I had the privilege of interviewing Katherine Noall, CEO of Sphere Identity, a company that offers a digital identity system. Noall has been involved in the digital privacy space for years, helping consumers and businesses. Below you’ll find an audio recording of the interview, and Noall’s answers to my questions about data privacy trends and digital identity management.
Questions and Answers About Digital Privacy and Identity Management
1. Let’s go back in time. What piqued your interest in digital identities and privacy in the first place?
Noall has travelled a lot, seeing people and countries with differing levels of privacy. She says some countries are unsafe due to their governments. She points out that technology itself is neutral, but it can be used for bad as well as good purposes.
2. What are the biggest challenges or threats consumers face related to digital privacy?
Noall says there are so many applications that people use each day, and consumers don’t really understand how they work (nor should they need to). She says some applications are safe, and others aren’t, and consumers aren’t sure which are which.
Noall points out that many consumers have the attitude “I have nothing to hide,” but she says that even if you have nothing to hide, you want your data to be safe, and not in the hands of bad actors. She points to the recent Instagram hack to demonstrate that even if a person doesn’t value their Instagram account, their Instagram username and password could be used for other accounts, so if those Instagram credentials are taken, they can be used to get into other accounts. Noall says that privacy isn’t necessarily about keeping things secret, it’s about being digitally safe.
Noall says that companies need to play a bigger role in educating people and building safer software. She says consumers can’t be expected to understand how systems work, so tech companies need to be pressured to do things properly. She says the EU’s GDPR (General Data Protection Regulation) and the California Consumer Privacy Act (CCPA) are the start of this.
3. What are your top recommendations for what people should do about those challenges and threats?
Noall recommends using an encrypted email provider. She’s surprised by the documents and information that people share about themselves via unencrypted email, which is visible to Internet service providers and email providers.
Noall says your messaging should be encrypted, and you should look online to find out which messengers are best. She also recommends encrypted SMS (text messaging) using tools like Signal.
4. How do Sphere Identity’s products help people take control of their data?
Noall explains that people can install the free Sphere Identity app to store all their identity documents in one place. It’s a self-sovereign identity system, meaning that individuals control their data and choose who to share it with. The system also allows access to be revoked later. She says the system can hold 41 different types of identity documents, which could be a driver’s license, fishing license, or school certificate.
Noall notes that Sphere Identity can’t see user data; they just provide a secure platform.
Noall explains that when you need identity documents (for renting, applying for a mortgage, opening a new bank account, enrolling in a course, etc.), the Sphere Identity app stores your documents in one place for easy sharing (which you can do via an encrypted messenger). She says that if the organization requesting your identity documents is registered with Sphere Identity, there’s a seamless, fully encrypted way to share the identity data from the Sphere Identity app to the organization.
5. How do you recommend people stay informed of digital privacy issues? Are there any particular sources you recommend?
Noall says that no source covers all issues. She’s impressed by the EFF (Electronic Frontier Foundation), saying it provides advice on the latest tools and strategies for staying safe. She says TechCrunch is good at covering hacks.
She says that what’s more powerful than reading headlines about breaches is actually looking at breached data. She also suggests googling “how to hack a password” and realizing how much info and software is available for breaking passwords. She says these exercises make the dangers real to people.
6. There’s still a lot of apathy about digital privacy. Do you think that will ever change? If so, what do you think it will take to make people care?
Noall is encouraged by the increased interest about privacy, but she thinks people will get data breach fatigue (they’ll get tired of hearing about breaches and start tuning them out). She points out that the reported breaches are just the tip of the iceberg, because only a fraction of breaches are reported.
7. How can parents ensure their kids are well-versed in digital defense?
Noall says parents should teach kids not to reveal their real name, age, and location. She says they shouldn’t use their name in their email addresses.
She points out that it’s not enough to tell kids something once; you need to reinforce the lessons.
Noall advises that parents keep an eye on what their children are doing, though she doesn’t believe in monitoring. She says parents should see what platforms their kids are using, and what they’re posting. She advises that parents teach their kids good online behavior.
8. How can people best help their elderly relatives and friends?
Noall says it’s really important that elderly people use secure applications (such as encrypted email and messaging) because they’re more digitally vulnerable than others. She emphasizes that because elderly people have tight social circles, it’s important to talk to them about making online relationships safe. She says that fortunately, the tech required to be safe online is quite usable, not scary.
