Highlight text to annotate itX
-Thank you for the invitation,
and for being so numerous.
My name is Daniel Kaplan.
Online, I have many other names.
I must have about 4 or 5 aliases,
used in different situations,
probably 4 passwords, frequently used, not necessarily
in an organised way,
but because sometimes they have to be long, short,
or contain special characters.
So I never know where I use this or that password.
So regularly, I have to try out on the forty or so accounts
I must have, if I also consider administrative accounts, webshops
social networks, and maybe a number of websites
I wouldn't want you to know I'm registered with.
I dream of a simplification of all that.
So, when I want to log on a website which knows me,
or not, by the way,
it's done only in one click in a secured way,
During the foresitht exercise about digital issues,
last year, we worked on the promises
the digital world made to society and economics,
over the last twenty years or so. This promise of a very simple
and secured identity,
faithful, protective, etc.,
is regularly made,
"Now, we're moving forward",
and it's always a disappointment.
But there are good reasons,
including that maybe more than the different acceptable things
I described and that are close to your experience,
some others are not.
Maybe I play poker and I don't want
that people who respect me as a professional know about it,
that I spend too much time on online game websites,
that on Meetic, I've been considered oafish
so I had to change my alias
and build a new reputation...
Of course, in those cases,
it is mandatory
that my identity is not unified, simple, etc.
But on the contrary,
as in any good cheap spy novel,
I must be able to compartmentalize things
and socially exist,
in the digital world as well as in the rest of the world,
through several faces of my identity.
I know who I am. And, if I'm not a schizophrenic,
I know how to rebuild a unity from this,
but I might not want
people, organisations, institutions
or political powers to be able to establish connections.
I want it to be at the same time simple and unified,
and complicated and disorganised.
In fact, the landscape of our digital identity,
which is here described through an old fragmentation sketch,
remains, over the years, despite the promise,
My guess today
is that it will probably stay the same,
and that, in fact, it can be pretty interesting
and be the source of a certain amount of innovations,
actions, possible leads for innovative action,
including for companies such as yours
Personally, I am not a consultant for the Francaise des Jeux.
I will describe a landscape.
It's up to you to get inside it in a smart way,
you are capable of that, you already showed it.
So, all this is annoying.
In surveys, we often say: "It's too complicated.
"I have too many passwords, I always forget them..."
People say they have 16,4 accounts on average.
Reality is probably closer to 40, 50.
We opened a huge amount of accounts we forgot.
And when I have to pay with PayPal...
"I created an account, one day.
I even linked a card, 3 years ago."
You haven't been through this.
This kind of issue.
So, we are probably way over what we think,
in terms of registrations and digital identities,
on the network.
It annoys us and sometimes, we are worried.
We leave many things.
A lot of people know things about us.
This is called
the pricavy paradox, which has been thoroughly studied.
We feel worried but then,
who among us takes serious measures
to delete these data, check who knows what,
use the right to correction as allowed by the law,
secure its communications, whereas a number of tools exist?
Not many of us here. Not me anyway.
We are even more paradoxical than that.
It's even in our imagination.
I don't know
if you see, in fact.
Those two images struck me.
Here, the large image is an advert for the London Underground,
showing how much CCTV
installed in the Underground, which is extraordinarily dense
and very modern, with face and walk recognition softwares,
that spot people who have erratic routes...
it is secure.
So, you are safe, in front of those watchful eyes.
So it's a 2012 image,
2011, I think,
and this is the image of the original edition
of the novel "1984", by George Orwell, published in 1948,
which deals with surveillance.
This eye here, which is the same as the other one,
wasn't really shown as being merry.
So, you see how things can be twisted...
They used the same aesthetics, saying: "It's fantastic,
all those eyes watching you.
You will feel as safe
as in '1984' by George Orwell",
in which, indeed,
there were very few petty crimes in the Underground.
Because, anyway, any deviant act sent you
or caves that were even worse.
You can see which situation we're in today:
it's complicated but we don't do a thing.
It's worrying, but we also do nothing.
