Diagnostic: Trends shaping the future of Digital Identification
Diagnostic is a series of essays and hosted conversations exploring the challenges of building more inclusive Digital economies. For hosted (virtual) conversations, like the one described below, Caribou Digital convenes a diverse set of experts and thought leaders with unique insights on an issue, and gives them the opportunity to explore a topic together.
The use of digital technologies in identification systems (Digital ID) is increasingly central to the digital transformations reshaping politics, economies and societies, accelerated by the demands of COVID-19. Caribou Digital recognises digital ID as a critical pillar in building inclusive digital economies, so we asked experts and thought leaders from across four continents, diverse national contexts and from government, international development and humanitarian as well as academic and civil society contexts leading work on digital identification to share what key trends they see in their work.
Here are five takeaways from the discussion
- The state of the art in digital identification are trust frameworks that accommodate diverse technologies, systems and stakeholders:
The experts gathered broadly agreed that there was an increasing turn to trust frameworks in work on digital identification rather than an emphasis on specific systems — a trend that Caribou Digital’s National Identity Ecosystem Mapping tool aims to support. Building trust frameworks rather than systems is helpful because in determining principles and rules you can accommodate innovations in system and technology without being limited to what’s currently available.
Trust frameworks have dependencies that many contexts lack, yet even there, trust frameworks are recognised goals. As some guests noted, trust frameworks rely on the existence of authoritative sources of identification. In states with developed institutions of identity issuance such as reliable birth registration or with developed standards and compliance bodies, such as legal and governance institutions, trust frameworks have a foundation and architecture that can support the development of reliable standards for identity management. Where these institutions are weak or absent, trust frameworks have limited scope. Even in contexts where these institutions may not be as developed there is a trend towards developing trust frameworks, but that they had to work within the realities of their contexts, which often meant supporting the development of centrally located authoritative sources. For example, in the Philippines there are plans for a trust framework, but there are important first steps to be taken to develop foundational identity issuance, such as the national ID scheme PhilSys.
One key insight from an expert involved in developing an advanced trust framework noted that ‘you have to drive institutions to drive change’ — that the integrity of systems and trustworthiness of programs is driven by institutions, even more so than legal and policy frameworks.
2. Risks remain even within the most rigorous trust framework:
Another key insight was that risks remain even within the most rigorous trust framework — for example levels of confidence and clarity on responsibility for proofing. Tiered Know Your Customer (KYC) is one strategy for managing the risk of getting identification wrong — for example, the tiered KYC articulated by bodies and frameworks such as FATF and eIDAS reflects the fact that people may have different ways of proving who they are, so for example people may have greater confidence in someone with a birth certificate or driving license than someone with only letter of employment, and parties have to assess the risk of relying on those identity documents when deciding whether or not to trust (believe) that someone is who they say they are. The level of confidence in the credential is mostly determined by the authority responsible for and processes involved in issuing the credential — state issued documents such as birth certificates or driving licences are generally trusted more than credentials issued by private sector actors such as Facebook or Google.
There has been a great deal of discussion about the different roles of public and private sector actors in identity proofing, for example, whether Facebook might be a form of ID that could be used to access formal services. One important point which emerged from the expert discussion was that whether this happens is not inevitable. Indeed there was a general agreement that policy decisions are key to determining the form and nature of approaches to identity management.
3. Achieving inclusion requires addressing both technical and political dimensions:
The issue of inclusion and exclusion is a perennial issue facing digital identification, particularly for state services intended to achieve whole populations. Our guests emphasised the challenges involved in relying on state issued foundational credentials such as birth certificates in contexts where the issuing institutions may be weak or for populations whose access to them may be limited, such as the displaced and refugees who may have left them behind.
At a technical level, interoperability is one of the most talked about issues in digital identification, with the potential of linking separate datasets, systems and services offering opportunities for efficiency, accuracy and the inclusion of greater numbers of people in service populations. Siloed systems also limit marginalised populations such as refugees from being able to access mainstream national services — though as we have found, achieving interoperability can best be accomplished through the kind of standards that can be embodied in a trust framework. Experts working on COVID-19 also emphasised how linking different information systems increased social protection beneficiaries — though this comes with challenges — particularly increased risks to privacy and data protection.
