The Human Impact of Identity – Women in Identity Code of Conduct

There we go. Perfect. Cool.

Right, so I'm just gonna talk a couple of minutes about what the code of conduct is and then what I'm gonna do is I am gonna introduce my illustrious panel who have joined me. So interestingly, the code of conduct was born out of some work that we did at eic.

Well, wasn't eic, it was a Kuppinger Cola event many years ago, maybe three years ago, maybe four years ago, four years ago. And we ran a, we ran a workshop around bias and we had a bunch of engineers attend and we had product developers attend and they came along and we were, we were as women in identity as an organization, we were just starting to talk about this potential issue of bias. And we knew that it was obviously affecting technology and we were kind of like, it's probably affecting identity as well.

And so what we were trying to do is just start to talk about this issue of bias and how it might be affecting our world. And so what, what I did is I did this workshop, talked a lot about bias, all the different biases.

We, we ran a whole bunch of kind of like interactive sessions where people were kind of interacting with each other about their different biases. And after the workshop, a whole bunch of people came up to me that had done the workshop and they just went, I cannot unsee what I have seen. I'm realizing how my personal biases could be affecting the technology that we're building in identity. And they went, what do I do now? And I went, I don't know, because I hadn't got that far yet.

So what we did as women in identity, we went away after that workshop and we went, well what could we do as an organization? What could we do to help the industry think about this issue of bias? And really come up with something that was super practical for the industry to start to think about how bias could impact, how our unconscious biases might impact the, the technologies that we're building. How ensuring that we have all users involved either, you know, we have everybody involved at the table. That's hard, right?

Because we don't have all of humanity represented in our teams unless someone's gonna stick their hand up and say they do, which would surprise me. But we need to make sure that we are designing this technology for humans and humans are super diverse. And so this is how we came up with the idea of the code of conduct. And since then we've done a lot of work on the code of conduct. So it's kind of in five pieces. We did a really big piece of research on all of the, the evidence that's out there at the moment. So we pulled all of that together in a report.

And if you go to our website, which is ww dot women in identity.org, you can get all of this, you can just download it and you can read it cause it's all freely available. And then we did a piece of work around the human impact and we started with a human impact because I think sometimes, you know, it's very easy to sit in the room with lots of technology people and talk about technology and we kind of end up forgetting who we're building it for. So we were like, let's, let's do some interviews with some people that have had problems with identity.

Let's actually go and talk to real users about what that impact means when they can't go and access things. When they can't go and open a bank account when they're locked out of various things, what does that do to them? So we went and we interviewed people in the UK and we went and we interviewed and we, we hired a research, a agency and they went and interviewed, we actually used Caribou Digital, if anyone knows, they've done a lot of work with in the impact space with people like World Bank.

And we interviewed people in the UK and they went and interviewed some people in Ghana because we wanted to kind of compare and contrast those two markets, very different markets and go, what's the same and what are the, what are the differences between those two markets? So again, if you go to our website, go and look on YouTube, you can see all of those videos cuz this is all open and freely available and, and just got these video clips of people going, this is the impact. Like this is what happens when I can't access something. This is what the impact to my life.

And then we, we had caribou write a really big report. They went and talked to all these people, they wrote it up. It's a 70 page report. Anybody that's doing research in this area, again, it's freely available. Grab the report, download it, feel free to reference it. Then we we're doing another five pieces to the work. So we're doing the economic impact. And the reason why we're doing that is because I then had a, we had then had a lot of people saying, well my company doesn't care, my shareholders don't care about this. They're not bothered about this, they just wanna make some money.

So we were like, okay, you know, probably we need to make it commercially, you know, make sense for people and we the, and this is the piece that we're going on to do. So we are going to do the economic impact and that's both at a macro economic level, GDP growth kind of level. So what's it mean for a country and then what does it mean for, you know, organizations that are taking part, what's it mean to relying parties like banks if they can't onboard customers? What does it mean to identity companies?

If you know they don't have products that are inclusive, then we are gonna do some really short sprints working with loads of different stakeholders across the industry. Governments gonna be at the table, different governments, we're gonna have relying parties, we're gonna have identity providers at the table doing a short sprint to go what should the code of conduct be? And we're calling it code of conduct. But essentially we, we done that piece of work yet, but it's gonna be like 10 principles around how we think about inclusion in our industry.

