Adam from ID @ Equifax: How can I help? What should I do? AAAAA!

From IIW

I’m Adam, Now Leading Digital ID @ Equifax. How Can I Help? What Should I Do?

Tuesday 3L

Convener: Adam Gunther, Vice President, Digital Identity at Equifax

Notes-taker(s): Scott Mace

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Replies are Adams and do not represent the thoughts and opinions of Equifax:

My fourth IIW.

Prior, led decentralized identity at IBM.

One thing that frustrated me on decentralized identity was the slow pace.

BC demo is great, how do we get 20 governments to do this.

When the opportunity came to be at a data provider, now I can DO this.

In charge of digital identity at the company.

We do a lot more than credit reports. We have a few different business units. One is on workforce solutions. Onboarding employees. That’s an Equifax product. A lot we do around fraud not just consumer credit but B to B.

We see our role as helping people and businesses to do business and transact more by powering decisions with insights and analytics.

Consent is a great thing. We now have an opportunity to infuse consent and user control into the center of the process.

There is value in us issuing that data to you, cryptographically signed data. To help you do business. Self-asserted credentials will not work for business. We should not confuse self-sovereign with self-asserted.

The business model, I’m still figuring it out. In general, businesses are willing to pay for trusted data. Consumers will pay for some things as well. Today when I go to apply for a mortgage, I don’t view them doing a credit check on me as something I pay for. I’m telling the bank go talk to these credit agencies. I would much rather go to the credit agency and say this is the stuff I need.

There is a lot of energy and excitement within Equifax around the role of decentralized identity.

Blockchain: Certainly a part of everything we’re doing in decentralized identity. May be part of what we do tomorrow. Get off things like SSNs. Trusted digital commerce. If blockchain helps us, great.

Q: Instead of uploading data to Equifax, give results of local computation back to Equifax, to calculate my credit score.

Holding on to big honeypots of data, we’ve seen the downside of that. I’m excited as well when I’m presenting that data in real time, it helps me tell that’s you.

Q: what part of honeypot is still a requirement for you and your industry?

Nothing jumps to mind. The key thing is to vouch for and provide trust. What is the minimum we need to stand behind that. I’ve come in because Equifax sees a huge opportunity. The secure key network in Canada, now live, Equifax is the first data provider in that network. This is cool. Now where do we go with it?

Q: What is the most needed thing?

Production network for blockchain, the whole ecosystem.

Q: So how do you deal with the problem that if you’re successful, people will ask for all the information?

It becomes the only way you can sign in for something completely trivial. Prevent race to the bottom for privacy.

Pan-Canadian Trust Framework. Won’t be Equifax’s role to legislate that stuff. Not something one company can control. Equifax started with Secure Key Canada. SecureKey has a governance framework.

For example, people who sell alcohol are allowed to ask for zero-knowledge proof to prove you’re of age to drink. They cannot ask for your address. It’s far from solved but that’s the space to attack those types of problems.

Adrian: What’s the difference between a good-guy data broker and a bad guy. Anyone who is a hidden data broker – bad. Certain principles – strong privacy laws. Things like that. Good guy data broker uses standards.

In this new world, there’s a way that with the right privacy constraints, zero-knowledge proof, a company can do analytics without knowing more about you. A way we can help without leaving us susceptible to the kind of problem you’re talking about. There are regulatory evolutions that need to happen.

Q: Don’t give up on the data broker thing. Most of us aren’t crypto-anarchists. I don’t want to hold all my data and all my keys. How about a model, give me the opportunity, I can lock and unlock my credit, give me some keys, in return will you sign this. You’re still the data aggregator.

That’s a value we can add. I don’t like the word “broker/aggregator.” Preserves more of the privacy than you have today. We need a new term for the new world.

Q: You’re doing it now but I’m out of the loop.

That’s a good first step. Thanks for the feedback.

Adrian: Say zero-knowledge proofs and regulations break your way, how do you deal with the ML benefits of being able to be in the middle of all these transactions?

Speaking for myself, not Equifax, followed MIT work on open algorithms. That and transparency help people understand what’s happening there. That’s a space that can help.

Adrian: Why not use the MIT model and do federated learning, not centralized learning?

This is something to explore.

Q: We have enough robust tech to do experiments. Breakthrough will be when people who have different business models try this. Make sure I have an internal budget for proof of concept. Educate the different aspects of the company, what the value of self-sovereign identity could be. Understand the biggest costs. Run some brainstorming sessions to build internal buy-in. Kick up executive chain budget approval for some small pilots. Would try to share aspects of this info externally to show Equifax is a thought leader.

Adrian: A comment. To some of us, the problem is not having enough friction in the system. Praying to the god of adding value or reducing cost of certain transactions looks like something we might not want to do to begin with. Lawyers introduce friction. Doctors over selling of drugs OTC on purpose. As a society when we get into things where the regulations are difficult, we introduce very expensive friction, in order to allow the institutions and society to evolve the norms that we need. Competing on the efficiency of this is worrisome at that level. We’re not prepared to regulate.

Q: I want to go back to the beginning. Your company has a trust issue. They hired you, an expert in the field, to fix something. I don’t know what the value proposition of your company wants to be. I’m not going to be successful until I know where you want me to go. In interviews, they asserted something to do. Find a clear road. You’re in a sticky situation.

We have to be clearly articulating that value prop back. Show of hands – Equifax can help, not sure, Equifax shouldn’t exist. (results of poll stayed in the room)

Q: Who watches the watcher? You have to bring in other bodies to check your own power.

Scott: Some people say if the credit bureaus went away, companies like Acxiom would be just as bad or worse.

Q: We’re still seeing the reaction of the way they’re handling it. In five years, is anything going to come of this?

The fact is, once I get that SSN, the crook can impersonate you. We have an opportunity to make sure that cannot be used by anyone else. When that happens, let me revoke and reissue your keys.

Q: SSI requires high-value issuer. Replace SSNs with move accounts over to privacy-enhanced identifiers. Architecture allowing newer protocols to become real in the market.

Everything being driven by DIF is the way to go, is my opinion. SecureKey joined DIF. We have to participate in the same open standards as anyone else.

Q: Still a gap in negative history. I don’t have an incentive to share about my car accident, my bankruptcy. It’s a beautiful role for some third party that has negative, toxic information. Someone’s got to do it, where the bad stuff can accrue where someone gets the whole picture.

Today you don’t have a choice on who that third party is. Still need regulation and control.