What is digital identity and why is it important? A world expert on this topic, Eric Haller, the Executive Vice President and Group Head of Experian DataLabs, explains and shares his advice.

The digital identity conversation covered these topics:

Experian DataLabs is the research and development organization within Experian. It was established in 2011 to drive the creation of new products and services from breakthrough experimentation across Experian’s businesses in 37 countries. Labs are located in London, Sao Paulo, Singapore and San Diego.

Transcript

Michael Krigsman: We're discussing digital identity with Eric Haller, Executive Vice President of Experian and Global Head of Experian DataLabs.

Eric Haller: Sometimes it's easier to think about analog and how that might relate to digital. Our analog life, our identity, is pretty straightforward. We're all used to showing a driver's license, an identity card, or a passport. Its' been authenticated by somebody that we trust like the government. It's something that we use as an entry point to open up our first checking account at the bank or when we go to the doctor's office and we provide insurance and our identity.

What is digital identity?

In the digital world, it's very similar. If you think about that provenance or that trusted source of identity, it often starts with some things that we don't even see.

Maybe if you go back 30 years, it started with certificate authorities or credential authorities in our public and private keys that were used to encrypt our data – still today. Banks will use things like multifactor authentication; send a PIN to your phone to ensure that the communication that's going back and forth is with the person that they think it is.

That digital footprint is growing and expanding into a lot of pieces of information that most of us aren't familiar with or think about. That data becomes the gateway to how we access goods and services in a digital environment.

Michael Krigsman: Why is this such a complex topic?

Eric Haller: Complexity can be viewed in a couple of different ways. One is, if you don't know much about it, it becomes complicated. Sometimes just education and awareness clean up complexity.

The other thing is that it's rooted in technology. I think that's a part of it, so when you start thinking about how does your device represent itself in a digital environment and how that device attaches to you as an individual or you as a household, then it gets into data, elements, networks, and things that most people don't really put a lot of time and thought into. But those become the Legos or the building blocks to who we are and what represents us in our identity in the digital world.

Michael Krigsman: This notion of having an unambiguous identity involves not just you, one personally, but your various devices and even potentially your locations.

Eric Haller: Yeah, so you think about it. We go back to analog. We said, well, the U.S. government stamped their approval that I'm Eric Haller. I went in. I provided a birth certificate or something.

I provided all this information and the government said, "Yep." They took my picture and then they said, "Hey, if I ever have to match against a database, I'll look at this ID and maybe a picture of somebody's face and say, 'That's Eric Haller.'"

In a digital world, there aren't a lot of authorities. There are some. There are some. Experian plays a role in that. But there are a lot of data elements that represent us, so the game is trying to attach those data elements that represent us digitally to some kind of authority.

For example, you mentioned location. If I'm conducting commerce from my home on my iPad or my mobile device, it's very likely that, particularly if I'm using a mobile app, that GPS lat/long coordinates are attached to that device.

Over time, you would be able to see a consistent pattern of lat/long coordinates associated with that commerce activity and, if one were so motivated, they could take the lat/long coordinates, go to a map, and go, "Hey, this is a home address and this home address matches with Eric Haller." Over time, those lat/long coordinates become an element that represents us digitally, can be consistent, and can be leveraged.

The only thing is, what happens when I conduct commerce from another location? Then those lat/long coordinates aren't as valuable. But maybe there are some other things that are as valuable because I'm still using the same phone and I may have consistent data elements around the phone whether it's the operating system, the screen size, and the device type, or maybe something more complicated like an advertising ID or something in there, some specific things that might represent features of the phone that are unique.

How do you establish digital identity?

Michael Krigsman: I guess that raises the question, how do you establish digital identity? It sounds like there are lots of individual pieces that you assemble together in order to create the picture. Is that a correct way to say it?

Eric Haller: I think that's right. For one is, most people have a digital identity, whether they care to establish it or not. If you are interfacing through a device over the Web, there are data elements that need to be able to drive information back and forth for it to properly land on your device. Then if you actually buy something online, you're going to start opening up things that will relate back to where you're having goods shipped to and your name, address, credit card number, all these things that are captured online.

There are people that don't have access to the Internet or aren't engaging in commerce online. Those folks are less likely to have any kind of digital footprint at this stage.

I'm personally concerned that there may be people groups that will get left out of this. That's why it's so important that everybody has access to the Internet and has access to conducting commerce in this way because, over time, that digital identity—as it fortifies, becomes more consistent, becomes more credible—will become more of a gateway or key to convenience and convenient access to goods and services.

As we saw in this pandemic, that can even ostensibly go to healthcare and having convenient access to healthcare online, of being diagnosed. That identity does become important and it's something that we all have a vested interest in making sure that it's done right.

Michael Krigsman: The nature of digital identity or the importance of digital identity goes far beyond shopping alone, but there are very broad societal implications.

Eric Haller: Definitely. There are so many entities, not just private businesses, private enterprises like Experian where we focus on this quite a bit, actually, in trying to make sure that our clients are doing their best at verifying and authenticating identities and making sure that they're not bots that are impersonating people or imposters that have come in and trying to gain access to a consumer or a business's financials. But also, the government, the U.S. government. There are a lot of committees and, we'll say, initiatives that are underway to try to give better definition to this.

I think if you study it a little bit, you will see that one of the questions I get asked about the credibility and long-term viability of digital identity is the inclusion of blockchain. Blockchain actually comes with some promises around portability, which is key if we're talking about leveraging a digital identity in multiple environments and multiple use cases. That portability becomes a factor. Immutability or the protection that comes with blockchain that somebody can't tamper with it, that it becomes (we'll call it) tamper-proof over time. Those are key things.

Whether the blockchain is the solution or not really doesn't matter so much as those challenges of immutability and portability are met. That's a whole other conversation. If we have time, we can talk a little bit about that. There are some real challenges in that paradigm.

Michael Krigsman: What strikes me, and also surprises me a little bit, is you're a technologist but it sounds like you are almost equally concerned with the technology dimensions on the one hand and the implications for individuals on the other hand – at the same time.

Eric Haller: I think that the two go hand-in-hand. Often the technology becomes the easier of the two equations.

Like I was talking about blockchain, I get asked a lot why isn't that happening super-fast. If that's a really good way to go, why aren't we going in that direction?

It's not the technology. It's the business proposition. You need a value proposition on both sides of the equation.

Consumers have to be incented enough to carry a digital identity that can meet those requirements, put the time in to be authenticated, and have it loaded in some kind of digital wallet or environment where they can easily use it. Parties that would accept that identity in exchange for conducting commerce in some way or providing a service in some way have to accept that the fact that there are going to be a lot of people that are going to use this and have to build in advance of that.

It's a bit of chicken and egg. We see that a lot in things like payment systems. There are a lot of chicken and egg business models out there.

When you get into, "Gosh, I want to do digital identity perfectly, and I want the perfect environment for it," well, technically you can set that up but business-wise, you have to overcome that chicken and egg paradigm in making sure that both parties are equally incented to jump in.

How to improve digital identity?

