Government as a Platform, the hard problems: part 5 — identity and trust
Government as a Platform is the approach of reorganizing the work of government around a network of shared APIs and components, open-standards and canonical data registers. The hope is that this will allow public servants, businesses, and others to deliver radically better services to the public, and to do so safely, efficiently, democratically, and in a more accountable way. This article is part of a series looking at some of the difficult design, policy and technology questions posed by the Government as a Platform concept.
Who should operate digital identity systems and how many should there be?
Digital identity is often thought of in terms of a singular system — a single digital identity system to join everything together. However, there are several risks with this approach. It potentially creates a single point of failure, and it risks joining together data sets that are best kept separate. The cost (both to privacy and financially) of a single system being compromised is higher.¹
It may also not reflect the reality that many countries have multiple de facto systems of ID — a country may operate different systems at a municipal and national level, or in different sectors. For example, Sweden operates multiple identity systems, including IDs issued by banks accepted for certain government services.² European countries are beginning to accept each other’s digital IDs as part of the eIDAS program.³
Finally, people may have legitimate reasons for wanting to keep different aspects of their lives separate through different identities (for example, keeping health information separate).
This, in turn, raises the question of who should operate such a system. Although the temptation may be to default to an internal affairs ministry, as Subhashish Bhadra from the Omidyar Network’s Good ID project notes:
”where it resides can ultimately affect people’s trust and acceptance in the ID system. One that is managed by an independent commission will reduce both the likelihood and perception of institutional bias.” ⁴
A recent report by the Tony Blair Institute for Global Change calls for taking it out of the hands of individual ministries altogether through the creation of a decentralized identity system.⁵
The choices that countries make about identity will require leadership to enact and will have effects for decades to come.
Privacy and trust
Registers, linked together by a common digital identity, could give the teams that operate services new and unique insights that help to improve services and better meet the needs of the public. Those same platforms could also give a total view of an individual’s interactions with the state – collecting more data to personalize or means test a service comes at a cost to a users time and privacy.
The risk of creating a digital panopticon should not be underestimated. Researcher Zarah Rahman’s responsible data thought experiment “what would happen if this data got into the hands of a malicious actor? Who would be keen to get their hands on it? What are the worst things that they could do with this data?” is particularly relevant when it comes to thinking about government as a platform.⁶
The near-real-time nature of modern digital platforms can transform the experience people have of government services, but can also create new harms. Real-time services have the potential to take on the characteristics of a surveillance system, especially where there are already existing power imbalances. This is true of private sector platforms too, but the sensitive nature of the data held by government, and the importance of the services it is the gatekeeper to, increases the risks.
Take two examples. A 2019 story in The Insider detailed the reality of women in Saudi Arabia living with the ‘Absher’ app, the digital manifestation of the country’s ‘guardian laws’ which messages male guardians when women try and leave the country.⁷ Secondly, under the UK’s Universal Credit system, which must be claimed as a ‘couple’ if two people are deemed to be in a cohabiting by the government data that is submitted by one party, or an employer, is visible to the other, possibly before any conversation has taken place between them.⁸
Digital rights as a precondition for Government as a Platform
For the public to trust the capabilities of Government as a Platform, it will need to operate within a framework where the rights of the public (both as individuals and as communities) can be upheld. As such, it’s hard to argue for the Government as a Platform without first making a case for an effective digital rights framework such as that provided for by the EU General Data Protection Regulation (GDPR). Among other safeguards, GDPR gives citizens:
- The right to be informed about how data about them is used
- The right to access data held about them
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling⁹
Estonia’s CIO, Siim Sikkut, is on record saying that the country’s X-Road system would not be possible without strong privacy laws and the trust of citizens.¹⁰ In India, the lack of a dedicated privacy and data protection law, and the subsequent proposal for one, have been a running part of the debate over the country’s Aadhaar identity platform.¹¹ ¹²
While governments around the world are beginning to adopt similar frameworks to GDPR, it is critical that these fully protect the rights of the public in their interactions with both the private sector and government.¹³ ¹⁴ Governments currently without a digital rights framework will surely need to adopt one.
Design, transparency and permissions
To effectively hold government to account, the public (or their representatives) will need to be able to see the data that is held about them, understand when data is being shared and joined, and have clear routes to correct mistake and misuse.
However, It’s not clear how to do this without overwhelming them. Design approaches to this are immature in both the public and private sectors. As such, there are few examples to copy. In Estonia, citizens can view a digital record of who has accessed data about them. In India too, it is possible to see a record of how an Aadhaar identity has been used.¹⁵ Prototypes of design approaches in the UK explored approaches to both the design of permissions and putting information about accountability (for example, the elected representative with responsibility for a service) at point of use.¹⁶ ¹⁷
More research is needed on design patterns that help people understand both how government services work and how data about people is used.¹⁸
Digital-age civil society organizations
Expecting individuals to uphold their rights or hold government to account risks disenfranchising those without the time or resources to do so. People also will need the support of civil society organizations.
The roll-out of Aadhaar in India has shown the importance of active civil society in building a national debate about the trade-offs of platforms. The Rethink Aadhaar organization has campaigned against the expansion of the system and catalogued incidents where people have been denied access to services because of the roll-out.¹⁹
In addition to effective digital advocacy, organizations that offer support and advice to the public may need a new set of skills and tools to help people navigate the services built on top of platforms. How will an advisor helping someone with a benefits claim access data about someone from government?
