Telcos as digital identity enablers

We're looking forwards to the Telco 2.0 event next week. One of the presenters on Day 3 for our Technology Insiders workshop is Aude Pichelin. She is Head of Multimedia Services Standardisation at France Telecom, and will be reporting the results of some of their work in the area of operators and digital ID.

This session particularly interests me because I was personally on a project to create a single customer identity at a large carrier, and the task proved virtually impossible. Fifty million customer records from three independent business units and dozens of silo-built applications meant that the process of matching records could never be accurate enough, and the effort of users claiming and merging their multiple accounts always too difficult to implement in practise.

Phone calls might be free, but spam and fraud are expensive

Whenever I walk past an mobile operator retail outlet, I don't see a "phone store". What really happens is someone goes in wanting service, and presents various credentials (e.g. drivers license) and personal data to pass a credit check. They leave with a SIM card which happens to be wrapped in a radio and provisioned with a phone number. It's a strong digital identity retail store.

Subscribers then go on to call lots of friends, family and workmates, and the telco keeps the records. These people in turn will know who you are and where you live. You also can't create new device identities or phone numbers at whim -- at least not at any scale. So it's a bad idea to use your phone for illegal or abusive purposes as there is a good chance of being caught. Watch the bits, not the atoms. These identity bits were expensive to obtain, and the Internet players don't have an equivalent infrastructure. Identity is a valuable and profitable business. Just ask Neustar, Verisign and Experian.

This is a particularly good time to be discussing the commercial aspects of operators as identity businesses. For a number of years there have been discussions centred around technologies like ENUM. This would (in principle) allow carriers and users to open up the numbering system (and strong authentication and identity) to new services. In practise this hasn't happened. The technology has been immature, the cost of implementation too high, the user experience too complex. Most of all, operators fear the loss of control -- they like the closed worlds of voice, SMS, MMS and video calling. The business model of being an open platform has been too uncertain.

Open identity technology changes the game

This is likely to change. One reason is better technology. Largely unnoticed by the commercial side of the telecom business, a new identity infrastructure is being spawned that learns from the mistakes of the past. Imagine a "Telco 1.0" version of the Web where every web page had to be registered in a central directory before it could be published. That's what previous identity services have been like -- either highly centralised, or "federated" but under the control of the site owners.

The web's hyperlink structure decoupled directory services (e.g. Yahoo!) from publishing. It also decoupled my page from yours, because we didn't need to agree on any protocol for exchanging links and backlinks. We can do the same for strong identities, and let users "publish" their identity without having to get permission first. The technology that does this is called OpenID.

The idea is deceptively simple. You put more control in the hands of the user in a highly decoupled architecture -- all very Telco 2.0. Rather than a site-specific user ID, users identify themselves via a unique URL of their own choosing. A series of web page redirections land you at an authentication page of your identity provider (which could be a telco). And once you've authenticated, you find yourself back where you started, but logged in. In some ways the experience still feels like the failed Microsoft Passport service -- but the reality is totally different, because it's the user who chooses who their identity provider is, not the business development folk of the web site.

So what? This could become a large business in its own right

Companies like eBay are sweating under the burden of abuse. A fraudster can create new eBay identities at any time. Users bring no identity collateral up front: they are expected to build up a reputation solely within the service silo itself. More trust, more users, more transactions, more revenue. Whoever enables it deserves some to share the benefit.

The opportunity is for operators to reduce the friction in people transacting goods and services. If you can sign up for eBay with a telco ID, it can immediately gives people more confidence in who you are. The operator might asset how long the identity has been in use, and how many parties have relied on it without complaint.

There are many possible business models. Your operator-hosted authentication page might have service promotions or adverts. Third parties might be offered the ability to buy additional data asserting the strength of the identity on offer. Users are unlikely to ever be charged for identity services explicitly, but it could be a churn-buster. After all, how do you "port" the identifier URL http://www.vodafone.net/447912987456 to another carrier? And what if that carrier doesn't have the identity collateral and web of relationship data that your current carrier has on you?

The time has come for operators to experiment with new revenue streams and business models. Being an identity provider is one of the stronger candidates, as part of being an enabling business platform.

Should operators be wholesaling enabling capabilities like payment and identity services to 3rd parties? Come and debate it at our Telco 2.0 Industry Brainstorm next week.