Universal Biometric Identity

During the past week, I have traveled through airports using TSA Pre and Clear and plan to travel internationally soon using the Global Entry system. I have recently renewed my TSA Pre and Trusted Traveler accounts.

I am also in the process of renewing my NY State Drivers License and am going through the process of getting an “Enhanced” one.

Here is what one needs to do to get an Enhanced NYS Drivers License:

Enhanced

  • is Federal REAL ID compliant
  • costs an additional $30 on top of the regular transaction fees
  • requires an office visit to prove your
    • identity- *if your name has changed bring in marriage certificate(s), divorce decree(s) or court order document(s)
    • NY State residency
    • U.S. citizenship
    • date of birth
    • Social Security status
  • shows your full legal name (first, middle, last) as listed on your legal documents
  • shows your residential address (where you live)
  • has an American flag displayed on the document

And, because I am an investor in a friend’s bar and restaurant businesses, I am in the process of submitting a NY State Liquor License application which requires the following:

  • a photocopy of BOTH your driver’s license and your passport
  • a fingerprint ID card which is obtained at your local precinct
  • two passport photos
  • three months of recent bank statements

In each and every experience, I am doing much of the same work over and over again. Copies of passports and licenses. Bank statements and utility bills. Fingerprints (digital or ink-based). Retina scans. Social security cards. Birth certificates. Marriage licenses. Completing questions about bad behavior (or lack thereof). Etc. Etc.

It makes me want some sort of identity service in the cloud, that I control, not a third party, and not the government, that I could authenticate with using fingerprints, retina scans, or two/three factor logins, and then digitally “sign” all of these forms.

My fear is we will get there but it will be the government or Facebook or Google or Apple that builds this. It would be quite useful but also quite scary for a single entity to control all of that information for each and every one of us.

#crypto#policy

Comments (Archived):

  1. Vinish Garg

    Folks everywhere continue to scan, share, upload, the same documents (all sort of ID cards and proofs) in ten different departments even within under the same city governance. The executives in those ten buildings will download, print or scan, file, move or share, process, question, tag, file back, and put it to dust.. so much of duplicate efforts and technical liabilities in huge piles or drives, all over.This is exactly the point I raised in my proposal for *Future Friendly, Connected, and Sustainable City – Chandigarh”: https://www.slideshare.net/

  2. bogorad

    Ha-ha, I’m just re-watching Person of Interest :)https://personofinterest.fa…

  3. Gifford Hesketh

    The privacy-first “identity service in the cloud” is similar to what my company, TASCET, provides — except that our purely symbolic representation of you (SYM™) is completely anonymous, since we do not store any metadata (name, DoB, SSN, etc.) about you.

  4. David C. Baker

    I’d be interested to know what you think of Clear. I’ve found that it speeds things up only about one-half the time, but it’s still worth it. Pre is a no-brainer–it always helps. Now they need a Pre-Pre, since so many of the unwashed masses have it. My Global Entry is amazing. But my wife doesn’t have it, so I have to wait for her when we travel together. For US citizens traveling TO Canada, NEXUS is remarkable. I didn’t even have to show my card or passport to person or machine. That’s changed, recently, but it’s a huge time saver, esp in Toronto and Vancouver.

  5. awaldstein

    The issue is obviously that these systems are broken in every way.Pre and Global are a massive time save.I question whether either provides enough information to actually determine me as ‘safe’ in an abstract way.AndThe systems that they do touch are all incompatible and broken. Had an issue when applying for one and it took basically a year of me manually searching out, calling and filing a protest to get it done.Safe travels Fred!

  6. Roger Anderson

    You need to talk to Phil Windley @windley and the Sovrin Network re: Universal ID that fits your goals as stated

  7. jason wright

    It’s almost become a moral imperative to try to circumvent this shit. Fuck me, what the hell kind of world are we living in today? It’s madness, fucking madness.’Global Entry’ – What on earth is that?

  8. narikannan

    The solution may be in a service that provides you a personal PIV card that stores all these details and some more details like what Credit Agencies and Lexis/Nexis do for Identity Proofing these days (four questions about where you lived, etc). Anybody requiring Identity Proofing could get these details from you in real-time and verify that they are correct by doing an automated Lexis/Nexis check with them answering these questions in real-time instead of a person answering them manually. You control the card. Nobody needs to store anything. Wonder if it will work?