And then the last bit is creating an implementation framework. So a really practical guide so that when you're a product manager and you go on building a new identity product, what should I do when I wanna think about inclusion? They can literally take this guide and go, I need to think about all these things and I need to start asking my team these questions and we need to think about it in this sort of way. So a really, really practical way in which practitioners can then use the, you know, how do we think about inclusion. So that's the piece of work that we've done.

I've got three really amazing people here today to talk about it. I'm gonna kind of go, they're not gonna know it's the right to left, but I'm gonna ask them each to, to introduce themselves. Melissa's shaking head and then I've just got some questions for them cuz they're all heavily involved in this project and I'm just gonna get them to give their perspective. So Melissa, can you introduce yourself please? So my name is Melissa Carvallo. I am a board member for the women and identity team.

But in addition to that, and I wish I could have spoken on the last panel, I run identity and access management at the executive level at Royal Bank of Canada. And I do have the ability to influence the C level and I do speak to wealth. So Denny and I who works at a rbc, we need to have a side chat because wealth management does pay for our initiatives.

But yeah, that's me. Cool. On next panelist is Thomas. Hello everyone. Thomas Davies. I'm a cyber partner for kpmg. I lead the cyber transformation function as well as risk managed services and alliances for the Canadian firm. And Sarah, Hello everyone, I'm Sarah Walton. I'm the program manager, very honored to be the program manager for the ID code of conduct.

I'm also a independent digital consultant and I am have been supporting women in identity since its conception and have known Emma for a very, very long time and am so impressed by the work that has been done by women in identity and very proud to be part of it. Cool. So first question, I'm gonna go Melissa again.

So why, you know, you, you are representing, you know, rbc, why, why did you wanna be involved in the co code of conduct as a bank? Why do you think it's important? So you know, we're a global bank and the information and research provided by women and identity really opened our eyes to a number of things. Number one, one over 1.1 billion people don't have a legal form of identity. And so how would we get additional clients? How would we work in some of the markets? And we really felt it was more of the emerging markets.

But as we spent more time researching and understanding, we realized it's not restricted to the emerging markets. So in, in North America for example, what about the elderly? How are they obtaining identity and how are they obtaining services? Those with mental health, how are they receiving those services if they don't have a legal form of identity? What about those with disabilities having to commute long distances to obtain that legal form of identity?

And then when they have the identity, those that have some kind of disfigurement, how are they able to use some of the biometric systems and some of the technology to obtain those services? Then when you think about some of the government programs, because as a financial organization we often interact with the local governments, how are they setting up digital identity programs? And so are they really meeting their objectives? If you look at the program in India, do they really meet the objectives that they intended to meet? And then how's privacy of data being done?

So I know Emma on the keynote the other day, Jurich asked you a question around, I think it was the UAE that had digital identity for everyone. But when you look at Kenya and when they started to do that, they took that data and they treated Muslims different than non-Muslims. And so can some of that data then be used to discriminate people further? And so maybe a, a sh shorter answer to the, the long answer I was giving on the question. Really we have the ability to make a difference and so the time has never been right than it is now. Cool.

Thomas, if you wanna come in on that. Yeah.

You know, to that point, identity is such a personal item, right? Digital identity has this amazing opportunity to empower by placing real ownership control and consent with the actual individuals or the citizens or the employees giving them the opportunity for greater accessibility. And you know, to Melissa's point as well, I think personal identity is something that can change over time.

You know, self-development and discovery, you know, one size fits all is just never going to be something that's achievable. So you know, historically my concern is that we've focused development and testing on solutions around, you know, singular user groups.

You know, the, there's the famous stories about the seatbelt being developed and it being developed with a certain type of size and and gender of individual and the impact it's had from a safety standpoint by not in being inclusive. You know, I think going forward we want to develop trust, we want to have strong adoption and we're not gonna have that unless we really include everybody in the design and development of these solutions.

So for me, I'm passionate about being involved in the code of conduct because we need as many people as possible to consider the test, the test cases of our solutions. How we'll impact different genders, those who are neuro divergent, those with different economic statuses, varying ages and and different groups. So you know, my opinion is we need to democratize the solution, include everyone and empower everyone.

I think you make a really interesting point there cause I think one of the stats around digital identity systems is comes from McKinsey and they say you know, you can get between three and 13% GDP growth if you have a fully functioning digital identity system. And I kind of always go, but if only 70% of your population can actually use it, you are not gonna get all of that GDP growth.

