Event Recording
Kim Cameron - Turning the Web Right Side Up – Giving People What Is Theirs
A steady stream of trends has built up over the years fueling a growing momentum around Decentralized Identity. Kim Cameron will report on why early adopters – enterprises both large and small – are already beginning to make Decentralized Identity part of their strategy for digital transformation. He will argue that the underlying trends will only intensify – and that enterprises which figure out how to benefit early will benefit the most.
Okay,
Thank you very much. If you don't mind, I'll use a podium. I'd really like to talk to you now about turning the web upside down like this. So easily done. No tech CIO still uses the phrase, but privacy is dead. Even Facebook's mark Zuckerberg argues that the future is private. As you can see in this recent selfie taken at one of his events, he wrote in his blog that the, you know, Facebook has always, or for a long time provided the digital equivalent of the town square, but that private, digital living rooms by private, he means encrypted, which happen to be his next project will be more important than anything he's built to date. Now, of course, when mark talks about privacy, there are a few skeptics who come out of the woodwork and no wonder because privacy isn't just about encryption of it's about control, about digital, about control of our digital lives.
Commentators generally agree that we will in fact have digital living rooms, but all of them worry that those rooms might be under the same kind of control as the public square was. People have finally come to see through his last generation times square a space. He called an open town square, but was really part of a walled company. Town citizens had no control over how it was used and competing realities were barred. Nobody basically wants this model. So we don't have digital living rooms or even digital huts that we can call our own merchants and services control and store our contents in history, using it for whatever purposes they want. Content is what we are aspects of our identity, but we don't own it. We don't keep it. We can't control it. Basically. We lack a digital shelter that would offer the same fundamental privacy as a home. Now this can change a new idea is on the March. We give modern people centered services, the identifier through which they can recognize and contact us. Doc circles gave a beautiful talk about that this morning in terms of what a digital wallet might be like and having done. So with that identifier, if we give them permission, they can come to us playing by our rules, accessing and storing our content and history in their digital, in their digital abode, our digital abode.
So the, basically the, the idea of whether this is feasible, depends on the people who control the web and who, who calls the shots on the web. It isn't us as individuals, it's people who run the web. And so the big question is not what we as individuals want. It's what the, the, the enterprises who, who run the web need and want to do. And so I'll be spending the rest of my time talking about what I've been hearing from enterprises and note that this isn't a Gallup pool. This isn't a random sample. Basically it comes from speaking with the people who are adopting the technology.
And I have to say that in the whole time I've spent in digital identity, I've never seen numbers like this. I've never seen sophisticated business models like this. I've never seen basically the investment, both in people and in dollars that I see around decentralized identity amongst not only small companies and venture capital companies and all this kind of thing, but amongst some of the biggest companies in the world. So I can't talk about what people are actually planning, but I can talk about the big story. And that begins this way. That enterprises need change too.
This, the interest in decentralized identity derives from the accumulation of a whole series of trends that have grown over the years in intensity, and then collided with each other, to create a confluence, really a, a surge. And that surge is of sufficient power that has caused many people in, who are strategists and planners in the large companies and the small to rethink business models in a way that normally would've been more or less impossible. It's the business model changed. That is the important thing about this. It isn't the bits. And, and, and so on in the underlying technology, it's what is happening to us. And we're going to see in the space of business models because of this change in identity. So let me tease apart. Some of these trends, first of all, the enterprise, the enterprise is now an enterprise of externals. The modern company is about stakeholders, managers, employees, distributors, suppliers, investors, and of course customers, but of these, the only ones who have a decent digital environment really so far are just the employees.
The rest are all living in ad hoc environments. Those who are trying to plan how to survive threats and take advantage of opportunities, look to the creation of much stronger relationships with all of their, of all of their stakeholders as being the central pillar of digital transformation. They're looking for new digital channels. They're looking for digital channels that let them collaborate with everyone, not just with people with big it departments, everyone now enterprises have driven for a long time to engage customers. By using data. They have systems to retain PII. They have systems to keep your credit card information. Remember the web webpages you visited. They have Byzantine marketing networks that they join and they purchase demographic and, and credit information. And hopefully this helps provide better services, but culling data is a purely voyeuristic relationship. Isn't it? It's not the deep kind of relationship that will create ongoing allegiance with their stakeholders. Worse accumulating data makes you a growing target of a, for, for a data breach. In other words, paradoxically, your data stash is the greatest risk to developing deeper relationships with your own customers. So the need for data is real, but it is a toxic asset. This is compounded by the fact that regulators are watching.
