Sometimes a business inadvertently drops the pretense and just tells the world its real intentions. We saw this yesterday, when Amazon bragged about how it “allowed” an employee to lose 100 pounds by endlessly delivering boxes. Amazon saw this as a heartwarming tale about how great it is to work for the e-commerce juggernaut. It completely missed the subtext: Who needs a gym when someone can physically labor for their corporate overlord and lose weight?
Now we have another, possibly darker example. Mastercard announced a new partnership with Microsoft that is tackling “digital identities.” Here’s how it described the project in a tweet:
Voting, driving, applying for a job, renting a home, getting married and boarding a plane: what do these all have in common? You need to prove your identity. In partnership with @Microsoft, we are working to create universally-recognized digital identity. https://t.co/He5syqa5g7
— Mastercard News (@MastercardNews) December 3, 2018
Essentially, the tweet described every action an adult human takes that is both highly intimate and requires sharing personal and confidential details. The companies are building a solution that would create a “universally-recognized digital identity.” To the corporations, this is a brilliant solution! To everyone else, it may feel more than a bit dystopian.
What this announcement seems to be describing is a streamlined identification system: a not-too-far-off world where people are identified under a universal protocol that checks in on them at various points during their lives–when they vote, when they get married, etc. It’s the kind of a citizen-check system a totalitarian regime could only dream of.
Already, countries have begun implementing identification systems that seem ripped from an Orwell novel. India, for example, has a program that scans citizens’ fingerprints and eyes, which connects all of their personal data (from cellphone information to government benefits) into one state-controlled apparatus. China, too, is planning to use a country-wide citizen identification system that would give people “social credit” scores about the way they behave. These systems have been met with significant outcry about privacy and digital rights.
Judging from some of the responses to Mastercard and Microsoft’s announcement, we can likely expect similar criticism here.
Euphemism for: Universal tracking of users.
— ⌘ KILI∆N ⌚︎ (@KilianMuster) December 4, 2018
And yet the two companies didn’t seem to realize the minefield they were stepping into. According to the press release, the problem they believe they are solving is people being forced to “successfully remember hundreds of passwords for various identities and are increasingly being subjected to more complexity in proving their identity and managing their data.” But the solution they offer–a one-stop, universal identification for any and all applications–would mean that every citizen would be entering into a system built by private companies that centralizes all of their personal data. Every digital company wants to be a data hoover, and this program seems to underscore the extent of this pursuit.
Reached for comment, a Mastercard spokesperson provided me with a very lengthy response, which emphasized that the program is still in development but will be customer-centric. “Our intention is give people more control over their own digital identities, allowing them to easily manage and share their information their way with the devices they use every day,” the statement said. “With our service, which is still in development, people would be able to easily verify their digital identity through trusted sources to whom they have already provided their information such as banks and mobile network operators or government and postal services, sharing only the information needed to conduct their transactions.”
Microsoft declined to comment.
Beyond the surveillance and privacy red flags, a universal identification like this will likely raise security concerns. Even when companies think they are using the best practices to protect user data, it is only hubristic to believe something is un-hackable
Mastercard said the following to me about security:
The service will allow the data to sit with its rightful owner–the individual–and wouldn’t involve amassing personal data in honeypots vulnerable to attack. In no situation would Mastercard collect users’ identity data, share it or monitor their interactions. Instead the data would reside with the trusted party, and our service would merely validate the information already provided, once an individual has decided to do so. This is about giving the individual control over who sees their information and how it’s used.
Overall, this announcement speaks to a common tone-deafness among large companies when it comes to privacy. While proving digital identity can certainly be onerous, some solutions may only imperil us even more.