At Yoti, we’re on a mission to revolutionise the way people prove their identity. We understand that challenging the current ways of doing things isn’t easy but we believe people deserve an easier and safer way to prove who they are. We spoke to Julie, Director of Regulatory & Trust, to ask her why Yoti is a verified form of ID.
Tell us a bit about your role at Yoti.
I look at a broad range of areas for Yoti, typically concerning key policy issues, legislation and accreditation. Anything that helps ensure we’re doing the right thing for our community.
I work closely with our Guardians Council, developing our ethical stance and policies on key issues, taking steer from bodies looking at ethics in technology, like Compass and Dot Everyone. Liaising with experts like these is a central part of my work. I’m currently working with the Super Recognisers research team led by Dr Josh Davis at Greenwich University, for example. The team there, along with a number of NGOs on consumer and transparency issues, provide Yoti with invaluable insight from academia and analyst standpoints.
On any other day I might be building relations in Government departments, law enforcement bodies and regulators – including the FCA and BBFC – liaising with our Primary Authority team in Westminster, representing Yoti at the Digital Policy Alliance Age Verification Group, as well as the Home Office Working Group for Identity Document Verification.
Underpinning all of this activity though, is understanding the ever-changing legislation relevant to age and identity verification. The Digital Economy Act and Investigatory Powers Act, to name just two, are keeping me pretty busy at the moment. Here we are ably supported by the programme teams at our industry body TechUK.
Researching and reviewing suitable accreditations is a responsibility of mine too. As a start-up on a mission to become the world’s trusted identity platform, our ISO:27001, BCorps and SOC2 Trust Services Report accreditations are very important to us.
Using your phone as your proof of identity – surely that won’t be accepted by the government or police?
Times are changing. The Home Office in particular is discouraging people from taking their passports with them on nights out; given the high risk of identity theft. In fact, more than 10,000 passports are lost in bars and clubs each year. So clearly there needs to be a safer way for people to prove their age and identity.
The Co-Chair of Police Licensing has given Yoti the green light to run a number of pilots at venues managed by leading UK nightclub chain Deltic. The trials are underway and so far the feedback from club goers has been positive.
We’re also working closely with the PASS scheme, the Home Office, CTSI and British Retail Consortium to ensure our solution meets age verification requirements and legislation.
Who is it that decides if Yoti is a valid form of ID? Doesn’t a valid form of ID need to be tangible and have a holographic mark on it?
The topic of identity cuts across a number of teams at the Home Office, Government Digital Services and Her Majesty’s Passport Office.
The requirement for a hologram or holographic mark was laid down in the update to the Alcohol Licensing Act in 2014. The world has moved on and so the landscape for identity is changing. The DVLA announced it will be issuing driving licences for mobile devices, for example.
The introduction of the Digital Economy Act is the biggest indication that traditional notions of identity are simply outdated. In 2018 the Digital Economy Act will mandate age verification online. It’s a huge step and it’s one that Yoti has been central to. As a company, we have been a part of the Digital Policy Alliance Working Group, helping to develop the specification for online age checking.
Is it acceptable to ask someone for their passport details? Whose responsibility is to ensure their details are safe?
It may be more appropriate just to ask if someone is aged 18 or not. Data minimisation is a key requirement of the GDPR which comes into force in May 2018. Businesses will need to be sure that they only ask for details that they genuinely need. For anyone wanting to learn more, the ICO is the main point of guidance for this, or if you have a query about Yoti and its approach to Data Protection you can ask our Data Protection Officer Emma Butler.
Yoti can help a business that wants to ask for less information than it has done previously. It helps avoid replicating information on a business’ servers. When someone shares their information using Yoti they select which details to share, enabling them to share certain information without giving away any other personal data. Likewise, the business can request the specific details they need, without receiving information it doesn’t. A nightclub, for example, may just ask customers for their name, photo and age. The club goer’s address isn’t needed, so it isn’t presented.
Buying alcohol can require handing over more than just your hard earned cash and your date of birth. Often it means divulging your name and address too. At Yoti, we don’t think that’s right.
So who is currently accepting this as a valid form of ID?
Yoti is working with companies across a range of regulated and non-regulated industries:
We’re in talks with many businesses from a range of industries. We’ll have more new and exciting uses to talk about soon!
Is Yoti working with the police?
Yes. Yoti is a key partner of the London Digital Security Centre (LDSC). The LDSC is a not for profit organisation, founded as a joint venture by the Mayor of London, the Metropolitan Police and the City of London Police. The LDSC is working in partnership with private industry and academia to help businesses, primarily SMEs, to embrace digital innovations and operate in a secure online environment protecting themselves against cyber criminals.
What’s the overall response been from industry bodies & regulators?
Most industry bodies and regulators have initially been confused as to why Yoti isn’t monetising users’ personal data – which is the business model for most internet companies and providers of identity databases. We have had to explain that we distinguish ourselves with our approach to privacy and security. We have architected the system so that it’s impossible for us to monetise users’ personal data. As soon as the industry body or regulator we are talking to understands this vital distinction, they show a strong interest in our privacy by design and data minimisation approaches.
What have been the main challenges so far?
Yoti is different from traditional identity providers. We have had to explain why we have chosen to have a strong consumer focus. It is novel for a consumer to be able to use an app that helps them prove who they are and confirm the age and identities of others – for free. It will always be free for consumers to prove their identity with Yoti – it’s your identity and we do not believe you should be charged for it.
We have had to make it very clear that once a person has set up their Yoti for one purpose – such as proving their age to enter a nightclub or buying goods in a supermarket – that same identity can be used in many settings. For example, to apply for a job, prove their right to rent, set up a bank account or prove who they are for online dating. Simply put: they create their Yoti once but they can use it time and time again in many situations.
Is this a government scheme?
Yoti is an independently funded, private sector company. We are, however, members of the key body that spans private and public sector for identity in the UK: Open Identity Exchange. Through the Exchange, our membership of the cross party Digital Policy Alliance and as an SME representative at TechUK, we have close contacts with Government.
What if someone has never heard of Yoti. Why should they trust you with their personal information?
We’ve implemented a number of steps to ensure that we act in the best interest of our users, and are held accountable for what we do:
In one sentence, why should someone download Yoti?
We’re turning your paper ID document into a digital identity – something you can use again and again, and that puts you in control of your data – letting you decide what information to share, who to share it with and how to share it.
What’s the one thing about Yoti you’re most passionate about?
For me, it’s the fact that Yoti is trying to make a big change for consumers in terms of identity and privacy. We’re not selling consumers’ personal data on and we’re asking tough questions that are shaking up the status quo. Should someone have to carry around paper ID just to get into a cinema, nightclub or festival? Should we really need to fill in long forms online, give away so much personal information or make up oodles of passwords? We’re shaking up the way things are done, and it’s about time too.
If you’ve got any other questions for Julie, just let us know.