#315 - Authenticate 2024 - Data Privacy & Accessibility with Tina Srivastava

Who has to do something to fix? Or is it just got to be an industry effort? Well, I can tell you for sure that we can't just rely on big tech and assume that these problems will get solved. We have to keep raising our voices. We have to keep having innovative startups that look at things differently and raise,

raise these issues. And we have to keep bringing them forward in these conversations like the one we're having right now, so that people understand the importance of this and, and frankly that the people that are developing being these solutions come from that same inclusive, diverse background as the people using them. So in this battle for privacy and identity, are we losing? Is the user losing? Are we winning?

Is it a tie? Like, where are we at and how do we, how do we address this battle? Well, on one statistic on breaches, it looks like we're losing. It looks like they're ever increasing like the data pandemic. On the other hand, I think we finally have reached the point that there are now technologies that are privacy preserving that are actually able to deliver the user experience that we demand along with the security and privacy. So it doesn't have to be a trade off.

We can actually win on on all of those fronts. This is identity at the center if it has anything to do with IAM. This is the go to podcast now your hosts Jim McDonald and Jeff Stedman. Welcome to the Identity of the Center podcast. I'm Jeff, and that's Jim. Hey, Jim. Hey, Jeff, how are you? Oh. Not so bad yourself. You haven't been cracking up either. Before we hit record, you're like, are you gonna sit like? That, yeah, Is that, Is that your real face? Is that what you want to throw

on camera? Today, are you OK? Are you gonna breathe the whole show? Look, I had somebody come up to me yesterday, it was very nice that commented on the quality of our audio on our video. And that's my job here is to make everyone look and sound as good as possible. And I try to be perfect, full of my guy. Well, you can't help it. I'm going to say what I'm going to say. Yeah, you're going to say what you're going. To say you can't make that all sound good.

You got to come closer with a microphone though, so other people can hear you. Yeah, this big crowd that we've drawn in, right? Exactly, we're here at

Authenticate 2024 conveniently located next to one of the food buffet things. So if you hear dishes and things like that, we're also providing entertainment for people who are scooping up chicken and or fish or whatever is over there. So yeah, we're live I. Mean, hey, we're here in San Diego. It's golf country. They've got a beautiful golf course here on site. I'm dressed for the occasion and but it's baseball season, so I was on the phone today. So this episode goes live

November 4th. We'll have a world champion in the Major League Baseball. But as of today, we're two games into it's the American League Championship Series. The Yankees are up to nothing. It's on a call today with a bunch of folks from Cleveland, and they're not too happy at the moment. And oh, the Yankees are up on Cleveland too. Nothing. OK. You said a lot of baseball stuff and I just tuned out because I don't, I don't care about baseball. That's not your thing.

Yeah, never talk about the Bears, totally different story. I would totally be talking about NFL Caleb Williams, but that's. Football. That's a different podcast. Exactly. So yeah, we're here to authenticate 2024. Today's the last day for us. It's Wednesday, October 15th. This will go out in a couple weeks and I've enjoyed myself. It's been a great conference. We had kind of like the party last night.

There was food, there was karaoke, there was a whole bunch of stuff going on. It was good times. It's like the identity of the Center podcast, education and entertainment. It's edutainment. Exactly. Yeah, What's next for us is we've got Gartner coming up, so that will be in December and we've got a discount code for that. So if you use the code IDAC 375, guess how much money you get off? 250. Bucks, you are wrong, $375 off of your registration. I know it's a very convenient code.

I have not yet put that on our website. I have to do that. It's on my To Do List, but we'll have a link in our show notes as well. So IDAC 375, you and I are going to be there doing something on stage, use case, whatever that means. We hope to see people there. Definitely want to give a shout out to RSM as well for funding us to get out here.

That's our day job. A lot of people don't realize that we actually do identity consulting during the day, and the podcast is something at night that is totally separate, but they're very supportive of what we do, including sending us to things like. This Yeah, I mean, we've been doing conference coverage for like 2 1/2 years now.

