ID2020 Summit: Towards “Good” Digital Identity.
September 14, 2018: A chronicle
We were at the ID2020 Summit on September 14 in New York City. ID2020 is a public-private alliance committed to bringing ethical, technology based identity solutions to the 1.1 billion plus people who do not possess a government-issued identity.
Whilst one follows the same life one has led for many generations, like one’s ancestors, the lack of a legally recognized identity these days can be an inconvenience that does not allow one to be part of the financial system or a state. However, fleeing an established community due to war, famine, human trafficking or natural disasters without any identity documents expose many to a wandering, unprotected, marginal existence; a much more serious outcome. The very guardians of the public, the security and legal apparatus, become persecutors of the identity-less. This is a more terrible fate than can be imagined by most people reading this, or for that matter, this writer.
The ID2020 Alliance wants to make a better life for these individuals by creating a digital framework for identity for all. The creation of this Identity framework can help with multiple development goals, including financial independence, Ideally this would be a self-managed or self-directed identity, made useful by the addition of verifiable claims from government agencies and private entities. Furthermore, they have to be properly protected from identity thieves and other bad actors. The ID2020 Alliance asserts that identity is a basic human right, and that identity is not just conferred by institutions or governments. This slots in beautifully with the concept of self-managed identity. Identity as an intrinsic right, as opposed to an extrinsic right.
We listened to most of the talks, panels and attended the workshop on extending digital identity to vulnerable populations. The focus of this year was good digital identity and the relationship between government issued and user-centric identity solutions.
After the welcome address by Dakota Gruener, Executive Director of ID2020 the talks and panels were ably shepherded by John Edge, chairman of ID2020.
- A plan to create a pathway to Identity to reach sustainable development goals of the UN. Identity is a prerequisite for most of these goals.
- Ethical ways for user centric Identity to co-exist with sovereign Identity goals. How do we cross national, corporate and other borders?
- Practical pilot projects funded by ID2020 were demonstrated. This puts a practical bent on a policy discussion.
- The urgency of implementation versus the perfection of the system. Usually addressed by what is possible to implement, especially during these days of more vulnerable people on the move or dumped in refugee camps for decades.
- Success for ID2020 may help allay the migration crisis and concomitant political malaise that many developed nations are facing.
The first significant talk was from the field. It was a keynote by a refugee and poet, Fidel Nshombo who told his harrowing life story on the run without a verifiable ID. Ulysses’ journeys pale in comparison. From the Congo to Burundi to Zimbabwe through Burundi, Tanzania and Zambia to Botswana then to South Africa back to Zimbabwe and finally to Boise ID in 8 years, all except the last leg with no established ID. A baptismal record was lost in the first two legs of the journey.
The wanderings included crossing and recrossing the crocodile infested Limpopo river on foot, with water up to his chest. Fidel was twelve years old when he started his journey. This should be contrasted with his life before this experience, an idyllic childhood. He is now comfortably settled in Boise ID. No doubt there are many such stories that do not have such a happy ending nor such a happy beginning. We need to fix a problem: the lack of recognized identity that results in the degradation and brutalization of young children and other vulnerable individuals. This is why we need ID2020.
New York ID card (IDNYC)
An effort to create an inclusive registration to serve everyone who lives in New York City. No other proof than the fact that you live in the city is required. This is to provide support to all residents so that they can partake of the services of New York City Government including hospitals, social services, the New York Police Department(NYPD), and commercial banking partners. To round out the appeal, free admission is provided to institutions like museums, zoos and botanic gardens.
Focus was on the methods used to increase participation including using mobile registration in neighborhoods where some of the vulnerable and underserved populations live or work.
Ethics of Good Digital Identity
Panelists were a mix from sovereign countries, UN agencies etc. We condense the ideas presented during the panel.
- Sovereign ID systems like the one from Denmark tracks citizens from cradle to grave and helps them engage with their government. The national ID system helps with healthcare, social welfare and with civil registries. However, even though citizens may trust their government, this trust can be lost if the information is lost or stolen or the original purpose subverted. Hence the data has to be secured and protection against misuse strong.
- This brings us to an organisation like the Omdiyar network who are a philanthropic investment firm. Their view is to help governments and civil institutions build ecosystems that incorporate privacy by design, security, openness and ethical technology addressing some of the problems mentioned above.
- For the UNHCR (United Nations High Commission on Refugees) the solution that fits all use cases (like the national ID system) is neither relevant nor desirable. For example, they would focus on a vaccination scheme rather than a civil registry for births and deaths.