Or we try to deal with it.
We do something, we deal with it.
We write intimate things, even when we think its not,
on social networks,
and of course, we often make up things on social networks,
we write stupid things, when filling up forms...
We deal with it. Let's put it this way. We deal with it,
like my kid would say.
So, we will go back to the basics of these identity issues,
to try and understand this landscape which will remain complex,
but it's not a reason not to do anything.
This is what matters to us as individuals
and as a company.
Fred Cavazza made a little sketch which says:
there are many things around it.
There is a core,
which allows us to tell somebody else:
"I am Daniel Kaplan and I can prove it, more or less.
I can assure you this is really me."
Or, in a more limited way:
"I am the owner of a credit card with this number.
I can tell you what my name is or not.
I can pay and I prove it,
in a safe way so you want
to sell me your item, thinking
that you will be paid."
you must be able to tell someone
who you are,
pass on an identity which is useful to him, your name,
the identity of a means of payment, of an account,
and demonstrate, for example, we will get back to the basics,
by adding a password,
that you are supposed to be the only one to know, even if,
when it's the name of your kid or your birthdate,
you are not the only one to know.
But none of you used
his birthdate or the name of his kid, so everything's fine.
But there are also many other things
which are part of the digital identity,
since your identity is also your personal story,
what you show people,
a way of being, a biography,
All of this is extremely present online.
And it is very important,
because your identity is not only your ID card.
You don't show your ID to people you meet.
You show them many other things about you.
And maybe that 5 years from there,
you will still exist,
work, do fantastic things with people
who don't even know your last name or call you
with a surname that doesn't appear in your civil registrar.
This happens to a lot of people since always,
and it's not a problem at all.
Your identity is what you show to others,
not always the same things, in any case.
A great lawyer, specialised in digital,
Alain Bensoussan, showed it in a paper in "Libération",
it said: "I want to be able to be a lawyer during the day,
and a drag queen at night. And I don't want my clients
to know it. And even less, that my drag queen friends
get to know that I'm a lawyer."
So you see, there are many things:
reputation, works, productions, purchases,
aliases or avatars, on online forums,
on Meetic or in games,
things about your passions that will be interesting for some,
acceptable or not, laughable or not.
Today, can I say that I am a stamp collector?
For some, this isn't a problem.
Others won't recruit
So you will point it out
or not. All of this is the identity.
Finally, it starts with this identity issue
which allows an interlocutor, an organisation,
to mark you out among others and be confident about the fact
that you really are the one you're pretending to be.
There is a difference between identification:
"My name is D. Kaplan
or the owner of credit card number XX",
"I can demonstrate, in a safe way,
that I am the owner."
The basics of all this...
Identification, is what you input,
when you are asked for an alias, an email address.
This is the identity you will submit to an interlocutor.
The authentication is the password.
There is one thing I'm supposed to be the only one to know,
it's the password.
Of course, it can happen that I, but not you,
use a password which isn't very safe,
so we tried to develop stronger authentication methods:
we need to know something, so it's a password,
but we will add at least an element.
For example, do I own something?
So, I will add to this password request
a request to insert a USB stick somewhere
or to pass in front of a reader without contact,
something that has a chip.
So it is indeed the person who knows this password,
but also the person who owns this card, so we go higher
in the security level.
We can go further,
by using biometrics, something that is related to the body.
A lot of things identify you for certain.
Finger prints have been known for a very long time,
and it's worthy because it's simple.
But it's true for the iris, the walk, the skin,
the shape of the face, etc.
For example, the iPhone 5 includes
a finger print reader,
and some versions of Windows can recognise you,
when you turn the computer on, by watching your face.
And it's quite safe.
This said, it's very important,
you live it every day,
when you are asked: identity, password,
one can be required without the other
or everything can be split up.
You probably already met the Facebook Connect example.
On a website you are told:
you can create an account on my website with your Facebook account.
You click here.
You are asked to identify yourself on Facebook and it's done.
Are you authenticated?
In a certain sense, yes, since you used your Facebook identifier.