Michael Krigsman: We have a question from Twitter that I think is related to this. Wayne Anderson, who is a regular watcher and is the most prolific tweeter I think I've ever met. His tweets are brilliant. They're great. He asks, "Interactive two-factor authentication at scale has been a challenge for consumers to balance convenience. When do we get to better protections and what are we missing as an industry?" I think this gets to the incentives point that you just raised.

Eric Haller: There are a couple of things about two-factor. We did a survey for consumers around the globe in ten different countries. We asked them what was the number one thing that they are concerned with when conducting business online, accessing goods and services digitally. The number one thing they said (55% of them said) security was number one.

Then we asked them, "Well, what are the things that you would value in terms of protecting you?" Number one was what we would find on our phone: facial recognition, fingerprint access. Number two was this two-factor authentication—principally sending a PIN to the phone—which surprised me because, like your listener said, it's very inconvenient.

At least market research would tell us, people right now actually are almost trained to trust that that process works. They see the PIN. It goes on their phone. Whoever they're interacting with, most likely banks – that seems to be who does it most – that there's a sense of trust. How do we get past that?

Oh, and by the way, the third thing was actually, I think, one of the ways we do get past it which is consumers say they don't want to provide data, but they were hoping that there's a lot of information that's already in the system that could do this on their behalf. We refer to that as behavioral analytics or behavioral biometrics, but data that they don't see.

We'll call it ambient data that you can leverage. That could be the promise. I'm not saying it is, but it could be. I'll give you some examples of what that might mean.

You think about how quickly it takes to respond to an item in a shopping cart. You're shopping online. You might have four pages to go through before you actually conclude your shopping cart experience. It might ask you who is going to ship you goods, what's your credit card number that you want to use. Maybe I'm going to give you one last offer before you hit the "I'm buying it" thing. It might be three or four things.

A bot will go through that really fast, faster than a person. Out in the world now, I think fraudsters are getting smart. They're slowing their bots down because you can figure out it's a bot. An individual, over time, will have consistent patterns on how quickly they hit those buttons, so profiling those kinds of things.

I'll give you another example. I'm on my phone and I'm touching things on my phone in a commerce situation. How I touch my phone will provide some insights into whether I'm a bot or not. A bot might only fire up a tiny number of pixels on my phone whereas my finger is going to fire up over 100 when I touch it. I can't help myself, right? Your finger, even if you barely touch it, you're going to fire up more pixels. That'll likely happen, so I can screen out a bot.

An imposter may use a person (not a bot but a person who is not me). May choose to swipe up or swipe down, swipe left or swipe right, or click on different things. If I'm going through a security thing, I have to pick fire hydrants out on a bunch of pictures. I may have a different way of doing that. I may start from the bottom lower left-hand corner and work myself to upper right versus an imposter window that pick a different way.

They all sound a little like, "Yeah, maybe." But in aggregate, as you start building these things up, they paint a picture.

Is that picture accurate enough where you can avoid things like annoying PINs sent to my phone? We're not there yet, but the question will be, over time, as we develop these things, that we should be able to get there.

When you know that less than one percent of the time it's a bot or an imposter and 99% of the time it's a real human being, the legitimate person that represents themselves to be this person, you want to make that process as convenient as possible. Everybody is incented to do that. It's a matter of trying to figure out the right combinations in the background that gets us to a confidence point where the false positives are low and our detection rate is high. That's how I would answer that.

Michael Krigsman: We have a question from Twitter from another excellent regular listener who asks excellent questions. Arsalan Khan says, "On the surface, it seems that digital identity for consumers is similar to single sign-on at enterprises. Are there any lessons learned or overlaps that can help us understand this and help us do a better job in the enterprise?"

Eric Haller: I would say a few things. One is, one of the things we learned from the survey that we did. This, I'll say, goes against the notion of single sign-on, but I believe your Twitter follower isn't advocating passwords. I don't think that's what they're saying.

I do want to say this one thing about passwords is that people don't like them anymore. I don't know if they ever did, but they really don't like them now. They don't trust them.

Experian, one of the services we have operates on the dark Web. When you see these massive data breaches that occur, there's the seedy underbelly of the Internet where all that data is traded and sold. We do a very good job of staying close to those trading environments so that we can know what's being compromised and sold, so we can leverage that information. One, for our own products and services. Two, so that we can alert consumers that subscribe to us that, hey, your password has just been compromised on these accounts.

People don't trust the password process. A lot of them don't remember all of their passwords. Trying to remember them is becoming a challenge.

Single sign-on, I get it. I use my devices, which plugs in passwords on my behalf – very cool. But you're still trapped in the password paradigm.

I think that's one of those things that I like the idea of enterprise-wide digital identity—getting myself out of the password paradigm—but what that might look like, I kind of go back to this analog thing, which goes back to provenance and trust. Who is going to be the architect of that and how is that going to be rolled out? I think we'll have to look at private enterprise (for the most part) to do that, and companies like Experian.

Experian definitely is a player in that space. There are few companies in there that are all focused on that big prize.

How can we protect against AI-generated deep fakes?

Michael Krigsman: Katie Waldenburg raises the question of deep fakes, which is a really interesting question. How can you tell? They're so good these days.

Eric Haller: When we talk about digital identity, one of the things that we don't talk so much about is our pictures, our voices, our videos. You and I right now are creating our digital presence in this talk show and we've seen that the area deep fakes are getting more and more challenging to determine whether it's a fake or not.

In fact, USC did a study three years ago on deep fakes and the ability to detect them and said 95% of all deep fakes you can detect, which was pretty good until Google just did a contest that ended a few months ago. They seeded a database with 3,000 deep fakes. The best researchers in the world could only detect 65% of the deep fakes, which means the world of deep learning—in this case, usually generative adversarial networks—the ability to fine-tune your fake signal, whether it's the lighting, the camera angles, the continuity or congruity in the background, the demarcation of the lines, blinking, mouth movement, all these things that comprise what a neural net has to assess and replicate (to turn my face into Tom Cruise or something on a TikTok video) is getting better and better. It's becoming more challenging to detect that.

In the point of the ability to detect deep fakes, I would say there are a couple of different angles. One is, today, right now, deep fakes are really only single direction, which is kind of more of the fake news type thing. They're not interactive. You don't have the opportunity to ask questions to determine whether or not that digital representation of an individual is authentic or not. You're just listening. You're in listening mode. You're in reacting mode.

One is, track it, trace it just like you would any other video to determine whether or not the source of the video or audio could be a nefarious source. For example, looking at, like, hey, this video just came from Nigeria. Not disparaging Nigeria, but there have been a lot of fraud rings, I'll say, from that country that if you can trace it back, you might get some insights on whether or not it's fraudulent or not.

The other thing is trying to go the hard route, which is looking for those digital signatures on all those things that I talked about, all those aspects of the video I'm talking about that would lead one to believe to score it enough to say that it's a fraudulent deep fake.

I'm more concerned about the evolution of that, by the way. I made the point that it's one-directional. The more concerning aspect of deep fakes will be the future. The future is what I would characterize as the convergence of these identity aspects that we have, so our voice and what we say, combined with video.

