This post is an excerpt from an upcoming report entitled The Current and Future State of Digital Wallets, which is being shared here as a 16-part series. To receive a copy of the report, please register here and we will get the current draft sent out immediately and a PDF of the final report when it is ready. This is the eighth post. For the first post click here, for the previous post click here, and for the next post click here.
We’ve discussed that a Digital Wallet is comprised of Wallet Storage and Agents. The Agents work on our behalf to make our Digital Wallet work for us. Initially Agents will be quite basic and our Digital Wallet won’t be terribly exciting. As the adoption of Digital Wallets increases we will be able to deploy Agents that do more and more things for us. They will help take care of the mundane, protect us from error and threats, and generally improve our lives.
But we have a lot of work ahead with Agents. This section aims to provide us with a bit deeper view of where Agents can go.
Types of Agents
The general idea behind Agents is that they handle things for the Person or Organization that may be useful in many ways. Various different types of Agents will be created in time. Some examples are:
- Messaging Agent – handles messaging for us in various contexts ranging from the simplest credential messaging (accepting, offering, etc.) to full 2-way messaging along the lines of a peer-to-peer version of WhatsApp.
- Privacy Agent – keeps a lock on privacy-invading information being shared unless you want it to be (or need it to be – using a panic button or something) and who you will allow to access it.
- Delivery Agent – handles delivery of packages to you (it may even arrange to put the eggs in your fridge) while maintaining a secure perimeter so your private information doesn’t leak.
- Health Agent – ensures that you’re following the eating approach that you want to, taking time to exercise, and generally checking up on things and staying safe. In the event that something happens to you (e.g. you have fallen and can’t get up) it may reach out on your behalf to your loved ones and/or medical authorities.
- Home Security Agent – watches your residence and responds to threat and non-threat events for you. If your insurance company needs to know that you are meeting your obligations (e.g. is the alarm actually on when you’re away?) perhaps you could share that information for a reduced premium.
- Data Use Agent – Sidewalk is building IP that will most likely drive a ton of revenue for Alphabet in the future. What if, as a resident, you could share in some of that revenue? A Data Use Agent would act on your behalf, ensuring you and your city get their fair share of revenue.
- Buying Agent – issues purchases on your behalf to vendors that are part of the ecosystem – this is your trusted fridge ordering your eggs and milk!
- Marketing Agent – blocks or allows marketing information to flow through to you. Not really a city-based approach but a key for local vendors to be aware of so they can know how to reach you, assuming you want that.
- Reputation Manager – handles your reputation scores on various different platforms that range from centralized (e.g. Uber, Yelp) to fully-decentralized systems that haven’t even been deployed. The key here is that at some point you will own your own reputation data that other can use as input.
Who Is In Your Wallet?
The decentralization maximalists discuss removing any third parties from our lives. The general concept is that “middlemen” services don’t add value and need to be disintermediated. The reality is that where a third-party is not adding value they will be removed – but what about the third parties that add value to our lives?
There is incredible value in allowing third parties “in” to your Digital Wallet – under your conditions, with full knowledge, and hopefully, with protection from them behaving badly.
Consider how the following scenarios can help in your day-to-day life:
- Telco – your smartphone is tied to your telco so it makes sense for them to play a role in help you use and protect your Digital Wallet. Telcos will need to put deep processes in place to ensure that social engineering attacks are avoided.
- Bank – provides custodial services for your information and your digital assets. Banks, credit unions, and other financial institutions have been safeguarding assets for hundreds of years – and they have a role to play today and in the future. We rarely want to carry everything that we own with us – it’s just too dangerous. Simple mistakes could mean the loss of all assets – with no recourse.
- Insurance – the contents of our Digital Wallet and how we use them raise questions of liability and risk. In time, the insurance market will characterize the risks and provide insurance. Examples may include insurance for key credentials that they are accurate and useful in particular cases (e.g. signing contracts with a rich credential backed by an insurance policy that says you really are you.)
- Family & Friends – we may want our family and friends to play various roles in our Digital Wallet. Whether that is for convenience (e.g. help recover keys) or requirement (e.g. authorizations for children that aren’t of age) there are many different ways that we can interact. We may just be helping someone take care of a few things (e.g. protect a friend from phishing scams by being part of a multiple signature approval for wire transfers over a certain amount).
- Health/Medical/Wellness – the health information that we can store in our Wallet is incredibly valuable – directly for our own benefit and indirectly in service to society. If we are going to share information we need to know who we are sharing with, what they are allowed to see and do, and how we benefit.
Emergencies – Break Glass In Case of Emergency
Some health systems compartmentalize key information that can be accessed without express consent of the individual. We can call this capability the “break glass in case of emergency” features. However, they are hosted in the centralized systems that sit behind controls to protect that information.
A Digital Wallet will hold crucial information that may be useful in the event of an emergency. Various types of information can be compartmentalized and made accessible through various methods under various conditions such as:
- medical emergency – first responders and medical personnel/institutions will need access
- death or incapacitation – would potentially require legal intervention and consideration of legal authority
As more and more information moves to the edge of the networks and is under our direct control – in our Digital Wallet – the protocols in place do not work. I hold the information in my hand that used to live only in a centralized system.
We need Agents to help us ensure that the right people get the right information from us – without revealing too much to the wrong people. The Agents running in our Digital Wallets can do many things to ensure that the people requesting our private information have a bona fide right and requirement to use it. Similarly we need to ensure that if they don’t have a Digital Wallet for ours to talk to, we may need to go fully manual.
Earlier we hinted at the idea of an insured credential that we can use for signing contracts – where the insurer offsets the risk that someone is posing as you. There are many other cases where insurers may be deeply involved in your Wallet. These range widely:
- Insuring key digital assets from theft – an insurer may act as a third-party that helps to protect you in case your Wallet is stolen. They can block and potentially even reverse key actions (e.g. transfer of a particular asset that goes into 48-hour escrow account that can be interrupted in case of Wallet theft/takeover).
- Handling your receipts – as you accumulate receipts that are covered, they can automatically reimburse you.
- General liability – the use of a Digital Wallet means you are trusting the Wallet provider – but what if the builder of your Wallet had nefarious motives?
Monitor / Auditor
There are times when your Digital Wallet should actively intervene to keep you aware of activities and possibly notify authorities. A couple simple examples can help explain this concept:
- Age of Majority violation – imagine a time when you are used to providing a digital identity credential to enter a drinking establishment. They should normally use an overlay that asks for proof you are over a certain age and that this is you (perhaps a low-res picture of you). But what if they ask to see your full Digital Identity Document – much like a law enforcement official would? A Monitor could notify a government (or other) authority that the establishment is overreaching.
- Reputation Services – over time Digital Wallets will allow us to look at a broader picture of a Person or Organization’s reputation. You may want reputation services to look at, in a privacy-respecting way, the reputations of the people that you are dealing with. Additionally we may want to actively participate in such services – building our own reputation up.