But then, on Facebook, do we really know who you are? No.
So the identity circulates within the network.
In the e-Credit Card system, that is offered by several banks,
that allows you to pay several shops.
You want to buy something from a strange Taiwanese shop,
to which you don't want to give your bank details,
then you can use this system: the bank will generate
a credit card number that is only valid once.
And above all, it won't transfer the identity.
In this system, there is an actor
between you and the shop, saying:
"I am the Société Générale, do you trust me? OK.
I can guarantee that I know the person on the other side,
that he has a credit card.
You don't need to know his number, name, address...
You will need it to deliver a physical good,
but not to download software.
But I can guarantee you will be paid."
Here, there is only authentication.
"I can reassure you, you will receive the money.
But you don't know who you are in touch with."
In some situations, this can be important.
Then you have other situations.
Like the great aliases of the web,
as Maître Eolas, who jurists here must have bumped into.
He is a blogger, a jurist. He is a lawyer.
He has a name,
but on the network he has an identity which is Maître Eolas.
It works and he has a great reputation,
an audience, but it's not his name.
And it doesn't matter.
You can trust him regarding his legal advice because it is good,
without knowing his name.
If we look for it, we can find it.
But this is not important and very few are searching.
this idea of an identity which, at last, would become simple,
safe, common, having only one identity,
in fact, it's an idea which is not as appealing
as it seems.
It doesn't prevent people from working on it.
But it's complicated to achieve,
because we are contradictory:
we want simplicity and compartmentalisation and opaqueness.
We want to be able to go from one to the other
and decompartmentalise things for some.
Besides, it's not easy for a lot of companies.
You can have the will to use an identification system
to trap your customer in your own world
not allowing him to do too many things with the competition,
to go and buy anything, anywhere,
in other places.
So partly closed identification systems are also useful.
We try to federate identities.
The result is that after years and years
of technical efforts, standards,
experimentations, often really intelligent ones...
It's like football when 11 players are against 11 players,
and eventually, Germany wins.
Here, the winner is Facebook, with Facebook Connect,
which is not secured and doesn't protect personal data.
That's how contradictory we are.
Things emerge that need to be closely watched,
as soon as we don't follow them, when they say:
"I will solve the issue." No, there are other things.
It's the use of the cellphone as an identification device,
it's interesting because it is located in the digital world,
the online world, but also the shopping world
and face to face contacts.
It can allow accessing somewhere, show we have rights,
pay in shops, online,
and, again, enter a bus or else.
So this is the idea of using a mobile phone,
particularly, a mobile equipped with a new chip, called RFID.
It's a small chip, like the one you already have,
if you have a Navigo pass, that is put in front of a reader,
without necessarily touching it,
in which an identification dialog takes place.
We identify the Navigo pass, not necessarily the person holding it.
There is a debate regarding the anonymity of Navigo. It exists.
It's being identified just by passing in front of the reader.
If we add a chip to a mobile,
if the access if secured, that's the idea
of the new iPhone,
with its finger print recognition,
you can have a mobile that allows
the simplification of a number of identifications.
Except that, probably, very soon,
you will see on this screen,
after having said: "It is me, the user",
and wanting to use it
to identify yourself to someone else,
very soon, I'm sure you will see this:
"Which identity do you want to show this interlocutor?"
"Your drag queen identity?" It won't be said this way.
"Your lawyer identity?"
Because you just entered the law courts,
and there is a scanner, the metal detector...
"Are you going
to buy some bread?"
You want to pay with cash and it's not the same identifier
because you don't want your bank
to know who employs you...
So, very soon, all this will become complex once again.
I have to be fast of course.
Same thing. You'll see announcements about this.
Some companies got together in France,
in order to simplify identification systems.
It's an old project. Nathalie Kosciusko-Morizet announced it,
when she was junior minister for the Digital Economy, I think.
At that time, it was really strong.
They said: we will create a French standard,
in which they will have a USB stick that they will put in...
in what? Problems arose from there.
In the computer.
Yes, but on a mobile, the USB reader is not the same.
