Q&A: The potential of decentralized digital ID in travel

Nick Price has spent much of his career designing and implementing technology solutions and strategies for hotels. He was CIO and CTO of Mandarin Oriental Hotel Group for 12 years and then founded NetSys Technology, focused on digital enablement of hospitality brands. 

Since February he has also been the informal chair of the Hospitality and Travel Special Interest Group (SIG), a subset within the Decentralized Identity Foundation, an organization creating technical specifications and reference implementations for decentralized identity and working with industries for commercial applications of such technologies. 

The Hospitality and Travel SIG meets weekly online – representatives of more than 35 companies globally regularly participate – to advance the adoption of self-sovereign identity and its associated blockchain-based decentralized technology. 

PhocusWire spoke with Price to get an understanding of the potential for this technology to impact the travel industry – an impact he describes as “profound” and “once-in-a-generation disruptive.” The conversation has been edited for brevity.

Let’s start with the basics. What is self-sovereign identity?

Self-sovereign identity very simply is self-ownership over your identity and the identifiers associated with that identity. If you don't have ownership over the identifier ... then essentially, the information behind it - the identity - is not effectively owned by you.

An identifier, for example, might be a Gmail address. But you don't own it, so if you use that Gmail address to sign into websites and give them information and then for some reason you stopped using Gmail, that information is unavailable to you. And if for some reason Google decided they did not want you, you would lose that information for good. 

So what we're talking about is a single identifier that you own, that is universally useful, applicable and beneficial to you. And that we believe you will legally own for life. Behind that identifier is your identity - a collection of information that you can use in your digital life.

Can you provide examples that illustrate some of the problems with the way identity works now versus how it could work?

Let’s say you travel between six different hotel companies, and you're a member of their loyalty schemes, and you have six different so-called profiles in each of those companies. If you change a credit card number or you have a new address, or you get divorced or married and you want to change your name, you now have to do that multiple, multiple times. There is fatigue in the effort to do it for sites that have that information that you provided in order for them to be useful one or two times. You don't do it, because there's just simply not the return, is there? It becomes far too complex for you to manage it.

With decentralized digital ID, there is information that only you have access to and can keep updated. It's encrypted by you. You can grant access to certain elements of that information at a very granular level for a particular purpose, for a particular time. And it is generically useful across industries. 

Now let’s just say you make a hotel reservation, as an example. And you might also supply your preferences about wanting a high floor or maybe you’re a vegetarian, and also your credit card information and so on. Then I might make another reservation at exactly the same hotel a month later. With decentralized digital ID, I'm sending them the golden record every single time I make a reservation. 

They don't need a customer database full of toxic customer information that is subject to GDPR and all the other legal scrutiny around the world, because I'm sending them - every single time with a simple reservation - who I am so they can trust the information. 

So all of my personal data resides, in effect, with me, in a digital wallet. If hotels no longer keep any of this in their systems, does this eliminate the risk of data breaches?

Theoretically yes, because why do companies collect this information? Because they want to know who customers are, and they want to be good hosts or suppliers. The problem is the information they are collecting is immediately out-of-date and incomplete and inaccurate and therefore isn’t really trustable.

And yet they have it and they have to protect it and spend money on it. And from everything I have read and believe, hospitality and travel companies are spending more and more money every single year on trying to protect the information they have about their customers. So why would they want to keep that information if they don’t actually need it?

A very good analog example here is 15 years ago if you were doing business online in travel and hospitality, you were storing credit card numbers in a PMS. Airlines were doing same. Much of it was probably in plain text. They hadn’t even thought about cryptographically protecting it. 

Today, because of regulation around PCI [payment card industry], you don’t even store that information anymore. You store tokens to it. Someone else in some online credit card vault is storing that information for you. It was so toxic and the risk of losing it was so high that it was in everybody’s interest to be able to outsource the problem to a competent agency that could manage it. And self-sovereign identity is that competent agency.

In our case there will be multiple places that I can choose to establish that identity. But the identifier I own. And against that and behind that identifier I create the digital information in aggregate that comprises my identity.

A reduced risk of cybersecurity problems is one benefit. How could decentralized digital ID also improve the traveler’s experience, for example in regard to retailing and personalization? 

Everything today is guesswork. You have somebody arriving in your sales channel who you think you might be able to identify. Unless it’s a very specific loyalty member who has gone on your site and put in a loyalty number and your record associated with that individual is accurate – which it probably isn’t - then it’s guesswork.

Take a hotel brand. You are a loyal member of a hotel brand, you’ve booked direct 10 times but on the 11th time you book via an OTA. Then you turn up at the same hotel - you may even know the people there - but they don’t know that you are coming because you have no way of expressing that loyalty ID. You may be allocated the room by the garbage truck.

The important thing to understand is we are not talking solely about decentralized digital identity for people. We are talking about decentralized digital identity being enabled for organizations, for companies and for things. If you just take companies, that enables what we see as a direct, trusted peer-to-peer relationship between a company and an individual. 

We envisage it will be possible for me to use the mechanisms that are being created through decentralized digital ID to essentially shop a set of properly equipped hotel companies to buy a room. I will have a digital agent that will do that shopping for me, but it will have access to the information in my single self-sovereign profile that says what I want for this shopping activity. What will come back from the hotels will be a set of offers. Those offers, we believe, will be generated as cryptographic proofs. I give you an offer, it’s valid for a particular period of time, you can prove this offer came from me and those offers will be stored with the identity of the receiving party.

What it essentially does is it creates a fourth channel to market. Today we have our indirect channels - typically online travel agents in some shape or form. We have a brand website, and I might have invested in a mobile app for that hotel company. This is a fourth channel. Through the mechanisms of decentralized digital ID, there’s potentially a set of APIs that allow interaction ... and allow me to construct a shopping mechanism and the direct peer-to-peer commercial relationship between myself and a supplier.

