The following was published as Chapter 6 of our series, The Seven Deadly Sins of Digital Customer Relationships. This chapter can be read by itself as a great introduction to the importance of portable credentials open ecosystems. However, if you’d like to start from the beginning, you can find the entire series here.
Consider this: if a business wants to register a new customer today, broadly speaking they only have these three options:
1. Capture the customer’s email address (or phone number) and ask them to create a password. Simple, but basic and largely free to implement. Not really secure though.
2. Develop a new, tailored digital ID system (perhaps with the assistance of a specialist identity vendor), and give the customer a clever app, tool, or widget to prove who they are. More complex – and therefore expensive and takes time – but potentially more valuable and secure.
3. Implement a ‘federated identity’ system run by a tech vendor, a consortium or one of the social networks. It’s straightforward, can be switched on nearly immediately, but introduces often challenging commercials, T&Cs, and potential privacy issues.
Each option has its merits, but there are significant trade-offs businesses have to make; namely around customer experience, cost, scale, and risk.
Yes, some digital identity approaches can be implemented quickly with terrific user experiences, while others might take years to develop with clunky experiences at best. But what if the company isn’t permitted to rely on social network identity services? (Would your bank, hospital, or insurer ever enable ‘Login with Facebook’? If not, why not?). And will their identity solution scale to thousands or even millions of users? Even if it can, does it introduce new security and privacy risks by storing those details in company systems?
We see these tradeoffs all the time in regulated industries like healthcare, financial services, insurance, and government. They simply can’t and won’t trust other companies to handle customer identity properly. The result is a myriad of new, separate, and distinct identity solutions: each another walled garden, and each a special version of customer experience torture. (Notice how many organizations are forced to send customers an email saying “You have a new message!… oh, but we can’t send it to you over email – that’s not secure – so please login to your account on our website to access your private inbox.” It’s mad.)
The result is a myriad of new, separate, and distinct identity solutions: each another walled garden, and each a special version of customer experience torture.
Yet collaboration will be critical to making digital identity work properly at scale. Indeed, many now agree that digital identity infrastructure needs to be a shared, community asset; a collaborative commons with no dominant owners. But it turns out that so many organizations just can’t bring themselves to collaborate successfully to make digital identity work this way. And there’s an elephant graveyard of failed identity schemes – across both the public and private sectors – to prove it.
History repeats itself
Back in the 90s if you wanted to use the Internet, you had to sign up to one of a handful of online service providers like CompuServe or America On Line (AOL). These companies quickly became gatekeepers of cyber-space: they created closed ecosystems where Compuserve customers could only message other Compuserve customers; where AOL customers could only join message boards and chat rooms run by AOL.
Their business model of course was about customer lock-in. But soon new open standards for communicating over the ‘web’ emerged, digital innovation broke out and online growth simply exploded.
With SSI, we won’t just see a repeat of the opening up of the market like the 90s. We’ll see a change in the nature of the digital identity ecosystem itself.
The community standards that are now settling around SSI – specifically on Decentralized Identifiers (DIDs) and Verifiable Credentials – look like they might just have the potential to do just that.
But I want to observe there’s something happening that’s different this time. With SSI, we won’t just see a repeat of the opening up of the market like the 90s. We’ll see a change in the nature of the digital identity ecosystem itself.
This time, the standards will solve the age-old challenge of forcing horrendous business vs customer trade-offs. This time, businesses will be able to offer great customer experiences AND provide privacy and user control. They will be able to unlock low-cost processes and increase margins WHILE ALSO enabling highly secure transactions. And, not Or.
So, what’s this got to do with customer relationships?
Time for open ecosystems
Too many businesses use zero-sum thinking about digital identity; they believe that if their business wins, another business loses. This so often lies behind walled-garden thinking.
What if instead, customers were able to share their data with others in a trusted, digital, and direct way. It would open up the use of customer data completely, and we’d see new and huge levels of data portability. For the first time, customers would be able to take their personal data – including their connections and digital relationships – anywhere, and be able to create value for themselves and business in new and exciting ways.
It’s precisely what SSI enables, and it’s going to unlock entirely new waves of innovation around ’bring your own data.’
Just imagine for example:
- Health insurance companies offering discounted policies to anyone who can prove they have been to the gym at least five times each month;
- Taxi companies offering discounted or free rides to anyone who can prove they work for a specific organization;
- Restaurants offering a free meal to anyone who can prove they work in the area;
- Local councils ensuring that certain services are only available to eligible local citizens; or
- Companies focused on sustainability giving discounts to customers who can prove they use 100% green energy at home.
Now, businesses can in theory do all of these today, so what’s different with SSI?
It’s all about flexibility, speed, and cost. With an SSI approach, these examples above could all be set up in a matter of minutes and carried out nearly instantly. There would be zero technical integration required, and no setup on consortia platforms needed. Plus – and this is critical – the businesses wouldn’t need any pre-agreed contracts with third parties. Instead, the business could just decide, perhaps even on the day, to ask for some additional data from the customer. Quite transformational.
Competing on value, not lock-in
So will we see a repeat of those early Internet years, where today’s identity gatekeepers will embrace new open standards and give way to a tsunami of digital growth? Or will a handful of closed data oligarchies continue to dominate the market, locking up the value and closing down competition?
We’re seeing early signs of progress, with large brands and governments increasingly setting out plans and principles around SSI. So, I’m optimistic for change. And with new open SSI standards for digital identity, and the new open digital ecosystems they will enable, we can create new economic growth and build digital trust.
What’s more, SSI will be easy for governments, regulators, and policy-markers to embrace: they’ll be able to promote new sustainable digital business models and growth while also protecting consumers. It’s a win-win.
Self-Sovereign Identity interprets vendor and data lock-in as damage and routes around it.
John Gilmore, one of the founders of the Electronic Frontier Foundation once famously said “The Net interprets censorship as damage and routes around it”. So here’s my take: “Self-Sovereign Identity interprets vendor and data lock-in as damage and routes around it.”
Will incumbent digital identity providers get it? Will they embrace the new open SSI ecosystem approach, or will they try to protect today’s technology and business models? We’ll have to see. Those companies will do well to remember that history is an excellent teacher, and that pride comes before a fall.
