• Up from US$1.3 billion this year to $8.1 billion in 2025
• Great potential but safety and security issues re: biometric data still unsolved
• Smartphones seen as a way forward
• "Explainability" of AI decisions is key

Digital identity is an important set of technologies that could be money-spinners for enterprises and operators. It is also a highly contentious subject. A new report from Juniper Research finds that the revenue earning potential of digital ID services for mobile operators and DSPs could well be US$8.1 billion by 2015, massively up from the $1.3 billion likely to be achieved over the course of 2020. Juniper says that as the identity sector evolves, mobile operators could play an expanded and increasingly important role in providing verification of digital identity and universal login based on subscriber identity.

However, Juniper also finds that the verification systems and processes needed to permit safe and secure digital identity must be strengthened and concludes that the best way to ensure it will be to increase the capacity and capability of smartphones to provide and manage biometric data. This is a highly controversial and emotive issue, not least because the mishandled introduction of such systems or the sequestration of them by governments of a totalitarian bent will lead to the emergence of Orwellian dystopias the likes of which the world has never seen. Indeed the first steps are being taken in the untrammelled introduction of biometric facial recognition systems in several parts of the world - and one in particular. Juniper calculates there will be 5.2 billion smartphones in daily use around the planet within four years and that number will only increase.

A basic definition of a digital identity is "information on an entity used by computer systems to represent an external agent. That agent may be a person, organisation, application, or device." The data held in a digital identity is used to assess and authenticate the identity of a user interacting with a web-based system without the involvement of, or intervention by, human intermediaries. This is usually a commercial  business system on the web but can also be with other agencies including government departments and municipal authorities.  In essence, digital identities permit automated access to data centres and services where computers mediate the relationship and transactions with a user. 

These days, as big data proliferates and companies and governments begin to realise its potential for manipulation and control, digital IDs are increasingly linked to computer systems centres to an individual's national, civil, medical, financial and consumer identities. Much of that is based on the relentless and remorseless collection of information generated by an individual's personal online activities. This, of course, includes passwords, user names, online search activities, birth date, social security history and records of who bought what goods or services, where, when and why? The potential danger is evident. It is where and when the data is publicly available, insecure, easily hacked and is not anonymised. The original intent may be benign but the road to hell is paved with good intentions.

The implications for the regulatory and legislative control over the use of online identities are immense and many democratic nations are examining ways to ensure that individuals should be able completely to create and control their verifiable data and credentials without being compelled to involve (or even request) permission from an official, centralised intermediary authority. One such methodology would be "self-sovereign identity" (SSI). Here, an individual can generate and control unique identifiers and is also able to securely store identity data.

Biometrics on smartphones

The famous tagline for the film "Alien" was, "In space no one can hear you scream", the tag line for the web should be, "in cyberspace no one  knows exactly who they are interacting with." Passwords, email addresses and other methods don't necessarily reveal the true identity of individual actors in the digital universe and that's one of the reasons why digital ID based on behavioural histories from a multiplicity of web sites and mobile apps is regarded in some quarters as a much better system where trust, verification and authentication can be much more effective and secure (although certainly not foolproof). It is particularly popular with the finance and banking sector where it has many supporters and apologists.

Certainly, biometric authentication for mobile devices can be a big improvement of passwords but can be vulnerable nonetheless. A lost stolen or strayed password can be changed, try doing that with a fingerprint!  In extremis it could even come down to being a case of cutting off a nose to spite a face. Then there are concerns over the possible breaching of data protection laws. Companies intending to compel employees to submit biometric data could find themselves subject to legal action.

As Nick Maynard, the co-author of the Juniper Research report points out, "Bringing biometric verification within digital identity requires robust orchestration capabilities and extensive partnerships, meaning that digital identity vendors must focus on building out their ecosystems". The rise and rise of open APIs is credited as being a prime factor in stimulating the digital identity market because they can provide interconnected data and permit access to different systems. The trick will be to ensure that all the data is orchestrated correctly and that any transaction is correctly authorised or declined.

Juniper says AI will be vital to such orchestration but adds that the “explainability” behind any decision will be central to the increased use of digital identity systems. This will be particularly true in highly regulated markets such as financial services.

That said, explainability and accuracy of machine learning algorithms have sometimes been described as "mutually exclusive concepts" and laboratory tests have demonstrated that AI-based systems can tend to provide high accuracy but low explainability. Going forward it will obviously be necessary to be able understand how the results were reached and decisions made. Where AI and machine-learning enabled systems are concerned, it simply won't be good enough to trot out the old "computer  says 'no' "excuse. Verifiable explanations will be required.