Direct, continuous communication would be possible. And if you could talk unconstrained to your most loyal customers, what would you say? Would you sell them the same product, one that is largely defined by the third-party channels through which it is sold? Or would you innovate to construct new products better suited to the target market? For example, a flight, a taxi and a meeting room as a combination basket, or a hotel room by the minute – these are not products we can sell through third-party channels today. They don’t fit on the store shelves the OTAs provide. I give these as simple examples. All of these products require different thinking and different technologies in order to be able to merchandise them, to offer them for sale. And one - and probably the most important - is decentralized digital identity that enables peer-to-peer digital commerce. 

That sounds like it could dramatically change distribution? 

It’s very early stage right now, but we definitely see the potential of it. We believe in hospitality and travel that the opportunity for decentralized digital ID technologies will be profound. And they will, to a large extent, be commercial opportunities.

So it won’t be limited to what you see today, where decentralized digital IDs are used around things called verifiable credentials – a health travel pass with a QR code on your phone as a simple example. We believe it will go significantly beyond that. 

Now I don’t believe at all that this, out of the gate, will be used for all customers. But it doesn’t need to be. What it will be most beneficial for out of the gate is to be used for the most frequent and loyal customers. What company would not want to have accurate information provided at each point of interaction with their most frequent and loyal customers?

How does this change the role of intermediaries?

Why do OTAs exist? They exist because they provide a valid service - they provide reach and eyeballs into a very large online community. They represent a product to that community, and they also provide identity when I log in. What we are saying is that in a digital world, if I actually have my own identity and in the API economy I have means of a direct, peer-to-peer interaction with anyone in the travel world, and I can represent myself effectively and the supplier can represent themselves to me, then clearly I don’t need an OTA to do that representation. I don’t need it to discover the products they have, I don’t need it to receive the offers from them, the supplier doesn’t need the intermediary to receive the information I want to send them, and neither do we need the intermediary to establish the transaction.

Now to do all of those things we are talking a good number of years away here. We are engaged in early stage core technology development. This is not going to roll off the production line of a big tech company next year. 

But what I am describing to you, I would be very surprised if we were talking about this in six to seven years’ time if this wasn’t a very, very viable, commonly used commercial interaction model between parties. It won’t be used for everybody. But there is tremendous opportunity for those individuals who know the brands they want to shop to shop at scale with this peer-to-peer model. Because it's beneficial to both sides. We are passing accurate information with every interaction. The accuracy can be trusted, it’s cumulative and therefore the finesse to which the offer can be made is significantly more fine-tuned.

What work is currently happening to make this a reality?

In certain countries a good amount of this onboarding and on-ramp of citizens to this self-sovereign digital identity will actually be encouraged and enabled by government, because they see a tremendous benefit to this for them. One, it enables a digital interaction with governmental central services.... secondly it kickstarts or enables a second generation of a digital economy.

Back in June the European Commission outlined plans for all of the 450 million citizens of the EU to have their own digital ID, which will be a per country digital ID that will conform to standards set by the EU and those standards will at their core enable SSI, and it will be built on decentralized ID technologies.

If you go to Germany, there are today 120 hotels across three hotel brands that are running a large-scale proof of concept pilot through a government-funded project to use SSI decentralized digital ID to allow employees of four very large German corporations to check in to those hotels. You set up your identity in an identity wallet, you receive a digital ID, you use that digital ID to check in to your hotel. The ID you have that is digitally represented and presented by your phone in this case is the ID that is sufficient in order for you to be recognized.

The reason this use case was set up in this way was, two things. One is there is a real business problem of hotels being able to understand that the person arriving is on business and an employee of a particular company. And second, the reason this proof of concept was constructed in this way was the onboarding ... it’s much easier to talk to four large corporations who could then go to their employees and say download this app, which is an identity wallet, put your information in and use that when you go to these hotels. It was a way to get a sufficient community of users to prove the case.

Then the IATA Travel Pass is one of the very first products of its type that is representative of how things could be. That product is based firmly on decentralized digital ID from Evernym. There is no limit of what you could put in that wallet, it just happens to be used for the health and flight credentials for international travel. But it’s very easy to imagine you could do a lot more with it - how about the taxi and in the hotel and on to the restaurant? You could easily extend this technology in this way.

That’s our ambition - to highlight these opportunities and to build out the use cases to promote that you can do so much more with these technologies.  

What is your outlook for the potential for decentralized digital ID solutions to become reality at large scale and to be used in travel?

I am very optimistic that this is going to work. Rarely do you see such widespread government support for early stage technology development. There is very significant government support worldwide for this. This support - it’s organizational, it’s encouraging, it’s also financial - putting real money and in certain cases legislation behind the opportunity. In the German case, two laws had to be changed and rewritten in order for that digital ID to be accepted – and it happened. 

In hospitality and travel, I am very hopeful. I honestly do not see a world where every interaction is done this way for every traveler. That’s a long way away. But what I do see is that starting with the best customers, the customers that you as a business want to have a deep, engaged, continuous dialogue with – you want to know them, they want to know you, they are brand advocates, they are your favorite customers – obviously if you can find a better route to engage with that customer, one where there is a free and transparent flow of trusted information that allows both parties to get the best out of this commercial relationship, then you are going to take it. And that’s exactly what this technology offers. 

This is a once-in-a-generation disruptive technology. We live through continuous technology change and innovation, but the things that really cause us to change track ... there aren’t many of those.

The next one I firmly believe is the decentralized digital ID, the fundamental decentralized technology that allows that ID to exist and the opportunity for peer-to-peer interaction that is based on trusted digital identities of two or more parties.