It's amazing how many architects I speak with who tell me that GE our, our legacy back, you know, our, our, all of our, our front ends, our, our pretty web systems connect into these legacy backends that are created of bits and pieces that have been put together out of many different, you know, investments and, and, and, and changes of, of, of management. And to the extent that nobody can even really predict what kind of vulnerabilities are present in them. There is a fear that is con is expressed a lot that no matter how much people comply with and do their best to comply with GDPR, all it is, all it takes is one USB stick, one software vulnerability, one employee's stupidity to suffer from huge signs, huge fines and loss of trust. So they're very interested in how to remove liability and improve allegiance. Now, those who live with these fears and responsibilities, when they do discover decentralized identity, where the customer, instead of the enterprise owns and stores data understand instinctively that their liability is vastly reduced further. When you put people in the loop and they also become data controllers for their own data, you are respecting the customer's desire of the, and embracing the customer's desire for respect, privacy, and control.
Those who are strategists really see this technology as being basically a new channel, the best channel yet it combines security and privacy. It stores PII with limited liability. It allows them to share statements, send notifications across devices because of the fact that it is a direct channel to the individual and the customer can respond within the channel. And, you know, people struggle to interact with all their stakeholders, B2B, B2C employee systems, and O T are all stovepipes with much difficulty connecting between them. And even with even more with existing it systems, it's all too complicated. It's hard to collaborate. And it's very hard to collaborate with customers who don't have it. Systems who don't have it departments, but in the new user owned identity paradigm, everybody uses the same technology, a use our own identity and with it, everybody can connect to everyone else. So this linking of everyone to everyone is almost a magical quality with staggering simplicity.
Now people will say, okay, but if, if you have cellphone identity, how do you know what people's, what people's entitlements are? And the answer is that the system makes it easy to acquire and store badges that are issued by credible sources. So for example, a worker can get a, a, a badge from an employer. A student can get a badge from a educational institution, a citizen from a government, social affiliations from social networks, basically anything can become a badge. And then the paradigm for using these things is so simple. And just like the, the physical world, when an employee goes to a workplace, they present their employee badge. When a doctor goes to a hospital, they present their medical badge. When a supplier comes to deliver something, they, they, they present their supplier badge. And when you travel, you present your passport badge. So everything that current systems do, self-owned identity can do more simply the people who we meet, who are early adopters, see the possibility of setting up multilateral trust frameworks under the control of individuals.
And they want to be the first to benefit from issuing and consuming these badges. Being able to be build these trust frameworks. They, they, they see the opportunity through that of becoming market leaders in new coalitions of markets. Now, another thing driving people is the concern about the rise of tech of tech players with, with great control over markets, the ability of Google, Amazon, and Facebook to get in between them as enterprises and their own customers, controlling search engines, distribution channels, and marketing systems in the past, they actually contributed to the growth of these, of these entities, but many fear that they have reached a tipping point. And they fear that they have too much exposure into companies that are becoming too powerful. They want to shift control from these centralizers and handed over to their customers directly to build impermeable customer relationships where centralizers play a diminished role.
Finally, there's the problem of blocked technology. Basically the, the, the swing of the privacy pendulum has resulted in a hard break on a whole bunch of very interesting and potentially helpful technology and companies that could benefit from it are frustrated. Now, the only way that it can be dealt with is to eliminate the privacy issues, and that is done by giving people ownership of the data and allowing them to subscribe to the technologies, to create a new world of personal benefits. So instead of big, the big data scooping up your data, you as an individual who wants to contribute to medicine can submit it. It's under your control. When you want to get a loan, you can invite a bot in to analyze your finances. You can see what it's gonna say and agree that you're gonna release that information to a financial institution and so on.
So blockchain can provide a durable substrate for this and many people at the conference have been talking about it. I won't go into it. Few merchants and services still run their own data centers. They use what the cloud provides. Now, individuals can do the same and further cloud services will make adoption easier. Millions of enterprise already use cloud services to manage identity from an enterprise point of view. So if those cloud services can accept cell phone identities, which they will, I can assure you just as they would accept usernames passwords are federated identities. It's the, it's the cloud services that have to deal with the complexity, not the end enterprise. They simply will. The whole thing is very incremental. And cell phoned identities will be able to connect into the whole legacy system from the beginning. So my, my theory here is that leaders will create a virtual virtuous cycle. And as enterprises adopt decentralized identity systems, individuals and software developers will follow creating a network effect where enterprises more enterprises will adopt it. And more individuals and software developers will follow. There are already, we see the, the early adopters investing. They, they think that decentralized business models have already delivered immense new value. They think about Airbnb, Uber, and Lyft, which those centralized technologically use decentralized models, decentralized identity makes decentralized business models and immeasurable new value available to all as this occurs, who among us will be disruptors and who will be disrupted. Thank you.