So just from a real macroeconomic perspective, inclusion's important, you know, from from a nation kind of level because if not everyone is able to use it, we're we're not going to realize the gains that we think that we're gonna make from from digital identity. Sarah, have you got perspective on that?

Yeah, absolutely. And that's a thank you for mentioning that because this is very often I very often hear as a challenge from the floor as a heckle, well this is a small group of people and isn't this the older people and they're gonna die off anyway. People have actually said that to me.

This is, I suspected for 20 years a growing group of people, the numbers are growing and only two years ago in the UK was a granular piece of work done in order to count the headcount of people who actually can't get a digital identity or will struggle to do so. That's 12% of the population of the UK that's a developed nation, a so-called developed nation that is probably, it's probably much more than that, having hung a finger in the air and looked at various different data sets that did exist 20 years ago.

I would say that that has probably grown despite the fact that as a developing country the UK has done an awful lot and invested an awful lot of money and done some fantastic work to digitize the country and those people who are most difficult to reach. And I've been aware since 1994 of the, when I first started working with a.my own.com, the issue that we would probably have at that point, there were no transactions online internationally once payments were being made in terms of proving one's identity. And there are 1.1 billion people who can't legally prove their identity internationally.

That's probably more than that. That's based on what we know there is so much we don't know when we start uncovering these statistics. And so I would say that an international ID code of conduct will underpin not only a moral, ethical and fair society that's caring because these are usually the most vulnerable people in our societies, but will also underpin enormous economic growth that can't be realized without going on the journey together. All of us together.

So, and Melissa coming back to you, so what's important to you about the next steps? The code of conduct? So the kind of economic impact and the, the sprints that we're gonna be doing around actually creating the code of conduct. I think it's important to me to have as many people collaborate and work with us as possible. I think this process, to Sarah's point, at least to me it showed me that I have my own biases. And so if we only work with a small population, we're gonna have that kind of tunnel vision. And so the more people that can get involved and then we can work with the better.

This is going to be across all industries across the globe. So we're looking for those individuals. And then I think I'm really excited about just getting to the code of conduct. We've been talking about it for a while, we've been researching it for a while, but I really would just like to get to that part and help people. Cool. Thomas?

Yeah, I think, you know, amplifying the message around collaboration, I want to innovate and with others as many as possible. I think we really need to be transparent about both of our successes and failures so that we don't repeat mistakes but also so that we can go faster.

You know, I think ultimately we all want to have a positive impact on our local geographies and and the world globally. And so to be part of that would, would make me very happy. So I'd love to contribute to that component personally, but I think we also have these huge teams that also want to be involved and, and great connections in the industry and obviously I would love for all of that to be coming out of this as well.

Awesome, thanks. And then Sarah, Well two things at the forefront of my mind. The first one is we are publishing next week a literature review which Dr. Eve Hayes and Kimberly Fernandez from the University of London and University of Pennsylvania have been working on this. And we are, we are really, really excited to get this out and as Emma you said everything's free. So we want to share this, this information so that all organizations are moving forward with the same information. There's a lot of insights in this paper and so please go to our website women identity.org.

So that's gonna be out next week. And the second thing is a call to action to everybody who's tuning in today. And as Melissa said, to echo what Melissa said, we want to do this in collaboration. It can only happen collaboratively. So we are forming a collective brain of the identity industry. So please if we've not contacted you already and you've got a brain cell to support us to create the principles that your organizations are going to take forward into the future, then please can you reach out to Melissa, Thomas, Emma or I and please do so with haste cuz we are moving forward at feed.

Thank you. Perfect, thank you. So I wanna thank my panelists, Melissa, Thomas and Sarah. Like I said, go to the website cuz a lot of the, the information is already there and that's why we publish it. If you want to join women in identity, it's not just about women but people that are not women in the room, you can go there as well and just you can join and it's free of charge to join women in identity and you'll get, you know, a on newsletter and things like that.

So a lot of the things, if you want to get kind of notifications that things are being published, if you just join then you'll get kind of email shots out and I'm just gonna echo Sarah's kind of final comment or just say just, you know, spread the word about the work that we're doing. If you are a researcher in the area, feel free to use our research, feel free to you know, kind of reference it wherever you want to cuz it's kind of pre-research that we've been doing for the industry.

