Principles for Good ID in Africa
What makes an identity system “good?”
Digital identity is simultaneously becoming a hot topic in the global development community and in high technology circles — a rare coincidence.
Faced with fake news, data breaches, demand for traceability in global supply chains and increasingly sophisticated cybercrime, companies from Facebook to mining conglomerates to community banks are establishing anti-fraud systems that leverage human fact-checkers, online ID verification in mobile apps, dynamic multi-factor authentication with face and voice biometrics, and even gait or keystroke analysis — analyzing anything that uses human biometry or pattern recognition to safeguard the mobile devices we carry around in our pockets 24/7 and confirm a user’s true identity.
Fingerprints, your voice, your face, the pattern of veins in the palm of your hand and even the colored pattern in your…www.nbcnews.com
Meanwhile, governments are under political pressure to respond to current events like the global refugee crisis, fight corruption and terrorism, and control porous borders, all while expanding access to education, jobs, healthcare and financial services for their own populations.
New technologies like blockchain distributed ledgers, 3D face recognition and the biometrics mentioned above are enabling companies to create new products for enrollment and authentication beyond legacy fingerprint readers, causing governments to re-start ambitious plans for universal ID systems, particularly in Africa.
When industries undergo rapid change it creates opportunities for innovation and human progress, but in the case of identity, it is also a moment fraught with danger, as most digital tools that can be used for authentication and financial inclusion can also be used for surveillance.
At recent gathering in Boston, academics, identity industry practitioners and former U.S. policy makers tried to answer the question, “What is Good ID?”
The meeting was part of a new initiative called Good ID, to define and advocate for digital ID systems that put users and privacy first.
“Good ID: What’s policy got to do with it?, organized by the Omidyar Network, and run by Caribou Digital, was a gathering of passionate and experienced individuals from diverse fields, discussing what “Good ID” might mean and how policy can help us get there and then committing to concrete actions to collectively advance the cause.”
Inspired by this discussion and our own experience at Smile Identity, we drafted a set of value propositions that we believe can make digital ID “Good,” or at least maximize its positive impact in emerging markets. While our list focuses on solving Africa’s challenges, many of these principles are universal.
Six Value Propositions for Delivering Good ID:
- It Must be Accessible — Digital IDs must be achievable for all people — whether citizens of one country or not. Our motto at Smile Identity is:
“We believe anyone should be able to prove their identity just by being themselves, regardless of the origin of their IP address or their ID card.”
People must have a way of proving who they are. A company or government that undertakes an identity project must design it in such a way that all people who need a credential can get one. More than 1B people around the world struggle to prove their identity or currently do not have a form of identification. 500M of them are in Africa. This is not simply due to people refusing to register but more so a reflection of the time, cost and logistics involved in acquiring IDs. The most obvious solution to keeping the cost of issuance low and the pace on par with Africa’s growing population, is to ensure that digital IDs are issued as virtual credentials first (unique numbers for example that can be associated with any device) rather than initially as physical artifacts (i.e. “ID cards,” smart cards, SIMs, or tokens). This allows issuance to happen faster (citizens don’t have to wait to receive a printed card to be counted) and allows IDs to be decoupled from any particular technology, so they can stay relevant as hardware and phone numbers change during a person’s life.
2. It Must be Reliable — All IDs are essentially “claims” made by the issuing authority about another party. The extent to which those claims are verifiable by the entity making them creates the fabric of trust for an ID system.
A “claims-based framework” allows for lots of verifying entities to make a claim about a user but also “leaves the evaluation of the usefulness (or the truthfulness or the trust- worthiness) of the claim to the relying party.” The truth is not in the claim, but in the evaluation. The evaluating party decides if it should accept the claim being made, based on the authority of the entity making the claim and any supporting data provided.
Side Note: This is why blockchain alone does not solve identity (or verifiable claims for that matter). It does not matter whether a claim is in a central database or on a distributed ledger — being on a blockchain doesn’t make a claim more true — it simply ensures that all can see the claim, when it was written, and who wrote it. The most important utility of a blockchain is in providing this public ledger to ensure no one has changed or edited a claim. Readers of the claim no longer have to trust that the database administrators have sufficiently protected the database from alteration, but they still have to evaluate and decide whether to trust the entity that made the claim.