Thank you. Came very mind, provoking keynote as usual.
Thank you.
And we also have one question here, which we might pick, and I think it's an interesting one if it shows up. So do you believe the user understands who holds the identity and even if he understands he can't control what happens with the identity behind the scene and, and, and maybe also is the user really able, or is the average user, some of the users, are they really able to, to manage your identities or it's? Well, they
Don't really have to, if, if the, the system is built properly, they will, they, they will make the identity. They will make the choice about which identity they give to which site they go to. Okay. They don't have to manage anything as for what people do with the identities when they get it, this technology makes it possible to have those receipts that we were talking about earlier, and to accumulate those as part of the sort of history within your digital store. Yeah.
Yeah. Okay. The other question, trust disappeared. There was another question coming up. So it's the one that will make it simple for the end user, not a new man in the middle or middle man.
I don't
Do you put some, someone else in control? So if you have someone who simplifies the life of the end user, then you have someone who takes some sort of control team, the next
Control. No, but I think here the, the point is that this badge paradigm yeah. Is exactly the same paradigm that users already use in the real world. You go somewhere, you need a credential, you offer it, you know, you have a name, you give it. It's actually, it's actually just simple replication of, as doc Earl said earlier of the real world. And, and that's why I think, you know, that's why I think these big companies are investing in it. In other words, I'm not the only one who believes this. I mean, I'm talking about multimillion dollar investments. Okay. And I think that may be enough to actually launch this thing. I actually, you know, I, I do the other, there's one last thing, which is that the people who adopt decentralized identity, the enterprises don't have to take dependencies on anyone else adopting it to get benefits out of it. So that's the thing. I, I don't, I can't explain here, but it really differentiates it from some earlier catastrophes around this type of thing, which I was involved in. So
Yes.
Oh, I remember
One. Thank
You very much, Jim. Oh, thank you for your talk. Okay.
I'll quickly grab the clicker.
Thank you very much. If you don't mind, I'll use a podium. I'd really like to talk to you now about turning the web upside down like this. So easily done. No tech CIO still uses the phrase, but privacy is dead. Even Facebook's mark Zuckerberg argues that the future is private. As you can see in this recent selfie taken at one of his events, he wrote in his blog that the, you know, Facebook has always, or for a long time provided the digital equivalent of the town square, but that private, digital living rooms by private, he means encrypted, which happen to be his next project will be more important than anything he's built to date. Now, of course, when mark talks about privacy, there are a few skeptics who come out of the woodwork and no wonder because privacy isn't just about encryption of it's about control, about digital, about control of our digital lives.
Commentators generally agree that we will in fact have digital living rooms, but all of them worry that those rooms might be under the same kind of control as the public square was. People have finally come to see through his last generation times square a space. He called an open town square, but was really part of a walled company. Town citizens had no control over how it was used and competing realities were barred. Nobody basically wants this model. So we don't have digital living rooms or even digital huts that we can call our own merchants and services control and store our contents in history, using it for whatever purposes they want. Content is what we are aspects of our identity, but we don't own it. We don't keep it. We can't control it. Basically. We lack a digital shelter that would offer the same fundamental privacy as a home. Now this can change a new idea is on the March. We give modern people centered services, the identifier through which they can recognize and contact us. Doc circles gave a beautiful talk about that this morning in terms of what a digital wallet might be like and having done. So with that identifier, if we give them permission, they can come to us playing by our rules, accessing and storing our content and history in their digital, in their digital abode, our digital abode.
So the, basically the, the idea of whether this is feasible, depends on the people who control the web and who, who calls the shots on the web. It isn't us as individuals, it's people who run the web. And so the big question is not what we as individuals want. It's what the, the, the enterprises who, who run the web need and want to do. And so I'll be spending the rest of my time talking about what I've been hearing from enterprises and note that this isn't a Gallup pool. This isn't a random sample. Basically it comes from speaking with the people who are adopting the technology.