And then if you're involved in an identity company and you want to get involved, just email us and and you know, just let us know cuz we would like, like Sarah was saying, you know, it's this is It. I mean we would like to think it would start to become a standard for the industry standards are are only good through collaboration. And so the more people we can get involved in it, the more minds we can get involved in it, the better it's gonna be. So thanks very much for your time. Thanks. Thanks. Thank you Emma for your thank you Emma, Sarah Thomas, and Melissa for the panel.

Right, we, we still have 10 minutes left but there was one question which I have for all of you. Have you considered something like a manifesto instead of code of conduct? So a manifesto which can be easily accessible and can be easily made uploaded. So for more context, the user person is saying something like an agile manifesto.

So have, have you what your thoughts on this, I've picked up the wrong microphone, an agile manifesto, what would gimme an example of what an agile manifesto is? The example is agile manifesto. The question is instead of a core of conduct, have you considered releasing a manifesto? I mean I think when we started the work we looked at lots of different ways in which we could do this. One of the ways was actually not coming up with a kind of practical guide of which people could, you know, or you could give it to a product manager.

I think what we manifesto's a very high level and I think what I would say is if you look at something like the World Bank, the World Bank have principles around, they have their ID 4D principles. There's no real practical way in which those can get implemented. And I think where we wanted to land was something really practical.

Now we've called it a code of conduct, but essentially it's gonna be a guide, an implementation guide, you know, set of principles and an implementation guide so that companies can give it to a product manager and they can go, I know how to kind of think about this problem even though, you know, I've probably got all of these unconscious biases even though the people in my team may, you know, may all look like me. They may all be the same age as me, they may all be the same gender as me, may may all be the same color as me.

You know, I can kind of start to think through some of these issues that I might have. So, you know, we've called it code of conduct, it's just a, we wanted it to be more practical. In my mind a manifesto is very high level and, and that leads a lot of work and interpretation and if you've got unconscious biases, it's really hard to think about what those might be. So we wanted to step it down a level to go, these are the questions you kind of need to think about. These are the questions you need to ask your teams. So that's why we've gone for that type of approach.

I dunno if anyone else wants to add anything to that. Yeah, I, I will. Thank you. It's a really good question. And you know, a manifesto, I echo what Emma said, A manifesto, the definition of which is a written statement which makes the public dec declaration of aims. I think women identity as an organization have that already and most organizations have that already. And it's not working for those organizations cuz it's not reaching these people.

And it, as Emma said, a code of conduct is a movement towards standards without having standards. Now it may be that in the future there is some form of standard that could be potentially moved towards, but in order to do that, the ecosystem, we're in a ecosystem. We're not in a closed market here. And that's part of the challenge needs to collaborate in order to agree. So individual organizations can have a manifesto. I think the first point of call is that we agree a a com, a manifesto and a set of aims that we're aiming for.

And all of the organizations that have come on board are aligned on that. So I think we do have a manifesto, which is to achieve inclusivity and diversity in the identity industry. What we want to do, as Emma said, is to make, turn that into something practical that delivers results. Thank you so much. The only thing I might, sorry, I just wanna add one quick thing because we have a shortage of cyber security professionals across the globe.

And so if you're looking at governments and other organizations, they might not be able to hire and bring on cyber professionals or identity professionals to implement these solutions. Having a free practical guide will help accelerate that and help enable individuals. And so I think it's really important that it is a step-by-step guide.

I, Thomas, do you want to add anything to it? I would only be amplifying, but it's not an, it's not a manifesto or a code of conduct. It's an and and this is an evolution of that to everybody else's point.

The, the manifesto's been done and this is the next step. And to, to amplify what Melissa just said, having it open allows other people to comment greater access but make sure that it's actionable so that people, it's not just a a statement, it's a next steps guide.

Is there any concern that creating a code of conduct in, in that level, in that sense with that granularity might be too prescriptive and something more like a manifesto does create some accessibility so that people and organizations that don't necessarily have the resources to implement a specific code of conduct, which by the way carries with it in some ways potentially even a negative connotation of I must adhere to these specific things and then in some ways could be a bit of a turnoff.

And I realize, you know, maybe arguing a little bit around vocabulary, but I just wonder what considerations there might be about how, you know, a manifesto might be more widely adopted. And the specific reference I made around the Agile manifesto, this was written decades ago, but even today in the, in the scrum and agile communities, people champion forward that agile manifesto people over process, you know, and, and you know, it just, you, you hear it in everyday conversation and it carries with it some staying power.

