Today, 16 September, is the day that more than 100 organisations, including government and humanitarian agencies, campaigners, standards organisations and NGOs have declared as International Identity Day. The coalition came together two years ago to inspire an official declaration from the United Nations in honour of the UN’s Sustainable Development Goal 16.9 to provide legal identity for all, including free birth registration.
Legal recognition of identity, the ability to establish trust in who we are, is a powerful tool in society that confirms access to life-sustaining resources and services. This is true for everyone, and as such it is enshrined in the Universal Declaration of Human Rights. Most of us do not actively think about our affirmation of this right. The ability to establish trust in who we are, however, is undergoing revolutionary change as it increasingly goes digital. Everyone has an interest in understanding the impact this development may be having on the world and our lives. An international day of observance offers the opportunity to do just that.
The campaign continues with organisers and supporters marking the day on their own initiative, particularly highlighting a need to close an identity gap for one billion people who do not have any form of legally recognised identity. Recognition of an Identity Day has largely evolved within African countries, where the campaign initiated. The aim is to inspire a truly global celebration.
At The Alan Turing Institute, we have established our Trusted Digital Infrastructure for Identity Systems project. This was launched in April to advance knowledge and inspire considered appreciation for the robust requirements needed as increasing numbers of lower-income countries turn to digital technologies to fill this identity gap. The opportunity and the ambition for the project is to inform developments globally as they are advancing at pace.
By 2018, both The World Bank and the International Telecommunications Union (ITU) were reporting that 161 countries, the lion’s share of the 175 countries known to have national identity programmes, had a digital element. With COVID-19 governments and businesses have fast-tracked plans.
"By 2018, both The World Bank and the International Telecommunications Union (ITU) were reporting that 161 countries, the lion’s share of the 175 countries known to have national identity programmes, had a digital element. With COVID-19 governments and businesses have fast-tracked plans."
The UK government, for example, announced its ambitions earlier this month. The proposals come after it was revealed that 1.4 million people did not have the digital identity credentials to facilitate the verification needed for support. Wide-reaching plans include the development of standards that would be linked to government policy and law, and referenced pilots underway to explore how secure checks could be made against government data. The aim is to give people ‘easier and safer’ access to digital services which require identity checks, such as online mortgage applications, financial services and recruitment onboarding.
Before COVID-19, The World Economic Forum (WEF) was forecasting over 60% of global GDP to be digital by 2022, highlighting a driving force for digital ID. There are now numerous approaches to delivering digital identity services with increasing levels of personal details and biometric data collected, often given freely in exchange for convenient access to a product or support from governments and companies alike.
For most people, identity is the document or process used for verifying who they are when they do their banking, register for healthcare, or buy something online. This frontline interface is supported by a comprehensive system of processes, infrastructure and services, for collecting, registering, issuing, releasing, verifying and managing the data that the identification document portrays.
Unlike the presentation of physical documents, the information associated with the use of digital verification can be interpreted to create a wealth of information about an individual, tracking their movements, use of public services, consumer habits and more. Systems can be linked to functional ID services, facilitating new opportunities for managing efficiencies or crises. An emotive illustration of the possibilities emerged as COVID-19 inspired proposals to link airport facial recognition and temperature reading devices with national digital ID systems as a tactic for controlling the disease. Fierce public debate highlights the perceived intrusions that occur when the use of identity data evolves in this way. Questions regularly raised include: How much information should be collected about individual citizens? What choices should they be given? What are the priorities for protecting populations?
The trust assumptions required in and of governments, third-party service providers, and the services that rely on verifiable authentication of an individual’s rights can be poorly understood. They speak to reliance on all parties to not just be lawful, but also competent and transparent in their access, management, and use of identity data. Debate fuelled by concerns around data security risks and public surveillance often focusses on whether systems architecture should be centralised, federated (whereby identity credentials are directly issued by the services people access rather than a central authority) or decentralised; and whether individuals should or could be their own authority by curating their data within ‘self-sovereign’ identity systems. This debate can be politically sensitive as demonstrated by the experience in the UK which has been working to advance digital ID for over two decades and, in the face of public pressure, had to repeal an act to introduce a national identity register and identity cards in 2010.
With few guiding conventions in place, our work at the Turing acknowledges the need to enrich understanding of the risks, alongside practical considerations for implementing currently abstract concepts, including privacy by design. Technologies have advanced and current assumptions may be challenged: data vulnerabilities can be introduced through the devices used to access self-sovereign systems; central systems can be designed to offer advantages of the decentralised and vice versa. There is significant opportunity to inform trustworthy infrastructure that incorporates technologies and design options that can diminish the potential for harm.
International Identity Day helps us all appreciate identity as a Human Right, and the importance of assuring our capacity for sustaining this Right is trustworthy.
You can find out more about the Trusted Digital Infrastructure for Identity Systems Project, on The Turing Podcast with Turing fellow Carsten Maple.