It's more, I'll say, the convergence of natural language processing, which we're seeing huge advances with GPT-3 and OpenAI, and what they're doing there is tremendously exciting, but it makes me a little nervous. Deep learning, I go back to the Facebook days when they were trying to train two computers to negotiate with each other using deep learning. Negotiation in deep learning bothers me. Then you have this aspect of replication of our facial features and those things, which we're seeing in the one-way deep fake.

You combine all three of these things together, this convergence of NLP, deep learning, deep fake, all of a sudden you have something that could be formidable and challenging. Actually, in our labs today, that's what we're focused on. What are the signatures that we'll be able to pick up even in (we'll call it) high-order natural language processing like GPT-3? What are the things that we can do such that if we do or when we get to these stages, we can have the defenses set up for consumers and businesses to be able to weed those deep fakes out?

Michael Krigsman: How many years do you anticipate this?

Eric Haller: That is the debate. That is the debate. I very rarely get this right. It's like one of those things where sometimes I think it'll take ten years to get there and it takes two years. Sometimes I think it'll take two years to get there and it takes ten years.

I will say this. In the world of deep fakes, I was thinking there are a lot of cool things about deep fakes, by the way: education, entertainment – particularly entertainment. I imagine a whole world of entertainment that will come from this type of technology.

I was having a conversation with my daughter, I want to say, a few weeks ago. I was saying, can you imagine being your favorite comic book hero and being the star in Infinity Wars or whatever and watch a cool movie like that and being one of the superheroes. It's part of the process and now, all of a sudden, I'm a character.

She's like, "Dad, that's going to be at least five years away, maybe ten years away." Then I went online and there's a mobile app you can download where you can be your favorite superhero fighting Thanos and there's a clip. You get to port in and be that person. It is going to happen likely faster than you'd think.

Again, my daughter built a Twitter bot. I talked to that Twitter bot for about 45 minutes and she was using GPT-2, not GPT-3, but very engaging and insightful. I'm shocked at how advanced NLP has gotten already. When you think about three to five years from now, its convergence seems very likely to me.

What is the intersection of digital identity and GPT-3?

Michael Krigsman: Where does the convergence of say GPT-3 happen with identity? Let me just say, for people who don't know, I actually advise a startup that has a front-end to GPT-3. It's amazing what it can produce.

For people that don't know, GPT-3 is this AI model of the Internet. It's scooped up a good portion of the Internet. You type in a topic and it will then generate text, websites, code, all kinds of different things, but you can use it for text. Some of the text it creates is indistinguishable, almost indistinguishable, from what a person could write.

Eric Haller: When I think about identity in the future, one of the things that always pops into my mind is it's almost like a stereotypical or cliché, science fiction, TV or movie where some astronaut goes into outer space and he comes back 20 years later. He looks the same, sounds the same, acts the same, and everybody is excited that this astronaut has come back and they're a part of things, except their spouse.

Their spouse is like, "You know it's not the same person. It's an alien. I know it's an alien." But how did they know that? How does the spouse know? Because it's certain behaviors that they pick up.

With GPT-3, when you think about how will it train, how will it train? Well, you used the point it trains on the Internet.

Okay, so what happens over time when I want to fine-tune it and train it on what people write and comment on Facebook, write in emails, or write in texts? It will start to pick up personas. Over time, you should be able to do that.

Now, the reality is, in this day and age, all of these things take a tremendous amount of training to replicate any kind of individual identity let alone pass the scrutiny of somebody who actually knows the person. We watched the TikTok videos of Tom Cruise. If you knew Tom Cruise, you'd be like, "That's not Tom Cruise." It looks like Tom Cruise. It kind of sounds like Tom Cruise a little bit. But it's not.

To get that level of scrutiny, I think that's where GPT-3 or, we'll call it, GPT-4 (whatever comes out next) or 5, that's where it'll be people that know an individual will be able to know from the questions it asks and the answers it receives that it's not the right person.

One person, an individual, a scientist on our team told me if you ever think you're talking to an NLP bot, one of the things that bots can't do right now are answer logical problems. You could say, "What's 3 times 4 minus 2?" A bot is not going to be able to tell you that.

That's one of those things where I'll say that's a trick [laughter] if you ever wonder. But we're looking for that kind of thing that says, "Are there things digitally we can do or arm consumers within education that when it comes to that point when they are in that situation, what can they do to protect or defend themselves, to filter and ensure that they are talking to the real authentic individual?"

Michael Krigsman: We have another question from Twitter, again from Arsalan Khan. Arsalan just asks great questions. He says, "If a single company creates digital identity that has all of your information, wouldn't the hacks become more targeted, and wouldn't it create a monopoly at the same time?"

Eric Haller: I would say digital identity at this stage would be more like the pandora's box. It's already been opened. It's already everywhere.

I would say that it's an interesting proposal. You kind of have to agree, right? If one company had it all, yeah. Yeah. But I don't think that's even possible. I don't think you could.

Maybe if somebody who is so innovative that they came up with the notion of digital identity in a way, kind of like the mystical person that's created bitcoin, come up with something in a way that totally revolutionizes it, then maybe you're right there. My mind is not broad enough, I think, to think how that would play out and happen.

Blockchain and digital identity

Michael Krigsman: Can we go back to blockchain, which you mentioned earlier? Describe to us that intersection of blockchain and digital identity. Does this have anything to do with bitcoin? Besides, what coin should we buy? [Laughter]

Eric Haller: I don't want to get into crypto, mostly because I'm not a crypto expert. I wish I was. I wish I was a crypto expert. It's funny because a lot of my graduate school colleagues invested quite a bit in crypto and have done well, so good for them. I did not.

If you're familiar with crypto, you know that blockchain is a core part of the crypto technology that has been stripped away and used as, we'll call it, a form of a database that is being used in different use cases. The digital use case, if you look at the World Bank, I think the World Economic Forum, then you look at some of the large multinational consulting companies, some of the major tech companies like Microsoft have invested in the notion of a ubiquitous blockchain for digital identity.

Again, I think it's very interesting. At Experian, we have over 100 million consumers using our mobile app. If you think about I'm one of these consumers.

Maybe I carry my digital identity in this mobile app and it makes my life easier in some way. When I conduct commerce, it's easier. When I make my doctor's appointment, it's easier. Things that really are identity-dependent because there's some kind of permission that's required or access to something that has some kind of financial value to it.

If you participate in this blockchain and you're carrying that around in your app, then the game—for any of these players that I mentioned—is making sure that there are a number of places that it can be used, whether it's with banks, retailers, healthcare providers, or whomever. Maybe it's my Disney ticket or something.

That's where I think it's a challenge because, again, I mentioned earlier in the show about the chicken and egg. If you were to invest in blockchain to receive that digital identity, the first question you're going to ask is, "How many guys have this today? If I'm going to open up, how many people are going to use it?"

If you say, "Well, nobody has got it yet." "Well, come back to me when there are a good number of people that come in the door and they're going to use it."

When you go to the consumer and you say, "Do you want to invest the time to do it?" the answer is, "Yeah, where can I use it? Gosh. I just put all this time in to get authenticated and verified by a trusted authority, and now I'm going to be able to use this credential that I've got, my new digital ID. It's going to make my life super easy. Where can I go use it?"