And I have to say that in the whole time I've spent in digital identity, I've never seen numbers like this. I've never seen sophisticated business models like this. I've never seen basically the investment, both in people and in dollars that I see around decentralized identity amongst not only small companies and venture capital companies and all this kind of thing, but amongst some of the biggest companies in the world. So I can't talk about what people are actually planning, but I can talk about the big story. And that begins this way. That enterprises need change too.
This, the interest in decentralized identity derives from the accumulation of a whole series of trends that have grown over the years in intensity, and then collided with each other, to create a confluence, really a, a surge. And that surge is of sufficient power that has caused many people in, who are strategists and planners in the large companies and the small to rethink business models in a way that normally would've been more or less impossible. It's the business model changed. That is the important thing about this. It isn't the bits. And, and, and so on in the underlying technology, it's what is happening to us. And we're going to see in the space of business models because of this change in identity. So let me tease apart. Some of these trends, first of all, the enterprise, the enterprise is now an enterprise of externals. The modern company is about stakeholders, managers, employees, distributors, suppliers, investors, and of course customers, but of these, the only ones who have a decent digital environment really so far are just the employees.
The rest are all living in ad hoc environments. Those who are trying to plan how to survive threats and take advantage of opportunities, look to the creation of much stronger relationships with all of their, of all of their stakeholders as being the central pillar of digital transformation. They're looking for new digital channels. They're looking for digital channels that let them collaborate with everyone, not just with people with big it departments, everyone now enterprises have driven for a long time to engage customers. By using data. They have systems to retain PII. They have systems to keep your credit card information. Remember the web webpages you visited. They have Byzantine marketing networks that they join and they purchase demographic and, and credit information. And hopefully this helps provide better services, but culling data is a purely voyeuristic relationship. Isn't it? It's not the deep kind of relationship that will create ongoing allegiance with their stakeholders. Worse accumulating data makes you a growing target of a, for, for a data breach. In other words, paradoxically, your data stash is the greatest risk to developing deeper relationships with your own customers. So the need for data is real, but it is a toxic asset. This is compounded by the fact that regulators are watching.
It's amazing how many architects I speak with who tell me that GE our, our legacy back, you know, our, our, all of our, our front ends, our, our pretty web systems connect into these legacy backends that are created of bits and pieces that have been put together out of many different, you know, investments and, and, and, and changes of, of, of management. And to the extent that nobody can even really predict what kind of vulnerabilities are present in them. There is a fear that is con is expressed a lot that no matter how much people comply with and do their best to comply with GDPR, all it is, all it takes is one USB stick, one software vulnerability, one employee's stupidity to suffer from huge signs, huge fines and loss of trust. So they're very interested in how to remove liability and improve allegiance. Now, those who live with these fears and responsibilities, when they do discover decentralized identity, where the customer, instead of the enterprise owns and stores data understand instinctively that their liability is vastly reduced further. When you put people in the loop and they also become data controllers for their own data, you are respecting the customer's desire of the, and embracing the customer's desire for respect, privacy, and control.
Those who are strategists really see this technology as being basically a new channel, the best channel yet it combines security and privacy. It stores PII with limited liability. It allows them to share statements, send notifications across devices because of the fact that it is a direct channel to the individual and the customer can respond within the channel. And, you know, people struggle to interact with all their stakeholders, B2B, B2C employee systems, and O T are all stovepipes with much difficulty connecting between them. And even with even more with existing it systems, it's all too complicated. It's hard to collaborate. And it's very hard to collaborate with customers who don't have it. Systems who don't have it departments, but in the new user owned identity paradigm, everybody uses the same technology, a use our own identity and with it, everybody can connect to everyone else. So this linking of everyone to everyone is almost a magical quality with staggering simplicity.
Now people will say, okay, but if, if you have cellphone identity, how do you know what people's, what people's entitlements are? And the answer is that the system makes it easy to acquire and store badges that are issued by credible sources. So for example, a worker can get a, a, a badge from an employer. A student can get a badge from a educational institution, a citizen from a government, social affiliations from social networks, basically anything can become a badge. And then the paradigm for using these things is so simple. And just like the, the physical world, when an employee goes to a workplace, they present their employee badge. When a doctor goes to a hospital, they present their medical badge. When a supplier comes to deliver something, they, they, they present their supplier badge. And when you travel, you present your passport badge. So everything that current systems do, self-owned identity can do more simply the people who we meet, who are early adopters, see the possibility of setting up multilateral trust frameworks under the control of individuals.
