It is estimated that 1 billion people worldwide lack a legally recognized form of ID. 3.2 billion have some form of ID and a digital trail, whilst the other 3.4 billion people on earth have some form of ID but no digital trail. Good digital ID is identification that is verified and authenticated to a high degree of assurance over digital channels, is unique, is established with individual consent, and protects user privacy and ensures control over personal data.
Much good can be done by bringing digital ID to developing countries. People will be able to have access to government services such as health and education, collect social security benefits, seek legal protection or otherwise engage in modern society. In many cases, transitioning from paper-based identification systems to digital ones offers new opportunities and can allow security, accuracy and convenience in identifying and authenticating individuals. As more public services transfer to the digital realm, the ability to prove who you are will be essential for participating in the digital environment.
Now that we are constantly working and connecting online, identifying ourselves has become a delicate balance between security and privacy concerns. Distributed ledgers now offer new possibilities for universal and portable identity solutions which allow us not to give up anymore private details than absolutely necessary. A blockchain-based digital identity allows users to have control over what information is shared and who can have access to it. This type of portable identity is not dependent on a central authority and therefore cannot be taken away. Through the use of blockchain, 2 parties who don't normally trust each other can exchange secure and trusted information. Security is achieved via cryptography thus allowing the individual to prove his or her digital identity.
Canadians are already using a system called Verify.Me to open bank accounts, get driver's licenses and apply for utilities. Verification is based on information that users have already shared with organizations that they trust such as their bank. The system runs on a permissioned blockchain which is somewhat different from private and public blockchains as the number of consensus participants is restricted, making permissioned networks highly configured and controlled by the owners. With a set of known and identifiable participants, they tend to be much faster than public blockchains as these can suffer from consensus problems as not all nodes work together to get the new update implemented.
Estonia is an excellent example of the use of digital ID's by its citizens to take advantage of the impressive range of e-government services in that country. These include making payments, accessing full health records and internet voting. This all started back in the mid-90's soon after the country declared independence from the Soviet Union. It now has an e-residency program where qualified persons anywhere in the world are able to get a government issued digital ID and full access to Estonia's public e-services. Today, 99% of public services are available online 24/7 with 30% of Estonians using the system to vote online. The government put the building blocks in place right from the start by digitizing registers held by public bodies to provide the necessary information to support e-services. It also built the X-Road platform that connects the different systems used in the public and private sectors and this allowed them to share information. With the provision of digital ID cards, citizens had the means to securely access online services and digital signatures were made equivalent to handwritten signatures.
But challenges do exist when countries chose to implement such a system nationwide as it needs to be ensured that all individuals are included, particularly where large, remote and rural populations exist. The forcibly displaced, stateless persons and other marginalized groups must be catered for. Strong data protection laws need to be in place together with regulatory frameworks and practices covering the use of identification systems. An individual's right to privacy and consent must not be undermined through the use of his or her personal information. Systems should be private by design with the end users in mind, with no action required by participants to protect their personal data. Moreover, all information should be protected from improper use by default, through both technical standards and preventative business practices.
Proper controls must be in place as history has shown us that misuse of traditional identification programs has lead to tracking and persecution of ethnic and religious groups. If improperly designed, digital ID's could be used to target the interests of individuals or groups by the government or the private sector. Motivations could include financial gain from data collection, political manipulation and social control through surveillance and restricting access to payments, travel and social media.
It should certainly be of concern that Bill Gates has entered the arena with the ID2020 Alliance initiative. Do we really want a single, global identification standard being supported by Microsoft, an American company? Would you want them to be responsible for storing your data and not sharing it? What could possibly go wrong?