As more and more of our daily lives and vital information migrate online, there is an ongoing debate about the balance between leveraging potentially transformative technology and protecting the privacy of users.
In the next decade, an expected 70 percent of new value created in the global economy will be based on digitally enabled platforms, but the increased utilization of digital platforms creates even more opportunities for data breaches or errors that compromise the privacy of users. SICPA's Head of Digital & Software Bart Suichies shared that over 1 million data records were lost or stolen every hour in the first half of 2018 (Gemalto's Breach Level Index 2018), during a presentation at the 2019 National Association for Public Health Statistics and Information Systems (NAPHSIS) Identity & Security Conference.
Technology and privacy mutually dependent
Convened in Washington, DC, on 4-5 November, 2019, the NAPHSIS conference brought together government officials and employees with industry representatives and other stakeholders to discuss practical solutions for day-to-day challenges facing the vital records community including the need to strike the right balance between technology and privacy:
“The reality”, says Suichies, “Is that technology and privacy are not mutually exclusive, but rather they are mutually dependent and even reinforcing – we cannot get the best out of the opportunities offered by digital technology and networks if people don’t trust them, and people will not trust new technology unless it functions as promised.”
Paradigm shift for user identity
For the creators of digital networks, architecting trust is dependent on creating a paradigm shift in how users are identified and authenticated. “Trust” and “verification” sit at different ends of the authentication spectrum, and each offers tradeoffs when it comes to privacy and reliability. Core to building an effective digital framework is creating a balance between supporting user agency – giving individuals the tools to proactively prove their identity and have control over what information is used to do so – and ensuring verification – independently identifying users based on available data.
“In yesterday’s world,” said Suichies, “Trust was established by either something you knew about me (because I have an account at your bank, etc.) or something I said about myself. In today’s world, what is added is the massive ability to collect data. The next generation of technology is ‘I can say something about myself and actually prove that that is true’. Allowing people to prove things about themselves is a much better system than simply collecting massive amounts of data in order to establish trust between two parties.”
Building blocks of trust
According to Suichies, enabling this paradigm shift requires the adoption of some fundamental building blocks in digital systems: decentralized identifiers, verifiable credentials, distributed ledger technology, confidential computation, and secure hardware. These components are critical to providing control to individuals, while also ensuring that governments and businesses can reliably identify users – lessening the reliance on massive, vulnerable data collection. Suichies also urged the adoption of stringent privacy laws that reduce mass data recording and provide assurance to individual users about the use of their data.
For the attendees at the NAPHSIS conference, the discussion of how to rethink the relationship between technology and privacy was informative, especially because so many officials and employees are primarily focused on day-to-day operations, and according to Suichies, the opportunities to think broadly about transformation are rare.