This post is an excerpt from an upcoming report entitled The Current and Future State of Digital Wallets, which is being shared here as a 16-part series. To receive a copy of the report, please register here and we will get the current draft sent out immediately and a PDF of the final report when it is ready. This is the fifth post. For the first post click here, for the previous post click here, and for the next post click here.
There are a few high-level guiding principles that should be kept front of mind for those that are designing, building, and using Digital Wallets to create user experiences.
2018 saw a major shift in consumer behaviour, with relatively large portions of people realizing that social media and the “surveillance economy” were making them uncomfortable. Until the beginning of the Digital Wallet era, there haven’t been many alternatives. Experts like Doc Searls have envisioned a new way of sharing information where there is a “fourth party” that helps make sure that our information is treated well, and perhaps most importantly, shared with consent. These “fourth party” players are quite analogous to the Agents discussed in this report.
Digital Wallets play a role in creating the “intention economy” and consent becomes a two-way process as opposed to the very one-sided process that it is now. A Digital Wallet will need to be able to provide the intentions – and give consent to those who are willing to play by the rules that our Agents enforce for us.
Consent-driven approaches to sharing information don’t need to be complex, but we need to have tools that make it simpler. Constantly being asked to consent to something that you obviously want to do is annoying. The Agents in our Digital Wallets can help maintain a balance between convenience and consent.
Privacy by Design
A Digital Wallet is owned by a person. Sure, the software behind it was built by someone but the Digital Wallet – the software and the collection of stuff in it – is a personal asset. It is also likely going to contain information that is private. Applying the concepts of Privacy by Design will be crucial. The 7 Foundational Principles of Privacy by Design, created by Dr. Ann Cavoukian when she was the Privacy Commissioner of Ontario, provides high-level guidance that can help guide efforts in designing Digital Wallets.
The aspirations of the Privacy by Design principles often leave technical people looking for deeper guidance. Daniel Hardman and Jason Law of the Sovrin Foundation (and Evernym) provide excellent guidance in “Self-Sovereign Privacy By Design”
Security by Design
Digital Wallets should follow a “Security by Design” approach. Security by Design is still emergent and, unlike Privacy by Design, there are no rich resources to point at directly. The Sovrin Governance Framework is the best source to date as it focuses on the self-sovereign aspects which act in favour of the People and Organizations that hold the control of their identity documents. It covers the following principles (excerpted from the Sovrin Governance Framework):
- System Diversity
- Secure Defaults
- Least Privilege
- Secure Failure
- Pervasive Mediation
Portable and Open by Default
Past Digital Wallet efforts have failed for many reasons but the most common factor that impacted them was that they were created as closed systems. Closed systems have many faults but two major ones are:
- people are locked in and are unable to move to other systems
- vendors that are not part of the company or consortium are excluded and have no incentive to participate
The second factor (exclusionary team) has caused failures of Wallets since Microsoft Passport was released two decades ago. Though it continues to exist, it has devolved into an authentication capability used almost exclusively by Microsoft. Current Wallets like Apple Pay and Google Pay are more open – but still requires participating organizations to adhere to rules that they alone set.
The lock-in effect is more difficult to understand impact wise. When there is no ability to carry your information somewhere there is a natural resistance to investing too heavily – with our efforts and with our information.
Ensuring portability of the information contained in a Digital Wallet removes both of the factors that have caused failures. There are multiple solid examples of standards-based, portable systems that have created massive industries. The best example is the web browser industry which has enabled a multi-trillion dollar industry – based on common standards and portable information.