E5 - Dawid Jacobs of DAL-Global Inc
Your browser doesn't support HTML5 audio
Authentication of human identities for vital transactions.
Data Diva E6 Dawid Jacobs
36:54
SUMMARY KEYWORDS
identity, synthetic, person, identity management, people, facial recognition, problem, system, create, important, credit bureau, privacy, sovereign, biometrics, bank, information, world, individual, company, big
SPEAKERS
Debbie Reynolds, Dawid Jacobs
Debbie Reynolds 00:07
Hello, this is Debbie Reynolds of "The Data Diva Talks Privacy" Podcast. Today my special guest is Dawid Jacobs from South Africa, who's the CEO of Diverse Authentication Library or DAL Global, which is a global identity protection and authentication system where they link single existing real-world human beings with forensic proof to their single digital twin in the cyber world. Dawid has over 30 years of experience in the digital identity and biometrics space in terms of technology. Also, this particular podcast was recorded a few weeks before the U.S. election, and we touch upon in this podcast identity as it relates to voting, which is still a big issue as there are recounts going on right now in the U.S. still from a U.S. presidential election. So join me in welcoming Dawid Jacobs.
Dawid Jacobs 01:07
Hello, Debbie. Thanks a lot.
Debbie Reynolds 01:08
Well, you and I met a bit ago, on LinkedIn, actually. And you know, I think you had seen me post something, and you sent me a message about single sovereign identity, and I was hooked. So just to talk about what this means in a digital world and things like that, I think it's really important for people to understand. So just a little bit about your background, I know you're into diverse authentication in terms of identity management and your company; I would love for you to talk about that a bit and give a bit more of your background. But this idea about separating, you know, figuring out in the digital world if someone is real or not, I think that's kind of the big question, and talk a little bit about how the fact that we can't do that effectively now plays into kind of fraud and some other things that happen. And you explain a bit more about yourself.
Dawid Jacobs 02:11
I have been involved in identities for about 30 odd years. I started out as a fingerprint expert and crime scene investigator in the South African police force and gained a lot of knowledge in the fingerprint aspect and how to treat evidence in it. So about eight, nine years ago, I started looking more intensely into identity management, as per se, I found that there was a huge gap in people understanding what's the difference between identities, and identity management, and access management. So I looked into it and started to put stuff together different platforms, different software, different hardware, that the end of the day, I have the solution that we are only now we brought to market about a year ago, that identity solution, it was a company diversification library, DAL for short, we actually opened up the DAL USA dealership DAL USA about two months ago, and about a week and a half ago we opened DAL Global Incorporated in the U.S. So we're chartered out of Maryland, from where we obviously will start talking to other clients, potential clients, we did this kind of biometrics and identity of the person. So we physically link the single existing real-world human being with a single digital twin in the cyber world. The importance of that is that you've got to have a real reflection of who you are in the real world. And who you identify within the cyber world. So we created a lot of stuff inside our solution. And therefore, the diverse, so we fall on forensics. Basically, we treat every identity as evidence of that single existing real-world human being. And it's at a very high level. So we don't just take a photo of a person say that's who they are or we don't trust, most probably if you could put it this way any government or we're not biased towards the government, with the identity systems, because they could be a lot of fraudulent identities on there. So the diverse world that we are working with its fingerprint score, iris scan, then facial recognition just for quicker verification. Our system is the closest that you'll get to DNA, although we can also add DNA to your biometrics. But that's, in short, what we do. It's quite unique what we've created.
Debbie Reynolds 04:49
Well, let's talk a bit about the problem with identity. So because so many people are on the Internet, a lot of times even when you're let's say you're speaking with someone like if you're on Facebook, for example, you don't know whether you're talking to a human or not, you'd be talking to a bot. We talked about, you know, the, you just don't know who you're talking to on the Internet. And then as people are doing transactions on the Internet, like banking and things like that, the identity of the individual becomes important, because right now, the way things are, you know, typically you get a password, you can log in, but anyone can steal your password, anyone can login, as you, so it really doesn't connect that you are who you say you are, especially, you know, this is such a huge problem with identity theft, where if someone can get your credentials, they can be like you in a digital world. So you talk a bit about sort of that problem that the problem that you're solving with your identity system?
