Three Governments enabling digital identity interoperability
Since 2016, a growing number of digital identity experts have worked together to create privacy preserving, digitally native, trusted credentials, which enable the secure sharing of data from decentralized locations. U.S., Canadian, and European Governments see how this technology can provide superior data protection for its citizens, while enabling global data sharing — that’s why they have invested more than $16 million USD into this space over the past several years.
On September 15, 2021, I moderated a panel with representatives from the United States Government, the Canadian Government, and the European Commission. Below is an edited excerpt from the panel that included:
- Anil John, Technical Director of the Silicon Valley Innovation Program which has invested $8 million on R&D, proof of concepts, product development, refinement, and a digital wallet UI competition.
- Tim Bouma, Senior Policy Analyst for identity management at the Treasury Board secretariat at of the Government of Canada. The User-centric Verifiable Digital Credentials Challenge has awarded $4 million CAD in two phases.
- Olivier Bringer, Head of the Next-Generation Internet at the European commission and under his program, he has awarded about € 6 million euros through three open calls for EID and SSI solutions.
- Heather Vescent, Co-Chair of the Credentials Community Group which incubates many of the open standards in this space & an author of The Comprehensive Guide to Self Sovereign Identity.
Policy and Technology
Heather Vescent: Policy tends to be squishy while technology and especially technology standards must be precise. What challenges do you face implementing policy decisions into technology?
Anil John: Our two primary work streams come out of the oldest parts of the U.S. government: U.S. Citizenship and Immigration Service, and U.S. Customs and Border Protection.
Immigration credentials must be available to anyone regardless of their technical savvy or infrastructure availability. The USCIS team is focused on leaving nobody behind, and do not have the luxury of pivoting to a digital only model. Technology has to provide credentials in electronic format, as well as on paper — each with a high degree of verification validation.
U.S. Customs has to deal with every single entity that is shipping goods into the U.S. We don’t have any choice but to be globally interoperable, because while we may be the largest customs organization on the planet, we do not want to mandate a single platform or technology stack. Interoperability is critical so that everybody has a choice in the technology that they are using.
It is easy to get pushback about why we are doing this long public process, rather than put money into a vendor and buy their technology. One of the reasons we made the decision to work in public, under the remit of a global standards organization, was to ensure that we were not repeating past mistakes where we were locked into particular vendors or platforms. In the past, we were locked into proprietary APIs, with high switching costs, left with the care and feeding of legacy systems that were very uniquely government centric. There are benefits to develop technology in the public from a solution choice and a public interest perspective.
Tim Bouma: The challenge is that you have to deal with short term exigencies, and combine that with a long-term vision to come up with requirements that are fairly timeless. Because once you develop the requirements, they have to last for a decade or more. This forces you to think of what the timeless requirements might be. In order to do that, you have to understand the technology very deeply. You have to understand the abstraction, so you can come up with language that can serve the test of time.
Olivier Bringer: I agree that it can be a challenge to implement policy choices into technology; but it can also be an opportunity. Innovators have not waited for the European General Data Protection Regulation before developing privacy preserving technologies. This is an opportunity for companies, an opportunity for administration, an opportunity for innovators to develop new technologies and new business models.
“Policy is an opportunity to implement fundamental rights into technology.” — Olivier Bringer
In NGI we try to take the policy development, the regulations that we have, as an opportunity to implement our fundamental rights, an opportunity to implement the law into technology. Our program supports innovators, the adoption of their technologies, their solutions, and their integration into standards. We do that firstly in Europe, but our ambition is to link to the global environment and work in cooperation with others.
A Benefit to Citizens
Vescent: What would you tell your citizens is the most important reason to invest in this infrastructure and businesses that use it?
Bringer: First that we are funding technologies, which are, this is our motto, human centric. So returning to your first question, going beyond pure policy development, we think it’s really important to develop the technology. So next to the regulation that we put in place in the field of electronic identity, in the field of AI, in the field of data protection, it’s important to fund the technologies that will implement these policies and regulation. This is really what we try to do when we build an internet that’s more trustworthy, that gives more control to the users in terms of the data they disclose, in terms of control of their identity online, in terms of including everyone in this increasingly important digital environment. It is technology geared towards the citizen.
John: I’m going to answer for myself, rather than speak for my organization. Having said that, I think what I would tell [citizens] would be that we want to make your life more secure, and more privacy-respecting, without leaving anybody behind. These are the first technologies that have come along that give us a hope in ensuring that we’re not trapped by nefarious or corporate or money interests. That there is a choice in the marketplace in what is available to our citizens in how they access it. And we absolutely are not ignoring the people who may not have a level of comfort with digital technologies and leaving them behind, but ensuring that there is a clear bridge with this technology to what their level of comfort is.
Bouma: We are moving to a notion of a digital economy, and it’s more than some slogan. We are building a digital infrastructure that is becoming a critical infrastructure. It is important that we understand that we develop the capabilities that ensure that the citizens actually feel safe. This is as fundamental as having safe drinking water and a regulated electricity supply. So now we need to start thinking about the digital capabilities, verifiable credentials included, as part of the national and international infrastructure.
We’re doing proof of concepts and pilots on national digital infrastructure, to understand what it means, to use a Canadian metaphor, create a “set of rails” that goes across the country. What would that look like? What are the capabilities? At the end of the day, we need to build services that can be trusted by Canadians and everyone. And there’s a lot of engineering and a lot of policy work that has to go into that.
Most Surprising Lesson
Vescent: What’s the most surprising thing you’ve learned since the inception of your investment programs.?
Bouma: I had a major shift in perspective. There are other technical ecosystems we have to take into account, like the mobile driver’s license, the digital travel credentials, and others. So, we have to figure out how to incorporate all those requirements. The mantra I’ve been using is, we’ve got these different technical ecosystems but we have to focus on the human being — the point of integration is at the digital wallet. So that’s reframed my policy thinking — there’s a multiplicity of technical ecosystems that we have to account from a policy point of view.
Bringer: I’m impressed by the quality of the innovators. We have people who are very good in technology who understand the political challenges, the policy context in which they intervene and who are able to make excellent contribution to our own policy, and who are really dedicated to our human centric vision.
John: I’ll give you one positive one, one negative. On the positive side, I am happy there is a community of people that understands there is value in working together to ensure the shared infrastructure that we are all using has a common foundation of security, privacy, and interoperability — that it is not a zero-sum game. They can compete on top of a common foundation.
On the negative side, I’m fascinated by the shenanigans being pulled by people who use the theater of interoperability in order to pedal proprietary solutions. Fortunately, I think a lot of the public sector entities are getting more educated so that they can see through the interoperability theater.
Curious for more? Watch the full panel. Or click through for a playlist with technology demos showing interoperability.
Learn more by the author
Heather Vescent is a co-chair of the W3C Credential Community Group, and an author of the Comprehensive Guide to Self-Sovereign Identity. Curious about the Credentials Community Group or want to get started with decentralized identity technology? Get in touch for personal introduction.