Very soon, this project which aimed at simplifying, securing, etc.,
got confronted to the complexity of the digital
and real world, to the diversity of its actors.
It almost disappeared. It comes back in a more pragmatic way,
supported by several companies.
Aurélie Barbaux nicely said, for Fleur Pellerin,
that NKM had talked about it and that Fleur had the job done.
But the job was done by companies,
who are preparing
a system which would in fact be a group of systems
allowing the federation of identities,
so that companies agree saying:
"If you know him, I will ask for less proofs."
For example, allowing a bank to say 2-3 things,
if someone wants to... I don't know if it works for you,
but if someone wanted to place a huge bet at the FDJ saying:
"I know him. No need to ask too many things."
Maybe this is not a good example.
So, why is it so complicated?
Because we are real people,
not only persons who must be identified.
An identity is your own story,
the way you introduce yourself to others,
what you want to show to evolve, transform yourself,
to reach goals.
In most legal and technical works
on identity, we say:
what matters to people, is control.
I want to be able to prove who I am,
I don't want my card number to be stolen
or too much to be known about me. It's a motivation.
But is it the motivation you have in the morning when you wake up?
"How can I avoid being harmed by many people?"
Of course it's important.
But often, the morning motivation
is: "What am I going to do?"
And you won't tolerate what will prevent you from doing it.
It's not the same.
It's often forgotten that two strong motivations coexist,
even in digital practices.
will I have things to make my life simpler?
Why is Facebook Connect doing so well,
whereas it's so unsafe and transmits
so many personal information to Facebook?
Because it's simple. It's so unsafe that it is simple.
Why has a payment securing system
been dominating the world market for the last 20 years?
The one that was created 15 or 20 years ago,
using a vague simple encoding of the card number.
Whereas we invented, I studied some,
we invented 50 others, way safer.
Not necessarily more complicated.
It's because it's the most simple.
Even shops say:
"I will have a little more trouble but if it is simpler,
if I don't have customers giving up their order..."
The new systems proposed by French banks
are super safe.
The fraud is going down, but the turnover too.
We tell people: "You need to go and get the card,
the one you lost..."
A card with lines and columns.
I've asked for my fourth.
I don't remember where it is so I won't confirm my order.
Or: "You will receive a text message.
That you will have to type within the next 2 minutes..."
It works. It's very safe. But the drop in turnover
to the gain in security.
And the other dimension: improved self-esteem.
One of the central things about identity,
is to get in touch with others,
Identity is performative:
I say that I am this because I want to become it.
What do we do on Facebook?
We claim things that can be intimate,
not only because we say anything,
but because we want to show something.
It has been sociologically studied.
Those who need social progression the most,
conquerors, those coming from a humble background,
will say more than others, not because they are more stupid,
but because they have to risk more,
in order to progress, establish contacts,
move forward in society. It's the self-esteem improvement.
It's very important. And it goes against this.
So we understand more clearly what's going on in networks.
And we understand that the motivations of organisations are not
necessarily the same as those of individuals.
Security systems are always systems
designed to protect some actors
And nobody is protected in the same way.
For example, a payment system will make a decision:
the bank, the shop or the customer will be more efficiently protected.
But never the 3 of them.
It's never true.
People need security but also a private life.
They need to be free.
Companies need technical and legal safety,
to protect themselves against their customers,
who change their minds or else.
They want to know as much as they can on them,
keep the customer who, on his side, wants to circulate.
We don't have the same goals as a company
or as an individual.
Identification and security systems
reflect these clashes of interests.
Depending on who produces a system,
its characteristics will be different.
Finally, we'll have a look at some leads,
which are actual ways today,
widening a little bit the spectrum.
The first is private life by conception.
The technical term is "privacy by design".
The idea is:
we can conceive technical and computer systems,
which are safe,
allowing companies to achieve their goals,
while being, by their design,
very protective of the privacy of individuals.
The basics... This can be interesting for you:
you ask a player if he is over 18.
It's important to know it,
but to know this, do you need to know his name and address?