Dawid Jacobs 05:51
Yeah, first to think about identity theft, or identity fraud, everything about your identities, any of the apps anywhere in the dark web, wherever you want to look for it, there are people that can find it. The honeypot usually was to have the identity of a person or a mark and then to defraud them out of the banking system or money for that method. So the criminal syndicates or the crime syndicates have actually moved on a bit by hacking, and it's more websites harvesting are fighting to dissolve this thing of personal identifiers. So you see everywhere, there's a huge 50 million or people that was at least 20 million, whatever it's huge amounts of people. So what they do is combine all the information they have and create a synthetic identity. A synthetic identity doesn't walk, doesn't sleep, doesn't eat or breathe on the planet Earth. So they then create these synthetic identities. And with that, that's where the biggest trick lies because it's always that they can use it. The first is obviously the money honeypot has moved from the individual to the financial institutions. So they draw or create the synthetic identities, open a bank account using any of these selfie types of contactless solutions because there is no proof that it was really a person, even if they say they've good liveness detection, anyway, to know a person is alive is sitting in front of that person, and then onboard the person, or have all of the information including biometrics, that compiled and collected at a specific place, where we can actually have a bit more huge amount via onboarding system. So the synthetic identities, as I've just said, is one of the biggest threats or if not the biggest, but they do have created the identity on the platform, they then apply for a loan at a bank because they open a bank account, the bank sends that through to your credit bureau to see if that credit guy or, that woman has good a good credit profile, the credit bureau sees there's no movement or that identity doesn't exist. And the return response to the bank saying don't give him the loan or now is that he hasn't got a profile, the bank obviously declines that the credit bureau then creates a profile for that synthetic identity on the database. So two, three months later, they will apply again for a loan small and $200 or something like that. This time, it's sent through to the credit bureaus, and they see that there is a profile and that it's a clean profile, and they replied, clean and all that creative writing, but elaborate, whatever. So the bank passes on the money, so the identity gets the loan. The thing is that they then continue to nurture this synthetic identity over a period of three to five years. So that takes a while. So now they've got the capability to take out a loan of 150,000 US dollars at once. The thing is, the credit of the crime syndicates doesn't just create one identity synthetic identity. They create thousands and thousands of them in the banking sector. So the bank will be basically bankrupt by, say, if you've got 400,000 people taking a loan of 150,000 US dollars, all at once. The bank won't have that money anymore. It's gone. You can't trace the synthetic identity. There's no way to pinpoint where the money is gone, so you lose. There's really zero methods of solving that crime. Now, that's gonna start happening very soon as I can imagine, because some of these identities have been nurtured now for three to five years. What they can do with the synthetic identities is they can create a job being a ghost worker within a company, especially in government. So on the H.R. sheet, you'll be there, or that synthetic identity will be there, and it's getting promotions and all that, but it doesn't exist. There's nobody like that on the system. Can you imagine some of these synthetic identities within your government? And they're busy spying on your government. So they've got access to all your secrets and all that, because of the level of this synthetic identity. So that's the second thing. The third one is that they can actually, and this is where they start manipulating, which we spoke about bots. And it's happening worldwide with people that gather at a certain place, create a rod and move on, the Twitter, the Facebook's, and all that they're sending these guys the information together a certain place is not, it's not somebody that exists. It's people that are using a lot of bots. You get these bot farms with a lot of mobile devices, which are linked to the identity or an identity on a Twitter account. So that's three of the things that's very important. The fourth one is also, I believe, very critical. Can you imagine you have 5 million synthetic identities, even when you're voting on in November, that are synthetic identities, that's got voting rights, more even 10 million, that will swing the vote to any side. So that's the four things where I've seen synthetic identities are moving to. So it's very critical to understand that, that's some of the biggest things, but identity theft of yourself where your identity is stolen, that always gives you the thing to contact your credit bureau to do to stop it and know that it's too late. When you see movement on your credit bureau, there's been movement. It's not you. It's too late; your identity has been compromised. You can't do anything about it. I don't know that you resolve it, but it's still like it's done. That's it. So our solution, what we've created, is basically making your identity worthless to anybody else. Because as soon as you living in the Sahara, you won't steal send because it's worthless. So exactly in this way that we make an identity worthless to somebody else.
