Digital identity, usually backed by biometrics, is currently a hot topic in several countries around the world. Governments in Australia and the UK are trying to balance efficiency with privacy and rights protections, Barbados has signed a digital ID technology contract, and Sri Lanka is considering its next steps. Decentralized approaches to identity consider to gain steam, with LG CNS joining the ToIP Foundation, and an editorial suggests Apple ID could be hugely disruptive.
Australia’s Opposition is calling for the government to delay its GovPass digital identity program to make sure it protects basic rights and engages more effectively with the industry, InnovationAus reports.
The governing Coalition intends to introduce legislation backing the scheme’s extension to accredited companies in the private sector, and an interim report from the Select Committee on Financial Technology and Regulatory Technology recommends the government accelerate its plans.
“These reforms will deliver significant time and cost savings to individuals and businesses, as well as creating opportunities for innovative FinTechs and others working in the digital identity space,” the interim report reads.
“The committee urges that legislative work being developed by the DTA be brought forward as quickly as possible by government, in consultation with states and territories through the Digital Economy and Technology Ministers’ Forum.”
A pair of Labor Senators on the committee delivered a dissenting opinion, however, stating that with program deliverables still outstanding, the infrastructure needs to be improved before moving forward.
A similar argument was recently put forward by a ForgeRock expert in support of the delay of the myGovID platform’s launch.
The project has also seen significant delays. Plans to test GovPass’ biometric facial recognition feature in “mid-2020” are delayed, as the Digital Transformation Agency (DTA) has not yet selected a vendor for the software, according to InnovationAus.
“We are concerned about reports that the DTA don’t consult well with the broader tech community. Reports from the tech community on the rollout of the COVIDSafe app is that constructive feedback wasn’t sought early enough, that it was difficult to find the avenues to provide it, and that it was sat on or ignored for long periods of time,” the Labor Senators wrote in their dissenting report.
Stakeholders see potential reward and risk from UK digital ID
Reactions to the UK’s digital ID plans are coming in from industry groups and civil society. The UK’s plans for national digital ID, likely backed by biometrics, could help boost economic growth in the country, according to the Confederation of British Industry (CBI), though techUK is not pleased with the plan’s lack of detail, Reuters reports.
The government’s proposal announced last week would create digital ID cards to facilitate online transactions, including age checks for restricted goods and services.
“The behaviour of the digital identity industry also remains a concern, and we have to be sure that they are prevented from exploiting our data and using it for other purposes,” Tom Fisher of Privacy International told the Thompson Reuters Foundation. Fisher also said it is important that digital ID not disadvantage people without internet access or digital skills.
In noting the advantage countries with robust digital ID systems have had in their pandemic responses, The Economist notes that while national digital identity systems have historically faced strenuous opposition in places like America and the UK, it is scandalous that impoverished people living in rural India can prove who they are to their government online, while many in Britain and the U.S. cannot.
LG CNS joins Foundation to work on decentralized ID standards
LG CNS has joined the Trust over IP (ToIP) Foundation as a steering member to help build and promote international technical standards for digital identification, Business Korea writes.
The foundation was launched in May and counts IBM, Mastercard, Accenture and Evernym as steering committee members, along with the Canadian province of British Columbia. There are roughly 110 organizations participating overall. One of its main goals is to establish a standard model for distributed identification (DID) that is compatible with W3C standards, such as WebAuthn.
LG CNS rolled out a biometric payment system in South Korea with facial recognition in April, and signed an MOU with Evernym in May.
The Electronic Frontier Foundation (EFF) argues in a recent post that the privacy recommendations contained in W3C and mobile driver’s license (mDL) specifications should be considered a floor, not an aspirational ceiling.
The way to improve the privacy and equity protections of digital identity systems, according to the EFF, may be with DID systems that support self-sovereign identity (SSI). The EFF considers the “trust model” framework for decentralized identity, and two specifications it informs. The Decentralized Identifiers spec drafted by the W3C and ISO’s pending mDL standard, which follows the trust model, but for a centralized credential.
EFF discusses ways to avoid privacy degradation from digital IDs, including zero-knowledge proofs, but notes that the specifications depend on voluntary adherence to the trust model.
Barbados awards digital ID contract
Productive Business Solutions (Barbados) has been selected by the Barbadian government to provide software, ID cards and professional services to launch the country’s digital ID and national ID card replacement project, according to NationNews.
The contract is expected to last four months, with PBS supplying technology to enable user authentication for online transactions and digital signatures. The system is expected to help people participate in ecommerce, internet banking and other digital communications. Smart cards and mobile phone technology will both be used in the system, which is intended for both public and private sector use.
Editorial argues Sri Lanka’s digital ID should be multi-purpose
Moves by Sri Lanka’s government to launch a national digital identity card has been spurred by challenges related to the COVID-19 pandemic, according to a pair of managing partners for consultancy Cogitaro.com writing an editorial for The Morning.
The editorial focusses on how national digital ID cards have been used in other nations. The current national ID card in Sri Lanka include a magnetic strip which has never been utilized, while numerous government bodies within Sri Lanka independently collect volumes of personal data for various services.
Getting one digital ID card to provide access to all of these services would be the optimal implementation, the editorial states. The inclusion of biometric data, such as a thumbprint, would enable the cards to be used for efficient border checks, in addition to other applications requiring trust.
Apple ID a more disruptive idea than Apple Pay
Digital payment services like Apple Pay and Google Pay are essentially just updates of the same credit card-based payment systems that predate fancy technology like iPhones, David Birch writes for Forbes, but patent filings by Apple around “verified claims of identity” hint at a potential service which could be much more disruptive.
Birch says these patents for digitizing credentials on personal devices signal looming “wallet wars.” Birch wrote about the “very short step from Apple Pay to Apple ID, where revocable identification tokens are loaded into the tamper-resistant hardware” back in 2016, and points out that he is not alone in anticipating this development. The secure enclave that is safe enough for payment tokens can easily also be used for digital identity, Birch contends.
Ultimately, Birch writes, the decisions made about digital identity deserve thinking carefully about, as it forms the basis for online society, and have profound implications for how that society works.