If the answer is, "Well, really, nowhere yet, but we're going to get there," then they don't want it. So, you've got to seed or weigh one of these things, one or the other.

Apple Pay did a fantastic job, I thought. That was one of those de novo payment systems where I couldn't wait to get Apple Pay on my phone.

I'm an iPhone user, and I'm a payment guy by nature. I worked at Visa and Mastercard, so I'm really into payments. I couldn't wait to use it.

I thought Apple did a fantastic job of signing up a whole bunch of merchants right out of the gate so that I could use my Apple Pay. As soon as it was good, I could go to Subway Sandwiches and buy a sandwich.

Anyway, I think that is the real challenge of blockchain. It's not the technology itself as much as figuring out a way to prime the pump and get it going such that we could have that kind of infrastructure in place.

Michael Krigsman: We have a question from Twitter relating specifically to blockchain. Lisbeth Shaw is wondering about the intensiveness of energy use and does that factor in at all into thinking about blockchain with digital identity.

Eric Haller: That must be a true, I'll call it, information technology professional that asks a question like that. I have a good friend that just recently retired as a global CIO. That was the number one thing that he'd always bring up is (we'll call it) the computational challenge in blockchain.

I don't really know if I can, with an expert opinion, answer that other than to say I think it would depend on how often or frequently that identity is being authenticated and validated in the environment. If I open up a new account for something, my identity is authenticated principally one time during that process. When I am online in a shopping experience, many today will be validating my behaviors continually.

What I mean by that is, as I'm traversing a website, how do I go from the moment I get to the website to the shopping cart? Is it a B-line? Is it an unusual thing? Am I looking at source code of the website? My process to go from beginning to end is continually being evaluated.

If you're asking, would the blockchain be required, this notion of a digital identity blockchain, and would it be required to be accessed frequently like that? Yeah, I think you have a real challenge. But if it's the one-time thing, maybe not so much.

Like I said, I'm not an IT professional, per se. I have heard that come up as a challenge to blockchain and it's a good question to ask.

Societal implications of digital identity

Michael Krigsman: Eric, to change gears a little bit, earlier you spoke about the societal implications of digital identity and access to the kinds of identity that will help a person function in society, whether it's shopping online or shopping even in person. Can you talk more about those issues? I think that's extremely important.

Eric Haller: This is one of the reasons why I like being at Experian. Financial inclusion is actually a very big part. The World Economic Forum would say it's one of the top seven things that they focus on around the world is financial inclusion.

When we talk about digital identity and that digital footprint, it's a challenge in the U.S., but it's really a challenge globally. This is a real global challenge is this notion of being outside of the process.

When we talked about what comprises your digital identity today and we talk about all these different data elements, the more you are online, the more or the stronger the footprint that you have to bring to bear when you're in any kind of transactional environment. It's likely that (if you put fraud aside) your experience will be convenient because you're really easy to see.

Actually, the idea of fraud typically only comes into play when something is different. When everything is the same and it's the same consistently, well, you can permission a lot.

If you're not in the game or you're barely in the game of being online, or conducting or transacting with your mobile device, then you will be disadvantaged over time. It's just very logical to ostensibly say that when you do engage, you're going to have to go through whatever processes will be in place at that time.

It is important to get people access to the internet. I know there are so many initiatives outside of the company that I'm in to try to make that happen, but it's important.

I think there are other areas of digital identity, as Katie had brought up – I think it was Katie – about deep fakes. This is an area that's new in many ways. Granted, the Tom Cruise video, the Speaker of the House Nancy Pelosi, and the slurring of the words, Barack Obama, we've seen a lot of deep fakes that have caught a lot of press.

Having said that, this is still the beginning stages of this. The technology is just starting. You're just starting to see, I'd say, the first fruits of deep learning in these ways, or NLPs we were talking about. It's all brand new.

A lot of these things that we're talking about have only been in the last four or five years. I'm sure the scientists will correct me back home, but I'll say deep learning is still relatively new, between Hinton and Andrew Ng, and some of these top professors that brought this to us in maybe the last ten years. When we talk about OpenAI, what are they, like, three years old, four years old? All this stuff is pretty new stuff.

I'm bringing all this into play because when you think about consumers and consumer protection, making sure that we create an environment where we know what's illegal and not illegal, what's safe and not safe, making sure that there are the right organizations in place to pursue when fraud takes place, these are things that are going to grow. Yeah, as a society, I think we have to be mindful of that and we have to put the right energy and resources against it.

Michael Krigsman: Eric, as we finish up, what are the kinds of challenges around this that keep you awake at night?

Eric Haller: There have been so many data breaches over time that making sure that we are constantly thinking of, I'll call it, the next generation of how we identify and authentic individuals is critical to a lot of what we do with financial access and access to services, et cetera. That's what keeps me engaged at Experian is that we have the resources and the kinds of individuals that want to invest the time to try to push the envelope on what's going to come next. I think you have to given what we've experienced to date in terms of data breaches and those types of things.

Advice to businesses and policymakers on digital identity

Michael Krigsman: What advice do you have to businesses, to policymakers, even to consumers, around digital identity? It's an issue that affects every single one of us.

Eric Haller: I get a lot of value out of tracking, actually, because I'm an employee at Experian. I told you before the show. I said, I really don't talk about our products, but here I'm talking about our products.

This one in particular, if you want your identity kind of managed and tracked, knowing if your data has been compromised, your passwords have been compromised, I find that to be tremendously valuable to me. I can't tell you how often I'm got an alert that says, "This account and this password has been compromised, and we know it because we saw it out on the dark Web."

I instantly go, "Okay, I'm going to not only change that, but anywhere else I use that particular password," because I'm a guy that uses similar passwords across multiple properties. I will go and I'll change that. I think being aware and responsible is something that we all need to take to heart in this day and age, particularly as we shift more and more of our behavior online.

Michael Krigsman: How about policymakers? What advice do you have for policymakers on dealing with this issue?

Eric Haller: Being able to properly define what is okay and not okay. Where is the line from entertainment and education to, we'll call it, taking somebody's identity in an unwarranted or unlawful fashion? Then what are the penalties for that?

There are some areas, as we haven't talked about fair artificial intelligence or transparent artificial intelligence. It kind of gets into that phase, which is, the more clear lines there are that everybody operates to, the better.

I'm never concerned about a company like Experian because it's what we do. We're highly regulated. We have all these laws that we need to follow and comply with. We have experts that are always studying these things and trying to assess if the lines are gray or not. We create clear black and white lines to operate within.

I don't worry about companies like Experian. It's all the companies that don't have those assets at their disposal. Particularly, when you start going into, we'll call it, the gray area where people are experimenting and challenging the edge, which happens, where are consumers and businesses being protected? I do think that's an area for public policy to weigh in and address.

Michael Krigsman: All right. I would like to thank Eric Haller, Executive Vice President of Experian and Global Head of Experian DataLabs, which is their R&D function. Eric, thank you so much for taking time to be with us today.

Eric Haller: You bet. Thank you.