Debbie Reynolds 12:02
The way that identity systems work here in the U.S., there's like a hierarchy of identity. So if you have, you know, let's say a, you know, passport, or whatever, you know, a passport, or government I.D., that's sort of a high level of identity. But all these other systems, they sort of, they connect together in a way that if you authenticate yourself, and one, just by doing it in one, it will transfer to others, which is a problem. So just like you're saying, the reason why people can create these synthetic identities is once they get into the system, other systems validate them, they can continue to create more information as if they were a real person. One thing I'd love for you to talk about is the difference between the sort of identity management in terms of people logging in and then what you're talking about, which is very different. So authentication of an individual is different than a kind of typical identity management. So I would love for you to talk about the difference between those two,
Dawid Jacobs 13:11
I think I'll start with the thing that they all call identity and access management. So you've got an identity and access management, which was created many years ago. But it's actually identity management and access management are two very different fields. Because in the privacy and in the legislative part, when you go to a place, say a bank, and they want to take down your credentials, to allow you to go into the bank, let's access management. But when I've got my identity, and it's going to be protected in a system that bank, not for the access control, but taking my identity and storing its security, and protecting it in the environment, that's more identity management. So that way that differs from each other. In a specific environment, let's say you're working for a big corporate place, you can go into the company, they do have a bit of identity management for the employee, that allows that person to access certain places, but they also protect their identity. So that way, that is a closed environment. But as soon as you leave, they've got to take you off the system, revoke all your access management rights, as well as they've got to delete your personal information because they're not supposed to hold it will keep it I would like to refer to two things. And this is important. You've got the GDPR in Europe, and South Africa's got the POPIA as well. So it's the protection of personal information. And currently, these are the two pieces of legislation, the latest, as the type of acts that you get, that you've got to comply to. In the U.S., the closest that I've seen there is in California and Illinois regarding biometrics in the POPIA and GDPR, which I believe is very much very close to each other, but the eight different types of pillars that you've got to comply to, obviously, one is consent, I can't take a person's identity without consent. Obviously, I've gone work a bit further than what I'm supposed to be. So I cannot take it into my control, let's say, for instance, the shopping mall, I can't share it with somebody else, you can't further process it, you can't hand it to somebody else to do anything with it. Even like these guys, that's doing telemarketing or that I know where to get that that's already playing into the wrong part of the legislation. Also, when the person wants to revoke, you've got to revoke it. So there's a lot of rules regarding those eight specific rules. But I haven't seen it in the U.S. as such. And I believe that it's important that, for instance, the GDPR is being included in the U.S. to protect personal identities. And as you know more about privacy, that also falls into the exact frame. Also, and then for looking at the different scenarios, when I look at identity management, I believe identity is sacred to the person. That's the one thing that allows you to be yourself to present yourself. And to prove you are who you are. The problem is that there's a huge amount of misconception about identity; that identity is just a digital thing. You can create a digital thing of somebody, it's not true, you can't just extract a lot of information from different platforms, and then say this is an identity because of their idea that information could be false. For him, and he depends on, I see it in that way. crime syndicates come into play. So identity management, for us, is linking the single existing real-world human being, that's you and me, to your single digital twin in the cyber world with forensic proof. So you've got to have those two identities, a real-world human being and a digital identity in the cyber world. You can't have 40,000 different digital identities because then you're going to start allowing the crime syndicates to do what they want. And that's the problem. Also, I think that one of the biggest problems that people are accepting a standard and because of the COVID is the selfie driven and contactless solutions. The problem with that is that you can't prove that that person was registered at that place at a certain time. So what we've created on our side is we use the forensic protocol, and inside forensic practical is a very important thing. It's called "The Low Card" principle. What the "The Low Card" principle says is that if you touch something, you remove some of that surface, let's say dust, and you leave something behind your fingerprints. So you've got to be at a specific place and time to actually be acknowledged as a person, or acknowledge that you were there. That's the thing. Now, a photo, no attachments, or contactless has got none of that Low Card principle. That's why we say the important part is to have your fingerprints, iris second, and then obviously facial for quicker verification. But from there, you can go into the contactless areas using your iris, not your face, your iris. Just going on to the face quickly. We've spoken to law enforcement guys. They don't trust facial recognition for the simple reason, people might be drug addicts, or they've been mistreated, the faces do change to match for these systems. Although these things there's fantastic software available. It hasn't been proven in a court of law. And that's the reason. I think that there is nothing of note that we will have working on a forensic level of your identity. So we treat your identity as evidence. And that's going back to you. That's Identity Management at the highest level. There are more identity solutions, and access management is totally something different.
