Identity inconvenience to the fore in 2016

Biometric fingerprint

The topic of identity ought to be front of mind for most of us at the moment following the horrific Paris attacks last week.

The ability of the terrorists to freely move around France and to and from Belgium and elsewhere in the European Union highlights the flip side of the convenience and freedoms we’re accustomed to today in a union of countries with largely open borders between the states within the Union.

In reality, if you are in a member state, you can pretty much travel around the rest of the EU – the western part at least – without ever needing to show a passport or other proof of identity. That applies to everyone, citizens and guests alike. The embodiment of open borders is the Schengen Treaty which treats travel between the 26 signatory countries as if it’s domestic movement rather than movement between separate countries.

No passport controls or ID checks at any border. You’ll know the convenience of that if you take a train from, say, Brussels to Amsterdam. Or Paris to Frankfurt. Or drive your car from Strasbourg to Malmo taking in  Cologne and Copenhagen on the way.

The convenience is enhanced when you have the same currency to spend in nearly all of the places you pass through and get to.

In the aftermath of the atrocities last week, governments in Europe – and notably the French – have been talking up their intents and actions on bolstering security and identity verifications which currently translates into clamping down a little on the complete freedom of movement between certain countries, ie, re-imposing some border controls (and, eventually, “bye bye Schengen?) and a much more visible and prominent armed-police presence on city streets, especially in Paris.

In France, the government has extended the state of emergency to three months, which allows the police to search anyone’s house, people to be put under house arrest without trial and any website to be blocked.

In the UK, the government has been saying this week that their plans for getting the draft Investigatory Powers Bill onto the Parliamentary debating agenda next year could be fast tracked to make debate happen sooner and perhaps law happening earlier. If it becomes law, that bill as it’s currently drafted will enable the security services to conduct a wide range of activities – including seeing the names of every website people have visited, and the power to hack devices and run operations to capture large amounts of data as it transits the internet – without first obtaining a warrant to permit such actions.

I wonder where matters of trust, expectations of privacy and government transparency fit into the overall debate.

Today we’re at a crossroads where choices are confronting us that  may well reset the balance between the freedoms and conveniences I mention and what we want governments to do to protect us and our rights to such freedoms and conveniences. Or perhaps now I need to say it as “rights.”

Identity is at the heart of such things where governments need to know who is who, doing what, where and when as part of their duty to protect their citizens; and you and I need to be able to prove it’s you or I in ways that are verifiable and easy to do. We also need to protect our own digital information to ensure no one can get at it without our permission (well, no one other than the spies), as well as take greater care in how we use our digital information; and how, where and with whom we disclose and share it.

A feature about cyber security and identity in The Economist earlier this month came to my mind, and is largely what prompted this post.

While the feature is focused on businesses and how to safeguard corporate data, it resonates to me very clearly as also relevant to the broader climate we’re in now as I’ve explored here, especially this:

The first ingredient of security is identity. Well-run organisations will stop using passwords and logins in 2016. Instead they will use identifiers that are harder to copy, fake, steal or guess, such as biometrics (fingerprints, retinas, posture, gait and even typing habits). Security questions will stop being asinine (“mother’s maiden name?”). Instead they will ask you to give numbers from codes continuously generated by an app on your phone. Identification that depends on a triple lock—something you have, something you know and something you are—is harder for an attacker to replicate.

I am certain that such technology-driven capabilities will make their way into the corporate landscape starting in 2016. And the wider public domain? I’d say we will become quite identity-disrupted next year in ways that may not even be obvious right now.