Naomi Campbell, Larry Fink and I Are On The Same Page
We need digital identity and we need it now.
Dateline: Woking, 11th July 2025.
Now, I am no stranger to the world of international high fashion, as you can see from this picture, so I was fascinated by the story in The Financial Times magazine about supermodels and billionaires (and lawyers). It was one of the most most interesting stories about money and identity that I read for ages, so I cannot resist drawing attention to it and noting the connection between Naomi Campbell and Larry Fink.
Digital Identity And Digital Credentials
The essence of the story is that the famous supermodel Naomi Campbell was introduced to a woman who she thought was a lawyer. Ms. Campbell is quoted as saying “I trusted her, as she was presented to me as a lawyer”. As a matter of fact, the Solicitors Regulation Authority (SRA) said that the woman in question had never been a solicitor in England and Wales, so I assume that Ms. Campbell (just like the rest of us) had never thought to check whether the woman really was a lawyer or not.
(Rather interestingly, the SRA also point out that “the term lawyer is not a protected term” in England, and there is nothing to stop unregulated individuals working in the law from referring to themselves as such.)
The “lawyer” became a trustee of Ms. Campbell’s “Fashion for Relief” charity and managed the charity’s day-to-day operations. She went on to conduct a variety of transactions, which eventually included engaging expensive actual lawyers to act on Ms. Campbell’s behalf. Or, at least, that is what the actual lawyers thought. They had verified Ms. Campbell’s identity by requesting a copy of her passport (which was sent to them) and confirmation of the engagement. This confirmation came in the form of an email, and from then on the lawyers communicated with “Ms. Campbell” via this email address, not noticing that the address that purported to be Ms. Campbell’s personal email address was in fact different from her actual address by a single character.
(Remember that digital signatures have been around for ever, that secure email in the form of both PGP and S/MIME has been around for ever, that my Apple Mail automatically checks digital signatures and that Outlook has had digital signatures for years. Put in a pin in this, we’ll come back to it later.)
Ms Campbell, who is justifiably annoyed about this whole sorry episode because it ended up with the UK Charity Commission banning her from running any charity for five years because of financial mismanagement, highlights some other identity failures and refers to the woman fraudster “opening up a bank account with a false signature and impersonating me”. Frankly, as Ms. Campbell is undoubtedly one of the most recognisable women in the entire world, impersonating her would seem to be something of a challenge, so I imagine that these frauds took place on line (of course).
The Naomi Problem and the Lawyer Problem
This fascinating story illustrates rather well two different problems that we need to fix to make the online world deliver a more efficient economy. The first is that of fraudulent identity (is this Naomi Campbell?) and the second is that of fraudulent credentials (is this a lawyer?). We (that is, society as a whole) need both of these problems to be solved, and we need them to be solved soon. And please note, even if you do not care that much about supermodels being ripped off by bogus lawyers, that this is not only about money, it is also about lives. Here in the UK we have just had the example of a man accused of signing off fire safety certificates for flats in high-rise blocks using the credentials and signature of another engineer.
(These problems are only going to get worse, by the way. If you think it is difficult to know whether you are dealing with your employer, or a lawyer, or a child in the universe, imagine what it is going to be like in the Metaverse, where there are no offices in Mayfair to act as signposts.)
At the same time that I was reflecting on Ms. Campbell’s experiences, my good friend and co-author Victoria Richardson reminded me that Larry Fink, the billionaire CEO of Blackrock (which has some $10 TRILLION in assets under management) wrote in his 2025 letter to investors that
One day, I expect tokenized funds will become as familiar to investors as ETFs—provided we crack one critical problem: identity verification… If we're serious about building an efficient and accessible financial system, championing tokenization alone won't suffice. We must solve digital verification, too.
I interpret Mr. Fink’s plea as a demand to tackle both problems, fraudulent identification and fraudulent credentials, and I could not agree more with his prioritisation of the issue. In CNBC’s report on Mr. Fink’s comments, they say that “it’s hard to say precisely how a broad-based digital verification system would work”.
Well, I’m not so sure. In fact, there’s rather a good book about this, entitled “Identity is the New Money” if you are interested, that posits strong biometric authentication of keys stored in tamper-resistant memory as a practical way forward. But I’m glad to see Mr. Fink and are on the same page now, arguing that that there is no way forward in fintech (or, in fact, pretty much any other sector) without the development of digital identity infrastructure, but now that supermodels and billionaires are saying it, hopefully something will get done. The good news is that the technologies we need to address those challenges are well-known and well-understood.
But who will do it? Should we wait for government and mobile driving licences to solve the problem? Or perhaps wait for Big Tech to come up with something? Or should financial institutions co-operate to bring a sector-specific solution, some kind of financial services passport, that will serve to both reduce the costs of financial intermediation and stimulate new entrants and more competition?
with kind permission of Helen Holmes (CC-BY-ND 4.0)
At the Secure Technology Alliance summit in San Diego earlier this years, mobile driver’s licenses (mDLs) and verifiable credentials (VCs) took centre stage—and for good reason. With millions of mDLs already out there in the US (and soon in the UK too) we are perhaps close to tackling the identification problem. Simon Curry, VP of EMV at Visa, said at that summit that “mDLs offer the best option we have today in the arms race we’re in to combat the ever-evolving world of threat and fraud from bad actors and AI -- and it’s a significant leap forward”.
If you take California as an example, their DMV’s commitment to open standards is a cause for optimism. They held a hackathon last fall, where companies including Fime, Mitek, MATTR, Ping Identity, Incode and others showed some of the possibilities. Just to illustrate a few of these:
A team from Cisco won “Most Promising” for an application of mDLs as a root digital identity for passwordless authentication;
Developers from Block won “Best Privacy and Security Design” for an in-person age check application for merchants using Square;
And a team from U.S. Bank won “Most Scalable” for an in-person identity verification implementation for bank branches to carry out high-risk transactions.
Practical Digital Identity
The building blocks of next generation financial market infrastructure are here, but we need some kind of verification framework to make them work. Going back to the issue of the lawyer who was not a lawyer. While mDLs might help with identity, the DMV does not know whether you are a lawyer or not, but bar associations, including those in California, do. They have been exploring the idea of digital or verifiable credentials for legal professionals. Such credentials could streamline identity verification, improve security, and facilitate interstate practice by providing a standardised way to verify a lawyer's qualifications and standing. Once you have you driving licence in a digital wallet, it does not test the boundaries of human imagination to forsee the California bar association having a a service whereby lawyers can go online, identify themselves using their mDL and then obtain their licence to practice as a verifiable credential to be stored in the same wallet.
(After all, the American Bar Association already allows lawyers to download their membership cards into those digital wallets.)
Since the consumer’s digital wallet would be able to check the digital signature on the credential presented by the lawyer and know for sure that it was valid, issued by the relevant bar association to the person in possession of the mobile phone, we should be able to take out a fraud vector and in doing so reduce the overall cost of intermediation. Of course, as Jan Vereecken, the CPO over at meeco, points out in an interesting piece about trust in digital identity infrastructures, digital signatures are evidence of origin and not evidence of trust (in itself a complex topic).
It might be time consuming and inconvenient for Ms. Campbell to find out whether someone is a lawyer or not, but her iPhone should be able to do it in a couple of seconds. Whether she should trust the lawyer or not… well, that’s another story.