Making Data Better

Australia's online security community - government, banking, and providers - has made a major, deliberate move. Over the last year, the term "digital identity" has been replaced by "digital ID" in government and industry publications and press releases.
Steve and George unravel this deliberate linguistic shift from the amorphous 'digital identity' to the more concrete and pragmatic 'digital ID', and understand why this nuanced change is more than mere semantics. It's a shift that promises greater clarity in technology, legislation, and personal identification. Tune in and explore a future where proving who you are online is not just more secure, but refreshingly straightforward.
Why does this matter? As Steve and George discuss it in this episode of Making Data Better, it accurately shifts the focus of policy and technical work on to the quality of the data used for identification purposes. It frees everyone from the impossible tasks of representing our "identities" digitally.
Through our discussion, we celebrate the strides made by Australia in addressing the advancement of digital identity systems—a contrast to the comparatively uncoordinated, market-driven efforts seen in the U.S.
Steve and George conclude with their perspective on how to secure digital IDs using device-assisted presentation. Plaintext presentation is the enemy. It gives hackers endless opportunities to copy (via data breaches) and replay (via fraud) that data. There is a straightforward solution that we have done before: marry the cryptographic strength of how chip cards are secured to the convenience of smartphone presentation and we have the opportunity to remove breach incentive by making our digital ID data better.
There's plenty of work ahead but there's great power in what could be an uncontroversial, technically practical, achievable approach. So take a listen.

The focus of computer technology historically has been on the manipulation and communication of data and information. Yes, there’s always been the monstrously obvious admonition of “garbage in, garbage out” when speaking of data. But as our dependence on data grows, the issues of data quality, of making data better, have grown in importance and complexity. Data, it turns out, is endlessly nuanced.
Government Data Generation and Usage
Government has an enormous interest in data. It is an issuer of data when it assigns account numbers, for example, to its citizens to ease service delivery. It is also a considerable consumer of data in order to establish policy, measure program efficiency, support planning, and, just as with any business or individual, for decision making of all kinds.
But this isn’t simple. The term “government” masks the fact that multiple agencies exist, each with its own goals, never mind data handling policies and procedures. Sharing data across industries is as nuanced as data sharing between enterprises or even more so.
Understanding how governments think about the data they consume and generate is key to long term data security and online identity.
Talking with Data Expert Ian Oppermann
In this fascinating and stimulating conversation, Steve and George discuss these topics with Ian Oppermann, the former data director for the state of New South Wales, a director for Standards Australia, and advisor to multiple startups.
Ian shares his insider’s knowledge of government agency priorities and the fact that sharing data across agencies is “extraordinarily hard.”
Just at the Beginning
Standards Really Really Matter
Ian’s participation in ISO standards development comes from his insight that data sharing requires very crisp definitions, detailed use cases, and specific guidance for each use case based on privacy and data custodianship requirements. And he points out that we are just at the beginning.
For example, the latest ISO standards tackle the basics of terminology definition and use cases, ISO 5207, and guidance of data usage, ISO 5212.
These standards do address the use case of AI but even at this stage the standards address the basics.
People Matter
As with many technology management concerns these days, the concerns are rarely about the tech itself. They’re about people, too. Here’s Ian:
“If you want to use [data] for important purposes, you actually need people who know and understand what data is, who know and understand what data governance is, and who know and understand how to actually use the data for appropriate purposes and then put guidance restrictions or prohibitions around the data products you create.”

Ian concludes with:
“But [for] the general use of data, we're only just beginning to understand the power, the complexity, the mercurial nature of data and starting to build frameworks around it.”

Take a listen if you care about data management and governance in large organizations. We are just at the beginning of getting this right.

Dave Birch is an authority and an ambassador for identity systems. And a great conversationalist. With co-author Victoria Richardson, he’s just published Money in the Metaverse: Digital assets, online identities, spatial computing and why virtual worlds mean real business. (US link here).
In this discussion with Steve and George, Dave introduces the book and takes us into their thinking about secure, private transactions in the metaverse. Or metaverses as he points out because it will be a multi-metaverse world.
Dave doesn’t let the slow evolution of 3D hardware or its high price stand in the way of his enthusiasm. We’ve seen similar transitions before, ones that drive ubiquity and precipitous hardware cost declines so it's time to get out ahead of what's coming.
Much of the conversation is relevant to today’s concerns, in advance of widespread metaverse adoption. So take a listen.
A note on their book.
Even if you are slightly skeptical (or more) about metaverse breadth or arrival date, Money in the Metaverse is a very worthwhile read as it discusses so many of the essential components and concerns that apply in today’s world. The challenges, and solutions, to identification and privacy are examined at depth. Victoria and Dave have used the bright light of use cases, stories, and tech from our current situation to explore identity infrastructure that works in the real world and, according to them, may work better in the metaverse.

Credential sharing is complex and exciting. Take a listen to our guest, Dan Stemp from JNCTN, in this installment of Making Data Better. We discuss JNCTN's credential sharing platform and its major use cases.
Discover how managing digital identities supports the work of critical industries, from power generation to healthcare. We unpack the intricate relationships between those who rely on credentials, the individuals who hold them, and the authorities who issue them.
Dan tells us the story of his firm's evolution from card personalization bureau to today's digital credential management scheme. We discuss the firm's clients' transition from physical tokens to digital credential presentation. Of course, we discuss wallets because they are the natural containers to hold verifiable credentials and we address JNCTN's proprietary approaches, the W3C, and big players like Apple and Google.
Implementation of systemic systems is never easy. JNCTN has multiple stakeholders to convince. We examine enterprise adoption and the leverage points that resonate with the relyingn parties, the risk owners, who deploy these systems. It's not just about risk mitigation and operational efficiency.
So, take a listen as Dan, Steve, and George share their enthusiasm for verifiable credential sharing and the breadth of applications ahead.

In this quick take, Steve and George discuss the idea of a single digital ID through a review of the proposed bill currently in front of Australian legislators. We being by comparing that approach to two very different models: India's Aadhaar program and the "shadow IDs" as employed by commercial data providers.
We are excited by the steps Australia is taking to secure the online activity of its citizens. This is serious work with many of the required elements for success already in place. And connecting those elements into a strong chain will be challenging.
We conclude with a discussion on the quality of the data feeding into any system performing identification. How do you know that the data is authentic when it is presented through plaintext? Like chip cards and passkeys, we posit that device-bound data is required for secure online interactions.
This concern isn't just about what's happening in Australia, of course. The problems of data authenticity and how to integrate a new digital attribute into KYC processes are non-trivial. So take a listen and get in touch.