Is Your Fingerprint Your New Digital Password?
We’re entering a new era of identity verification, in which the Internet builds itself off of knowing exactly who you are rather than preserving your anonymity behind a goofy username.
There's an old Internet one-liner (actually originated in a 1993 New Yorker cartoon) that goes: "On the Internet, nobody knows you're a dog." It’s a play on the anonymity of the Web—in the '90s heyday of AIM and IRC chatrooms, there was no telling who a user actually was in real life. That doesn’t hold true anymore. In fact, with Apple’s inclusion of a fingerprint scanner in the new iPhone 5s, you can now conclusively prove that you’re a cat.
TechCrunch tested out the scanner embedded underneath the new iPhone’s home button by successfully unlocking it with a cat’s paw rather than a human finger. The cat can’t do much with your smartphone, of course, but the experiment does point to the fact that we’re entering a new era of identity verification, in which the Internet builds itself off of knowing exactly who you are rather than preserving your anonymity behind a goofy username.
The push toward real online identity began as social websites became more prevalent and your IRL identity became more central to life online. Facebook continues to build itself off of knowing just who its users are, and sells that information to advertisers. With Apple’s fingerprint system, however, you won’t even need a Facebook profile or log-in password—your own unique code is already embedded in your skin. And if Apple can track every instance of you using your fingerprint, then that’s extremely salable data. If it works, that is.
We should be able to control our digital signatures in the same way that we control our physical fingerprints. That’s not an option, yet
Resolving the virtual/physical divide is a thorny, ongoing issue. “The disconnect between the physical you and digital you is hard to compensate for,” said James Varga, CEO and founder of miiCard (pronounced “my card”), an online identity company operating in 10 countries that’s able to verify over 350 million people. “As an industry born of privacy and pseudonyms, [the Internet] suffers from a fundamental lack of trust.”
That absence is preventing you from doing things online that you otherwise could. In its 2011 National Strategy for Trusted Identity in Cyberspace (NSTIC), an initiative encouraging private businesses to solve the online identity issue, the White House wrote, “When individuals and organizations can trust online identities, they can offer and use online services too complex and sensitive to have been otherwise available.”
There are different ways to build that trust. Rather than taking a fingerprint, Varga’s miiCard creates a universal ID by linking your Internet presence to your bank account. “They know you better than anyone else—you use it to pay your mortgage or your rent, it represents you as a physical person. … That’s a really good reference point that we can link digitally to the online version of you,” Varga explained.
The company began by making online financial services applications easier. “Signing an agreement is still an offline process that generates a huge dropout,” Varga noted. Instead of having to print out a form, initial it with pen, scan it, and send it back, miiCard acts as your virtual signature, guaranteeing your identity. The company now even enables its users to buy a house entirely online, no physical interaction with banks or realtors necessary.
MiiCard, along with its identity competitors like Symantec, Facebook, and (soon) Apple, trade on their ability to make things convenient for their users. They also help their client companies (like banks and insurers) cut down on the identity fraud that’s an inherent risk of doing business online. Yet the prospect of surrendering so much data to a private company is frightening for users, no matter how easy it makes things. Apple says it won’t store iPhone 5s fingerprint data in the cloud, protecting it from hackers, and miiCard lets users disclose only the information they want to share, but doubts about security remain.
One solution would be to have the government create and regulate a universal ID system, piggybacking on our current standard of drivers’ licenses and social security cards. In fact, the digitally adept Estonian government has already created its own e-ID system that 90 percent of citizens participate in. The ID acts as an all-in-one health insurance card, passport, public transportation pass, and banking device. But part of the impetus for the NSTIC program is that the U.S. government found its citizens simply weren’t willing to participate in pilot programs—a trend that’s perhaps unsurprising given the recent revelations of NSA Internet surveillance. Why give up even more information?
User adoption is a major problem facing online ID systems. “Even though we have passports and IDs, the average consumer doesn’t want the government to do it for them,” Varga argued. “It’s seen as too controlling.” There’s also the issue that even nationalized digital IDs aren’t quite universal. “The Internet is global,” Varga said. “Even where the countries have state online IDs, their next challenge is, how will they work together globally?”
OpenID presents an answer to that problem by building a coalition of international companies that support a universal ID platform that’s run by a foundation instead of a corporation. Backed by AT&T, Google, PayPal, Verizon, and others, OpenID has created Connect, an apolitical, a-commercial, open-source identity system that anyone can adopt and adapt to their own needs.
The bottom line for OpenID is that a universal identity solution is a necessity for online businesses to keep growing, a goal that’s in everyone’s best interests. “Standards build markets,” OpenID Executive Director Don Thibeau has said. “Standards help the pie grow bigger.” The group is collaborating with the U.S. government to bring its ideas into practice, but the program is still in its infancy, and has little hope of challenging either Facebook’s stranglehold on online identity or the physical omnipresence of the iPhone.
There’s no one answer to where our online identities will come from. The deeper phenomenon, however, is that we’re already moving into a new era of Internet usage in which anonymity is no longer the priority, as it was in the Web’s infancy. Instead, it’s all about restricted application of your identity, showing exactly who you are only to the sites and services you want to give that information to. We should be able to control our digital signatures in the same way that we control our physical fingerprints. That’s not an option, yet. Just keep in mind when you push your thumb (or paw, as the case may be) to the iPhone 5s’s new home button—there’s a lot more at stake than quick unlocking.