Michael Krigsman: Everybody, thank you for watching and, in particular, those folks who contributed such great questions. Before you go, subscribe to our YouTube channel and hit the subscribe button at the top of our website, so you could get our newsletter. Thanks so much, everybody, and hope you have a great day.

Michael Krigsman: We're discussing digital identity with Eric Haller, Executive Vice President of Experian and Global Head of Experian DataLabs.

Eric Haller: Sometimes it's easier to think about analog and how that might relate to digital. Our analog life, our identity, is pretty straightforward. We're all used to showing a driver's license, an identity card, or a passport. Its' been authenticated by somebody that we trust like the government. It's something that we use as an entry point to open up our first checking account at the bank or when we go to the doctor's office and we provide insurance and our identity.

What is digital identity?

In the digital world, it's very similar. If you think about that provenance or that trusted source of identity, it often starts with some things that we don't even see.

Maybe if you go back 30 years, it started with certificate authorities or credential authorities in our public and private keys that were used to encrypt our data – still today. Banks will use things like multifactor authentication; send a PIN to your phone to ensure that the communication that's going back and forth is with the person that they think it is.

That digital footprint is growing and expanding into a lot of pieces of information that most of us aren't familiar with or think about. That data becomes the gateway to how we access goods and services in a digital environment.

Michael Krigsman: Why is this such a complex topic?

Eric Haller: Complexity can be viewed in a couple of different ways. One is, if you don't know much about it, it becomes complicated. Sometimes just education and awareness clean up complexity.

The other thing is that it's rooted in technology. I think that's a part of it, so when you start thinking about how does your device represent itself in a digital environment and how that device attaches to you as an individual or you as a household, then it gets into data, elements, networks, and things that most people don't really put a lot of time and thought into. But those become the Legos or the building blocks to who we are and what represents us in our identity in the digital world.

Michael Krigsman: This notion of having an unambiguous identity involves not just you, one personally, but your various devices and even potentially your locations.

Eric Haller: Yeah, so you think about it. We go back to analog. We said, well, the U.S. government stamped their approval that I'm Eric Haller. I went in. I provided a birth certificate or something.

I provided all this information and the government said, "Yep." They took my picture and then they said, "Hey, if I ever have to match against a database, I'll look at this ID and maybe a picture of somebody's face and say, 'That's Eric Haller.'"

In a digital world, there aren't a lot of authorities. There are some. There are some. Experian plays a role in that. But there are a lot of data elements that represent us, so the game is trying to attach those data elements that represent us digitally to some kind of authority.

For example, you mentioned location. If I'm conducting commerce from my home on my iPad or my mobile device, it's very likely that, particularly if I'm using a mobile app, that GPS lat/long coordinates are attached to that device.

Over time, you would be able to see a consistent pattern of lat/long coordinates associated with that commerce activity and, if one were so motivated, they could take the lat/long coordinates, go to a map, and go, "Hey, this is a home address and this home address matches with Eric Haller." Over time, those lat/long coordinates become an element that represents us digitally, can be consistent, and can be leveraged.

The only thing is, what happens when I conduct commerce from another location? Then those lat/long coordinates aren't as valuable. But maybe there are some other things that are as valuable because I'm still using the same phone and I may have consistent data elements around the phone whether it's the operating system, the screen size, and the device type, or maybe something more complicated like an advertising ID or something in there, some specific things that might represent features of the phone that are unique.

How do you establish digital identity?

Michael Krigsman: I guess that raises the question, how do you establish digital identity? It sounds like there are lots of individual pieces that you assemble together in order to create the picture. Is that a correct way to say it?

Eric Haller: I think that's right. For one is, most people have a digital identity, whether they care to establish it or not. If you are interfacing through a device over the Web, there are data elements that need to be able to drive information back and forth for it to properly land on your device. Then if you actually buy something online, you're going to start opening up things that will relate back to where you're having goods shipped to and your name, address, credit card number, all these things that are captured online.

There are people that don't have access to the Internet or aren't engaging in commerce online. Those folks are less likely to have any kind of digital footprint at this stage.

I'm personally concerned that there may be people groups that will get left out of this. That's why it's so important that everybody has access to the Internet and has access to conducting commerce in this way because, over time, that digital identity—as it fortifies, becomes more consistent, becomes more credible—will become more of a gateway or key to convenience and convenient access to goods and services.

As we saw in this pandemic, that can even ostensibly go to healthcare and having convenient access to healthcare online, of being diagnosed. That identity does become important and it's something that we all have a vested interest in making sure that it's done right.

Michael Krigsman: The nature of digital identity or the importance of digital identity goes far beyond shopping alone, but there are very broad societal implications.

Eric Haller: Definitely. There are so many entities, not just private businesses, private enterprises like Experian where we focus on this quite a bit, actually, in trying to make sure that our clients are doing their best at verifying and authenticating identities and making sure that they're not bots that are impersonating people or imposters that have come in and trying to gain access to a consumer or a business's financials. But also, the government, the U.S. government. There are a lot of committees and, we'll say, initiatives that are underway to try to give better definition to this.

I think if you study it a little bit, you will see that one of the questions I get asked about the credibility and long-term viability of digital identity is the inclusion of blockchain. Blockchain actually comes with some promises around portability, which is key if we're talking about leveraging a digital identity in multiple environments and multiple use cases. That portability becomes a factor. Immutability or the protection that comes with blockchain that somebody can't tamper with it, that it becomes (we'll call it) tamper-proof over time. Those are key things.

Whether the blockchain is the solution or not really doesn't matter so much as those challenges of immutability and portability are met. That's a whole other conversation. If we have time, we can talk a little bit about that. There are some real challenges in that paradigm.

Michael Krigsman: What strikes me, and also surprises me a little bit, is you're a technologist but it sounds like you are almost equally concerned with the technology dimensions on the one hand and the implications for individuals on the other hand – at the same time.

Eric Haller: I think that the two go hand-in-hand. Often the technology becomes the easier of the two equations.

Like I was talking about blockchain, I get asked a lot why isn't that happening super-fast. If that's a really good way to go, why aren't we going in that direction?

It's not the technology. It's the business proposition. You need a value proposition on both sides of the equation.

Consumers have to be incented enough to carry a digital identity that can meet those requirements, put the time in to be authenticated, and have it loaded in some kind of digital wallet or environment where they can easily use it. Parties that would accept that identity in exchange for conducting commerce in some way or providing a service in some way have to accept that the fact that there are going to be a lot of people that are going to use this and have to build in advance of that.

It's a bit of chicken and egg. We see that a lot in things like payment systems. There are a lot of chicken and egg business models out there.

When you get into, "Gosh, I want to do digital identity perfectly, and I want the perfect environment for it," well, technically you can set that up but business-wise, you have to overcome that chicken and egg paradigm in making sure that both parties are equally incented to jump in.

How to improve digital identity?

Michael Krigsman: We have a question from Twitter that I think is related to this. Wayne Anderson, who is a regular watcher and is the most prolific tweeter I think I've ever met. His tweets are brilliant. They're great. He asks, "Interactive two-factor authentication at scale has been a challenge for consumers to balance convenience. When do we get to better protections and what are we missing as an industry?" I think this gets to the incentives point that you just raised.

