By Stéphanie de Labriolle, Secure Identity Alliance
TRUSTECH – CANNES – In an increasingly connected world, governments must design or re-design their governance models to enable the creation of trusted digital IDs that unlock a new generation of secure and convenient digital services for citizens. Let’s explore some of the key challenges that need to be overcome to create robust digital identity ecosystems.
Digital ID has the potential to provide public and private sector entities with new and efficient ways to reach and serve their populations, generating $50 billion in annual savings for taxpayers around the globe by 20201 while significantly improving government efficiency, accountability and transparency.
It is also proving transformative for over 1.1 billion people in developing countries who currently lack any form of officially recognised ID. Giving them access to health, social protection and education programmes, while enabling financial, economic and political inclusion.
In response to growing citizen demand for more convenient and modern eServices, governments around the world are fast tracking the shift to digital service provision. But with multiple identity providers jostling in the wings, the root identity – the one trusted digital identity upon which all are based – must start with government.
The role of national governments
The issue of trust is fundamental in the digital ecosystem and as custodians of the ‘root’ identity, governments need to build their digital identity ecosystems in a manner that ensures they can both retain control of national services and transactions and protect their citizens.
Whether embarking on a government-driven centralized system in which state-issued eID serves as the basis for all public and private sector transactions or initiating a federated model of multiple government-endorsed digital identity providers, the definition of what constitutes official legal identity should always remain the purview of the state and its citizens.
Robust legal and technical frameworks must also be in place to assure and safeguard data protection and privacy for citizens, ensuring that appropriate protections and user rights are in place and establishing clear institutional mandates and accountability:
protecting citizens – building in ‘privacy by design’ to give citizens/consumers privacy controls and options that including the ability to change usage rights
transparency – organisations must be fully accountable for a trusted flow of data, adhering to clearly defined codes on how they work with and use personal data
responsibility – organisations are responsible for safeguarding data relating to digital identity
communication – the benefits of any secure identification solution needs to be communicated clearly to users in order to assure sustainable data usage.
From vision to reality – the guiding principles of enabling trusted digital identity
Effective governance mechanisms for every aspect of the digital identity ecosystem need to be in place to address every aspect of the identity lifecycle: identification/verification and enrolment, authentication/validation, issuance and assurance.
Indeed, digital identity is both durable and efficient when it complies with the SIA ‘5 S’ model that’s characterised by the following properties: simple, service oriented, seamless, sustainable and secure:
Simple – to understand, adopt and use and reuse by most people
Service oriented – in a way that benefits users and allows the digital integration of trusted services
Seamless – enables process from end-to-end, including identification, authentication and digital signatures
Sustainable – can be customized to various public/private sector needs and oriented for long term use
Secure – designed with user privacy and protection in mind.
But if citizens are to benefit comprehensively from a trusted digital identity that can be used to securely access public and private services, then a fully interoperable ecosystem needs to evolve to support secure and transparent data exchange between all parties – citizens, public and private sectors. Enabling this will require a trust framework that encompasses ID technology, authentication, application and interoperability alongside accountability, privacy and transparency and ID supply. All of which will be essential to generating citizen trust and a positive perception of the benefit/risk ratio to assure take-up.
Digitizing ID – the progress to date
The concept of strong identity is not a new one and trusted digital ID, built on a strong civil registry, consisting of verified attributes such as verified ID credentials and biometrics, provides a certifiable link between an individual and their digital identity.
Thanks to innovative identification solutions and strong regulation, it is now possible to create robust and secure citizen IDs without infringing on civil liberties. One example is eID, which is enabling countries to develop national ID schemes that are reliable, convenient and open. Making it possible to prevent identity fraud and protect citizens personal data in a convenient way.
Today’s advanced ID solutions make it possible for citizens to carry an e-ID in their pocket or on a mobile phone, using their eID to access e-government services, make payments, travel, or certify legal documents.
The SIA has been active in supporting the evolution of trusted digital identity frameworks, working with governments to address the core issues of data security, citizen privacy, identity and authentication.
As part of a global partnership network initiated by the World Bank, we’ve helped define the 10 key principles for identification systems in a digital age2:
We’ve also defined an eSecurity Awareness model (eSAM) that enables governments to evaluate the security of their eDocument programs3 and created a Scheme for Evaluating Physical Security (eSEC) of eDocuments4.
Most recently, we’ve developed a landmark Open Source Application Program Interface (API) that addresses the ID ecosystem harmonization challenge, enabling interoperability among civil registry and civil identity registries and opening the door to initiating modern eID systems in the developing world5.
In Europe, recent legislative initiatives like the eIDAS Regulation and GDPR have set down guidelines for secure electronic Identification, Authentication and Trust Services and ePrivacy regulation in relation to the handling of personal data. Meanwhile, the reality of a national ID card that is valid for both the physical and digital domains has already become a reality for millions of people – especially in European countries.
But, as the UN’s E-Government Survey 2018 shows, we still have a long way to go when it comes to the enablement of e-government that supports transformation towards sustainable and resilient societies. While a number of high-profile eGovernment implementations across the world means that growing numbers of citizens are now able to create an online government account and populate their profile with preferences and consents, elsewhere many governments are struggling to unleash the full value of digital identity in a sustainable, citizen-centred way.
- eGovernment services would yield up to $50 bn annual savings for Governments globally by 2020 – Boston Consulting Group and Secure Identity Alliance – November 2013