Public oversight also needs to be bolstered. Much in the same way as there is public oversight of the built environment through planning and zoning regulations, there needs to be public oversight of the digital environment. US cities beginning to take a role in regulating the use of technology provide some hints of what that could look like. For example, Cambridge Massachusetts now requires that technologies that could be used for surveillance be explicitly authorized by city councillors.²⁰ In the UK, when exploring mechanisms to exchange sensitive health data, the Connected Health Cities project in Manchester convened a “citizen’s jury”, which heard evidence from experts before publicly committing to an approach.²¹
Ensuring that regulators whose job it is to hold government and the private sector to account have the right personnel should also part of the mix.²²
In short, parallel to the digital transformation of government, there needs to be a transformation of existing civil society organizations. (The transformation of Citizens Advice in the UK provides a useful template for this sort of transformation).²³ Where capability is absent altogether, these will need to be built as “digital first” organizations.
Making government understandable and trusted
By abstracting away how government works behind complex data exchanges, and seamless services, could the workings of government become (even) harder to understand and recourse harder to access? In doing so, could it also become harder to trust?
As Donald Moynihan, Pamela Herd and Hope Harvey note in their paper on “administrative burden”:
”Individuals care as much or more about the process of their interactions with the state as they do about the outcome. This implies that procedures perceived as consistent, fair, and equitable are fundamentally important to citizens²⁴
It’s not enough for services to “just work”, there also needs to be an understanding of people’s overall sense of fairness and understanding. An asymmetric information economy between government and citizen, or services that abstract away the role and functioning of government entirely, could undermine trust.
A user not having to understand government does not mean obfuscating the workings of the system. Services should be designed to actively educate people about how their democracy works and where power and accountability lie. If not, the workings of ever more complex systems could become known to an ever smaller number of technologists, and the public could lose their voice. Democracy must to become the core design principle of Government as a Platform.
- e.g. South Korea had to reissue government IDs at huge cost after a data breach. Iain Thompson, “South Korea faces $1bn bill after hackers raid national ID database”, The Register 14th October 2014, https://www.theregister.co.uk/2014/10/14/southkoreanationalidentitysystemhacked/
- BankID, https://www.bankid.com/en/. Retrieved 8th February 2019
- “Trust Services and Electronic identification (eID)”, https://ec.europa.eu/digital-single-market/en/trust-services-and-eid. Retrieved 26th June 2019.
- Subhashish Bhadra, “Five Surprisingly Consequential Decisions Governments Make About Digital Identity”, Omidyar Network Blog, 18th June 2019, https://www.omidyar.com/blog/five-surprisingly-consequential-decisions-governments-make-about-digital-identity
- Andrew Bennett and Chris Yiu, “Transforming Government for the 21st Century”, Tony Blair Institute for Global Change, 26th June 2019, https://institute.global/insight/renewing-centre/transforming-government-21st-century
- Bill Bostock, “Saudi Arabia runs a huge, sinister online database of women that men use to track them and stop them from running away”, The Insider, 1st February 2019, https://www.thisisinsider.com/absher-saudi-website-men-control-women-stop-escape-2019-1
- Information Commissioners Office, “Individual rights” https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
- Siim Sikkut, “Siim Sikkut — 21st Century State: Building e-Estonia”, YouTube, https://m.youtube.com/watch?v=RWSvjSuVtG8
- Pranav Rai, “The Indian Supreme Court’s Aadhaar judgment — A privacy analysis”, IAPP, 9th October 2018, https://iapp.org/news/a/the-indian-supreme-courts-aadhaar-judgement-a-privacy-perspective/
- Rethink Aadhaar, “On Privacy”, https://rethinkaadhaar.in/faqs/privacy
- Hogan Lovells, “Brazil Creates a Data Protection Authority”, 9th January 2019, http://ehoganlovells.com/rv/ff004587068ce643176a05cf0b4d903f932be955
- Michihiro Nishi, “Data Protection in Japan to Align With GDPR”, Skadden, Arps, Slate, Meagher & Flom LLP, 24th September 2018, https://www.skadden.com/insights/publications/2018/09/quarterly-insights/data-protection-in-japan-to-align-with-gdpr
- Aadhaar UIDAI, “Check your Aadhaar Authentication History online”, YouTube, 19th December 2017, https://www.youtube.com/watch?v=0PAbudU2X1A
- Tom Loosemore, “Making government as a platform real”, 25th September 2018, Public Digital Blog, https://public.digital/2018/09/25/making-government-as-a-platform-real/
- Richard Pope, “Democracy at the point of use?”, 23rd January 2015,https://blog.memespring.co.uk/2015/01/23/democracy-at-the-point-of-use/
- See this for examples of design patterns that explain the use of data: “Data Permissions Catalogue — IF: An evolving collection of design patterns for sharing data”, https://catalogue.projectsbyif.com
- “Rethink Aadhaar”, https://rethinkaadhaar.in
- ACLU Massachusetts , “Cambridge City Council passes surveillance oversight ordinance in unanimous vote”, 11th December 2018, https://www.aclum.org/en/publications/cambridge-city-council-passes-surveillance-oversight-ordinance-unanimous-vote
- Connected Health Cities, “Citizens’ Jury 2017”, https://www.connectedhealthcities.org/chc-hub/public-engagement/citizens-juries-chc/citizens-juries/
- See the work of Doteveryone for more on building capability in regulators: Doteveryone, “Regulating for Responsible Technology: Capacity, Evidence and Redress”, October 2018, https://doteveryone.org.uk/project/regulating-for-responsible-technology/
- Citizens Advice, “Future of advice: our strategic framework 2019–22”, https://www.citizensadvice.org.uk/about-us/future-of-advice-our-strategic-framework-2019-22/
- Moynihan, D., Herd, P., & Harvey, H., “Administrative burden: Learning, psychological, and compliance costs in citizen-state interactions”, Journal of Public Administration Research and Theory, 25(1), 27th February 2014