working on it. I think we're really seeing companies really really working on interoperability, so it's getting a lot better, but it's not there yet.

Speaker 4:

I think interoperability is a big thing and, to your point about frictionless, I think what we really have to do is we have to figure out how can we introduce verifiable credentials in this proof exchange protocol concept into existing applications or entering new classes of applications that make it easier to make telephone calls, to transfer money, to manage your career, whatever. People don't really need to be thinking about potential, what they need to be, thinking about how quickly they can apply for job or find a job. That's sort of, I think, where we need to get to. I'm kind of excited by the next year. As I said you, there's a lot going on. It's not clear which use cases going to be the killer use case. Watch this channel, I want to control my own data.

Speaker 3:

What are the first steps I should take?

Speaker 4:

I guess my call out to people will be slightly different. I think one is to your point. I definitely use a password, for I just think that's just basic housekeeping. Everybody should be using a password or some description to manage their passwords because you know you don't want identity fraud. That's a big thing, but I think my bigger call out really to people in general will be to start to care about your data and to start to push back, because for us to make this really happen, to allow people to be empowered with their data, obviously we want to have the use cases of companies will benefit from it. They might benefit from revenue generation, cost saving, risk mitigation might be these new friction experiences that will help them get more clients.

Speaker 4:

It needs to be a bottom up as well. The consumer needs to say well, hang on, I want, I want my days. I want to know more about what these companies know about me. I want to be able to have a friction experience when I rent a car or when I get a job or when I go to the bank I've forgotten why I haven't replaced my credit card in 20 odd years, because it's literally it's worse and get teeth extracted from the dentist. It was painful, the amount of checks or whatever that have to happen. There's no reason why that should happen in today's world. So I think we need to see consumers putting more and more pressure on the companies that they work with to have a grassroots movement around self sovereign identity and also putting a value on our data.

Speaker 3:

We don't actually understand how much it's worth. Years ago, I used to put up a cartoon and my talks that showed the value we had to people in terms of advertising revenue, and it was in hundreds of dollars or pounds and you often think, well, why don't I get a cut of that if you're making all this money out of my data to your point? I want some of my data back. I want the, I want the enriched data back that I can then use in other systems. And now we've had that chat GPT moment. We can now plug in our data to AI to make it useful and make our lives much easier. So I think people are going to say, maybe, maybe chat GPT has done more than we think. It's that watershed moment where now AI can do things for us. But we need the right data and we need our own data, and now it's available on a platter if people make it easy for us to access it having people more data literate and caring about their identity and their safety.

Speaker 4:

So we stop the conversation actually about privacy but make it about safety. I want to be safe in the world, so I don't want my data filtering out there and everybody's grandmother knowing things about me so that they can steal my identity. So that's kind of my call out for people to start to care about this.

Speaker 3:

So we almost had a time and we're up to my favorite part of the show, the quick fire round, when we learn more about our guest iPhone or Android, android window or I'll. I'll in the room or in the metaverse.

Speaker 2:

I work from home. So I'm going to say in the metaverse your biggest hope for this year and next that we see self sovereign identity go mainstream.

Speaker 4:

I wish that AI could do all of my meetings particularly all my prep work and all my actions afterwards, like all that the mess around meetings that would take so much time for me what's the app you use most on your phone?

Speaker 2:

Google Maps. I couldn't find my way out of paper bag. The best piece of advice you've ever received.

Speaker 3:

Don't be afraid to fail. How do you want to be remembered?

Speaker 4:

that I made our digital world a little bit safer. As this is the actual futures podcast.

Speaker 3:

What three actual things should our audience do today when it comes to managing their own identity?

Speaker 4:

I use one password, so I think managing your passwords is really, really important. To think about that, to be just very alert and very aware when you're sharing data, when you're accepting the check marks and I'm the worst in the world for accepting, you know things without necessarily reading the fine print, but at least be a little bit aware, even if you don't read all the fine print. Just be conscious of every time you're sharing data, because that data, if it's with a company you're not familiar with it, can be used potentially for questionable things, including stealing your identity, if you're not careful.

Speaker 3:

Maria, fascinating chat about a really interesting topic. How can people find out more about you and your work?

Speaker 4:

You know I'm on LinkedIn. You'll be able to find me there. I tend to blog. I have a blog, all things analytics dot com. That's from my analytics days, so this, but I still kept the URL. So all things analytics dot com is me. Come to my blog. Connect with me on LinkedIn, follow me. I talk about this quite a lot and I'll be continue to show more over the next year.

Speaker 3:

Great to connect with you again. I've always enjoyed our discussions. I really enjoyed this one today. Thank you so much for your time.

Speaker 4:

Thank you, andrews, great chatting with you again.

Speaker 1:

Thank you for listening to the actionable futurist podcast. You can find all of our previous shows at actionable futurist dot com and if you like what you've heard on the show, please consider subscribing via your favorite podcast app so you never miss an episode. You can find out more about Andrew and how he helps corporates navigate a disruptive digital world with keynote speeches and C-suite workshops delivered in person or virtually at actionable futurist dot com. Until next time, this has been the actionable futurist podcast.

People on this episode