Geoff White: Matt Moynahan on the changing landscape of digital identity
With so much going on in the world, it’s rare to see a technology story dominate the news agenda. Yet artificial intelligence seems to be generating near-daily headlines at the moment. The breakthroughs are happening at dizzying speed – and they’re significant.
So it was great to be at the Dorchester Hotel in London on June 6th with OneSpan to talk about how this fast-moving tech is impacting upon the fields of cybersecurity, identity and authentication.
After a fascinating tour of the hotel’s kitchens, I sat down with OneSpan CEO Matt Moynahan, in front of an audience of senior UK business leaders, to tap his brains on the industry’s changing landscape, and where it might go next.
Inevitably, authentication and identity verification formed a big part of the discussion. As Matt observed, many web services – from banking to telehealth and e-commerce – currently rely on a “one and done” process, confirming an identity only at the entry point. But with attackers using increasingly smart technology, there’s a need for authentication at almost every step of a customer’s journey. How to do this without creating off-putting friction remains a thorny problem.
Having done the hard work of authenticating a user, perhaps at several different points in several different ways, you don’t want to lose that insight. Matt talked of the emerging role of companies like OneSpan in storing such personal identifying information (PII), in order to enhance future verification. This potentially takes security companies into interesting new territory as identity data holders – which itself comes with some pretty hefty security challenges.
This led us to a discussion about the role of identity in combatting disinformation. In the future, said Matt, we will perhaps see swathes of online content – everything from Zoom meeting recordings to business contracts – reduced to a hash and signed by the relevant parties (the Zoom participants, for example) to confirm its veracity. In the case of a dispute, or the emergence of a “deepfake” copy, this hash could then be retrieved to confirm the true picture. Identity is of course at the heart of this: we must ensure that the right people are signing both the initial hash, and authorising the retrieval later on.
From Matt’s perspective, in the context of imminent AI-based fraud, enterprises should be focusing on ID verification and continuous universal authentication to ensure the integrity of their interactions, transactions, and agreements. Furthermore, given the power of AI to "spoof” the authenticity of business agreements, blockchain will have a crucial role to play when it comes to proving and defending identity.
Naturally, there was a question from the audience about what shape regulation in the AI space will take. Should it be up to governments? Private industry? Some kind of devolved, user-operated system? Each option presents pros and cons, and must take account of fast-moving on-the-ground developments. Any attempts in countries like the US and UK to rein in artificial intelligence innovations seem doomed to failure. Not only will it allow less scrupulous, more authoritarian governments a head start, but there’s little we can do to stop individuals experimenting with this tech in the privacy of their own homes.
As Matt pointed out, one option is to try to regulate AI at the level of the application; to put guard rails around its practical usage. But this raises an interesting situation for law-makers: with AI tech increasingly being handed over to the public for use, any regulation would need to control both corporate and citizens’ use of it. How do you draw up laws that govern both types of user, and how do you enforce them? It’s important to remember that such guard rails serve not only to mitigate risk, but also to work toward all the benefits that AI can bestow across a wide spectrum of economic and social endeavours. Ultimately, the goal is to reach the full potential that tomorrow has to offer.
As is often the case in the evolving tech field, we’re left with more questions than answers. But there was one unquestionable outcome from the conversation – AI will have a profound impact on any organisation that relies on cybersecurity and/or identity and authentication as part of their digital workflows and customer-facing transactions. If you’re not already thinking about that future, you’ve got some catching up to do.