9. You’ve witnessed digital privacy trends over the last several years. Are you optimistic or pessimistic about the future of personal digital privacy?
Noall says what she’s seen makes her committed to continue to build privacy-centric technology, because we need more of it. She says she also talks to other tech businesses about increasing their privacy and security. She thinks we’re a long way from having all tech companies provide privacy by design, but we can get there.
She says people are giving up a lot of privacy and data to get access to free applications, but people are starting to draw back on that, which is a positive trend.
10. What role do you predict artificial intelligence (AI) will play in the future? Do you think it will be a net positive or net negative for digital privacy?
Noall says it depends who’s using it, and how it’s used. She cautions that there’s danger in applying AI to every problem we encounter, just as in the past people said everything would be made of plastic, and later that blockchain could be applied to almost anything. She thinks that in the next few years we’ll have a better idea for what AI is good for and what it’s not good for. She’s says we need to be vigilant because it can be used for many things, including surveillance.
11. Your company’s products help both consumers and businesses. We’ve talked about things individuals should do to protect privacy. What are your top recommendations for businesses, especially micro and small businesses?
Noall stresses the importance of being security aware, because privacy awareness follows; she doesn’t believe security and privacy are opposed.
She recommends using the right tools. She advises against collecting as much data as possible, and instead recommends data minimization, which is more respectful of customer data. She says that if a business is respectful of customers by not asking for too much data, that makes customers comfortable. She advises that businesses transparently tell how they’re using and storing data, how long they hold it, and when they get rid of it. Noall believes that businesses that handle customer data with privacy in mind will become superior businesses, because that approach appeals to the market.
I chimed in that it’s been interesting to observe businesses over the last year and a half leading up to GDPR going into effect (on May 25, 2018), and then the last year of its being in effect. Prior to GDPR, many businesses collected as much data as possible. Their attitude was “collect it even if we don’t have a use for it today, because some day we may figure out a use for it.” Since GDPR, it seems that approach has plateaued and maybe begun to decline. Businesses are motivated by the threat of legal action, as well as consumers caring more about who they’re giving their data to, and what’s happening with it.
12. Do you have any other warnings, advice, or encouragement you’d like to share before we conclude?
Noall encourages people to find out as much as possible, and to be conscious of the tools they use.
She says consumers have an important role to play because we can ask organizations what they’re doing with our data, and we can be vocal if we don’t like something, which can cause organizations to change.
Noall is concerned when organizations talk about introducing privacy features. She says that’s not enough; you can’t make a system private just by introducing a few widgets. She says we should be skeptical of businesses saying that they’re suddenly doing things in a private way, because it’s unlikely for them to quickly achieve that technically and organizationally. She restated that privacy by design, incorporating privacy from the beginning, is the best way.
Noall says being privacy-minded touches every aspect of a business; it’s not just about the technology or code.
- Sphere Identity (sphereidentity.com)
- Sphere Identity on Twitter (twitter.com)
- Sphere Identity on LinkedIn (linkedin.com)
- Katherine Noall on Twitter (twitter.com)
- Katherine Noall on LinkedIn (linkedin.com)
What You Should Do
- Educate yourself by following sources that discuss digital privacy. In addition to Defending Digital, consider the EFF (Electronic Frontier Foundation) and TechCrunch. If you’re willing to go to the next level, look at breached data online and google “how to hack a password” so that the dangers become real to you.
- Use secure communication tools whenever you’re communicating sensitive data. Search online to find out which tools are best for you. Start with my post on secure messaging.
- Think carefully before you give up your privacy and data in exchange for services or access. Think about the long-term ramifications of how that organization will use your data, and how they might share it, and what would happen if it was hacked.
- Find out how companies will use your data; find out how they’re using and storing data, how long they hold it, and when they get rid of it. If you don’t like what you hear, politely inform them how you’d like them to respect your privacy and data.
- Consider using the free Sphere Identity app to securely store and share your identity documents.
- If you’re a parent, teach your kids to guard their name, age, and location online. Keep an eye on what your kids do online; what platforms they use, what they post. Teach, and model, good online behavior. Teach and remind more than once to reinforce the lessons.
- Help elderly loved ones choose secure communication tools, and be wise about how they handle relationships online.