And they want to be the first to benefit from issuing and consuming these badges. Being able to be build these trust frameworks. They, they, they see the opportunity through that of becoming market leaders in new coalitions of markets. Now, another thing driving people is the concern about the rise of tech of tech players with, with great control over markets, the ability of Google, Amazon, and Facebook to get in between them as enterprises and their own customers, controlling search engines, distribution channels, and marketing systems in the past, they actually contributed to the growth of these, of these entities, but many fear that they have reached a tipping point. And they fear that they have too much exposure into companies that are becoming too powerful. They want to shift control from these centralizers and handed over to their customers directly to build impermeable customer relationships where centralizers play a diminished role.
Finally, there's the problem of blocked technology. Basically the, the, the swing of the privacy pendulum has resulted in a hard break on a whole bunch of very interesting and potentially helpful technology and companies that could benefit from it are frustrated. Now, the only way that it can be dealt with is to eliminate the privacy issues, and that is done by giving people ownership of the data and allowing them to subscribe to the technologies, to create a new world of personal benefits. So instead of big, the big data scooping up your data, you as an individual who wants to contribute to medicine can submit it. It's under your control. When you want to get a loan, you can invite a bot in to analyze your finances. You can see what it's gonna say and agree that you're gonna release that information to a financial institution and so on.
So blockchain can provide a durable substrate for this and many people at the conference have been talking about it. I won't go into it. Few merchants and services still run their own data centers. They use what the cloud provides. Now, individuals can do the same and further cloud services will make adoption easier. Millions of enterprise already use cloud services to manage identity from an enterprise point of view. So if those cloud services can accept cell phone identities, which they will, I can assure you just as they would accept usernames passwords are federated identities. It's the, it's the cloud services that have to deal with the complexity, not the end enterprise. They simply will. The whole thing is very incremental. And cell phoned identities will be able to connect into the whole legacy system from the beginning. So my, my theory here is that leaders will create a virtual virtuous cycle. And as enterprises adopt decentralized identity systems, individuals and software developers will follow creating a network effect where enterprises more enterprises will adopt it. And more individuals and software developers will follow. There are already, we see the, the early adopters investing. They, they think that decentralized business models have already delivered immense new value. They think about Airbnb, Uber, and Lyft, which those centralized technologically use decentralized models, decentralized identity makes decentralized business models and immeasurable new value available to all as this occurs, who among us will be disruptors and who will be disrupted. Thank you.
Thank you. Came very mind, provoking keynote as usual.
Thank you.
And we also have one question here, which we might pick, and I think it's an interesting one if it shows up. So do you believe the user understands who holds the identity and even if he understands he can't control what happens with the identity behind the scene and, and, and maybe also is the user really able, or is the average user, some of the users, are they really able to, to manage your identities or it's? Well, they
Don't really have to, if, if the, the system is built properly, they will, they, they will make the identity. They will make the choice about which identity they give to which site they go to. Okay. They don't have to manage anything as for what people do with the identities when they get it, this technology makes it possible to have those receipts that we were talking about earlier, and to accumulate those as part of the sort of history within your digital store. Yeah.
Yeah. Okay. The other question, trust disappeared. There was another question coming up. So it's the one that will make it simple for the end user, not a new man in the middle or middle man.
I don't
Do you put some, someone else in control? So if you have someone who simplifies the life of the end user, then you have someone who takes some sort of control team, the next
Control. No, but I think here the, the point is that this badge paradigm yeah. Is exactly the same paradigm that users already use in the real world. You go somewhere, you need a credential, you offer it, you know, you have a name, you give it. It's actually, it's actually just simple replication of, as doc Earl said earlier of the real world. And, and that's why I think, you know, that's why I think these big companies are investing in it. In other words, I'm not the only one who believes this. I mean, I'm talking about multimillion dollar investments. Okay. And I think that may be enough to actually launch this thing. I actually, you know, I, I do the other, there's one last thing, which is that the people who adopt decentralized identity, the enterprises don't have to take dependencies on anyone else adopting it to get benefits out of it. So that's the thing. I, I don't, I can't explain here, but it really differentiates it from some earlier catastrophes around this type of thing, which I was involved in. So
Yes.
Oh, I remember
One. Thank
You very much, Jim. Oh, thank you for your talk. Okay.
I'll quickly grab the clicker.
Video Links
Stay Connected
How can we help you