    1. Les Chasen

      See @valididy. Storage of digital PIV card in mobile wallet. no need for references stored anywhere but the source of truth that issued it and you the holder.

  9. William Mougayar

    Singapore has it figured out already. Just try going through their airport. The smoothest yet safest experience I’ve recently encountered.

    1. Girish Mehta

      Lived there. Best airport in the world. And remarkable how they have sustained the standard for years. In fact, keeps getting better.

    2. awaldstein

      True but as someone who was there every month for 5 years during their ‘chewing gum and caning’ period, it was a strange and unnerving process in the early days.

      1. pointsnfigures

        That part hasn’t changed…..it’s just not as obvious

        1. awaldstein

          Probably so.Easier to make everything perfect when its all top down and you can force things to a mold.Remember back then that in order to play golf in Singapore you had to past a test to insure that you wouldn’t hold up people if your skills weren’t up to snuff.Efficient but too weird.Great place to have a company especially when the government liked you, great access to dive spots, great food but weird nonetheless.

      2. William Mougayar

        How many years ago was that?

        1. awaldstein

          92-97ish consistently then diminishing over the next ones.interesting times. crazy dichotomies of our tech company with floors of programmers and outside in the courtyard the food trucks making food on open fire pits.

          1. William Mougayar

            on a recent visit this year, i found singapore to be very modern, progressive, evolved, open, orderly and forward.i think they succeeded in getting where they wanted to become.

          2. awaldstein

            true says my friends who live there.i’m sure there are those in china (remove progressive) who say the same.i’m saddled with a social conscious, i can’t help it and wear it on my sleeve.

  10. Jeff J

    I signed up for Clear at Yankee Stadium, their free sports mode. Having found it truly useful I signed up for their paid, discounted to Delta FF members, and have used it and Pre for dozens of business and family flights. It consistently speeds up the process of traveling for us. This has been consistent at JFK, SFO, LAX among others.Combine the Pre process with the Clear process and have that owned by a private, security first, entity and I’d gladly pay for this service. My account, owned by me.Signing up for a utility? Forget my SS number, authenticate via fingerprint or facial scan on your phone and allow the utility company to validate who you are. Simple, and straight forward.

  11. JLM

    .Actually, there is such a cloud repository, the National Security Agency.Everything you note has been run through one of their million square feet of Crays and sits in their unlimited storage.Nice fellows. Give them a buzz. Sure they’ll be helpful.Only a partial joke. I once saw my FBI file (had a high security clearance) pre-cloud and saw documents and info I literally did know or even knew existed.AWS is in the middle of this already.JLMwww.themusingsofthebigredca…

    1. sigmaalgebra

      Maybe there is a company, Susan Rice Information Systems, you could call to get all your NSA info? Or maybe there was but shutdown now?

  12. DJL

    This seems like the ideal blockchain application and there must be several players trying to do this? Putting all of our biometric eggs in one basket would be a hacker’s paradise. But if they are properly “anonymized” and encrypted it could work.The main problem is getting everyone to use the same system. It would become so useful that Google/Apple/Facebook would have to “own” it. I just don’t see any of them ceding this to some “non-profit” but that’s exactly what it would take.

    1. Ben Longstaff

      Personally Identifiable Information should never be put on a blockchain.A hash of the data sure.de identifying data is a lot harder than people think. Encrypted data will eventually get broken.Most of the interesting projects in the space are members of the Decentralized Identity Foundation and are working on implementing the w3c standard for Decentralized Identifiers and Verifiable Claims

      1. DJL

        Yes but they never get any market share!

        1. Ben Longstaff

          Both Visa and Mastercard are working on blockchain based digital identity systemshttps://globalrisk.masterca…couldnt find the official visa announcement but they are working with IBM on it

    2. Mike

      Interesting problem statement here. I think every state is going to the new digital licenses. Starting a business, applying for a mortgage, registering a child for school have similar requirements. Maybe some some form of service business or technology platform sold to Federal, State, Local agencies or private institutions. Will need to get these institutions vested in any new approach. Pick one to prove it out and scale from there. Self sovereign identify comes to mind but there might be mutiple approaches.Two potential challenges:1) You need to replace the current paper documents with a secure digital format, or representation, that is as accurate and reliable as the status quo2) Institutions need to accept the new approach for individual identification and accuracy of dataMaybe you start wiith a private sector application since profit motives might initially value the potential time/cost savings more?

