How Intelligent Assistants Can Address Complexities of Self-Sovereign Identity

Every Intelligent Assistants Conference serves as a defining moment for the nascent ecosystem. Intelligent Assistants Conference-London (May 5-6) was no exception. By design, it offered to provide a community of business executives and developers with a shared vocabulary, ontology and landscape surrounding Intelligent Assistance.

During the day-and-a-half of presentations, attendees were treated to a broad spectrum of expert opinion, use cases and panel discussions. As Amy Stapleton points out in her post-conference post, the bulk of presentations confirmed that implementers have largely addressed the balancing act between automation and “intelligence augmentation”.

My own take-aways revolved around the intersection of Intelligent Assistance (IA) and Intelligent Authentication (IAuth). I was very pleased to moderate a discussion that matched Andrew Tobin, the Managing Director of Evernym’s European operations, with Martin Hill-Wilson, head of Brainfood Consulting. Even though it carried the bland title, “Addressing Identity, Privacy and Personalization Issues,” discussion quickly gravitated toward the role that a truly useful IA should play in helping mere mortals do a better job of managing the voluminous amounts of data and metadata that our online activities generate.

Personal Data As Toxic Assets

Many speakers, in past conferences, have observed that the idea of managing one’s personal data is the antithesis of “frictionless” authentication for digital commerce because it can be time consuming and complicated. Meanwhile, the giants of online search and digital commerce are perfectly happy to hoover up as much data as they can to promote highly targeted alerts, advertising messages and services. It is the basis of hundreds of billions of dollars in top line revenue from advertising and e-commerce.

Tobin made the profound observation that new laws governing the handling of personal data by large businesses are about to transform all the personal data accumulated by industry giants into “toxic assets.” Called General Data Privacy Regulations (GDPR), their biggest impact will be significant increases in the fines associated with mishandling personal data and compromising privacy by for example having databases hacked. Going forward, fines will be calculated as 4% of a company’s top line revenues or 20 million Euro, whichever is greater.

Heavy fines and the potential for data breaches can lead to public shaming of top executives and spell huge incentives for companies to outsource management of personal data. There’s a new industry in the making here. Yet the list of trustworthy candidates for personal data management can be very short. Banks, brokerages, credit reporting bureaus and a number of brands have had this idea on their roadmaps in the past. They’ve offered “data vaults” or “data quality management” tools, but these have proven to be duds as products, often because they require too much attention from end-users.

Outsourcing CRM to Your Customers

For Tobin, the answer is obvious, brands should outsource personal data management to the individuals themselves. This is a concept that resonated with Martin Hill-Wilson as well, especially in the context of contact centers and customer relationship management (CRM) software designed to support better customer experience. The reasoning went something like this:

  • Personal data is about to become a toxic asset.
  • These data comprise a big component of CRM systems- including key identifiers (name, address, phone numbers,) attributes (tenure as a customer, location, preferred payment methods), activity streams (purchases, payment history…).
  • Wouldn’t it make sense to outsource management of CRM data to the customers themselves?

The counter argument, of course, is that maintaining such data is complicated and time consuming. This led to the next set of obvious conclusions. It started with a discussion of the “tools” that individuals would need to be provided with to enable them to take charge of their personal data. This, in turn led to the obvious “you-can-lead-a-horse-to-water” argument that recognizes that the vast majority of people don’t use existing tools for managing such things as their online profiles, “friends” lists, health records…

The lightbulb moment for me came when I realized that managing the annoying complexities associated with carrying out mobile, digital and omnichannel commerce and communications is the ideal role for a personal IA. It could start with managing the plethora of passwords that have proliferated in compliance with new recommendations for updating and formatting “strong” security while shopping, banking, socializing or simply communicating online.

A Pitch for Self-Sovereign Identity Management

Tobin’s company, Evernym, is one of the leading proponents of “Self-Sovereign Identity” (SSI), a term that captures the concept that the data and other components that define an individual or organization’s identity are 100% owned and controlled by that individual or organization. No one else can read it, use it, turn it off, or take it away without its owner’s explicit consent.

This approach keeps personal data private, secure, and portable (meaning it “goes where you go”). Evernym has developed an Open Source platform for sovereign identity called Sovrin, which is a publicly available distributed ledger and donated its code to Hyperledger (project Indy), making it available for everyone, everywhere. Evernym is not alone. Microsoft, IBM and several other “Bit Data” companies have launched initiatives around SSI. They are built on Blockchain, high-profile-but-largely-misunderstood, anonymous, distributed ledger.

There has always been a symbiotic relationship between IA and IAuth. Friction-free ID assertion and authentication goes a long way toward promoting frequent use of services offered through IAs. Today, individuals see social sign on (primarily using Facebook or Google IDs) as the simplest way to log into a network or service. The session on Identity, Privacy and Personalization exposed the reality that ID assertion and authentication will never by friction-free, but that a well designed IA can mask the complexities, preserve privacy and keep things simple.



Categories: Conversational Intelligence, Intelligent Assistants, Intelligent Authentication

Tags: , , ,