Digital Identity: Ensuring that systems are trustworthy

Monday 22 Jun 2020

Introduction

Identification has come a long way since the 1990s when paper-based registries and documents, such as hardcopy passports, were the only option for fully verifying a person’s identity.

The last decade has seen the proliferation of digital identity systems, from ‘self-sovereign’ to national and commercial systems, introducing the opportunity to verify and check identities securely, cheaply and at scale. They have been widely deployed, underpinning the delivery of both private and public services in many settings, including voting in Estonia and the delivery of aid in times of crisis, such as the building blocks programme in Jordan.

Digital Identity is big business, and every year billions of dollars are being invested to develop more secure, scalable and user-friendly identity systems. Most have embraced this new reality because it makes life more convenient and secure, while companies and governments have thrived on the new efficiencies and opportunities it affords. Some international organisations, like the World Bank and United Nations, have more ambitious goals, suggesting that digital identity systems will dramatically improve the situation of people in dire straits around the world. For instance, an article from the World Bank records the story of Juan, a refugee. His family fled their home during Peru’s 1995 insurgency. Like many others, they left behind all of their possessions, including their identity documents. Without any way of proving who they were, they—along with 3 million other Peruvians whose civil registration records were lost or destroyed during this period—were unable to enrol in school or access basic social services. In part to address such tragedies, the UN has included ‘legal identity for all’ within its 2030 sustainability goals.

But whether digital identity systems will achieve fair and just outcomes remains an open question – if societies truly want to use them to to empower citizens then identity systems need to be properly designed and deployed. Such considerations have not necessarily been a priority in the development of digital identity systems thus far.

The Alan Turing Institute’s new project on Trusted Digital Infrastructure for Identity Systems, funded through a grant from the Bill & Melinda Gates Foundation, has conducted initial work in this area, and outlines six key requirements for deploying trustworthy systems: Security, Privacy, Ethics, Resilience, Robustness and Reliability. These requirements address the importance of assuring data remains confidential, is only accessed by those with the right to do so, and that it is always available and retains its integrity. Further, there must be assurance that the data has not been tampered with in storage, computation or in transit. Given the importance of identity verification in providing access to resources and services, resilience must be built in to cope with and recover from unforeseen events. These Principles, if properly implemented, would go some way to addressing the serious political questions that have been raised around, for example, how digital identity technologies can introduce new biases and inequalities.

Digital identity presents a unique opportunity to meet the UN’s goal of ‘legal identity for all’, creating positive changes globally. But we need to make sure that systems are fair and trustworthy and that they are deployed in a safe and responsible way. The work of The Alan Turing Institute is dedicated to helping ensure this happens, helping to achieve the ambitious but vital goals of secure digital identity.