Debbie Reynolds 19:14
So you touched on something I would love to talk about. And that's facial recognition. So, to me, when someone asked me earlier this year was back in January, what I thought would be like one of the biggest issues in privacy, I thought, was going to be facial recognition. So that, you know, that was before COVID. It was before some of the racial and social unrest we see. And that's before a lot of these moratoriums that have happened, you know, between facial recognition the use of it by law enforcement because it isn't, isn't is not as accurate as it should be. And for me, as a person of color concerns me a lot that there's such a high error rate with people of color. So would I love your thoughts on this facial recognition around the world are obviously being used more, even though, you know from you know, you and I come from like an evidence background. So, you know, we know that for it to be used as evidence has to be authenticated in a certain way. And I feel like this facial recognition software's, you know, they promise something that they really are not delivering. And that can be a problem for individuals if they have to disprove something that a computer said that they are or whatever. What were your thoughts?
Dawid Jacobs 20:33
For me, facial recognition, you just spoke about the important part with the bias or the, it's the way that it was written, who wrote it? Because it's, and everybody's going on about A.I., And when you write something, you can't be zero bias, you can't. There's always going to be something that you're going to be biased about. And I know about the systems with people of color. In Africa, that's even a bigger problem, you know, obviously read about it. The accuracy is not where it's supposed to be. And it can be manipulated on different levels. There's a movie Criminal by Kevin Costner at a certain stage, they're looking for him, and somebody just places, manipulates the system by placing his face onto one of the people in the environment. And I picked it up, and then they found the guy, but it's not him because it was manipulated. So facial recognition for me, it's got no value for me anyway, to prove who a person is. Like I explained previously if you haven't got that link, it's moving forward at a great pace. But for every one person working on facial recognition software, you've got about 200 guys working on deep fakes. So you've got the guys moving with facial technology, and these deep fake guys are way ahead. So they try to catch up, and you can't. It's too late. It's technology. It is moving too fast to solve that problem. Also, and I'll get back to the selfie solutions. I had a discussion with one of the people that actually provide it. And my question was, how do you know, that's a real-world human being so that they come to me, but they take the fact that you take your photo of yourself and you link it to your driver's license, or your, it is in whatever, you have a photo of that. And then it's matched against each other. And the face is obviously being treated or captured using technology that inside his real liveness detection, which is linked, so I said you if you look at a 20,000, the fake identities were driver's licenses were found in the U.S. just recently, how many of them went through? So you can obviously just take a photo, match it to one of those that you bought, you can have 20,000 identities registered on it. And the facial system, you can have the same photo of you with another one of you said duplicates in the system triplicates. And it continues because I don't look into that if that is just the one face that was onboarded. And that's a difference between fingerprints and facial fingerprints. And you can only have one set of fingerprints. Nobody else in the world is that on the planet. And that's just the fact for me personally. I've been working with it for a very long time. So bottom line, facial recognition. No, no, not at all. Use it for quick verification if this is the person.
Debbie Reynolds 23:31
Yeah. And I'm glad you brought up deep fakes. I was talking to someone about this yesterday, where it's so far ahead and the law so far behind, they don't really know how to treat it like is it a criminal issue? Is it a copyright issue? Is it a libel issue? It's all the above, like, do you own your image? Does the photographer own your image? You know, how much harm or how much damage, you know, some courts, they actually have to see some harm of the person not just like emotional distress or whatever. So I think it's a really big issue. But one thing that you talked about that I would love to talk about this is about privacy legislation where someone wants data about them removed or something. So a lot of these a lot of companies try to create their own identity systems in some way so that they can authenticate the person is who they say that they are before they give them information. And from what I see, it's all over the map. So there isn't any, you know, one way that people are doing this, so you gave an example where they have someone take a selfie of themselves with their I.D. as an example. The reason why this is important is that if the company were to give information over to someone who isn't who they say that they are and that would be considered like a breached right, data breach for some type of mistake that they made. And I feel like this is a very immature market, you know, around the world, I think just companies are doing the best that they can try to authenticate people. You know, but there's obviously a high risk in that. So I would love your thoughts on that.