- Suppress the scope of data collection as well as keep it directly out of the reach of the administrators of the data, especially if it can be hijacked by subsequent administrations that may have different aims- examples of misuse: data collected by Denmark during the Nazi era to identify jews for targeted extermination; demand by the current US Federal administration for the data collected by IDNY for identifying people to target for deportation.
Ethical Digital Identity as Our Shared Responsibility
Em Fackler the CIO of the International Rescue committee spoke on this topic.
- Money need to be spent on forensic analysis of hacks
- A vulnerable population sometimes needs more protection that the rest since the potential for harm is much more. This includes exposure to human traffickers and coyotes in case the identity PII is exposed.
Standards on Digital Identity
The main debate:
An agile and gradualist approach to standards, especially as many of the emergent effects can be studied and standards established.
An approach to establish standards before building solutions so that we can make the standards bulletproof based on our experience in other arenas; as well as the fact that getting things wrong even once would be destructive.
My vote would be with the gradualist approach, since emergent effects are unknown, always good to start off with some basic principles to limit damage from wrong choices and build towards a consensus on standards based on domain experience that comes with smaller footprint, delivered solutions.
How Can National ID Systems Complement a User-Centric Approach to Identity?
- The right to remain anonymous without probable cause and perhaps even a warrant.
- The use of the term Self-Sovereign Identity is anathema to many governments. Since many UN agencies have to operate with the approval of governments, the language has to be changed to User-centric Identity, User-Managed Identity or some other equivalent phrase.
- The word “claims” vs. the word “attributes” for user data. How this fits in with user managed identity. Kim Cameron was firmly for claims.
- Identity as human rights versus Identity as property rights. We already touched upon this in the section dealing with intrinsic and extrinsic rights.
Workshop 2: Extending Digital Identity to Vulnerable Populations
We chose to attend this, since it seemed aligned with the practical aim of helping the most vulnerable populations through actual solutions.
Houman Haddad, the Finance Officer at the World Food Program(WFP) was behind the effort in building out a solution based on a private Ethereum network in the Jordanian Zaatari Refugee camp for 100,000 refugees. The aim is to expand this to 500,000 refugees. This solution is called Building Blocks. The central technical underpinning is a biometric solution called EyePay for authentication.
Through Building Blocks, the World Food Program delivers their payments directly to the merchants, cutting out losses up-to 30% caused by “leakage”- the iris scan identifies the recipients uniquely. Houman’s dream is for this solution to be the beachhead for a more comprehensive wallet. This could incorporate more claims, all controlled by the user’s iris biometrics and the use of a Digital Locker for storing valuable documents. The main challenges for getting wider adoption are social and organisational, due to institutional and jurisdictional silos. Agencies are also limited by legal restrictions on sharing data across UN Agencies and sovereign boundaries.
Of course, decentralization scolds have been attacking this solution, saying that a database could have accomplished the same. However, there are real lessons to be learnt here. In a chaotic environment, a pre-built and temporarily centralized solution, even though administered by WFP has the chance to grow; getting more participants and nodes from other agencies, NGOs etc. and has the possibility to spread across sovereign borders. They should be supporting Building Blocks, not bashing it. This is a victory of the doers over the perfectionists.
Kiva which has a micro-loan portfolio of $1.2 billion was represented by Matthew Davie. Given a 97% repayment rate and loans in 81 countries, he was looking for ways to expand Kiva’s portfolio as well as ensure more transparency into their customer’s financial behavior. Whilst this cannot be as ambitious as a traditional credit scoring system, the measure could be as basic as participation; i.e. if a person participates in the WFP, then they could be a lesser credit risk than someone who does not and does not have any other financial data attached to them. Of course, this becomes problematic as WFP cannot legally share the Building Blocks data. Hope is that if the system expands in scope towards a system that enforces privacy as well and encourages this collaboration, especially if it is user-managed. Last month, we heard about the adoption of the Kiva Protocol and the funding of an implementation by the govt. of Sierra Leone in conjunction with some UN agencies to create a credit bureau of the future.
Later, during the reception; we spoke to the people from Irisguard who are very proud of their EyePay solution.There are several layers of encryption and they build the edge devices and control the entire stack for biometric authentication. Naturally, any solution that involves biometrics needs controls, especially for iris data which is the only constant, guaranteed to be held by most people who are alive. My advice to Irisguard, more open technical data and details will help spur adoption and acceptance.
We hope that ID2020 gathers momentum and the people who pay lip service to Corporate Social responsibility(CSR) invest money and infrastructure into this project. For example we do not see any of the traditional big banks in the list of supporters for ID2020. This write-up is an attempt to spread awareness and help drive contributions to ID2020 so that they can transform the digital Identity landscape and hence well-being for the dispossessed.