I also wonder, you know, how how often does the code of conduct need to be revisited and what work and you know, how scalable is it? I don't know, I feel like I, I probably asked a lot of things there, but just considerations. So I Think, I think it's an interesting point. The thing I would say is since the work that we've started doing this, this piece of work, I'm really pointing on the agenda of the identity industry. I would say we have, you know, I mean I already see there's like, there's a whole bunch of identity companies and they are literally using it as their strap line.

You know, we are the inclusive identity biometrics company or whatever it is, right? And that came post the work that we've been doing. So I would say we have already kind of influenced the industry, you know, and you know, we've seen NIST have started to do, we started to see standards evolve around it, you know, so I I would say that I take your point, you know that we that and, and we haven't done the work yet, right?

So we are, we are kind of discussing something that is a bit of a morphous thing cuz it's not been developed yet. We absolutely want to make it accessible because one of the things, if you are a really big company, right, you've probably got quite big, quite big teams and you've got lots of resources. So implementing something is gonna be you you, you're probably gonna have more diversity on your teams potentially if you are gonna be, if you are like a two person startup, you are definitely not gonna have everybody represented at the table cuz you just can't have.

So we definitely want to make it accessible. It might be the semantics around the words that we're using, the fact that we're using code of conduct. I think we would like to see it to, to end up being some sort of way that companies could almost certify against it, right? But you know, we don't want to make that inaccessible to your kind of two person startup because we've gotta make sure that everybody can start somewhere and we've got, we've got some thinking around to do, but we would love you to come to the table cuz that's a really good point. Yeah.

I immediately went to Women and Identity. Yes, I'm, I'm, I'm I'm here. So absolutely. Thank you. Thank you. Do we have any more questions in the audience? Do we have two? I just wanted to sort of build on the point there. I mean the Agile manifesto is wonderful and amazing and it helps to steer how things are done but there's a whole cottage industry of people trying to help make agile at scale work and make it more implementer friendly.

And I don't wanna trigger anybody cuz I know, I know different forms of agile can can be triggering, but I think it's the equivalent you've done the manifesto and now you're trying to make it practicable for people at scale and regardless of what they're trying to implement. Sorry. Cool. Thank you. I apologize not Having the like historical contact. It's alright knowing What's Already don't apologize. More questions?

Yeah, here. Hi. I was actually wondering whether you're also cooperating with international organizations like the word bank and iom if you're implementing any of the on the ground perspectives of the work that they have done in the last years. I'm just gonna quickly talk to the World Bank.

So we, we, when we originally started the, the code of conduct we talk and I'll let, then I'll let the other panelists and and kind of Sarah answer the rest of the question how we're doing the rest of the collaboration. But when we originally started the work we talked to the World Bank and we took some money from Armedia network so that's Pierre Armedia's foundation cuz they were doing quite a lot of work in the digital identity industry at the time. So the World Bank are aware of it, they are supportive of it and you know, as much as they kind of can be as a big organization like that.

But absolutely we, we've talked to the World Bank and then Sarah, I dunno if you wanna talk about how we're working with other organizations. Yeah, sure. Thank you. Absolutely. This is an international I identity code of conduct and it needs to be, and that poses a challenge to us because there's so many different territories, different approaches, different cultures, different ways of organizing, one's identity processes in terms of representation. We can't have absolutely everyone around the table.

What we wanted to do was look at how would we categorize the identity market, the identity systems. So we are looking at three categories that we want represented that would represent every territory internationally. We think if you have, if you think not, then please contact us immediately and and suggest another way. There's government owned, there's government accredited or assured, and then those private identity systems. Now within all of three of those identity systems, every one of the world's economies will probably fall into those.

In addition to those we would like representation internationally in standards regulation, government organizations, as well as the key players in the market in terms of identity and women in identity work with fantastic supportive sponsors who have been on this journey with us who represent different identity systems and work with different clients who have closed identity systems that are private as well. So we have a wide web network. It can never be wide enough the more the merrier.

So if you're not working with us already, please do call out again, reach out to us because we need to do this collaboratively. But in terms of our network, it is very wide and it, it stretches internationally and with all of our sponsors, that network is very wide. So we are currently looking at how we organize that network and have that conversation. Perfect. Thank you so much Sarah. That brings us towards the end of this panel. Thank you to our panelist and I invite you now for a coffee break, sir. Thank you so much. Thanks.