Dawid Jacobs 25:19
Yeah. Think about it. This with the GDPR. And POPIA coming into play, it actually applies to focus on a company, are you treating your personal information of clients, of your employees and all that, so it's coming under scrutiny. And that's been asked in every way. Because remember, if you're looking at, let's say, a clothing shop. Their focus is to sell clothes. That's the most important thing for them not to predict the identities it is that it's not, it's not under the top 10 things that are important. So they've got no real system about it or using it with all the compliance that's required. And obviously, prediction lies. So in my opinion, that is where the problem starts, you focus on what you do best, the actual, that's the thing that makes you money, not identities, later, a third party with all the legislation, all the compliance, and the knowledge how to treat identity, at the optimum level, do that for you remove that burden. And I can promise you that will immediately up your profits because you're going to stop thinking about that 1% or 10% potential problems. And you're going to focus on your work and your productive lives. Let them worry about that. But then choose one that's not marketing myself, but then choose one of those, we stop on a boat coming from whatever country in America, take a selfie, suddenly you're a U.S. citizen. Don't trust that nonsense. So that's important. Yeah, I agree with you that the privacy and everything that you need to do in your company is not up to the standard the third party can provide. Let's say another company that specializes in it does even in privacy; you don't know the privacy rules of you selling clothes. If the professionals like Debbie knows what it is that's researched, utilize her optimally, and your company will benefit.
Debbie Reynolds 27:25
Absolutely. That's so true. I think that's true for many different businesses that are dealing with this thing. I would love for you to explain self-sovereign identity or digital twins. These are terms that get thrown out, and sometimes people don't fully understand that you are to me. You know, if someone asked me about that, I always say you have talked to the Dawid. It's like, he's the best in the world that I know, in this area. So I would love for you to explain what those two terms are.
Dawid Jacobs 27:56
Okay, so if you're looking at the digital twin, as I explained earlier, you can only have one digital twin for the single-digit single existing real-world human being. Because as soon as you've got more of those digitals, it means you, there's some flaw in the system. There's duplication, one, and there's potential for synthetic identities, which I mentioned earlier. So in the self-sovereign identity, that everybody is trying to go into the blockchain and all that, I'm not as screwed up as the guys who made it or makes these creates these platforms. But I can see where it's going. And one of the biggest problems with it is obviously duplication and synthetic identities. The concept of self-sovereign identity means you own your identity, and you own everything that's linked to it. So, for instance, your monthly payments to your house, your water and all that type of things that you have in the U.S. and every other country to car loan and all that it's under your ownership and you can provide it to somebody else. All that self-sovereign identity, I think one of the biggest things that need to be discussed again is the credit bureaus because they are currently having your identity in the protection management area. And they are collecting information towards that identity, which could be true or false. I don't know what's the exact amount or quantities of true or false, and if it is actually related to you, not even false, it's totally someone else. So the credit bureaus sell this information or this information to institutions. One thing they that you provide them with physical consent, to one collect your information and two, sell it On self-sovereign identity platforms, you own that information, and it can be traced to where the call information was created. And it the certified as being the right information. For instance, you need to look at something about your bank loan, you provide your identity, and you can provide the bank loan account to the person or to an institution, and they pay for it pay you for it. You don't have to get credit bureaus involved in it. Think that way. If you do the self-sovereign identity correctly, where you then have one self-sovereign identity for one human being on Earth, it will work. It will work very well. And then everything that you've done, or bought, or whatever however it works, is linked to your identity and can present it as you. Problem with sovereign identity, how many sorts of synthetic identities, fake identities, and applications on the platforms,
Debbie Reynolds 30:43
Right. I think that's a huge problem that we have here. Especially these, you know, credit bureaus, the burden of accuracy is really on an individual. So if it's incorrect in some way, or information was, you know, like I said, you had identity theft, or whatever, it's really incumbent on the person to try to disprove those things, which becomes really, really difficult. So being able to have a system where you can validate, you know, this is kind of true, and it helps the person manage their identity, I think, is really important. So, I think that we're moving from a situation where what I call the rise of the individual, so, so much more of identity has to be linked to the individual. And then, right now, we don't really have as much control of our individual data as we should have. So I think, in my mind, it has to switch to a situation where an individual holds their identity and their information, almost like a bank, they give it to other people, as opposed to having companies create identities for them that they're trying to validate. What are your thoughts about that?