It's very expensive. We get to go to the conferences for for 8:00 because we're providing media coverage, but there's a lot of travel and I had breakfast this morning and it was like 40 bucks after tips so. Well, like, you should have just gotten breakfast here, I guess. OK, Daniel, if you didn't hear that. Daniel Ghazi, Whoever's approving. Special seat in here. Jump on calls to 630 maybe? That's true. OK, All right.

Why don't we get to our main topic? Because this conversation is something that actually started a year ago. I sat next to this individual at one of the tables outside when the food trucks were out and she started to tell me about her deal. And we'll let her get into it in a second. But I'm very excited that it's only taken a year for us to get Tina Srivasta, who's the Co founder of Badge, back on the show. Or I should say, on to the show.

So welcome to the show, Tina. So glad to be here. Thanks so much, Jeff. It's taken a while, but we're here now. I want to get into a little bit of your background here, and that's the first thing we always start with, is how did you get into the world of identity? Is it something that you chose or did it choose you? It shows me as we found is something common among many

identity rofessionals. So my background of all things in in aerospace engineering and we talked about how I'm a pilot and I instruct in aerodynamics at MIT. And after my doctorate, I went on to Raytheon where I was building large electronic warfare systems. So I was the chief engineer of our precision strike and attack systems. Great experience, focused very much on national security and defense.

Noticed some vulnerabilities in how we transferred waveforms out to our sensor systems and founded a previous cybersecurity company to solve that problem. It was a great experience. We built the company from scratch, grew it ultimately sold to a public company, one of the leaders in Network Assurance. And along the way we had customers in the public and private sector. So US Strategic Command, Army, Air Force, these were some of our customers.

And that meant that I had a security clearance and that meant that my fingerprints, these fingerprints were stored in the Office of Personnel Management OPM database. And I got that notification in 2015 along with millions of others that my data had been compromised. And it was this eye opening moment that how do I prove that I'm Tina without giving up what I used to prove who I am. There's got to be a better way. And being a cryptography nerd, it allowed me to dig into the math.

We found this 20 year open problem in this field called fuzzy extraction. We made a breakthrough there. That's a field of innovation and we have over 20 issued patents and that's what brought me to identity and to badge. So that's just a common story of Defense Department, you know, Defense and MIT and a whole bunch of stuff. OK, so take me through the translation from that, that pivot. So you mentioned the OPM breach and your data was part of that, your fingerprints, I assume, and

other biometrics on there. So you can change your fingerprints. At least not yet. What was it like to get that information from your perspective at that point as someone who was the breechy from a data perspective? Yeah, it was scary, Jeff, and you're absolutely right. I can't reset my fingerprints. It's not like a password. It's something that you know, now is, is a is a permanent breach of my data.

And that it wasn't just me, but it's people with security clearances, which just seems to be not the kind of people whose data you want compromised and, and floating around. And that data is, of course, used to access systems. And So what does that mean for our security posture and the threat landscape that this unlocks? And that's really why I got to think, you know, why do we store these data? It seems like only a matter of time. We keep hearing about breaches.

It's only a matter of time if you store very sensitive data in a database until it gets compromised. There's got to be a better way. You're a Co founder of Badge.

Give us a real brief overview of what Badge is. It is based around identity without secrets. What we figured out how to do is to derive keys from your authentication factors, and these can be any authentication

factors, biometric or otherwise. Our most popular face fingerprint device characteristics, PIN code, whatever factors you want in the time of enrollment, you provide your authentication factors and some kind of an e-mail address or username badge allows you to derive a private key and a public key from that information. And then here's the innovation. We destroy those authentication factors, so no biometrics are stored, no hashed credentials,

and we destroy the private key. So all that's left is that public key. And that means that now on another device, maybe you dropped your first enrollment device in the ocean and it's not available to bootstrap your identity on a new device. You can put in that e-mail address or username, pull down your public key, provide your authentication factors and re derive that private key on the

