Tag: Social Media

Posted on

Why LinkedIn Should Rethink Outsourced Identity Verification

Deep Dive Podcasts discuss this article:

LinkedIn and the Perils of Outsourcing Identity Verification: A Strategic Misstep

LinkedIn, a platform fundamentally designed for professional networking, has thrived by enabling users to build and present their identities in a business-oriented context. The foundation of its value proposition is the ability to verify one’s professional and personal identity through content such as a profile picture, education history, employment details, endorsements, and contributions to the platform. This user-generated content has long served as a form of self-authentication, allowing members to establish credibility within a community of peers.

However, LinkedIn’s recent move to outsource identity verification to a third-party service, Persona, represents a misalignment with its core mission. This decision not only risks undermining user trust but also threatens the essence of LinkedIn’s business model by relinquishing control over a crucial aspect of identity management. The choice to partner with an unfamiliar and unresponsive third-party provider is akin to LinkedIn “shooting itself in the foot,” as it jeopardises the very purpose for which people use the platform.

The Role of User-Generated Content in Establishing Identity

LinkedIn’s success has been built on the premise that professional identity is validated through the content users provide. A person’s photo, educational background, work history, and activity on the platform cumulatively establish their reputation and credibility. The more active a user is, the more established their identity becomes, as peers can endorse skills, comment on achievements, and interact with the user’s content. This organic form of validation is powerful because it relies on community recognition rather than bureaucratic checks.

The addition of a third-party verification layer appears redundant, as LinkedIn’s inherent features already serve to distinguish authentic profiles from fraudulent ones. Members have long relied on these features to discern the credibility of others, supported by LinkedIn’s existing measures to flag suspicious accounts. Introducing an external verification process that requires sensitive information, such as passport details and biometric data, diverges from this community-driven model, adding a layer of complexity and potential risk that is not aligned with the platform’s ethos.

Outsourcing Identity Verification: A Misaligned Strategy

By opting to use Persona, LinkedIn has effectively outsourced the core aspect of identity validation to a company that most users have never heard of and have no reason to trust. The outsourcing decision raises several issues:

  1. Loss of Control Over Identity Management: When LinkedIn allows a third-party company to handle the verification process, it cedes control over an essential component of its platform—user identity. Trust in LinkedIn is based on the platform’s own standards and processes, which users perceive as part of its service offering. Introducing an unknown entity as the gatekeeper of verification dilutes LinkedIn’s role and could weaken the trust that underpins its brand.
  2. Delegating to an Unresponsive Provider: Persona’s reported lack of responsiveness to user queries exacerbates concerns. In a case where sensitive personal information is at stake, users expect quick and clear communication. The fact that some users have received only generic responses to inquiries about data handling reflects poorly not just on Persona but also on LinkedIn, which chose this provider as a partner. By delegating such a critical aspect of user interaction to a company that fails to meet customer service expectations, LinkedIn risks harming its reputation.
  3. Increased Data Privacy Risks: Users are understandably wary of sharing sensitive documents like passports or biometric data with third parties. When LinkedIn asks users to provide such information to a service like Persona, it not only increases the potential attack surface for data breaches but also places the burden of privacy protection on a company outside LinkedIn’s direct control. This is problematic, as LinkedIn’s users are accustomed to trusting LinkedIn itself—not an external vendor—to keep their data safe.
  4. Undermining the Platform’s Core Value Proposition: LinkedIn’s main selling point is that it enables people to network professionally and establish their credibility. This is achieved through the profiles users build, the content they share, and the connections they cultivate. By turning to an external party for verification, LinkedIn is in effect communicating to users that the traditional means of establishing a credible identity on the platform are insufficient. This undermines the platform’s core value, as it diminishes the importance of the user’s own contributions to their profile.

The Irony of Outsourcing Identity Verification on a Platform Built for Identity

LinkedIn’s very nature as a professional network revolves around identity construction and verification through content. The essence of what makes LinkedIn valuable is the fact that identity is established organically by the user and then validated by the network itself. For a company whose value is largely derived from the user-generated content that forms these identities, the choice to outsource verification to Persona is not only ironic but counterproductive. It suggests that LinkedIn itself does not trust the organic processes that have underpinned its platform since its inception.

The timing is also concerning, given that we live in an era where data privacy and control over personal information are at the forefront of public discourse. With the introduction of this outsourced verification, LinkedIn is effectively asking its users to trust not one but two organisations with their personal data. Given Persona’s apparent lack of responsiveness and ambiguity regarding data sharing, users may rightfully question why LinkedIn would compromise on its own ability to manage identity verification directly.

A Strategic Reassessment Is Needed

LinkedIn’s decision to outsource identity verification reflects a shift towards a more bureaucratic model of identity assurance that contradicts the platform’s original purpose. To restore user trust and realign with its core mission, LinkedIn should consider several alternative strategies:

  • Enhance Existing Verification Features: Instead of relying on third-party vendors, LinkedIn could develop its own enhanced verification features. This could involve additional checks based on user activity, professional endorsements, or connections, all of which stay within the framework of LinkedIn’s ecosystem.
  • Improve User Education on Security Measures: Rather than introducing a third-party identity verification process, LinkedIn could focus on educating users about best practices for securing their accounts and avoiding scams. Providing resources to help users identify genuine profiles would empower the community to self-regulate.
  • Transparent Data Handling Practices: If LinkedIn insists on using third-party services, it should at least ensure that its partners have transparent data handling practices and are responsive to user concerns. Publicly clarifying the terms of data use, storage, and deletion can go a long way toward building trust.

By outsourcing a key aspect of identity management to an unresponsive and unknown entity, LinkedIn risks undermining the very foundations upon which its business is built. The platform’s strength lies in enabling users to establish their identities through the content they provide, and this user-driven model should stay at the heart of its identity verification processes.

Here’s a list of relevant documents and resources that pertain to LinkedIn’s identity verification process, Persona’s terms, and related privacy considerations:

References:

Debra Samuel, Linked In member and IT Professional, reports on Linked In verification. LinkedIn Verify Identity – to Use or Not to Use?

LinkedIn User Agreement (Terms of Service)

This document outlines the general terms and conditions of using LinkedIn.
LinkedIn User Agreement

LinkedIn Privacy Policy

Covers how LinkedIn collects, uses, and protects personal data.
LinkedIn Privacy Policy

LinkedIn Help Page: Identity Verification

Describes the identity verification process and the role of third-party partners like Persona.
LinkedIn Identity Verification Help Page

LinkedIn Cookie Policy

Provides information on how LinkedIn uses cookies, which is relevant for tracking data linked to verification processes.
LinkedIn Cookie Policy

Persona Resources:

Persona Privacy Policy

Details how Persona collects, uses, stores, and deletes personal data. It is crucial to understand the company’s data handling practices, especially for identity verification purposes.
Persona Privacy Policy

Persona Terms of Service

Outlines the terms under which Persona operates, including data usage and liability. Understanding these terms can shed light on Persona’s responsibilities in data handling.
Persona Terms of Service

Data Request Information: “Do Not Sell or Share My Personal Information

This page provides extra context about opting out of data selling or sharing, which is relevant to user concerns about data privacy.
Do Not Sell or Share My Personal Information

General Data Protection and Privacy References:

UK General Data Protection Regulation (UK GDPR)

Since LinkedIn operates in the UK, it must follow UK GDPR requirements for data protection and user consent.
UK GDPR Overview

National Cyber Security Centre (NCSC) Guidance on Identity Verification

Offers insights on best practices for identity verification in the UK, which are relevant when assessing LinkedIn’s approach.
NCSC Identity Verification Guidance