Good ID: Estonia did, and you can too
This piece builds on our six principles of Good ID discussed here.
Click here to learn more about Smile Identity and our offering of Good Identity Solutions for enterprises.
Many governments around the world are expanding or revamping their citizen identification systems. These updates typically have at least one or both or the following objectives: centralizing the state’s control of information about its population and increasing the barrier to entry for fraudsters who want to commit identity theft or attain/issue credentials through corrupt means.
In Kenya, this centralization drive recently became a hotly contested political and legal issue when the President declared that all citizens were required to sign up for a new mandatory ID system called NIIMS (the Nationally Integrated Identity Management System) within a period of 45 days. While the mandatory call to sign up for NIIMS (also known as “Huduma Namba”) was overturned by the High Court of Kenya and as Omidyar Network describes, the court placed limits on what information the government can require of citizens, over 11 million Kenyans signed up in the meantime.
The news in Kenya is consistent with an overall trend in Africa right now. In Nigeria the government chartered National Identity Management Commission (NIMC) is working to compare and deduplicate its 30 million National ID records with the 30+ million bank verification number or “BVN” records held by the private sector banking authority NIBSS. In Tanzania, citizens are now required to use the new NIDA IDs in an attempt to standardize the 4 or 5 different historically issued IDs prevalent in the country. Last year Zimbabwe introduced cctvs cameras outfitted with Chinese facial recognition technology into public places to track faces in the crowd and tie them back to known ID records on file.
While not all of these efforts are overtly negative for citizens — some centralization can be good if it improves accuracy, saves time, and reduces the number of insecure places where identity information is being stored, in most of these countries the governments are focused on how ID systems can serve the state.
But there is one story of a digital ID system that is now almost 20 years old which stands out for its unique focus on serving the needs of citizens and not just the state.
That is the story of tiny Estonia.
A country of 1.3M people built an ID system called “e-Estonia” that enables secure, electronic voting from home and allows even non-citizens to become e-citizens in order to incorporate new companies and bank accounts in Estonia.
This would not have been possible without modern technology and cryptography. But what’s more interesting about the Estonian story is not so much what it achieved as much as how it is entirely possible for other nations to emulate. There is no reason why Kenya, Tanzania, Nigeria, Bangladesh or Brazil could not build a similar system for digital identification and online transactions with similar privacy safeguards for citizens.
In fact, And in fact, in a development that will come as no surprise to most African news watchers, Rwanda is already following its lead. The Rwandan government has a National ID system in place already but has been actively looking at what Estonia has done with its e-citizenship program and evaluating what lessons can be applied in Kigali.
But back to our friends in Tallinn…
At its core, Estonia’s ID system is based on three components:
1. A “Once” only policy which ensures that citizens do not have to complete or fill in the same piece of information twice.
2. A chip and PIN system allowing any. Estonian citizen or “e-citizen” to authenticate their identity and authorize transactions
3. The Estonian “X-Road” which is a data exchange transport layer that allows users to authorize data sharing between organizations but enforces encryption security standards, user authorization and minimizes centralization.
The New Yorker nicely explained the “once only” policy:
They do so through the “once only” policy, which dictates that no single piece of information should be entered twice. Instead of having to “prepare” a loan application, applicants have their data — income, debt, savings — pulled from elsewhere in the system. There’s nothing to fill out in doctors’ waiting rooms, because physicians can access their patients’ medical histories. Estonia’s system is keyed to a chip-I.D. card that reduces typically onerous, integrative processes — such as doing taxes — to quick work.
When we consider how the authentication and authorization layer might be solved In Africa rather than focusing on replicating expensive Chip and PIN systems which require lots of hardware and may not be cost effective in Africa, a face + PIN alternative like the one we provide at Smile Identity could achieve similar aims.
And though X-road’s data exhange may sound like centralization by just by another name, it is in fact more of a verifiable claims layer that allows for limited information to be shared only as and when the end user actively authorizes the sharing of that information with a cryptographic signatur, and only for the explicit purpose inteded. Here’s a short video that explains it.
A number of writers have expounded upon the virtues of the Esotonian ID system, in the New Yorker, A16Z and the Economist.
For more reading on Estonia and its revolutionay ID system, check out these three pieces from the past decade.
