In this News Insight, CSO Magazine discusses why it’s critical that digital identity is built into the foundations of smart cities. Biometrics are a key element of the digital identity puzzle in today’s mobile economy. Download our guide to putting biometric authentication at the core of a mobile passport. —Samsung Insights editorial team
Human beings love cities, well many of us do. We love them so much that the United Nations are predicting that by 2050, 66 percent of us will live in them. So how do to make sure that all of those people are housed, have clean water, can get into and out of the city easily, and can breathe the air without coughing? Well, we make those cities, smart.
The market for smart cities is expected to be around $1.2 trillion by 2022. What this translates to, is a rush of companies going to go after that money by building smart products that enable the smart city. Smart cities are creating a veritable gold rush and this time the rush is built upon data – often our personal data. But to share and transact using that data we also need to build smart identity at the same time we build our smart city.
Home is where the smart is
In the smart city, the home is where it all begins. The concept of the smart home has gone from sci-fi to real-fi in a few short years. However, an unfortunate consequence of smart is that it is becoming synonymous with privacy loss. Examples of this keep popping up, such as FTC recently fining Vizio $2.2 million for breaching the privacy of smart TV watchers. Smart devices like digital assistants and IoT home controls are giving smart a bad name in terms of privacy. These devices are built around identity data and our concerns about the misuse of these data are not unwarranted. But, using smart devices doesn’t have to result in losing our identity; they could even be used to augment it. Smart devices and identity have good potential for pairing to provide:
- Geo-location-based access: Tying a transaction to the home via an identity using a smartphone or IoT device. This could encourage people to only do high-level transactions within a safe setting, like a home.
- Authentication: Using a voice-activated assistant as a second-factor credential. You could also tie in the location of the device to add some risk-based authentication.
- Better UX: As we become more used to asking for things, “Alexa, purchase my favorite merlot please,” associating a command with the use of our identity will make identity use more seamless.
- Smart identity in a smart city
Once the smart city blossoms, our smart identity will move out of our homes, into our cars, and onwards through the city walls. Identity is the backbone of digital transactions. And smart innovations can use the power of identity to enable online transactions. Our smart identity will allow us to interact with our smart cars, send money to our partner with a click, use remote patient care by sharing patient-generated data, and secure our entry into the smart airport.
Of course, all of this could come with a heavy price – our privacy. All of the transactions are based on sharing identity data of some sort. It is inevitable that our digital identity will be drawn into the machinery of the smart city, but it has to be done with privacy respectful implementation. And, privacy of data and IoT security are intrinsically linked, here is some further reading on the security concerns around IoT devices. But privacy has its own special place in the smart city and our identity may hold the key to the solution.
Privacy of data is a convoluted and multi-faceted problem. In the smart city, you can times that by 1000 as often data aggregation is used to forge connections making even anonymity tricky to achieve. Enhanced privacy of Identity (PoID) is achievable using a number of smart identity mechanisms, namely:
- Pseudonymity/anonymity wherever possible
- Minimal disclosure of data wherever possible
- User-centric consent models within the identity system
Having a PoID approach to smart identity will prevent us making the mistake we made with the Internet when it was designed without an identity layer. Smart cities should be designed with smart identity in mind to avoid what was experienced in Chicago in the 1880s. At the time the city was experiencing epidemics like Typhoid because they had built the city without a sewage system. It took a man, Ellis S. Chesbrough, with a vision, to fix it. But it came at a massive financial cost and disruption to the city as they had to jack the buildings up by many feet to retrofit the sewers.
The smart city needs smart identity. It will be the power station behind how the city operates. We need to start building those smart identifiers now with smart use cases in mind. We can no longer create static, hard-coded architectures for our IAM infrastructure. 21st century digital identity needs wings, well, at least tentacles, that allow it to interact across smart infrastructures and manage the use of our data to make sure that “smart” does not mean loss of privacy.
As identity professionals, we need to get our thinking hats on, about where and how a digital identity becomes a smart identity and enables smart city living.
A string of major security incidents recently highlighted the need for upgraded government security.