fly locally on your device. And this is what really unlocks these use cases on account recovery, shared devices, owning your identity on whatever device you go to. And it's been an exciting journey. We just came out of stealth mode in January and we have been approached by some of the largest companies. We've announced partnerships with Okta, Ping Identity, Cisco, Tallis, Cyber, Ark, Radiant Logic, and many of those

companies are here. We just talked about, we can see the booths that authenticate from Cisco and Tallis. They're actually demonstrating our integrations and and showing the blogs that they've put out in the last few weeks. So very exciting. It's a great story to see that happen. And yes, I wish I'd heard of some of those companies that you mentioned. They're just not working on space.

Let's talk a little bit about Authenticate 2024 though, because I think you've had a couple of talks you've done here. Tell me about some of the conversations that you've had here at the conference. It's been a great experience being here. We presented yesterday with Bill Wright, former Executive Director of USAA Bank and Fido board member and the the wealth of experience he brings has been fantastic.

We discussed specifically how to deploy passwordless authentication in financial regulated environments. This is very critical. You have to be compliant with these privacy regulations. You have to be able to adhere, adhere to the strictest standards and we talked through that guidance how you can achieve that and some of the specific use cases that badge is addressing in the space.

Hey, Tina, I think that what Jeff said about, you know, being kind of a different archetype coming into the security space, I love the perspective that you bring. I love kind of this kind of technical edge, obviously that's within the space, but love the the approach what I wanted to

ask about. So you've also been invited to brief the, what is it the, the US Congressional AI Committee or I'm sorry, the AI Caucus on AI and privacy and wanted to get a little bit more on that. Of course, Jim, yes, it was a huge honor to receive that recognition of badges impact on privacy and what it can mean for national security. When we talked about the advancing threats of AI, of generative AI and what does that mean for people?

Well, in one example, it means that you can have much more sophisticated phishing attacks. So we've talked about phishing, phishing emails, the emails that are meant to look like they came from somebody that you know or somebody that you trust to coerce a user into clicking on a link. These types of emails are, you know, used to be easy to flag. They had a lot of typos or the English didn't quite make sense. Now with AI, they're very sophisticated.

They can be very effective. I kind of miss the Nigerian Princess though. I mean, I was really hoping one of those would pay off for me. So nostalgic. Yeah, exactly. And so, so people that feel like, hey, I'm very good at detecting these, I don't get trapped with these. They're finding more and more that they are in fact getting getting stumped by these. And so one of the things that's really critical is to have phishing resistant authentication.

That was one of the things we were recognized for at RSA with the Global Infosec Award and being phishing resistant MFA, but also on the recovery side. So on account recovery, this is a a critical issue. It was something that I presented on at Authenticate this week was when you think about The MGM casino hack, you know what happened there? Well, they took advantage of the account recovery scheme, pretending to be an employee and gained access to the system and

perpetrated a ransomware attack. And so this is, this is really critical because when your authentication is bound to a phone, for instance, if you lose that phone, then how do you authenticate? Well, you can't. So you fall back to account recovery. You call in, oh, you know, I lost my device, I forgot my password. You have to let me back in. Unfortunately, a lot of the account recovery is the weakest

link in the identity system. The account recovery social engineering, what you brought up with the phishing emails. I actually, as an example of the reverse, I got a e-mail from my insurance company saying click this link. Like, no way am I falling for that. You know, I know better. Then I get a text message from them and a chain of text messages that I've talked to the insurance company. So that's legit.

But they almost have to design their emails now so that, you know, the US, the, the folks like us who are smart enough to avoid spam, don't think their emails are spam. I wanted to go back to this congressional committee again and kind of I, you know, Congress isn't thought of as the most technically savvy votes. So how do you take what you're presenting to them on and turn it into real world recommendations that they can do something about?

Yeah, great question, Jim. And it was really great and refreshing to see this bipartisan caucus talking about this issue and the importance of privacy and what can we put in place today. One of the main reasons that we were invited to this talk is that the need is out there to share with the world that, hey, there now exists technology that eliminates the need for central databases of biometrics.

