What is digital ID?
A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organization, application, or device. ISO/IEC 24760-1 defines identity as “set of attributes related to an entity”. A digital identity, therefore, arises from personal information used on the web and the shadow data created by the individual’s actions online.
Data points used to establish a digital identity:
- Username and password
- Purchasing behaviour or history
- Date of birth
- Social security number
- Online search activities, such as electronic transactions
- Medical history
Most important technical vocabulary
Authentication
Authentication is a key aspect of trust-based identity attribution, providing a codified assurance of the identity of one entity to another. The presentation of a unique object, the provision of confidential information, the answer to a pre-arranged question or the confirmation of ownership of an e-mail address are the most common authentication methodologies, and more robust but relatively costly solutions utilizing encryption methodologies are also available. To fight identity theft, physical authentication techniques such as iris scanning, hand-printing and voice-printing are currently being developed.
Risk-based authentication
Risk-based authentication is an application of digital identity whereby multiple entity relationship from the device (e.g. operating system), environment (e.g. DNS Server) and data entered by a user for any given transaction is evaluated for correlation with events from known behaviours for the same identity. In other words, it involves checking if there is anything suspicious about you logging in, say using a device from a different country than usual.
Digital identifiers
Digital identity fundamentally requires digital identifiers – strings or tokens that are unique within a given scope (globally or locally within a specific domain, community, directory, application, etc.). Identifiers are the key used by the parties to an identification relationship to agree on the entity being represented.
Authorisation
Authorisation is the determination of any entity that controls resources that the authenticated want to access. Authorization depends on authentication because authorization requires that the critical attribute (i.e., the attribute that determines the authorizer’s decision) must be verified.
Digital Object Architecture
Digital Object Architecture provides a means of managing digital information in a network environment. A digital object has a machine and platform-independent structure that allows it to be identified, accessed and protected, as appropriate.
Handle System
The Handle System is a general-purpose distributed information system that provides efficient, extensible and secure identifier and resolution services for use on networks such as the Internet. It includes an open set of protocols, a namespace and a reference implementation of the protocols. The protocols enable a distributed computer system to store identifiers, known as handles, of arbitrary resources and resolve those handles into the information necessary to locate, access, contact, authenticate or otherwise make use of the resources.
The digital revolution is impacting all parts of society
The most visible change is the growing multi-channel access to online services, whether through the Internet or mobile apps and vastly accelerated by the pandemic.
As our lives shift towards the digital space, most governments are finding it essential to maintain continuity in the way society is organised, improve economic mechanisms and develop services to citizens.
- Managing health, organising education, taking out a loan (or investing in savings), signing a rental contract, or exercising civil rights are just a few examples of everyday hassles that can benefit from adopting digital ID.
- Companies can greatly improve customer service while safeguarding contractual commitments. Also, they have to make sure that acquired agility remains secure. Unique identifiers and use patterns make it possible to detect individuals or their device, which is often used by website owners and advertisers to personalise and serve targeted content and advertising to potential clients.
- For public administrations, offering greater flexibility in public services thanks to the all-digital transition and the need to better serve and protect their citizens.
60+ countries have leaped to digital identity and are engaged in a national eID scheme
Hong Kong followed the example set by Finland, Brunei, Malaysia and Macao, and started its own national identity card programme in 2003. Strong and constant political will, and solid technical and legal infrastructure, led to its success. Furthermore, the document is visibly more modern and secure than its predecessor, boosting national pride. The national identity card also has a vital social role: the clear perception that it would protect the rights of its citizens and their uniqueness. The installation of self-service terminals and integration in libraries, online betting and more “classic” examples of Hong Kong e-Government, such as e-tax, have also encouraged adoption.
South Africa is another example of supporting transformation leveraging strong national symbols and values. The country is a young multi-ethnic democracy, still looking for its true identity. A new digital scheme was used by the authorities to strengthen the nation’s development goals as a symbol of unity and pride for all citizens. Launched in mid-2013 and replacing the history-laden green book, the biometric smart ID card was indeed presented as part of the national effort to reinstall the:
- identity;
- general citizenship; and
- the dignity of the people.
The first smart ID cards were issued to the ‘Mandela Generation’ – and former president Nelson Mandela himself – giving priority to those veterans whom the country wished to honour, giving a clear signal of where the country is heading.
India’s digital ID number, named Aadhaar, has become a symbol of digital transformation and empowerment. The project started in 2009, and today over 1,29 billion residents have been registered as of June 2021. Each resident is issued with a unique 12-digit Aadhaar number, primarily used to for authentication. So, in India, the ID is not a card. It’s the number. It’s purely digital, and hence verifiable online. The primary goals were to efficiently manage public subsidies and unemployment benefit schemes. But, now, Adhaar offers vast potential to improve social inclusion while strengthening the country’s defences against modern threats such as corruption, cyber-crime and identity theft.
What next?
Digital ID is probably the future of ID. With the internet spreading to almost all parts of the planet, we will soon say goodbye to plastic cards with our personal information. One cannot forget about the many advantages of digitalisation such as lower costs, higher accessibility, and shorter waiting times. Many of us spend almost as much time online as in real life, so why don’t we just make it official there?
Introducing digital IDs is a difficult task that governments and companies are already facing, and many officials seem up to the challenge. Moreover, a well-designed digital ID may result in facilitating good payments while making bad payments impossible. This asset may become a great tool to protect the vulnerable and deliver even better digital payments.
On the other hand, the risk of identity theft is enormous, as well as the moral aspect of having a digital diary of almost everything you have done in your life. But can we stop it? I don’t think so. We can only make the best use of it. I have a digital ID, therefore I am…
Share this post
Written by
RedCompass Labs
Resources