  13. Nick Hencher

    The big question is… What’s the name of the bar/restaurant?

  14. Nathan Taylor

    Government has to honor biometric identity for it to be full useful (taxes, passport, etc).China authoritarian model of course can work. For liberal democracies, India moving that direction, maybe Europe, but hard to see US moving fully that direction of government holding biometric id info. That leaves company holding your biometric ID, and then doing an interface to government at your behest. Or else some kind of open source model, in which case possibly blockchain could be correct tool, where again company could facilitate (similar Coinbase with bitcoin), but actual identity wouldn’t be owned by facilitating company per se.At this point very clear biometric identity is the future. But still unclear exactly how to make it work. Except fully authoritarian model. Interesting & important problem awaiting solution. Hard to predict exact correct timing it will take off (as always the core question with any tech investment opportunity).One last aspect to consider. Genomics is exploding and cost of full genome seuqencing almost at point where everybody will have it done. But the quasi public nature of your DNA (2nd or 3rd cousins in public DNA database enough to identify you) makes how this form of id to fold into the biometric identity problem very interesting as well. Suspect any biometric id facilitating company would also hold your DNA as well as part of the service.

  15. Vitomir Jevremovic

    I was always scared of the Book of Revelation, and the New Testament where it says (Revelation 13):”And that no man, rich or poor, might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six.”I kind of hope this is not the future, but the past.. but that is another story. Truth is we are heading in this direction, for the good or for the evil.

    1. Ben Longstaff

      Pretty sure that’s where Goldman Sachs got their inspiration for their blockchain ….. checkout https://www.goldmansachs.co… in section 3C

  16. kenberger

    Be sure to also get the APEC business travel card. Pretty amazing: lets you use priority lanes in a number of Asian airports (Hong Kong, Singapore, Bali, Japan, China, Vietnam*), and also western countries such as Mexico and Canada. Even if you only visit those regions periodically, this is totally worth it, game changer for some airports.To get it, you just go to the website where you apply for/renew the Global Entry, and you’ll see the form for APEC. Fill that out, pay an extra $70 for 5 years, then go in to any GE location to get a photo and do an e-signature (can go to any US airport GE office, or the Federal Building in downtown manhattan by appointment), then they mail it you anywhere worldwide.https://www.cbp.gov/travel/…*you still need to get any required visas, this just gets you through customs much faster.

    1. awaldstein

      Good one.Will order as need to be in the region a bit soon.

  17. Ben Longstaff

    I like Estonia’s x-road model, it records who accesses citizen data, but as a citizen you can see who has accessed your data. Because of the transparency there have only been a handful of cases of peoples data being accessed inappropriately

    1. Tom Labus

      Other countries have adopted this model and software

      1. Artem K

        Would you be so kind to share any links on that other countries? It’s very interesting topic

    2. jason wright

      https://en.wikipedia.org/wi…It’s not blockchain technology. How can we be so certain that the record of access is accurate?Estonia has a political obsession with Russia. That probably encourages Russia to pay closer attention to Estonia. It’s a self fulfilling loop.

      1. Ben Longstaff

        My understanding is that the x-road logging system works in conjunction with the KSI blockchain (https://e-estonia.com/solut… and was developed specifically so Russia couldn’t mess with their data.I like the approach they outline in https://www.niis.org/blog/2…as it empowers the citizens with access to how their data is getting used

        1. Artem K

          You are right, Estonia seems to develop things properly transparent starting almost 10 years ago, and KSI blockchain itself provided by Guardtime, whose american office general client is US DoD, so there is no chance to mess with Russia)I’m experiencing the estonian eResidency currently, it seems still a bit “manual” at some unsensitive points, but in most sensitive cases it is fully digital, automated and secure. And it seems it is slowly integrating into other EU countries Id systems. Very promising

  18. Richard

    This book has been written. The people asked for a govt that regulates and redistributes. It’s tools for executing these tasks are built in the private sector and will equal in performance of that of the private sector. The only real difference is the profit incentive. But here too, it is moving in the direction of the private sector. Career politicians are the last vestige that needs to be updated. Expect vast improvements going forward.

  19. kenberger

    A key use case is to have a global identity/criminal record check. Of course this must be balanced against potentially nefarious factors.At the moment, for Americans, the FBI is the agency that controls and is looked to for this. If you want a France residents permit (allowing one to live in France/Europe long-term), the French consulates make you submit an FBI report. That agency is overwhelmed handling these, and so the process is expensive and can take a long time (making some people even miss their trip).