We've seen with the BIPA legislation, the Biometric Information Privacy Act, which started in Illinois, but now we have dozens of other states with similar modeled legislation pending, that the storage of biometric data is quite prevalent. And when you think about the companies that are storing this data, it's somewhat surprising,

right? BNSF, Railroad, White Castle, you know, why does White Castle burgers need that Rite Aid, All of the types of companies that are storing this biometric data and you ask, you know, why are they storing it? Well, in many cases, they're just trying to authenticate their users, authenticate their workforce. And so, you know, people show up to work at different locations. They need to prove it's them and get to work, and having a central database of biometrics is a quick way to do that.

Now. Unfortunately, it's also a very ripe target for attack. Well, with BADGE you can actually convert an existing database of biometrics into public keys, eliminating that threat surface but still allowing users to authenticate on any device. So we get jaded, I think, to the number of attacks that we see coming across the wire. It seems like every week I get 3510 emails. Your data is part of a breach. OK, great. What am I supposed to do about

that? I want to give a, a, a shout out to Kyle, who's sitting here off camera. He came up with this, this, this term of a data pandemic, which I think we're in where, you know, there's all this data that's out there. And it's becoming more and more available through means that they're not supposed to be available. So, you know, maybe the answer to this is simple, but why are data breaches so commonplace

today? And do you think that we've gotten jaded as a society or an an industry that's like, OK, you're not going to go change your fingerprints, right? What? How do we approach that? Yeah, that's a great question. And and I agree that your discussion with Kyle really brought out, you know, it's like a, it feels like a data pandemic that we, we have these conferences year after year about how we can protect these

issues. But what we're actually seeing is the numbers are going up. It's now over 80% of data breaches are due to the theft of identity credentials. So what are we doing as an identity, the industry to really turn the tide? And that 80% I believe is from the Verizon data breach report. And that number has not changed. I mean, I look at it every year and I think since 2018 or 2019, it's been the same pretty consistent 80% of breaches have something to do with a compromise credential.

So what are we supposed to do about that? And the other thing is we're actually making the problem worse by putting more and more data into these databases, such as biometric data, which as you pointed out, Jeff, you, you can't reset and it's in more and more places. You actually can't get into the Disney World theme parks in Florida without scanning your biometrics, having them stored

in a central database. When you go through the airports with clear, you know, that's 20 million users biometrics stored in a central database in New York on a server. And the problem is that we don't have the luxury to redo this in 10 years. We need to get it right now and we need to prevent this type of OPM scale breach from happening to the average American consumers. And we have the tools today to make that possible.

And we need to think critically about what are the tools available and what are what are the protections we actually can offer to consumers today. So, Tina and we live in this world of the digital economy. We really can't be an equal member of society without your identity and this digital world.

So what are some of the challenges in making sure that access to the economy and access to services provided by the government etcetera, as we become higher and higher tech, how do we make sure that that's available to everyone? What are the challenges to that? I love that question, Jim. I think it's really critical. We found that identity is really the way that people access the economy, that access education, access healthcare, access their banking and financial

information. And so you've reached a situation where access to identity needs to be a right and therefore it needs to be inclusive to all people. Sometimes we live in this Silicon Valley bubble and we create these solutions. And when you step back you realize, oh, not only do I need an iPhone, but I need a backup iPhone in order to recover my account if anything happens to my first iPhone. And it's got to be at least an iPhone 15 or something like that.

