LINE x Intertrust Global Security Summit: Working towards a Digital Identity and Trust Layer
Intertrust and our partner LINE, the highly-successful and innovative social media service based in Japan, have held a total of 5 security summits starting in 2017. Designed to bring together experts from around the world for substantive discussions around security, privacy, and other important topics, the 5th LINE X Intertrust Global Security Summit was held in May 2019 in Tokyo, Japan.
The first Security Summit focused primarily on the theme of control, privacy, and security of data as all companies wish to become data companies. The fifth event was held under the theme of “Safeguarding the New Era of Digital Identity and Digital Trust,” reflecting the increasing urgency of establishing identity and trust as a bedrock for the data economy. Pointing out the continuing problems of deepfakes, fake news, malware, unsecured IoT devices etc., Talal Shamoon, CEO of Intertrust declared “We live in an era where the entire integrity of the Web is now questionable” and argued for the adoption of better, more scalable authentication techniques. Takeshi Nakayama, the CISO of LINE, also emphasized the importance of digital identity and trust for their business use and society as a whole.
Another view of the pressing need for the development and adoption of digital identity and trust layer for the digital age was provided by Govind Shivkumar, Principal, Investments for the Omidyar Network. Shivkumar said that the Omidiyar Network’s investment thesis was to invest in “beneficial technology” for creating a more equitable economy. Given the increase in value of data as well as the consequences when it is stolen, Omidiyar believes that digital identity and trust are an essential part of this vision. They’ve also backed this thesis up by investing in a number of companies, working in the field, with the aim of fulfilling a market need they estimate to be worth a half trillion US dollars over the next decade.
Much of the discussion was around solutions for practical issues surrounding digital identity. Many of these stem from the patchwork of technologies and policies built around the current username and password method of authentication. LINE’s Cybersecurity Department Director Naohisa Ichihara identified a number of issues including account hijacking, transitioning user accounts during device migration, and difficulties surrounding account recovery as ones LINE has to constantly wrestle with. Through using a secure-by-design approach and adopting two-factor authentication, LINE has been able to greatly ameliorate these issues for their customers and themselves. Arnar Birgisson, Software Engineer at Google, also talked about their work using the FIDO Alliance and webauthn specifications to implement two-factor authentication as well.
Single sign-on and it’s sister, federated identity, is another topic that came up. Yahoo! JAPAN’s Takeshi Mori, President of Services Management Group brought up another important point about reducing the reliance on username-password, improving user experience and correspondingly customer engagement. Mori discussed their experience with Yahoo! JAPAN ID moving to a passwordless version in May, 2018. Yahoo! JAPAN ID also supports FIDO. Some of the results of this move was a reduction of log-in speed by 37% and increase in login percentages to their app from 34% in March, 2015 to 76% in March, 2019.
In a similar vein, Wei-Chung Hwang, Liaison Officer with the Asia PKI Consortium discussed plans to leverage FIDO to increase the ease of use for smart ID cards being issued by the Taiwanese government. Some of these focus on how to use smart phones along with the smart ID card to register the user for FIDO based 2 factor authentication services. One example was a user could register their card with a smart phone by going to their computer, filling out their information, and then taking a picture of themselves holding the card via a mobile app.
With both LINE and Intertrust working on blockchain based technologies, blockchain was another topic of discussion. Stuart Haber, President of Stuart Haber Crypto, helped set the background on blockchain by explaining how one key element of blockchain, the hashing and fingerprinting of files, works as well as his experience at Bell Communications Research in creating the first blockchain. One of the features of this early blockchain is that blockchain fingerprints were and continue to be published in the New York Times.
While the event had quite a lot of content around the identity layer of humans, David Maher, the CTO of Intertrust, introduced Intertrust’s work around using blockchain for a decentralized identity system for devices and data. Maher stressed the value of decentralized identity layers such as improved scalability and the potential for improved privacy. Intertrust’s research and development project in this area, called TIDALs (Trusted Immutable Distributed Assertion Ledgers), provides a distributed infrastructure for recording and querying trusted assertions about data and devices so that decisions can be made about whether or not they can be trusted. Yutaka Nagao, Intertrust’s Vice President Technology Initiatives and GM, Japan, also gave a demonstration how a TIDALs based system determined one piece of video to be authentic and another piece to have been altered.
Another take on the digital identity layer was provided by Nat Sakimura, Chairman of the Board of the OpenID Foundation. In his presentation, Sakimura stressed the importance of standardized digital identity processes by comparing the attempts at modernization of China and Japan in the latter part of the 19th Century. The Chinese government focused on the study of Western technology but failed to adapt the Chinese system to fully take advantage of these technologies. On the other hand, the Japanese government took the approach of also standardizing the Japanese language and education system as well as introducing a postal system to help fully unify the country. Sakimura took the position that a standardized authentication system for determining senders and receivers of data was essential for creating a truly digitized economy and not one where analog processes are merely with digital ones.