John, as a leader in the community, what do you believe are the biggest questions and opportunities in digital ID and authentication today? In part this will depend on the interests of the stakeholder you ask, but in our view a couple of things stand out. On the opportunity side, in Canada we have a federal level, 13 provinces and territories – so 14 ‘voices’ to co-ordinate. No one level of government or economic entity controls or should control citizen or consumer identities in Canada. We also have a limited number of banks, telcos and other key stakeholders to co-ordinate. And there are mutual benefits for everyone in achieving consensus. So while co-ordination and consensus amongst all these Public and Private sector groups on what is and is not digital identity and trust is not an easy task by any means, its relatively manageable and we have a history of this type of Public and Private Sector co-operation in Canada. The Canadian Public Sector and DIACC are to be commended for their leadership roles in this respect. On the questions side, we think we need to ensure that as we approach a Digital ID and authentication framework that we are learning as much as we can from other jurisdictions and carefully assessing what worked well or didn’t work well, based upon what’s unique or common about that jurisdiction. It’s not just a ‘choice of technology’ question. A key part of this will be how we balance – and this is likely to take some time given the multi-faceted nature of this in Canada- the core questions of privacy, confidentiality and security of the Digital ID of our citizens and consumers. Losing control of your Digital ID, or unwanted interests having access to elements of your Digital ID will have real, immediate and direct consequences. In our view, we need to be patient and thorough with Digital ID and authentication before we can become economic and expedient.
What role will digital ID and authentication play in increasing Canadians' ability to connect with businesses and governments? While digital ID and authentication necessarily plays a core enabling role, it will not in and of itself play a sufficient role to bring about a trusted and robust digital economy. We must also ensure that there is funding, innovation and inclusiveness in e-services at each level of government (including municipalities) and in key sectors such as banking and telecom. Digital ID combined with a robust e-services ecosystem (e.g. fintech) will bring about the digital economy we all envision.
How do we balance the needs of individual people and businesses and governments? In essence the same way we always have in Canada- we strike a balance (a constant work in progress) that vectors towards peace, order and good government. We should avoid a quick commercialization of digital ID given the long term importance of getting this right for citizens, consumers, businesses and the Public Sector. So that looks like a consensual inclusive framework to us. By focusing on agreement on open standards and balanced principles, we can ensure that the resulting policies, structures and outcomes support a trust framework that can evolve independently of current technologies and today’s economic interests. At the same time, finding a balance of privacy and security for citizens/consumers digital ID, and giving them meaningful control over how and where their digital ID gets used and stored, is very important- no one wants to endure identity theft and its consequences. If this happens we can expect that people will have real expectations of the ability of the Public Sector to remediate.
Can you describe what you see as the future of digital authentication? We have been doing digital ID and authentication for almost 2 decades. Our clients are always balancing business pressures and ease of use in new technologies, with cost and risk. That won’t go away. An interconnected economy- a digital and mobile economy- means however that risks can get multiplied and distributed quickly throughout the system. An interconnected economy also increases the likelihood of advanced threats (including zero day threats from new technologies and version upgrades) from sophisticated actors who will find a digital economy an attractive target. Think of the weakest link in the chain as a useful analogy. So we see that there should be an increased focus on security by design and privacy by design. These principles will need to be balanced with the ease of use promised by new technologies. A trust framework with teeth really helps to address this ongoing and real risk.
John Scott is the CEO and a Director of 2Keys Corporation, an employee owned Canadian cyber security company. John has extensive Canadian and US Board and executive experience in technology and law. 2Keys provides a range of cyber security technologies and services with a specific focus on identity and access management policies, operations and technologies for the Canadian Public and Financial Sectors. 2Keys is a Privacy by Design Ambassador, a DIACC and Kantara member, and possesses a broad range of security designations and clearances.
Telus House 25 York Street, 3rd Floor Toronto, Ontario
Telus Garden 777 Richards Street Vancouver, British Columbia
What Attendees are saying
“The only conference in Canada where one can meet the who’s who of knowledgeable people and champions of digital identity to discuss the real issues and opportunities in this space.” Dave Nikolejsin, Deputy Minister of Energy and Mines at Government of British Columbia
“A fantastic platform bringing together Canadian thought leaders and key industry experts to promote innovation in digital identity and authentication.” Mike Vanderkaden, VP Corporate Development, Equifax Canada