Yeah. Yeah. It's easy to fall into that trap. Yeah, exactly, Jim. And I think that's the issue is that when you think about the world or even just the United States, that's not a reality for most people. People use shared workstations in library to access things. And when we think about, OK, hey, we're adding security by having an MFA requirement, well, what are we actually doing? We're saying that you actually have to be bound to a physical hardware device. Well, that's not always an

option. The other thing is if that particular phone is the route that allows you to access your information, we have to think about places where not every individual has ownership and control over that device. So one example in particular, Jeff, that we talked about that really means a lot to me and that I wanted to share on the show is, is with women. When you talk about a domestic relationship, in some cases women don't have full autonomy

and control over that device. And if that device is sufficient to access your healthcare data, your banking data, it means that that privacy and that autonomy is not afforded to women in that that domestic relationship all the time. We need to have the ability that when I'm in possession of that device, I can recover my data, access my information, but then as soon as I'm not, no one else with that device can access that

information. And it's becoming more and more critical today as we think about healthcare privacy and the need for people in All in all areas to have that access and inclusivity. And I think that's, you know,

This is why I like doing this podcast and having these conversations because that, that idea of a domestic abuse situation never occurred to me. And that's why I like him in his conversations. Like ever since you've said that, it's been in my mind, I was like, oh, yes, this is something that we as an industry need to figure out how to solve and how to protect folks who are in those types of scenarios.

And it, it can be that it can be, you know, access issues, you know, whatever it may be, the, the availability of being able to have a digital identity in the 1st place. There's still a lot of places that don't have modern cell phones, modern technologies where they're able to take advantage of that. But I think that's, I think that's one of the things that I really appreciate about one,

having met you last year. And then you putting that bug in my ear of like, yeah, I haven't thought about that. And, you know, that's probably me as a male and the role I'm in. I haven't thought about that. And I think that's why we want to have conversations like this, to bring those things up, because I'm sure there are other people that are out there that, yeah, Tina, tell them, you know.

Yeah, I'm really glad about that and I'm glad that it had an impact and I appreciate that because we have to have these conversations. We have to talk about

inclusivity, making sure everyone has access. Another, you know, part of it is accessibility, how to make sure that these technologies are accessible. That's something that at badge we care about deeply in making sure we have that testing and feedback from different

accessibility. You know, a lot of the ways, you know, we're here at authenticate at the Fido conference, there's a requirement that, hey, you have to use AQR code in order to make certain flows work while holding up a camera with AQR code lining it up for people that are visually impaired. It's just a non starter. And we really need to offer optionality to folks that that keep in mind and take into account our full user population are the 8 billion people on the

planet. And we need to make sure everybody has the access to that identity so that they can access the economy and participate fully. You know that that idea of having options, I think is is really the key part there because there's a lot of people CEO well, we just put in pass keys, we're done. And it's like, OK, wait a second. That's just one option that's out there. It's the I'll use a Marvel analogy. It's one of the arrows in Hawkeye's quiver and there's an

arrow for everything. Jim's rolling is his who is Hawkeye now, but there's options that are out there and and it doesn't have to be A1 size all it's, you know, solution for people so. I'm with you on the marble. Marble and Hawkeye, so all. Right. Cool Hawkeye. Not cool. I thought Hawkeye was on. Match Yeah, I'm sure you did that. Just that just highlights the age difference. Here, we're not that far apart.

I'm gonna go with it. So, so Tina, I think this is one of many use cases where you have the, the shared device and this problem could take place. I'm wondering in your mind, whose responsibility is it to take this on? Because it seems to me that, you know, you have the device manufacturer, you have the, the telecom company, you have the applications that require this second factor. Who has to do something to fix it? Or is it just got to be an industry effort?

Well, I can tell you for sure that we can't just rely on big tech and assume that these problems will get solved. We have to keep raising our voices. We have to keep having innovative startups that look at things differently and raise, raise these issues.

And we have to keep bringing them forward in these conversations like the one we're having right now, so that people understand the importance of this and, and frankly that the people that are developing these solutions come from that same inclusive, diverse background as the people using them.

So in this battle for privacy and identity, are we losing? Is the user losing? Are we winning? Is it a tie? Like, where are we at and how do we address this battle? Well, on one statistic on breaches, it looks like we're losing. It looks like they're ever increasing like the data

pandemic. On the other hand, I think we finally have reached the point that there are now technologies that are privacy preserving that are actually able to deliver the user experience that we demand along with the security and privacy. So it doesn't have to be a trade off. We can actually win on on all of those fronts. I feel like it's like a tug of war. It's. It's a title work. Total work. And I also feel like on the privacy front, it's there's there's some buffs going on, right?