  20. Les Chasen

    One could carry signed digital certificates, data capsules, provided by issuers and carried in mobile wallets. Then prove their bona fides simply by sharing via mobile devices on or offline. ValidIDy, https://valididy.com, is one such startup attempting to make this a reality.

  21. Chris J Snook

    Fred we should get you in the loop with our portfolio team at www clear.co.com for the life after Google/Facebook sovereign individual ecosystem that begins with identity and data storage. Identity is THE problem that humanity must solve in the next 3-5 years. Thanks for the postm

  22. OurielOhayon

    Add to that the risky, expensive and tedious KYC /AML steps crypto services make you go through

  23. LIAD

    I see none of them ask for your social media account details. Not yet anyway.

  24. creative group

    CONTRIBUTORS:The concerns that Fred outlined are actually the concerns of regular people.Fred isn’t regular and no attempt by him can make that magically happen. Fred Wilson is so known that you can acquire every detail of his life sitting at a computer. When you are high profile and in the publics eye this is the trade off.Strangers who actually don’t know you get to know you. FACTS!Next topic!CAPTAIN OBVIOUS!#UNEQUIVOCALLYUNAPOLOGETICALLYINDEPENDENT

  25. Frank Jaskulke

    Fred, if you have Global Entry you do not need to get TSA Precheck, one less system to track!

  26. Kirsten Lambertsen

    I hope whomever is building a universal biometric identity sees that Global and Pre are basically for people of privilege and that they’ll be looking to disrupt that aspect as much as the hassle.

  27. Justine Humenansky

    A lot of interesting work going on with identity and DLT. The Impact of Digital Identity (https://blockchainatberkele… outlines many of the initiatives and challenges in creating a self-sovereign ID. As an MBA student at Berkeley-Haas, I worked with Blockchain at Berkeley on a PoC aimed at implementing an identity and record management system for the homeless population in the Bay Area last fall. Happy to chat with anybody interested in learning more about our work / findings.

  28. pointsnfigures

    as long as you own your data, and it’s portable…..

  29. scottythebody

    https://un-blockchain.org/u…Some useful stuff linked there. Was working adjacent (not on) a project to provide blockchain based ID for refugees and the massive population underserved by good government services. Not sure where they are with it.

  30. Amar

    Microsoft was touting a platform for this use case and several such use cases recently. Not sure if it hit your radar.1. https://www.microsoft.com/e…2. https://techcommunity.micro…While not directly B2C. I assume they are inviting application developers to build a direct to consumer service on top of their scaffolding.

  31. Mike Slagh

    Fred, I want to live in that same future. Fortunately, I think Blake Hall and the team at ID.me are going to be the ones who deliver it.ID.me is streamlining access to a few government agencies and state DMVs with new forms of federated digital identities. They’re also allowing veterans to prove their identity online and have completely transformed the VA benefits process in the past 2 years.I’m very excited about some of the recent momentum as all of these partnerships start to build upon each other.

  32. Kasi Viswanathan Agilandam

    I thought it is one of the business objectives of Facebook when they started. Seriously.

    1. Steve_Lockstep

      Many of us thought the same thing. But none of the big digital brands have managed to progress past near-trivial social logons. Some thought these would be a model for higher value digital identities suitable for higher risk transactions, but no, Facebook, Twitter and Google “identities” don’t assert who you really are, and they’re only used at websites that don’t care who you really are. I reckon “serious” Digital Identity (i.e. what governments would call “Level of Assurance” 2 or higher) has proven much harder than it looks. Not even LinkedIn has cracked the identity code. They probably all struggled to write an effective yet attractive pro forma Relying Party contract. Meanwhile, the true function of Facebook ID is to enhance they way they track members.

      1. Kasi Viswanathan Agilandam

        thank you very much.Yes and agree.In India we started ( almost complete across 130Billion 🙂 ) an ID creation by government and works well so far ( normal citizen are scared that their identity will be stolen by some hacker ). The ID is linked to all other papers like Driving License (& vehicle registration), bank account , etc.,But the fakers will always find a way to create fake one’s.

  33. Jim Ritchie

    Late to the game, but this has a decent overview of identity on blockchains. We are using uPort in our app.https://blockgeeks.com/guid