When We Don't Own Who We Are

Ultimately, how we manage our personal identity is fundamental to how we share, how we trust each other, and ultimately how we work together. We owe it to ourselves to take responsibility for, well, who we are.
10/28/2014 02:42 pm ET Updated Dec 28, 2014

Today, "who am I?" isn't a question of philosophy but of data. Our modern identity is composed of unique bits of information that allow others to know who we are. Unfortunately the way we manage our identity is completely broken.

Every time we do anything that requires us proof of identity--whether it's signing up for the latest social network, taking out a loan, or even paying for our morning coffee--we give up some of our personal information--to Facebook, to Bank of America, to Starbucks.

In going about our normal business, the same pieces of personal information are redundantly collected countless times, submitted to a myriad of third party verification services, and then tucked away in incompatible data silos. The arrangement is tedious for consumers, a headache for businesses, and a nightmare for law enforcement.

It's also easy pickings for increasingly sophisticated cyber-thieves. We regularly and recklessly expose ourselves every day--like that time you carelessly handed your bank payment details to a complete stranger. Of course, we don't think of it that way. It's just how we're used to paying for dinner.

Robust protection programs mean that customers generally don't feel the pain of card fraud. But armed with more information, such as your social security number--which may be the case with the recent JP Morgan Chase hack--fraudsters can apply for new cards under your name without your knowledge and even take out home equity loans, potentially ruining not only your credit score but your life.

Giving over identity details to businesses we interact with effectively forces each of them to become an expert in data security. Is it reasonable to expect an ordinary retailer to outfox sophisticated cyber thieves?

Over time, we've watched almost every household name tumble, from Adobe to JPMorgan Chase to the U.S. government. According to the annual study by the Ponemon Institute, nearly half of the 567 companies surveyed experienced a data breach in the past year. But the figure that stands out the most is that 80 percent of the breaches were rooted in human error rather than poor security.

And maybe that's what's most distressing about the state of things. Now that we've willingly conceded the responsibility of protecting our identities to those who are functionally unable to--despite their best intentions--it's no longer an issue of "it will never happen to me" but "it's only a matter of time." No one is safe-- not even First Lady Michelle Obama.

It's time to face the reality that our current systems for identity management are no longer acceptable--they essentially serve as a tax on just about everyone, while providing the bad guys with neverending opportunities for illicit profits.

Tackling these inherent vulnerabilities requires a new perspective. Some companies are already taking the initiative, such as Apple's new mobile payment service, which, by employing wireless NFC technologies, allows a customer to pay with their credit card while keeping the number hidden.

As laudable as Apple's efforts are, better and more fundamental change is on the way. The fact of the matter is, the way we deal with identity is stuck in a pre-Internet past. To address what has become a systemic issue, we need to reconsider how we deal with our identity from the ground up.

Do we really need to give up all of our details every time we interact with a new company? Should those companies be responsible for storing and securing those details? Could they be expected to keep those details safe?

And why should companies own--and profit from--our personal identities in the first place? What if we controlled our own online identities and could provide institutions with just enough data on a need-to-know basis?

If my bank has already confirmed my identity, is it still necessary to provide the same details to Twitter, Amazon, and Paypal? If not, then hackers suddenly have three fewer targets to attack to steal my personal information.

I'm not just imagining a better world. New technologies like distributed database solutions open the door to new forms of identity management that would finally return control of our personal information to its rightful owners--ourselves.

An identity solution that gives control of personal identity back to the individual would reduce operational costs of businesses that never wanted to be in the information security business in the first place. It would also go a long way in tempering longstanding issues of online privacy because personal details could actually remain private.

The longer term benefits may not yet be obvious, but it wouldn't be far-fetched to think that a more versatile, portable identity system could help make financial services more available to the 2.5 billion people around the world who still lack access. When it comes to financial inclusion, proving one's trustworthiness to service providers is the biggest obstacle.

Ultimately, how we manage our personal identity is fundamental to how we share, how we trust each other, and ultimately how we work together. We owe it to ourselves to take responsibility for, well, who we are.