If you ever go to your iPhone, you see who's been tracking you or you go to a website now and it says, do you accept these cookies? You almost just reflexively say accept. You want to get past that so you can obviously you went to the website for a reason. Now all of a sudden you've given them permission to track you or Eve said you could say deny and they still may track you. They may have something on the website that's tracking you. So I, I feel like we're losing on the privacy front.

I think we're making gains in the, the breach area. Like I do believe you're right that if you look at the breach statistics, but I also I see the vendors in his vendor hall, how many folks are trying to fight the good fight in that respect? But I just kind of feel like until we have a good regulatory environment around privacy, we're not going to to make progress. Well, I mean, let's let's look

at GDPR, right? I think that was something that really sparked a lot of behavior in EU and then that behavior has started to filter over into the US as well. But I think that was also one of the reasons. Now you have a pop up on every website that says, Hey, we're going to be tracking you. And if you either you're opting in and you're using a service or you're not, you know, it's, I don't know what the right answer is.

I maybe it's regulation, but then the, the counter to that would be OK. Well, what about people who don't care about the regulations anyway? Criminals, they're not, they don't care about regulation. So again, it's another area where we have yet another quiver arrow coming out of the quiver. It's OK. Well, regulation's part of it, but you know, people aren't going to follow the law. So we look at the vendors in this vendor hall that we're in now and say, OK, can they help

us? And maybe it's a layered approach and things like that. It is a layered approach. It is and I agree with you, Jeff, because you know, one of the things that Bill Wright and I talked about at our authenticate talk was about, you know, the regulation in the financial industry in particular and the importance of having compliance solutions on that side.

But broader to your, to your point, Jim, when you feel like, you know, we're using this fight, well, let's think about when we first had the Internet, we had this idea that you can, you know, access whatever you want, talk to whoever you want. It was this beautiful world, but that's not what it's turned out to be. The way you just described it. It's very frustrating. You have to provide all of this data so you can just prove who you are.

You can access your stuff, then you get locked out, then you don't have your phone, then you have to, then you give up on your cart because, you know, it's just wasn't worth the hassle in the 1st place. I think that we're going to a

point where people look back on this age and it it kind of looks like a dark age and that the world is going to be so seamless. You can you can get up out of a swimming pool, walk up to any device you know, access your data securely, walk away from that device and not leave any trace behind. Go up to any system, whether you're in a mall, in a store, in a virtual experience, be able to

prove who you are. And that big question that today is lingering over us. How do I prove who I am without ceding it to some Big Brother or central database? I think that that problem is, is what we're on a mission to solve so that. The big question like who is that Big Brother that we trust? Because I don't think there's one that everybody trusts. I think that there cannot be a Big Brother because I don't think that you'll ever reach a point where you should be able to trust one.

The way out of this has to be you. You are the root of your identity and you don't have to trust anyone. That has to be the way out of it. Not having a Big Brother and yet working in an interoperable community where you can prove who you are to any data, any application, any service, anywhere in the world. To me, that's terrifying.

If you think about the normal user out there, they just click, OK, OK, accept whatever, and they're giving away their data, their privacy rights, whatever, ever the things in exchange for whatever it is they're trying to do. And I get it right. I use Google Maps and I'm fine with that. So they know where I am, or at least they know where my phone is. So I'm trading a little bit of privacy, maybe a lot of privacy, in exchange for being able to know where I'm going to go.

And I don't have to have a AAA triptych printed out in my car. The problem would. Be so say I trust Google to have my information where I am if they start selling it to other parties like, oh, he's near Brooks Brothers now Brooks Brothers says I'm going to start sending you a bunch of advertisements or text messages like that's cringy to me. Cringy, but. Do you click on the ad? Oh yeah. I really wasn't the market for that. Yeah, but I used to kind of.