Eric Haller: There are a couple of things about two-factor. We did a survey for consumers around the globe in ten different countries. We asked them what was the number one thing that they are concerned with when conducting business online, accessing goods and services digitally. The number one thing they said (55% of them said) security was number one.

Then we asked them, "Well, what are the things that you would value in terms of protecting you?" Number one was what we would find on our phone: facial recognition, fingerprint access. Number two was this two-factor authentication—principally sending a PIN to the phone—which surprised me because, like your listener said, it's very inconvenient.

At least market research would tell us, people right now actually are almost trained to trust that that process works. They see the PIN. It goes on their phone. Whoever they're interacting with, most likely banks – that seems to be who does it most – that there's a sense of trust. How do we get past that?

Oh, and by the way, the third thing was actually, I think, one of the ways we do get past it which is consumers say they don't want to provide data, but they were hoping that there's a lot of information that's already in the system that could do this on their behalf. We refer to that as behavioral analytics or behavioral biometrics, but data that they don't see.

We'll call it ambient data that you can leverage. That could be the promise. I'm not saying it is, but it could be. I'll give you some examples of what that might mean.

You think about how quickly it takes to respond to an item in a shopping cart. You're shopping online. You might have four pages to go through before you actually conclude your shopping cart experience. It might ask you who is going to ship you goods, what's your credit card number that you want to use. Maybe I'm going to give you one last offer before you hit the "I'm buying it" thing. It might be three or four things.

A bot will go through that really fast, faster than a person. Out in the world now, I think fraudsters are getting smart. They're slowing their bots down because you can figure out it's a bot. An individual, over time, will have consistent patterns on how quickly they hit those buttons, so profiling those kinds of things.

I'll give you another example. I'm on my phone and I'm touching things on my phone in a commerce situation. How I touch my phone will provide some insights into whether I'm a bot or not. A bot might only fire up a tiny number of pixels on my phone whereas my finger is going to fire up over 100 when I touch it. I can't help myself, right? Your finger, even if you barely touch it, you're going to fire up more pixels. That'll likely happen, so I can screen out a bot.

An imposter may use a person (not a bot but a person who is not me). May choose to swipe up or swipe down, swipe left or swipe right, or click on different things. If I'm going through a security thing, I have to pick fire hydrants out on a bunch of pictures. I may have a different way of doing that. I may start from the bottom lower left-hand corner and work myself to upper right versus an imposter window that pick a different way.

They all sound a little like, "Yeah, maybe." But in aggregate, as you start building these things up, they paint a picture.

Is that picture accurate enough where you can avoid things like annoying PINs sent to my phone? We're not there yet, but the question will be, over time, as we develop these things, that we should be able to get there.

When you know that less than one percent of the time it's a bot or an imposter and 99% of the time it's a real human being, the legitimate person that represents themselves to be this person, you want to make that process as convenient as possible. Everybody is incented to do that. It's a matter of trying to figure out the right combinations in the background that gets us to a confidence point where the false positives are low and our detection rate is high. That's how I would answer that.

Michael Krigsman: We have a question from Twitter from another excellent regular listener who asks excellent questions. Arsalan Khan says, "On the surface, it seems that digital identity for consumers is similar to single sign-on at enterprises. Are there any lessons learned or overlaps that can help us understand this and help us do a better job in the enterprise?"

Eric Haller: I would say a few things. One is, one of the things we learned from the survey that we did. This, I'll say, goes against the notion of single sign-on, but I believe your Twitter follower isn't advocating passwords. I don't think that's what they're saying.

I do want to say this one thing about passwords is that people don't like them anymore. I don't know if they ever did, but they really don't like them now. They don't trust them.

Experian, one of the services we have operates on the dark Web. When you see these massive data breaches that occur, there's the seedy underbelly of the Internet where all that data is traded and sold. We do a very good job of staying close to those trading environments so that we can know what's being compromised and sold, so we can leverage that information. One, for our own products and services. Two, so that we can alert consumers that subscribe to us that, hey, your password has just been compromised on these accounts.

People don't trust the password process. A lot of them don't remember all of their passwords. Trying to remember them is becoming a challenge.

Single sign-on, I get it. I use my devices, which plugs in passwords on my behalf – very cool. But you're still trapped in the password paradigm.

I think that's one of those things that I like the idea of enterprise-wide digital identity—getting myself out of the password paradigm—but what that might look like, I kind of go back to this analog thing, which goes back to provenance and trust. Who is going to be the architect of that and how is that going to be rolled out? I think we'll have to look at private enterprise (for the most part) to do that, and companies like Experian.

Experian definitely is a player in that space. There are few companies in there that are all focused on that big prize.

How can we protect against AI-generated deep fakes?

Michael Krigsman: Katie Waldenburg raises the question of deep fakes, which is a really interesting question. How can you tell? They're so good these days.

Eric Haller: When we talk about digital identity, one of the things that we don't talk so much about is our pictures, our voices, our videos. You and I right now are creating our digital presence in this talk show and we've seen that the area deep fakes are getting more and more challenging to determine whether it's a fake or not.

In fact, USC did a study three years ago on deep fakes and the ability to detect them and said 95% of all deep fakes you can detect, which was pretty good until Google just did a contest that ended a few months ago. They seeded a database with 3,000 deep fakes. The best researchers in the world could only detect 65% of the deep fakes, which means the world of deep learning—in this case, usually generative adversarial networks—the ability to fine-tune your fake signal, whether it's the lighting, the camera angles, the continuity or congruity in the background, the demarcation of the lines, blinking, mouth movement, all these things that comprise what a neural net has to assess and replicate (to turn my face into Tom Cruise or something on a TikTok video) is getting better and better. It's becoming more challenging to detect that.

In the point of the ability to detect deep fakes, I would say there are a couple of different angles. One is, today, right now, deep fakes are really only single direction, which is kind of more of the fake news type thing. They're not interactive. You don't have the opportunity to ask questions to determine whether or not that digital representation of an individual is authentic or not. You're just listening. You're in listening mode. You're in reacting mode.

One is, track it, trace it just like you would any other video to determine whether or not the source of the video or audio could be a nefarious source. For example, looking at, like, hey, this video just came from Nigeria. Not disparaging Nigeria, but there have been a lot of fraud rings, I'll say, from that country that if you can trace it back, you might get some insights on whether or not it's fraudulent or not.

The other thing is trying to go the hard route, which is looking for those digital signatures on all those things that I talked about, all those aspects of the video I'm talking about that would lead one to believe to score it enough to say that it's a fraudulent deep fake.

I'm more concerned about the evolution of that, by the way. I made the point that it's one-directional. The more concerning aspect of deep fakes will be the future. The future is what I would characterize as the convergence of these identity aspects that we have, so our voice and what we say, combined with video.

It's more, I'll say, the convergence of natural language processing, which we're seeing huge advances with GPT-3 and OpenAI, and what they're doing there is tremendously exciting, but it makes me a little nervous. Deep learning, I go back to the Facebook days when they were trying to train two computers to negotiate with each other using deep learning. Negotiation in deep learning bothers me. Then you have this aspect of replication of our facial features and those things, which we're seeing in the one-way deep fake.

