Over the last couple of years, I have regularly heard discussion about the possibility of mobile operators providing "managed ID" services to either businesses or consumers. It's something I haven't really delved into in depth, but I've generally thought it makes a fair amount of sense in some circumstances, especially for the corporate market where employees may need ID cards or other forms of secure logon.
I hadn't really thought about the options for massmarket consumers until seeing a couple of presentations and panel discussions at yesterday's Telco 2.0 brainstorm in Nice. I'm now less certain about the whole thing.
Orange presented the notion of becoming like an individual's bank, trusted to store digital content, provide single log-on capabilities and so forth, "for their whole life". Insofar as I could make out however, this was all tied to the individual maintaining an Orange access connection (SIM, fixed broadband etc).
This is utterly unrealistic. I can't imagine that any sane person would want to lock themselves into a mobile or fixed access provider for life. Why would you want to entrust your photos, or music or digital signature to a company that actively prevents you from churning if you just want to get an exclusive phone offered by another operator?
I think that any link between identity management and access will lead to a complete erosion of trust. Loyalty is not the same as lock-in: it is earned, not enforced. This is something that telcos (especially mobile ones) tend to ignore. I keep hearing terms like "stickiness" in discussions about churn reduction, which is a codeword for lock-in. This is a surefire way for customer dissatisfaction, and you can bet that when the beleagured punter finally extricates himself from his contract with his data, he'll shout it from the rooftops.
I caused a fair amount of consternation by asserting that I trust my bank and Google more with my data than my main mobile operator (O2 in my case) or the UK government.
Over coffee, a representative of a vendor asked me why I don't trust operators with personal data - and why I trust Google more. My answers were:
(a) they already spam me through SMS and post;
(b) I actually don't know where O2's ownership of my data ends and Carphone Warehouse begins. I get bills from CPW, but I'm on the O2 network.
(c) Operators (and governments) frequently outsource their IT to other companies. If they don't trust themselves to hold my data, why should I trust them?
(d) I know that operators pursue aggressive lock-in strategies, which makes me very wary of falling into the traps
(e) I know that there is a reasonable chance I'll want to churn at some point, and I see no reason to make my decision harder. What happens if Vodafone gets an exclusive on a particular handset I want?
(f) There's no bilateralism in identity management, which points to arrogance and closed behaviour. If operators believe that ID can be provided by third parties as a managed service, then operators should also buy into the concept for inbound ID as well as outbound. I'm not aware of being able to register on a cellular network with a BT or Deutsche Telekom managed identity, much less a Google or Skype ID
Overall, I still think there's scope for providing ID and authentication services as part of the Telco2.0 / two-sided business model concept. But I don't buy the pitch of consumer, massmarket "escrow" of personal data.
(Obviously, I trust the Government even less. I'd much rather have O2 manage my ID than the Home Secretary. SIMs are more secure, cheaper and better-managed than the UK's ridiculous Stalinist ID card system).