A safer example, but yeah. You know there could be some. Company that you don't know where that data goes so perks brothers traded it off with click.com now where does that data go who has access to that data and there's a lot of these large. Data brokers that are collecting all this information and that is their entire business model. I don't wanna get too far down into that, but no, I think that's a great. Point and Jim, it's exactly what

you said. You don't know where that data goes and the fact of the matter is if that data is stored, you can't just rely on the promises of a company as to what they're going to do with that. Their incentives will change and if they have the ability to monetize it or they reach a different situation, that'll be what happens. There was recently a Bloomberg article about Worldcoin and it highlighted the the fact that there are these different

incentives. My Co founder, Doctor Charles Herder pointed out that hey, whatever the promises are that they're making today, they may not be able to uphold those promises later. The only way you know as a consumer for sure that those promises are there is if they technically, physically cannot monetize the data. If they don't have the data, they can't monetize it. That's kind of where I was going with it too. It's like. We're really good at giving away

data. We're terrible at taking away data and may not even have the ability to do that. Right. If I give an application or whatever permission to do something, I might uninstall that app three months later, a year later, and I never pulled back those rights. That's right. And that data is still out there. Yeah. Revocation.

Is critical and as consumers we need to demand it because if you don't have revocation, then then you don't have, you don't know where that data went and that's really fundamental for.

Identity, right? We see this a lot in our day jobs is companies are really good at giving access to people, but they're really bad about taking access away when somebody moves, you know, a group or it gets transferred or promoted or whatever it may be. It's very similar to the consumer mindset as well as we're really good at giving away our data in exchange for a service. Not so good about flying that back.

Yeah, I was about to. Say Tina had her slam dunk dropped the mic moment when she said take her own identity with us, control our identity. I do think that's the best answer. I think some of the concerns you're bringing up are completely legitimate, but I also think that's the future, right. So that's maybe where we're heading. Heck, maybe five years. I think that would be very optimistic. Five years down the road, that's where we are. But what about today?

What can consumers do today? And by the way, we're all consumers. Even though we're in the industry, we're still consumers. What can consumers do to start safeguarding their privacy and security today? Jim, I actually think it's. Closer than you realize. And that's what we're excited about.

I mean that's why we're here at Authenticate is that these technologies have actually reached the point where now as a consumer you can demand that privacy, you can demand revocation, you can say no, I don't want 23andMe to have my data and to sell it to the highest bidder. And I think we've reached a point as consumers that we have a voice and we can influence that and there exist

technologies. Again, that was the the point of the the bipartisan AI Caucus, to highlight that there now exists technologies that can make that possible. I kind of snorted because. When he said the 23 Mei yes, reading I was reading that article the other day. I'm like, all right, well, I never did it. And I know that there is strong feelings by the way, I see the benefit for it. But that's a. Awful lot of data to have out there, yeah.

And it's like. It's your health data, essentially, like, oh, you've got a gene that makes you susceptible to this certain illness. And now what? Is that open and sellable to insurance companies? Yeah. And then they raise your rates. Because or an insurance. Data broker that sells it to every insurance company. Like that's yeah, that's not where we want to be. Those are the nightmare scenarios.

I thought you were talking about how we heard a big cheer in the background as Tina started talking. And I was like, yeah, Tina's used to that. She. Always gets cheers whenever she's talking. Why don't we start to wrap

things up because you've been very generous at the time. We've got a keynote that's going to start here in a little bit. I want to talk about some of the activities that have taken place here at Authenticate. Last night was the party. As I mentioned, there was karaoke and to my surprise, I turned around, I was front row and I look and I see there's a bunch of people and they start singing Katy Perry's Firework. And on the end, who do I see but Tina rocking it out there?

Awesome. My hat's off to anybody who is willing to go up in karaoke because this is what I sound like, not singing. Just imagine what it sounds like singing. It is. It does not get any better, folks. So how did you get up there? Did somebody make you do it? Did you go up there of your own accord? Spill the beans. I can't hide my excitement and enthusiasm to sing Katy Perry with my my friends. And, you know, we're all just having a blast.

