My work in the news (Discord+Persona)

"Song still considers the partnership between Persona and Discord to be a success. 'I think the performance of the product did incredibly well,' the CEO told Fortune. 'The reason why we were able to say that all data was redacted immediately is because the data was redacted; it had already been redacted upon processing. It's not like it was due to the termination of the contract that we delete the data. It's deleted immediately after a verification of the individual.'"

Yahoo News

Discord recently rolled out age-verification powered by my former employer Persona Identities. Gamers and huge swaths of the internet raised their pitchforks. I generally believe that identity verification is necessary for a lot of modern internet life and this need is likely to increase. I don't agree that ID verification is necessary everywhere on the internet. Whether gaming chat and messaging requires ID verification is a question for a different time. This post is not about that. This post is about the redaction functionality mentioned by Persona CEO Rick Song in the article. This is my work.

Persona is a B2B identity verification service. They collect and evaluate PII (Personally Identifiable Information) on behalf of corporate clients. E.g. if you run a gig economy business and need to vet your Giggers, Persona can check their IDs, maybe run background checks so Gig Inc can decide if they want to onboard this person. For all sorts of reasons (legal, security, etc) you don't want to keep PII hanging around indefinitely. This means collected data gets redacted.

When I joined Persona, redaction was a blunt instrument. E.g. "Redact all collected data after 6 months". This is much better than keeping PII around forever. Columbia University kept applicant data around forever and it was compromised in a breach that also exposed my data. A bulk redaction after X time is better than no redaction, but there was room for improvement. From the business side, companies have different rules and data governance policies. Company A may need to retain some PII for legal reasons for longer than X. Company B may not want to retain any PII at all - just that the customer has shown a valid ID. From a security perspective, it's bad practice to keep PII longer than necessary.

One of my major projects at Persona was to implement fine-grained redaction infrastructure. Customers do not have to rely on a one-size-fits-all redaction approach. They can programmatically control when and what gets redacted in accordance with their data governance rules.

For instance, Gig Inc. needs to run a background check on an applicant. This background check might require handling several pieces of PII (Name, DL, Address, Phone Number, etc). Beyond the initial check, Gig Inc. doesn't want or need to keep some of this information. For legal reasons they might be obligated to keep some for a certain amount of time. With the fine-grained redaction infrastructure I created, Gig Inc. is able to use our dashboard to line up redaction with their data governance rules. E.g. they can configure a policy that:

  • Redacts Item A immediately after the background check runs
  • Redacts Item B after 7 days
  • Keeps First and Last Name for the duration of the contract
  • Redacts First and Last Name the day after the contract expires
  • Bulk redacts everything else 90 days after verification and background checks

So when Rick says "the data was redacted on verification of the individual" - I did that.

← Back to posts