You combine all three of these things together, this convergence of NLP, deep learning, deep fake, all of a sudden you have something that could be formidable and challenging. Actually, in our labs today, that's what we're focused on. What are the signatures that we'll be able to pick up even in (we'll call it) high-order natural language processing like GPT-3? What are the things that we can do such that if we do or when we get to these stages, we can have the defenses set up for consumers and businesses to be able to weed those deep fakes out?

Michael Krigsman: How many years do you anticipate this?

Eric Haller: That is the debate. That is the debate. I very rarely get this right. It's like one of those things where sometimes I think it'll take ten years to get there and it takes two years. Sometimes I think it'll take two years to get there and it takes ten years.

I will say this. In the world of deep fakes, I was thinking there are a lot of cool things about deep fakes, by the way: education, entertainment – particularly entertainment. I imagine a whole world of entertainment that will come from this type of technology.

I was having a conversation with my daughter, I want to say, a few weeks ago. I was saying, can you imagine being your favorite comic book hero and being the star in Infinity Wars or whatever and watch a cool movie like that and being one of the superheroes. It's part of the process and now, all of a sudden, I'm a character.

She's like, "Dad, that's going to be at least five years away, maybe ten years away." Then I went online and there's a mobile app you can download where you can be your favorite superhero fighting Thanos and there's a clip. You get to port in and be that person. It is going to happen likely faster than you'd think.

Again, my daughter built a Twitter bot. I talked to that Twitter bot for about 45 minutes and she was using GPT-2, not GPT-3, but very engaging and insightful. I'm shocked at how advanced NLP has gotten already. When you think about three to five years from now, its convergence seems very likely to me.

What is the intersection of digital identity and GPT-3?

Michael Krigsman: Where does the convergence of say GPT-3 happen with identity? Let me just say, for people who don't know, I actually advise a startup that has a front-end to GPT-3. It's amazing what it can produce.

For people that don't know, GPT-3 is this AI model of the Internet. It's scooped up a good portion of the Internet. You type in a topic and it will then generate text, websites, code, all kinds of different things, but you can use it for text. Some of the text it creates is indistinguishable, almost indistinguishable, from what a person could write.

Eric Haller: When I think about identity in the future, one of the things that always pops into my mind is it's almost like a stereotypical or cliché, science fiction, TV or movie where some astronaut goes into outer space and he comes back 20 years later. He looks the same, sounds the same, acts the same, and everybody is excited that this astronaut has come back and they're a part of things, except their spouse.

Their spouse is like, "You know it's not the same person. It's an alien. I know it's an alien." But how did they know that? How does the spouse know? Because it's certain behaviors that they pick up.

With GPT-3, when you think about how will it train, how will it train? Well, you used the point it trains on the Internet.

Okay, so what happens over time when I want to fine-tune it and train it on what people write and comment on Facebook, write in emails, or write in texts? It will start to pick up personas. Over time, you should be able to do that.

Now, the reality is, in this day and age, all of these things take a tremendous amount of training to replicate any kind of individual identity let alone pass the scrutiny of somebody who actually knows the person. We watched the TikTok videos of Tom Cruise. If you knew Tom Cruise, you'd be like, "That's not Tom Cruise." It looks like Tom Cruise. It kind of sounds like Tom Cruise a little bit. But it's not.

To get that level of scrutiny, I think that's where GPT-3 or, we'll call it, GPT-4 (whatever comes out next) or 5, that's where it'll be people that know an individual will be able to know from the questions it asks and the answers it receives that it's not the right person.

One person, an individual, a scientist on our team told me if you ever think you're talking to an NLP bot, one of the things that bots can't do right now are answer logical problems. You could say, "What's 3 times 4 minus 2?" A bot is not going to be able to tell you that.

That's one of those things where I'll say that's a trick [laughter] if you ever wonder. But we're looking for that kind of thing that says, "Are there things digitally we can do or arm consumers within education that when it comes to that point when they are in that situation, what can they do to protect or defend themselves, to filter and ensure that they are talking to the real authentic individual?"

Michael Krigsman: We have another question from Twitter, again from Arsalan Khan. Arsalan just asks great questions. He says, "If a single company creates digital identity that has all of your information, wouldn't the hacks become more targeted, and wouldn't it create a monopoly at the same time?"

Eric Haller: I would say digital identity at this stage would be more like the pandora's box. It's already been opened. It's already everywhere.

I would say that it's an interesting proposal. You kind of have to agree, right? If one company had it all, yeah. Yeah. But I don't think that's even possible. I don't think you could.

Maybe if somebody who is so innovative that they came up with the notion of digital identity in a way, kind of like the mystical person that's created bitcoin, come up with something in a way that totally revolutionizes it, then maybe you're right there. My mind is not broad enough, I think, to think how that would play out and happen.

Blockchain and digital identity

Michael Krigsman: Can we go back to blockchain, which you mentioned earlier? Describe to us that intersection of blockchain and digital identity. Does this have anything to do with bitcoin? Besides, what coin should we buy? [Laughter]

Eric Haller: I don't want to get into crypto, mostly because I'm not a crypto expert. I wish I was. I wish I was a crypto expert. It's funny because a lot of my graduate school colleagues invested quite a bit in crypto and have done well, so good for them. I did not.

If you're familiar with crypto, you know that blockchain is a core part of the crypto technology that has been stripped away and used as, we'll call it, a form of a database that is being used in different use cases. The digital use case, if you look at the World Bank, I think the World Economic Forum, then you look at some of the large multinational consulting companies, some of the major tech companies like Microsoft have invested in the notion of a ubiquitous blockchain for digital identity.

Again, I think it's very interesting. At Experian, we have over 100 million consumers using our mobile app. If you think about I'm one of these consumers.

Maybe I carry my digital identity in this mobile app and it makes my life easier in some way. When I conduct commerce, it's easier. When I make my doctor's appointment, it's easier. Things that really are identity-dependent because there's some kind of permission that's required or access to something that has some kind of financial value to it.

If you participate in this blockchain and you're carrying that around in your app, then the game—for any of these players that I mentioned—is making sure that there are a number of places that it can be used, whether it's with banks, retailers, healthcare providers, or whomever. Maybe it's my Disney ticket or something.

That's where I think it's a challenge because, again, I mentioned earlier in the show about the chicken and egg. If you were to invest in blockchain to receive that digital identity, the first question you're going to ask is, "How many guys have this today? If I'm going to open up, how many people are going to use it?"

If you say, "Well, nobody has got it yet." "Well, come back to me when there are a good number of people that come in the door and they're going to use it."

When you go to the consumer and you say, "Do you want to invest the time to do it?" the answer is, "Yeah, where can I use it? Gosh. I just put all this time in to get authenticated and verified by a trusted authority, and now I'm going to be able to use this credential that I've got, my new digital ID. It's going to make my life super easy. Where can I go use it?"

If the answer is, "Well, really, nowhere yet, but we're going to get there," then they don't want it. So, you've got to seed or weigh one of these things, one or the other.