Not necessarily. Researchers are working on this.
A researcher from Toulouse invented the "blank ID card".
In this card, all the information exists,
but it can be asked to tell only one true thing:
"I", French State, "guarantee that the person
in front of you or online
is the owner of this card,
and is aged over 18."
This is sure. No need to know more.
He takes an example with a driving licence:
"I guarantee", to a hire company,
"that the person..." Well, maybe not a hire company.
"That this person
has its driving licence.
But I won't give you the home address."
So we can set up systems
that are able to unveil only what is necessary,
in a way that guarantees the interlocutor to say:
"Ok, I can go for it."
I, Francaise des Jeux who is not allowed to sell to people under 18,
based on this, I can go for it. And if I was mistaken,
I can go against the person who gave me the guarantee.
It even goes further.
It's a work on information systems.
How to be sure that information systems
will only ask and keep what they need.
Second very interesting dimension,
in which there's an infinity of possible games,
I'm proud because I got it the day before yesterday, it's a gift.
I have this thing with me,
the last production of a French company, Withings,
which counts a lot of things on me.
So, I can see I walked 2 125 steps since this morning,
27 metres of difference in height,
which is not much.
I circulated 2 km, burned 138 calories.
I could know my heart rate.
You like it or not.
It is a very dynamic market.
At Decathlon, Go Sport, Nike, those are everywhere.
It goes with sports, health, body-care, well-being.
It's also playful.
Now I can share.
You can defy people and say:
"How about you, how many kilometres did you do,
running or walking?"
It can be connected.
What seemed to be a little bit strange, "new age", at first,
people measuring themselves,
became a very dynamic market,
with hundreds of thousands of people in the world
equipped with this to run and for other activities,
changing them into social elements.
They exchange with friends or people they don't know.
So there's an actual potential.
We're still in the identity.
We gather data about us,
it didn't exist previously, unless you were ill.
So we make health equipments
staples, turning into social devices,
We even build marks with our identity:
"I am, among other things, someone who runs 5 km every day,
whose heart rate..."
You see how fast it can go.
I will talk about a project we are working on.
It will reach the experimentation phase within 2 or 3 weeks.
I hope you'll hear about it.
It's called MesInfos.
We asked ourselves a different question.
We talked about identification, proving who we are,
but we also talked about data companies have on us,
or even the French State.
Here is our hypothesis:
sometimes, it's not so stupid
if a company has information about us.
When I go in another branch office of my bank,
on the other side of the country, I appreciate when they know who I am,
what we already did together.
A company can have good reasons to have data on people.
So we say: "If I too had
this information you have on me?"
What game I played, what I bought at the supermarket,
my journeys in the metro,
or by car, etc.
The MesInfos project groups 8 companies,
distributors, telecommunication companies,
e-commerce shops, banks, who all said
"We will give back our data on our customers and allow them
to play with it." I won't give any detail.
It's currently being done.
Today we are imagining
If I have my data, I can use it to manage my daily life.
My due dates, guarantees in my contracts,
my contracts, my retirement, my administrative life, etc.
Things can get simpler.
I can have a better control over what people know of me,
check that the information I gave hasn't been spread.
There are things around self-knowledge.
Can I do a better assessment of the link between the way
I move around, eat and my health?
Decide where to move depending on the way of life
of the members of my family.
We can work on living with values.
Some of you have tried
to be ethical, organic, etc. consumers.
It's very difficult to do so on a daily basis.
You need to read a lot...
If you had the sales receipt of all your supermarkets
and if we offered you to compare all your products
to check if it's more expensive, it's done within a minute,
it changes everything.
Can I compare prices in a better way
in a market where prices are complicated to compare?
Yes, if you have devices. It's the decision-action side.
Here are others fields
in which we are working.
We told ourselves: identification will remain
a complicated path, where things progress,
but around the identity "who are you for yourself",
"what do we want to show others?"
there are extraordinary things to do
and companies such as yours can be a part of it.
So here is what I wanted to share with you very quickly,
but maybe not quickly enough,