The politics of inclusion are also key, as system design — intentionally or otherwise — that fails to identify and address vulnerable and marginalised populations can lead to exclusion. As one guest said ‘if the government doesn’t want inclusivity out of a system, you won’t get inclusion’. A particular theme of this discussion was the importance of recognising that system architecture can be a key driver of both inclusion and exclusion, and that politics are translated through system design and operation. We recognise this, and our national identity ecosystem mapping tool is intended to map the ecosystem and support a political economy analysis to identify potential risks and vulnerabilities.
4. Trust frameworks are complicated so getting governance right requires an ecosystems approach:
Governance is a critical issue for identification systems, and particularly so for trust frameworks, given they consist of process rules and standards and must accommodate diverse actors, sectors and systems. Some emphasised the importance of independent authorities to lead on digital identification, to fulfill leadership, regulatory and accountability functions.
Governance of trust frameworks requires an ecosystem approach, one that goes beyond the focus on a single system — as one expert noted ‘you have to take a jurisdictional approach and instead of focusing on ‘systems’ focus on the jurisdiction as a whole.’ Translating the framework so that it can be understood by all stakeholders within the jurisdiction was also described as important — for example ensuring clarity over roles and responsibilities within the framework, ‘in such a way that the mutual and competing interests are served’. It’s critical to get clarity over governance right early on — as one expert noted, ‘far too often this *fight* is pushed down the track, only for it to rear its head later’. In one context, adopting the right language has been helpful — ‘shifting the policy language to ‘issuers’, ‘holders’ and ‘verifiers’ irrespective of the program or document. We’ve also found it important to be clear about terms — for example differentiating identity, identification and digital ID.
5. Building the future of digital identification means reckoning with an analogue past:
The discussion covered a range of challenges facing the deployment of digital identification, but one that kept coming up was the challenge of transitioning from old to new systems.
Dealing with legacy systems was recognised as a critical issue — as in most cases new systems are deployed over old systems. guests flagged critical questions such as asking ‘what existing data sets do Governments hold that can support identity proofing?’ This can identify existing credentials that can serve as proxies for identification — such as driving licenses or passports. Again, comprehensive ecosystem mapping can help identify existing systems, credentials and opportunities — as this map of Kenya’s identity ecosystem shows.
This is particularly the case with identification and civil registration and vital statistics (CRVS) systems, where a number of guests emphasised the importance of moving beyond standalone ID systems and engaging with the challenge of strengthening civil systems. Recognising the challenge of reforming CRVS systems, and the data protection issues involved in vital statistics management, one suggestion was to delink civil registration from vital statistics, as well as to ensure that reforms put individuals at the centre.
The introduction of new systems and frameworks also highlights the challenge of reforms and the pace of change. One participant noted how changing approaches to finance meant that people still used cheques so people had to find ways to accommodate them into the digital age, for example enabling cheque scanning options on mobile banking applications so the two worlds are co-existing but it’s incredibly expensive to maintain. A key task in planning transitions to digital identity is to clarify time horizons — with one participant asking ‘what can we do now and where do we want to be in 15–20 years time?’
This brief is an edited account of the full discussion reflecting our takeaways from this rich conversation and does not reflect the views or consensus of participants.
- Subhashish Bhadra, Principal, Omidyar Network, India
- Tim Bouma, Senior Policy Analyst Identity Management, Canada Treasury Board Secretariat
- Kelvin Hui, Digital Health & Social Protection Advisor | Project Manager at GIZ
- Jonathan Marskell, Senior Program Officer, Identification for Development Initiative (ID4D), World Bank Group
- Niall McCann, Policy Advisor and Project Manager, Legal Identity at United Nations
- Nick Oakeshott, Senior Identity Management Officer, UNHCR
- Golala Ruhani, Digital Development Policy Specialist, Swedish SIDA
- Hannah Rutter, Deputy Director, Digital Identity at UK Department for Digital, Culture, Media and Sport
- Isaac Rutenberg, Senior Lecturer and Director, Centre for IP and IT Law (CIPIT), Strathmore University, Kenya
- Emrys Schoemaker, Research Director, Caribou Digital
- Fabro Steibel, Executive Director, ITS Rio, Professor of Innovation
- Michiel van der Veen, Director of Innovation & Development, Netherlands National Service for Identity Data
- Edgar Whitley, Associate Professor (Reader) at London School of Economics
- Kaliya Young, Independent Advisor, Self-Sovereign / Decentralized Identity
- Some participants chose to remain anonymous