Apple Pay did a fantastic job, I thought. That was one of those de novo payment systems where I couldn't wait to get Apple Pay on my phone.

I'm an iPhone user, and I'm a payment guy by nature. I worked at Visa and Mastercard, so I'm really into payments. I couldn't wait to use it.

I thought Apple did a fantastic job of signing up a whole bunch of merchants right out of the gate so that I could use my Apple Pay. As soon as it was good, I could go to Subway Sandwiches and buy a sandwich.

Anyway, I think that is the real challenge of blockchain. It's not the technology itself as much as figuring out a way to prime the pump and get it going such that we could have that kind of infrastructure in place.

Michael Krigsman: We have a question from Twitter relating specifically to blockchain. Lisbeth Shaw is wondering about the intensiveness of energy use and does that factor in at all into thinking about blockchain with digital identity.

Eric Haller: That must be a true, I'll call it, information technology professional that asks a question like that. I have a good friend that just recently retired as a global CIO. That was the number one thing that he'd always bring up is (we'll call it) the computational challenge in blockchain.

I don't really know if I can, with an expert opinion, answer that other than to say I think it would depend on how often or frequently that identity is being authenticated and validated in the environment. If I open up a new account for something, my identity is authenticated principally one time during that process. When I am online in a shopping experience, many today will be validating my behaviors continually.

What I mean by that is, as I'm traversing a website, how do I go from the moment I get to the website to the shopping cart? Is it a B-line? Is it an unusual thing? Am I looking at source code of the website? My process to go from beginning to end is continually being evaluated.

If you're asking, would the blockchain be required, this notion of a digital identity blockchain, and would it be required to be accessed frequently like that? Yeah, I think you have a real challenge. But if it's the one-time thing, maybe not so much.

Like I said, I'm not an IT professional, per se. I have heard that come up as a challenge to blockchain and it's a good question to ask.

Societal implications of digital identity

Michael Krigsman: Eric, to change gears a little bit, earlier you spoke about the societal implications of digital identity and access to the kinds of identity that will help a person function in society, whether it's shopping online or shopping even in person. Can you talk more about those issues? I think that's extremely important.

Eric Haller: This is one of the reasons why I like being at Experian. Financial inclusion is actually a very big part. The World Economic Forum would say it's one of the top seven things that they focus on around the world is financial inclusion.

When we talk about digital identity and that digital footprint, it's a challenge in the U.S., but it's really a challenge globally. This is a real global challenge is this notion of being outside of the process.

When we talked about what comprises your digital identity today and we talk about all these different data elements, the more you are online, the more or the stronger the footprint that you have to bring to bear when you're in any kind of transactional environment. It's likely that (if you put fraud aside) your experience will be convenient because you're really easy to see.

Actually, the idea of fraud typically only comes into play when something is different. When everything is the same and it's the same consistently, well, you can permission a lot.

If you're not in the game or you're barely in the game of being online, or conducting or transacting with your mobile device, then you will be disadvantaged over time. It's just very logical to ostensibly say that when you do engage, you're going to have to go through whatever processes will be in place at that time.

It is important to get people access to the internet. I know there are so many initiatives outside of the company that I'm in to try to make that happen, but it's important.

I think there are other areas of digital identity, as Katie had brought up – I think it was Katie – about deep fakes. This is an area that's new in many ways. Granted, the Tom Cruise video, the Speaker of the House Nancy Pelosi, and the slurring of the words, Barack Obama, we've seen a lot of deep fakes that have caught a lot of press.

Having said that, this is still the beginning stages of this. The technology is just starting. You're just starting to see, I'd say, the first fruits of deep learning in these ways, or NLPs we were talking about. It's all brand new.

A lot of these things that we're talking about have only been in the last four or five years. I'm sure the scientists will correct me back home, but I'll say deep learning is still relatively new, between Hinton and Andrew Ng, and some of these top professors that brought this to us in maybe the last ten years. When we talk about OpenAI, what are they, like, three years old, four years old? All this stuff is pretty new stuff.

I'm bringing all this into play because when you think about consumers and consumer protection, making sure that we create an environment where we know what's illegal and not illegal, what's safe and not safe, making sure that there are the right organizations in place to pursue when fraud takes place, these are things that are going to grow. Yeah, as a society, I think we have to be mindful of that and we have to put the right energy and resources against it.

Michael Krigsman: Eric, as we finish up, what are the kinds of challenges around this that keep you awake at night?

Eric Haller: There have been so many data breaches over time that making sure that we are constantly thinking of, I'll call it, the next generation of how we identify and authentic individuals is critical to a lot of what we do with financial access and access to services, et cetera. That's what keeps me engaged at Experian is that we have the resources and the kinds of individuals that want to invest the time to try to push the envelope on what's going to come next. I think you have to given what we've experienced to date in terms of data breaches and those types of things.

Advice to businesses and policymakers on digital identity

Michael Krigsman: What advice do you have to businesses, to policymakers, even to consumers, around digital identity? It's an issue that affects every single one of us.

Eric Haller: I get a lot of value out of tracking, actually, because I'm an employee at Experian. I told you before the show. I said, I really don't talk about our products, but here I'm talking about our products.

This one in particular, if you want your identity kind of managed and tracked, knowing if your data has been compromised, your passwords have been compromised, I find that to be tremendously valuable to me. I can't tell you how often I'm got an alert that says, "This account and this password has been compromised, and we know it because we saw it out on the dark Web."

I instantly go, "Okay, I'm going to not only change that, but anywhere else I use that particular password," because I'm a guy that uses similar passwords across multiple properties. I will go and I'll change that. I think being aware and responsible is something that we all need to take to heart in this day and age, particularly as we shift more and more of our behavior online.

Michael Krigsman: How about policymakers? What advice do you have for policymakers on dealing with this issue?

Eric Haller: Being able to properly define what is okay and not okay. Where is the line from entertainment and education to, we'll call it, taking somebody's identity in an unwarranted or unlawful fashion? Then what are the penalties for that?

There are some areas, as we haven't talked about fair artificial intelligence or transparent artificial intelligence. It kind of gets into that phase, which is, the more clear lines there are that everybody operates to, the better.

I'm never concerned about a company like Experian because it's what we do. We're highly regulated. We have all these laws that we need to follow and comply with. We have experts that are always studying these things and trying to assess if the lines are gray or not. We create clear black and white lines to operate within.

I don't worry about companies like Experian. It's all the companies that don't have those assets at their disposal. Particularly, when you start going into, we'll call it, the gray area where people are experimenting and challenging the edge, which happens, where are consumers and businesses being protected? I do think that's an area for public policy to weigh in and address.

Michael Krigsman: All right. I would like to thank Eric Haller, Executive Vice President of Experian and Global Head of Experian DataLabs, which is their R&D function. Eric, thank you so much for taking time to be with us today.

Eric Haller: You bet. Thank you.

Michael Krigsman: Everybody, thank you for watching and, in particular, those folks who contributed such great questions. Before you go, subscribe to our YouTube channel and hit the subscribe button at the top of our website, so you could get our newsletter. Thanks so much, everybody, and hope you have a great day.