Good Welfare, Bad Platforms?

The risks of centralized digital identity systems

December 2021, Oslo. In the snow and cold, a long line of people queues in front of a COVID-19 testing center. It is actually two lines: The drop-in testing line, on the left, barely moves forward. The line of people who booked in advance, on the right, moves faster. But those of us queueing on the left have little hope, if any, of joining it. For two days, a system error makes it impossible to use BankID, Norway’s main digital identity system, to book essential health services like a COVID-19 test.

(Image: Giulio Coppi, December 8, 2021.)

Norway’s welfare state is renowned for its strength and breadth of services. With a strong assistential role of the state in (among other areas) education, health services, and social security for the income insecure, the country is often cited as the paradigm of a welfare state, its benefits illustrated in core dimensions of human development. However:

What happens when a centralized digital identity system is made a condition of access to essential services?

In the first place, what is a digital identity system? Digital identity systems are systems that convert human beings into digital data, making it possible to use such data for a wide range of authentication processes. In social security systems, digital identity matches people with their entitlements. For example, a person will be matched with variables, such as their poverty status and household size, to determine the food or cash entitlement they are due to receive.

A digital identity system: converts people into digital data and affords matching such data with people’s entitlements.

How are digital identity systems conceived in research? As S. Shakthi and I noted in a recent research paper, digital identity systems are widely seen as datafiers by virtue of their core property of reducing the person to machine-readable data. A datafier is a system that performs the crucial operation of converting the physical into digital. A different, contrasting view is also emerging in research: digital identity systems are increasingly seen as platforms, i.e. “technological building blocks” on which different types of complements can be constructed.

An innovation platform is organized around a core, which, in digital identity platforms, consists of a repository of users’ demographic and (increasingly) biometric data, stored in a digital format. On top of a core are boundary resources, such as Application Program Interfaces (APIs) and Software Development Kits (SDKs), made available to third-party actors, private and public entities requiring authentication services. This architecture makes it possible for virtually any actor to build authentication services on top of the core, a “virtually” that is restricted by national laws (such as, for example, the Supreme Court of India verdict in September 2018 that limited the use of the nation’s Aadhaar digital identity platform for commercial purposes). The core-complements architecture behind digital identity systems configures them as platforms that, by their very design, subordinate authorization of access to key services to successful authentication of the user.

(Image: Damien Smith, CC BY-SA 2.0.)

So what happens when, like in the Norwegian case of BankID, a digital identity platform becomes a gateway to essential services?

First, exclusion of entitled users from such services becomes a real risk. Studies conducted on India’s Aadhaar, which enrolls over one billion residents, have revealed the implication of Aadhaar in exclusion of users from key services such as food rations and employment guarantees. My research with Viktor Arvidsson on Aadhaar’s incorporation into the country’s Public Distribution System reveals a direct link between platform properties and exclusion: built to subordinate access to successful authentication, the platform does not afford disbursing rations to genuine users for whom authentication fails. While designed to combat wrongful inclusions, the platform results in reinforcement of exclusion errors.

Second, a question lies in the interoperability of digital identity platforms with other systems. As noted above, the ability of third parties to build complements on the core is virtually unlimited, constrained mainly by the national laws within which platforms are set to work. Technical changes may reverse such limits. The research project Processing Citizenship developed after a shift in population data management in July 2015, a shift that made the Eurodac system, which biometrically identifies asylum seekers, interoperable with national police authority databases across Europe. Such interoperability exposes, for example, undocumented migrants to the risk of deportation, converting an assistential tool into an instrument of policing. Interoperability of digital identity platforms may result in enhanced risks for the profiled, so much so that people may choose to refrain from seeking essential care due to the risks it involves.

What happens, then, when centralized digital identity systems become gateways to services? Together with the existing datafier view, the emerging platform view of digital identity systems reveals two risks:

● exclusion, where entitled people are cut out from essential services, and

● undue surveillance, stemming from interoperability and resulting in risks of violence and deportation.

Both risks cast doubt on the orthodoxy linking digital identity to better “development” outcomes, a problematization echoed by recent studies of centralized digital identity in countries including Kenya, India, and the Dominican Republic.

In launching the Towards a Mindful Digital Welfare State series, Ranjit Singh and Emnet Tafesse have noted how “the digital welfare state is only possible when there is a welfare state” to begin with. To this important point, I would add that even a well-functioning welfare state can be put into a predicament by overreliance on a digital identity platform for key services. Platforms may well be part of a welfare strategy, but, if not properly unpacked in terms of risks of exclusion and of the negative consequences of interoperability, they might just end up reinforcing the very situations of risk that they were allegedly designed to combat.

Silvia Masiero is an Associate Professor of Information Systems at the University of Oslo. She has authored over 20 peer-reviewed works in the domain of Information and Communication Technology for Development (ICT4D), and has a long-standing interest in digital identity systems featuring 12-year work on India’s Aadhaar platform. Her latest co-edited work, COVID-19 from the Margins: Pandemic Invisibilities, Policies and Resistance in the Datafied Society, brings together decolonial narratives of the ongoing global pandemic, also illuminating the perverse consequences of datafied social policies.

Good Welfare, Bad Platforms? is the second post in Towards a Mindful Digital Welfare State, a series investigating data-driven state services, commissioned by Postdoctoral Scholar Ranjit Singh and Research Analyst Emnet Tafesse with the AI on the Ground Initiative at Data & Society.

To date, the series also includes:

• Towards a Mindful Digital Welfare State by Ranjit Singh
• Between Belonging and Individuating: Data, Identification, Diaspora by Emnet Tafesse
• Critical Digital Education for All! by Soledad Magnone
• Code as Policy by Rajesh Veeraraghavan
• Identifying Beneficiaries in Ghana’s Donor-Oriented Welfare State by Alena Thiel
• Datafying Children by Grace Mutung’u