In the abstract for my paper on the Laws of Identity, I wrote:
The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception which will cumulatively erode public trust in the Internet.
In the body of the paper I went on to say:
A deepening public crisis of this sort would mean the Internet would begin to lose credibility and acceptance for economic transactions when it should be gaining that acceptance.
Then I talked about the “danger of slipping backwards”, rather than moving forward.
In the discussion around the Laws of Identity at the Digital Identity World (DIDW) Conference, a number of participants in the discussion worried that I was overly accenting the negative – and using uproven assumptions. And I think they were right in calling for me to get really “crisp” about all the positives and benefits of putting in place an identity metasystem, rather than dwelling morosely on the negatives.
None the less, deep down, in that part of me that is pure intuition and chaos, the fantamagorical implications of “slipping backwards” continued to haunt me. And for good reason.
In an article called “Internet Scams,
The study, conducted by Gartner and released on June 23rd, was based on a survey of an amazing 5000 online consumers.
More than 42% of online shoppers report cutting back on their activity in light of their growing awareness of phishing, pharming and “identity catastrophes” involving “loss” and “release” (not to mention “theft”) of Identity Information.
And 28% of those using Internet banking are now cutting back as well.
Gartner predicts growth in eCommerce and online financial services will be one to three percentage points lower over the next three years than if electronic information were better safeguarded.
The article quotes Gartner analyst Avivah Litan as saying, “These attacks and disclosures are taking a steep toll on consumer confidence. The only place [consumers] can show their concern is in their online behavior.” I think that is a very good way of putting it.
Those who still don't agree that an objective requirement of the identity metasystem is that the user have control and be asked for consent prior to disclosure should really ponder these words. If the system doesn't give the user a sense of control, the user will take control. When cornered and disenfranchised, the way to take control is to opt out.
Gartner estimates that consumers have lost almost a billion dollars to Internet scams during the twelve months ending in May.
According the story, 77% of concerned online-banking customers said they are using online banking services less frequently. More than 4% of those Internet banking customers concerned with fraud have abandoned online banking altogether.
Amongst concerned online shoppers:
- More cautious about where they purchase goods on line: 73%
- More careful entering sensitive data on sites: 62%
- Buying fewer things online than before: 33%
To mangle Steve Miller, we are “Slipping, slipping, slipping into the… past…”
I still don't think the profound dynamics in play here have been widely enough understood – though they eventually will be. As I said in introducing the laws:
It is essential to look beyond the current situation, and understand that if the current dynamics continue unchecked, we are headed toward a deep crisis: the ad hoc nature of Internet identity cannot withstand the growing assault of professionalized attackers.
When I say “look beyond”, I mean way beyond. Think back five years. Look at where are are today, and ask yourself if you predicted that. Now imagine five years into the future. Or ten, if you dare.
By the way, Gartner's Avivah Litan has been doing great work in this area, we all owe her a vote of thanks. I love quantitative studies.
So now, back to working on the identity metasystem, all the harder. And talking to the many experts attending the Catalyst Conference in San Diego. In case you are new to this conversation, Catalyst is the Burton Group's conference on identity and security as cross-cutting concerns driving the future of the enterprise. My friend Larry Gautier of LDAP fame reminded me earlier today about the days when we were just a couple hundred people huddling together in the wilderness! Now it is getting huge.