Verifying entities that make claims must establish trust and maintain public confidence for them to be useful. If they are unresponsive to user demands, if their systems error-prone (riddled with typos, filled with out of date information, unusable images or illegible text) or if they are built on unreliable technical architecture, they are not useful and will be abandoned. Even governments that issue IDs lose the confidence of the public if it becomes known that their officials can be paid to produce fraudulent documents. A certain state drivers license in West Africa is notorious for having this problem. A reliable ID system must be capable of handling a high volume of simultaneous queries in a consistent, highly automated, and accurate fashion, on a regular basis.
3. It Must be Defensible — While most companies consider the data they receive from users to be their own, a Good ID system should recognize that identity information is the users’ data, being held in trust. While there are no perfect solutions to security, protecting user data must be at the forefront of each technical decision. Employing best practices greatly reduces risk.
- Limiting the data that is held
- Undergoing regular security audits
- Requiring the use of multi-factor auth
- Always encrypting data in transit and at rest
- Training employees to identify attackers who attempt to elicit their help through social engineering — the biggest cause of data breaches.
As explained by Kim Cameron: in general, companies fail to “adequately protect the two or three foot channel between the browser’s display and the brain of the human who uses it. This immeasurably shorter channel is the one under attack from phishers and pharmers.”
Defensibility starts with humans.
4. It Must be Extensible — The best way to achieve extensibility and future compatibility is to envision an identity system as a meta-system more than as a database. A meta-system might consist of a set of inter-woven APIs that make calls to various claims on behalf of a single relying party or on behalf of different relying parties. The system might store data, or, more like Estonia’s X-Road, it might mostly route data to places where it can be locally processed.
However it is designed, it should contemplate a way to allow additional types of attributes, claims, devices, and participants (readers and writers) to be added over time. This is where blockchain technology could play a role, especially if an ID system will have many claims making entities and many relying parties that can’t be easily coordinated through a central trusted authority.
5. It Must be Revocable —
“Privacy means people know what they are signing up for, in plain English, and repeatedly.”
— Steve Jobs
If the basis for the legitimate sharing of data is user consent, then it must follow that the same user can revoke or constrict consent later on if circumstances change.
The challenge with this value proposition is primiarily one of user experience — how to appropriately explain to the user what they have agreed to in a way that is decipherable by humans, comprehensive enough for attorneys and searchable over time. One way to do this is with consent receipts, as highlighted during the event by by Pamela Dingle of Microsoft. These receipts keep a record of when and what a user consented to, and allow that user to revisit the decision later on.
Another way to resolve this is to pro-actively asks users to reconfirm the consent they have provided. Apple is one of the few companies that does this regularly, reminding users who they have shared data with and what permissions have been granted to various 3rd party applications that access user data.
Before a user’s data is used in a way that was not previously approved and at any point in that user’s journey, A Good ID system should similarly give that user an opportunity to confirm or revoke consent.
Furthermore, Good ID systems should only reveal information that identifies a user personally when they have consent, and that consent should only be shared with “justifiable parties” or those who have a legitimate and justifiable interest in seeing the user’s information, and for whom the user has already given consent.
6. ID Usage should be Optional — The entire premise of a legitimate identity system in a free society is that its use at the option of a user. The user chooses whether they want to have a particular type of ID, disclose the information required to get it, and access the services that are available because of it. A Good ID system, especially one where biometrics are involved, can’t possibly require people’s mandatory participation by law.
The reasoning for this is simple. Being optional allows people to vote with their actions.
While having an ID is something that the vast majority of people practically require to conduct their daily lives, (be it purchase a SIM card, open up a bank account or board an aircraft), requiring people to register for a particular government ID robs citizens of the freewill to reject a system that is not working for them.
It also limits the incentive for the proprietors of that ID system (be they government agencies or private contractors) to provide good service, safeguard personal information, and respond to user demands to update, correct, or remove information.
Being optional keeps an ID system Good, by keeping it honest. If the ID system fails to live up to users’ expectations they can begin abandoning it for a better alternative.
In the next several posts we’ll examine specific ID systems and expand on how these principles can be (or are already being) applied in African markets.