Over the years, I’ve had a front-row seat to the future of technology.
In my role at Y Combinator as director of admissions, I saw hundreds of startup pitches. Many shared a particular attribute: They followed the path of quickly growing users and monetizing the data extracted from the user.
As time went on, I began to see the full picture of what our technologies were creating: A “Minority Report” world where our every move is tracked and monetized. Some companies, like Facebook, lived by the mantra “move fast, break things.” Not only did they break things, they failed us by propagating disinformation and propaganda that, ultimately, cost some people their lives.
And that happened because of a growth-at-all-costs mindset. Some of the biggest consumer-facing Silicon Valley companies in the 21st century flourished by using data to sell ads with little or no consideration for user privacy or security. We have some of the brightest minds in technology; if we really wanted to, we could change things so that, at the very least, people wouldn’t have to worry about privacy and the security of their information.
We could move toward a model where people have more control over their own data and where Silicon Valley explores innovations in privacy and data security. While there are multiple long-term approaches and potential new business models to explore, there are ways to approach a privacy-first mindset in the near term. Here are a couple of ways to start moving toward a future in which people can have control over their data.
Workplace applications should lead the charge in enabling more secure identity technologies
We need to approach technology by consciously designing a future where technology works for humans, businesses and society in a secure and ethical way.
Approaching technological growth without understanding or considering the consequences has eroded trust in Silicon Valley. We must do better -- and we can start in the workplace by better protecting personal data through self-sovereign identity, an approach that gives people control and ownership over their digital identity.
Using the workplace as a starting point for better privacy and security of people’s digital identities makes sense because many technologies that have been widely adopted -- think personal computers, the internet, mobile phones and email -- started out in the workplace before they became household technologies, thereby inheriting the foundational principles. With a return to office life on the horizon, there’s no better time than now to reexamine how we might adopt new practices in our workplaces.
We could move toward a model where people have more control over their own data and where Silicon Valley explores innovations in privacy and data security.
So how would employers do this? For starters, they can use the return to office as an impetus for contactless access and digital IDs, which protect against physical and digital data breaches, the latter of which are becoming more common.
Employees could enter offices through their digital IDs, or tokenized IDs, which are stored securely on their phones. They will no longer need to use plastic cards with their personal information and photo imprinted on them, which are easy to fake or duplicate, improving security for both the employer and employee.
Contactless access isn’t a big leap nowadays, either. The pandemic primed us for digital identification -- because the use of contactless payment accelerated due to COVID, the change to contactless ID will be seamless for many.
Invest in critical privacy-centric infrastructure
Tokenized identification puts the power in the user’s hands. This is crucial not just for workplace access and identity, but for a host of other, even more important reasons. Tokenized digital IDs are encrypted and can only be used once, making it nearly impossible for anyone to view the data included in the digital ID should the system be breached. It’s like Signal, but for your digital IDs.
As even more sophisticated technologies roll out, more personal data will be produced (and that means more data is vulnerable). It’s not just our driver’s licenses, credit cards or Social Security numbers we must worry about. Our biometrics and personal health-related data, like our medical records, are increasingly online and accessed for verification purposes. Encrypted digital IDs are incredibly important because of the prevalence of hacking and identity theft. Without tokenized digital IDs, we are all vulnerable.
We saw what happened with the Colonial Pipeline ransomware attack recently. It crippled a large portion of the U.S. pipeline system for weeks, showing that critical parts of our infrastructure are extremely vulnerable to breaches.
Ultimately, we need to think about making technology that serves humanity, not vice versa. We also need to ask ourselves if the technology we create is beneficial not just to the user, but to society in general. One way to build technology that better serves humanity is to ensure that it protects users and their values. Self-sovereign identity will be key in our future as other technologies arise. Among other things, we will see our digital wallets house far more than just credit cards, making the need for secure digital IDs more critical. Most importantly, people and companies just need control over their own data, period.
Given the broader general awareness of privacy and security in recent years, employers must take the threat of personal-data vulnerability seriously and lead the way in self-sovereign identity. Through the initial step of contactless access and digital IDs in the workplace, we can begin to inch closer toward a more secure future, at least in terms of our own data and identity.