Well, this is ironic, given my last column about the need for “know your employee” processes. Marianna Spring, the BBC’s first disinformation correspondent, has been called out for embellishing the truth on her resume while applying for a job few years ago! Is that really disinformation though? I mean, come on, we’ve all exaggerated our capabilities on a resume haven’t we? It’s the normal course of human affairs, just as hiring managers lying to the candidates that they are interviewing. Maybe that’s about to end though, as continuous real-time online reputation management becomes the norm and the provenance of people (as well as things) becomes public, unforgeable and immutable.
People And Provenance
Given that candidate fraud has pretty much doubled since the pandemic (and that a fifth of job hunters cheat on tests), recruitment clearly has some challenges. Since it’s been years since I actually interviewed a candidate, I can’t say what the modern approach to this sort of thing is. If I were hiring someone tomorrow, I’d probably look at their LinkedIn profile rather than their resume. Having said that, while LinkedIn estimates that only 15-20% of candidates are dishonest in the way they present themselves, which I am sure must be on the low side, the need to create some infrastructure around employment credentials would seem obvious.
(Actually LinkedIn are making some efforts to clean things up with new verification features that enable users to authenticate aspects of their identities and job histories. Users will now have a few different options to verify their identity and current jobs on LinkedIn.)
Things, just like people, have resumes. Is your engagement ring from a blood diamond? Is your Rolex real or a far Eastern knock off? Is your date wearing new clothes? Is the engine on the jet you are on fitted with genuine tested and certified parts? Wait, what…
That jet engine example isn’t made up for rhetorical purposes. It just happened when European regulators discovered that a London-based company, AOG Technics Ltd., supplied fake parts for jet engines powering many older-generation Airbus A320 and Boeing 737 planes. The company was almost immediately hit by a lawsuit from an engine manufacturer which revelaed that falsely certified components were fitted to 68 of its engines. In fact according to the European Union Aviation Safety Agency, many “Authorised Release Certificates” from the company were forged and the legitimate manufacturers have confirmed they did not produce these fake certificates or parts.
Uh oh.
But that’s only the beginning of the story. The LinkedIn profile of AOG Technics chief commercial officer appears wholly bogus. His profile picture turns out to be a stock photo that’s used elsewhere on the web and his former employers have never heard of him. Not only were the parts fake, the people were too!
How can fake companies, fake officers and fake parts exisit in a world in which digital signatures, verified credentials and tamper-resistant hardware exist? It should be impossible for company A to fake a certificate from company B because company A has no access to company B’s private key. It should be impossible for LinkedIn to list a non-existent person but it should demand an IS-A-PERSON credential. It should be impossible for a fake part of usurp the provenance of a genuine part because the provenance is record in an immutable ledger. You get the picture.
This should not be difficult to implement given the technology to hand. After all, who is going to turn up for a job interview with a smartphone capable of presenting their credentials?
Now, I’m not suggesting that we need to know everything about that CCO to do business with the company. As in many other cases, it may be enough to know that a social media profile belongs to a human — this could solve most of the problems that Mr. Musk complains about on Twitter — or have some very basic information about the person, such as country of residence.
Provenance And Privacy
That does not mean that people have to share all of their personal information with everyone! As Michael Miebach, the Mastercard
MA
CEO, pointed out in the Harvard Business Review recently, the proper use of technology means that ID verification can be used to increase privacy, not take it away.
He illustrates the point with the canonical example that if someone needed to confirm their age to buy alcohol, they wouldn’t need to share all the information on a typical driver’s license — name, age, address, photo. Using appropriate and well-designed digital identity infrastructure, confirmation would exist as a simple yes or no question — is this person older than 21 or not? And that’s the only information someone would need to share: not the data (a date of birth) but the relevant credential (IS-OVER-21), not to mention IS-GENUINE-PART or WAS-EMPLOYED-BY-MASTERCARD or whatever might be need to enable a transaction.
Everywhere you look, the lack of an infrastructure for digital identification, authentication and authorsation is the source of chaos, confusion and crime. Some of the time it’s people stealing pictures of chimpanzees with sunglasses on from cryptobros and we can all chuckle at that. Some. of the time it’s horses going into the grinder instead of cows and we all survive. But sometimes it’s parts for jet engines for airplanes, and that might not be so funny. Whether we are dealing with people, things or bots in all cases, society needs digital identity to protect it from the fraudsters and fakers. And it needs it now.
Read the full article here