Dawid Jacobs 31:59
I agree with every word you said there because that is actually where you want to go with self-sovereign identity. You want to have a wallet on your device that only you can open up not using those gimmicks on the phones, that's really gimmicks, there's a fingerprint scanner, that's absolute crap, I don't even think about using that. So you've got to have your self-sovereign identity, and all your let's put it this way, self-sovereign information, this is your bank accounts and all that in that wallet. And you must be able to, and this is why a lot of the platforms are already ready for this. It's the perfect solution. But going back now, I'm just going to talk about COVID. And this is a lot of companies that we're saying we do self-sovereign identity on the blockchain one by one as they do the stress and tracking of the scope of information, two, and three, they basically then sell that on. So the things there's a problem with this, and it's a mushrooming problem. Because every week level, you're getting these companies that you can self-register on a take a selfie link to some other core document, and then you're on the system. I can't prove if it's you. They've got no privacy regulation on it. And that's a big problem. And another thing that they've got no knowledge, but what an identity is, what level of importance it is to the individual because this is the only thing that you when you're born to when you die you have. That's nothing; everything else is just extra. So that is, they don't know, understand that data implemented into these systems. And now they're taking that and putting it on a self-sovereign identity platform. So now you've got 50,000 different companies, all saying I can give you a self-sovereign identity, and then it's going on to the onto the blockchain. What's the value of that blockchain platform going to be in five to 10 years from now? If you've got 7 to 8 billion people on Earth, that you've got 40, 50, 60 billion self-sovereign identities, this means that it's fallible, it's not going to work. Before it starts working, it's going to fail. So that's why I'm going back to you've got to have the single existing real-world human being linked to their single digital twin in the cyber world. And from there, you can generate one self-sovereign identity, and from the self-sovereign identity, you've got to be able to trace back to that one human being, if you can't do that or the company is providing the facilities on doing that. Don't even go any further with them.
Debbie Reynolds 32:17
Excellent, or we're ending our time. But I would like to ask you a final question. And that is if it were up to you in terms of regulation around the world, with data privacy, what will be the one thing you wish that would happen?
Dawid Jacobs 34:57
Oh, yeah, that's a difficult one. I would say that the GDPR and POPIA actually be compliant globally because I think that is the most important thing. We give your information to the institution, and they have to protect it. And they can only utilize it for this specific thing. They can't sell it. I think if you've got the GDPR, and POPIA act, compliant with GDPR, for that matter, globally, you're gonna at least solve about 80% of the problems. And another thing that's very important, you've got to make sure that synthetic identities are nullified—prior to that getting them getting onto your platform. Because if you find one synthetic identity on your system, it could be thousands, and trust me, they are not there to defraud the individual. They are there to defraud the institution, the bank, whatever.
Debbie Reynolds 35:51
Excellent, that's really great. Well, I love for you to tell people how they can get in contact with you.
Dawid Jacobs 35:56
To contact me is easy. You can contact me at https://www.dal-global.co.za/Pages/desktop/home/ or https://www.linkedin.com/in/dawid-jacobs-61a18b1a/. That's wonderful. So well, thank you so much. Today I'm so happy, you know, I only get up really early put on makeup for people like you so thank you so much seeing it is really good to see you.
Debbie Reynolds 36:34
It's fantastic to see, and thank you so much. I think this is gonna be really important for people to hear and understand. So thank you again. I really appreciate it.
Dawid Jacobs 36:44
Thanks, Debbie.
Debbie Reynolds 36:45
You're welcome.