A crucial but less-noticed factor in the reduction of poverty has been the spread of formal identification among previously undocumented people. A concrete ID grants people in poverty access to social services such as sanitation, education, and medical care, as well as being a prerequisite for access to bank accounts, business licences, and financial services. As many of these services expand online, digital ID is an urgent necessity to guarantee continuous and secure access.
Recognising this, in 2017, the World Bank launched the Identification for Development (ID4D) initiative to realise the creation of “inclusive and responsible digital identification systems as a sustainable development priority.” Less developed countries have slowly made progress in transitioning from paper-based to digital identification, with several countries announcing plans to create digital identity systems and six Asian governments already expected to roll out digital IDs over 2019 and beyond.
In 2019, as this process accelerates, its success depends on whether a market for digital identity systems can overcome growing challenges and the memory of some high-profile failures.
What are the policy considerations?
Attempts to expand digital ID schemes in 2019 will need to balance the security of critical information with concerns on privacy, individual rights and freedom.
Cybersecurity
Digital ID requires several strands of highly sensitive information, naturally raising concerns about data breaches and cyberattacks. This will intensify as the digital identity market moves towards greater interoperability in 2019, characterised by federated identity management and the use of distributed ledger technologies (for example blockchain) to secure digital identity.
Technologies to safeguard digital identities have been developed but are struggling to expand beyond national borders, at least in part due to diverse languages and cultural variations. It will be critical for safeguarding technologies to overcome these barriers as several current systems have lacked sufficient security. For example, India’s Aadhaar — the largest national digital ID system in the world — has suffered major security breaches that made confidential information widely available.
Digital trust and privacy
The use of new technologies to enhance the security of digital ID systems will further test the boundaries of trust in digital systems. Digital ID systems intrinsically allow tracking and study of peoples’ online and offline behaviour patterns, as well as the sale of this information for commercial or political use, making users inherently suspicious of the technology. For instance, national digital ID systems used for surveillance are already a reality in parts of China and raise ethical issues around individual freedom and privacy.
Similarly, efforts to secure these systems will also have to contend with the need to retain transparency. For instance, distributed ledger technologies are gaining popularity but also obscure the operations of these systems. This could further erode trust in these systems and raise concerns about how and where data is accessed, processed, and stored.
Accessibility
Although digital ID systems make it much easier to obtain services, run businesses, and participate in government, registration can be a higher-bar than previous paper-based systems and marginalised populations risk being ‘locked out’ of services even more than they were before. Verification of digital identity requires electricity and connectivity, not always available, while the reliance on biometrics risks excluding people who cannot provide commonly used forms of data; for example because of illnesses or professions likely to degrade fingerprints.
Unless policy-makers plan to address these issues, 2019’s digital ID systems will face challenges in adoption, trust, and use.
Solutions for 2019
The key to managing the tension between the immense benefits and the pitfalls of digital ID systems will lie in ensuring regulations remain adequate and relevant for new technologies through consistent multi-stakeholder engagements and capacity-building efforts.
For instance, governments can look to international standards being developed, like the US Department of Commerce’s National Institute of Standards and Technology (NIST)’s technical standard around digital identity systems. The standard should allow for easier enrolment and proof of identity that meet both the authentication and life cycle requirements that government institutions need as party of a digital legal identity.
In addition, it will be critical to monitor in the next year how governments and business implement data protection and cybersecurity laws released or amended in 2018. Regulations and implementation guidelines may need to be updated to better facilitate authentication of digital identities. Gaps between policy and practice both in the public and private sectors will need to be eliminated through capacity building and training. This will continue to ensure that basic levels of cybersecurity and data protection are met.
Digital ID offer great potential in terms of facilitating access to basic services and improving efficiency of businesses. In 2019, it will be essential to protect this potential from mismanagement or misuse.
Author: Renuka Rajaratnam, Public Policy Manager, Access Partnership