This identity community has become so close and tighten it and that it's just a it's just a fun time every time we're here together. And and that's the group that I love to hang out with wherever we are, whether it's an identiverse or an authenticate and, you know, getting together and it's not always about, you know, one thing or the other. We may debate stand or we may debate rollouts, but when we get together, ultimately we're all trying to make identity better

for the world. We're all united by that mission. And so we can get together and have fun. And yes, I had quite a few cheers. Thank you very much. So we, I think we all did a great job. And with all my buddies up there, I wasn't alone. But yeah, it was, it was a lot of fun. So is karaoke something? That you've done before. You like to do it. Is this a one time thing? And I only have the video from last night and that's the only copy that exists. You have a video, I have some.

Video I talk about might end up in. This little podcast video. Maybe not. I don't know I'm. Already. Living to regret it. Most of my singing is reserved for the car. Well, if I protect your. Privacy. We're we're good like that. There you go. I'll blur. I'll put a. Blur over it when I first when I. First soloed as a pilot, the first thing I started doing was singing in that cockpit and it

was amazing so I'll. Blur your face and I'll put something like definitely not Tina with an arrow. I'm sure that's totally fine. Truly privacy. Preserving and then your DNA. Sequence. Yeah. Yeah, exactly. There you go, Jim. Are you a? Karaoke guy. I know you are because I've seen you. You've seen me karaoke. Yeah, so, you know, I'll do a country tune or two like some Morgan Wallace from Riley Green. Those are my favorites. I sing a lot in the shower, but not in public.

My partner Denise obviously is a very good singer. I would have loved to have had her come out and sing some heart for Andrew Shikiar. That's crazy on you. Totally missed opportunity. Yeah, you were too busy with the. Yankees. I mean, look, I've. Watched like 120 games during the regular season. What? I'm not going to watch them in locked over. Kind of crazy, but I did what I had to do. Well, I'm not a karaoke. Guy, I like to watch it, but I cannot sing so I don't even bother.

Hey, we'll get you up there. I will I. Will run out of the room. I will toss chairs in front of you so you can't chase me. That's how opposed to getting up there that I would be. Well, you are in front of a mic. Right now, yeah, this thing is I'll do this. This is fine all day, but as soon as the the tune starts to come out like no, nobody wants to hear that. Trust me, we got to hack. The next podcast to put in the music and the background and get you grooving like a groove, you

know? Yeah, we. Actually. Changed our our podcast song beginning of the podcast Doo Doo Doo Doo Doo and we got so many complaints. People loved it. Yeah, they like the Jingle. So we've just. Kept it. So we've kept the yeah. All right, let's get to this. Keynote, we're going to wrap

things up for this week. Tina, thank you so much for joining us. Hope to have you back on the near future. See you probably conferences later this year, Gartner or something like that. You can find us on the web, IDC podcast.com yes, Jim, we have a YouTube channel, yes, idacpodcast.tv. So we're putting videos like this and all of our episodes up there as well. So like and subscribe, do all

the fun things like that. I'll have a link in our show notes to where people connect with Tina and to learn more about Badge Badge Inc inc.com. We'll get you more information about that. And yeah, you can connect with Jim and I and let us know what you think about these episodes. And this is our final episode of Authenticate. So definitely want to thank Fight Alliance, Andrew, Adrian, Megan for bringing us out here and helping coordinate the Family Feud thing was so much fun.

I hope we can do that again at some point in the future. And then again, RSM for funding our travel and getting out here and paying for Jim's $40 breakfast this morning. Yeah, it's wonderful. All right, we'll go ahead and talk with. Everyone else later and see you in the next one you've been listening to. Identity at the Center. We hope you've enjoyed the show. Make sure to like, rate and review, and we'll be back soon. But in the meantime, hit the website at

identity@thecenter.com. See you next time on Identity at the Center.