In the coming years most of us will be carrying or wearing smart technology. How to manage the digital trails we emit in everyday interactions? We need solutions that can protect both our identity and our right to anonymity
It is likely that wearable smart technology will become pervasive within the next five years – devices with built-in sensors and Internet connectivity that can and will interact with our surroundings. Whilst I have little desire for wearing a smart wristband until one is invented that doesn’t look like a watch or like you have been electronically tagged so that your parole officer can keep tabs on you, I don’t doubt that mainstream wearables will become a reality and soon.
To give an indication of how rapidly we are adopting smart technology, in the UK over two-thirds of adults now own a smartphone, up from 27% four years ago (Ofcom, 2015). In the US, 21% of adult Internet users already own a wearable device (Forrester, 2015), just three years after the first fitness-tracking bands were launched and six months since the Apple watch launch.
One of the biggest urban digital trends right now is contactless payment systems. In the UK, over £2.32 billion was spent using CPS in 2014, an increase of 255% over 2013, and nearly one in three card transactions were contactless. 2015 is predicted to be the first year in which the number of cash payments falls below non-cash transactions (Guardian, 2015). Before 2020 I predict the same shift will occur from debit cards to wearable device transactions.
Wearable devices and contactless payment systems are a perfect marriage. Entrances to buildings are notorious crime hot spots for theft of personal items, as people pause to retrieve or return phones, wallets and tickets in their pockets and bags. That theft becomes much harder when the target is physically attached to you. The ability to swipe your wrist over a payment terminal also speeds up the process, particularly useful at crowded entry/exit barriers to stations and event venues.
In London, you can use an Oyster travel card or your debit card to pay for travel when you enter and exit tube stations. I have no desire to need to retrieve my debit card from my purse from my bag at that moment in time, hence I stick with using an Oyster card kept in my pocket. I’d much prefer to just swipe my wrist over the terminal.
As wearable technology becomes pervasive, it has the potential to further merge the digital and physical world in all sorts of ways. And that leads to the title of this article – protecting our identity and right to anonymity.
Identity and third-factor authentication
This year there have been numerous incidents where personal and financial details have been stolen from online commerce sites including usernames and passwords. The most recent to hit the headlines in the UK was Talk Talk with up to four million customers at risk of identity and financial theft.
Perhaps the first way in which wearables can help is in making usernames and passwords worthless on their own.
To help protect against identity theft, setting up two-factor authentication is encouraged. As well as requiring a username and password, a verification code is needed that is sent to the mobile phone associated with the account. The expected outcome being that only the person in possession of the phone can complete the full login process. But then the mobile phone becomes the risk factor. If stolen, ideally you want to ensure you can remote wipe it immediately. Perhaps the next stage is to introduce third-factor authentication, where the device can only be unlocked through your unique (and living) bio-signature.
image source: Microsoft
The first release of the Microsoft health band (pictured above) may not have been the prettiest but it packed in over 20 different sensors including skin temperature, galvanic skin response and optical heart rate. It has already become normal for phones to include an accelerometer, compass, ambient and UV light sensors, camera, GPS and capacitive touch.
A time should come when it doesn’t matter if personal details and passwords are hacked from a security perspective because they will be worthless without a matching living unique biometric signature. That won’t reduce the risk of damage to reputations or relationships if hackers choose to reveal personal preferences you would prefer to keep private. For that, people may have to develop thicker skins to handle the humiliation else avoid using online services that don’t take better care of their consumers’ profiles. But it should become the norm to expect identity, financial and medical matters to be protected and immune to something as basic as cracking stolen encrypted passwords.
Anonymity and digital cash payments
If our digital companions can help protect and verify our identity then the opposite should also be true. They should protect our freedom to interact digitally without identity when it isn’t needed
We already have this capability today with simple tools like Oyster cards, that can be topped up with cash at machines without ever having to register ownership of the card. You can argue that the data is still being captured if you top-up the card using payment from a debit or credit card but the action of adding cash to the Oyster card is separate to using the Oyster card to enter and exit barriers at stations.
So why can’t this same capability be provided to other forms of contactless payment? It ought to be possible to toggle the mode of a wearable device to switch between ‘cash only’ digital payments that are possible using Oyster cards and ‘cash + identity’ for when confirmation of identity is needed. For example, having a simple switch between two modes. One that gives permission to send a digital cash payment only, and one that gives permission to send a digital payment with identifying information:
When you are paying to pass through the barrier at a train station, the only digital information that needs to transfer from your device to the barrier is the binary code representing the amount of money being charged. Your device should separately communicate with your bank to deduct the funds from your account, and the barrier should separately communicate with its systems to record the payment and entry/exit of a passenger. It does not need to know who that passenger is. You should be able to set your device to either anonymous or identifiable mode depending on your personal preference.
If you are paying your taxes, well then you probably want your payment to be recorded against your own identity rather than somebody else’s. In this instance, digital payment will only be accepted by the tax office if it is accompanied by identity verification. If you try to pay in anonymous mode, it will be rejected.
Like all ideas involving digital technology, there are all sorts of wrinkles to figure out. Not least a universal and reliable mechanism for banks to interact with devices to enable the devices to be ‘topped up’ with cash in the same style as an Oyster card, so that anonymous payments can be made. And all sorts of considerations to prevent hacking. Hence the need for both identity and anonymity. No alterations to information on the device itself should be possible without approval using that living biometric signature.
But these sorts of solutions are needed as cities become increasingly ‘smarter’, embedding digital technology into core infrastructure and services. If those solutions do not include a right to anonymity when identity is not needed then people will choose alternatives, including the choice to not participate or solicit unauthorised routes. And the design of such solutions should be open to public scrutiny. It should not be left to global technology companies and government agencies to decide what’s best for everyone.
- The Communications Market Report (August 2015) – Ofcom
- North American Consumer Technology Survey 2015 – Forrester
- Contactless card payment limit set to rise – Guardian
End note: I’ve been mulling over this idea for over 18 months and still haven’t managed to articulate it as well as I’d like. This post may go through a few updates after publishing
Featured image: iStockphoto