Leverage Science Technology - Business Sustainability & Transformation
Digital Identity:
A Global Issue
Having a trusted, verifiable identity is essential. As digital interaction brings information online at an unprecedented rate, the data comprising our identities are being widely shared - creating both opportunities and vulnerabilities. If designed right, digital identities can provide countries with economic value equal to as much as 13% of GDP by 2030, save 110 billion hours through streamlined e-government, and save businesses up to $1.6 trillion, according to the McKinsey Global Institute. And for the estimated 1 billion people who have no official proof of identity (not to mention the 3.2 billion people unable to effectively use an identity on digital channels), collaborative and user-centric digital identity models guided by shared principles have the potential to be empowering.
Digital Inclusion and Opportunity
Bridging the digital identity divide can bolster human dignity and expand opportunity
According to the World Bank, more than 1 billion people have no legal identity, with about half residing in sub-Saharan Africa. Nearly 40% of the total population in low-income countries has no legal identity (compared with less than 10% in middle-income countries), while one in two women in low-income countries have this problem. There are several ongoing efforts to help integrate excluded populations through digital means. The World Bank’s ID4D initiative, for example, provides countries with technical assistance and expertise to help them implement inclusive digital identity systems. Meanwhile the UN Refugee Agency and the World Food Programme are using iris scans to register refugees and displaced people, and help provide humanitarian aid. The UN estimates that scaling up these efforts could help about 66 million displaced people worldwide. However, there are risks associated with collecting biometric data - especially if a government is inclined to use it to surveil and subdue dissidents, or to exclude people from their rightful access to food and shelter. In addition, if an individual’s sole form of identity comes from a humanitarian agency it can complicate recognition from their home or host country.
Gavi, the Vaccine Alliance, is using digital health cards, biometrics, text messages and a mobile identity platform to improve vaccine delivery in developing countries. And the estimated 40 million victims of modern slavery, according to the International Labour Organization, could be helped by digital identity systems that track worker conditions throughout global supply chains. Austin, Texas is trying to help homeless people, who struggle to maintain physical forms of identification and often have fragmented health data, by developing MyPass, a blockchain-based solution that enables access to healthcare, employment or housing by attaching digital health records and other data to a person’s phone number or email address. While digital identity can better integrate populations, poorly-designed systems can worsen exclusion; fingerprints used for a biometric identity system can erode due to manual labour, for example, while systems that collect DNA and record ethnicity or religion can be misused to discriminate. Participatory design is key for any system serving vulnerable populations. Ultimately, every solution should account for differences in age, digital literacy, and internet access. Stakeholders in all sectors and industries should engage in evidence-based research supporting human-centered identity, engage civil society and the public in its design, and launch prototypes and pilots addressing identity challenges faced by vulnerable populations.
Agency and Trust
Giving people more agency over their data could improve their relationships with institutions
Biometrics, facial recognition, and multi-factor authentication (verifying a user with multiple credentials) help establish trust online - something becoming more difficult as cybercrime and the commercial exploitation of personal data increase. The same technology that improves verification can deplete trust. Artificial intelligence, for example, can be vulnerable to hijacking and discrimination. And while police in New Delhi were reportedly able to use facial recognition in 2018 to track down thousands of missing children within days, that same technology can be used for surveillance and oppression. People are demanding more agency over their data - to know more about how it’s being used, and to tailor it to their needs. Technology companies and governments are exploring decentralized identity systems that empower individuals in this way; Microsoft, Accenture, and Mastercard have announced plans to invest in decentralized models, Evernym and Learning Machine are creating self-sovereign, open-source solutions, and Malta’s government developed a way for educational institutions to issue blockchain-based academic credentials that are owned by students, portable, and instantly verifiable. By 2022, about 150 million people will have blockchain-based identities, according to IDC, even though the technology is still at a relatively early stage of development.
Traditionally, governments or banks have played the role of “trust anchor,” though emerging digital identity models involve new actors. For example, Capsule Pharmacy, referred to as an “Uber for drugs,” relies on doctors as a source of trust when filling e-prescriptions for delivery. Several related governance efforts exist, such as the Pan-Canadian Trust Framework and the European Union’s implementation of an ethical AI strategy. However, the monopolization of technology platforms used for search and social media, and pervasive personal data gathering, complicate efforts to win digital trust; events like Cambridge Analytica’s illicit collection and use of Facebook user data for political advertising do not help matters. According to the Pew Research Center, 49% of American respondents to a 2018 survey did not trust the government to protect personal data, and 51% did not trust social media companies to do so. While internet users expect personalized experiences, they also expect security and agency over their personal data - something that promises to become a competitive differentiator among companies and organizations. Stakeholders in all sectors and industries should promote stewardship of good identity, place the user at the centre of identity systems, create collaborative governance mechanisms, and take interactions between human and non-human identities into consideration.
From Siloes to Collaboration
Collaborative approaches to digital identity that blur traditional boundaries are catching on
Traditionally, institutions designed digital identity systems from the narrow perspective of their own interaction with users. For those users, that meant inconvenient interfaces with multiple, often interoperable systems. Now, institutions are starting to respond to the broader digital context of users by exploring collaborative approaches that cut across traditional boundaries. National identity systems that are interoperable and scalable can save money, improve service delivery, and promote financial inclusion. For businesses, this same approach can enable more personalized experiences for customers, deepened levels of trust, reduced costs, and shared liability with other stakeholders. The European Union’s eIDAS standards promote the harmonization and mutual recognition of the national identity systems in all member states - which is convenient for EU citizens who can do things like open a bank account within the bloc simply by using a national identity card. In another example, Estonia and Finland have made the respective data layers of their identity systems interoperable, in order to enable seamless cross-border data sharing about Estonians who live in Finland but are registered for benefits and services back home. As of 2018, some 1,000 organizations in Estonia and 81 in Finland were using their data exchange layers to more easily deliver services.
The United Nations Economic Commission for Africa and the African Union Commission are working together to increase the regional harmonization of digital identity standards, as part of the process of developing the African Continental Free Trade Area - the largest free trade area in the world in terms of participants. Within the private sector, South Korean mobile phone operator SK Telecom has developed “T-Auth,” which is designed to streamline online shopping by linking it to users’ mobile numbers; 99% of the country’s websites accept the service, and by late 2016 it had 13 million monthly users making 650 million transactions annually, SK Telecom said in a report published in 2017. Meanwhile in Sweden financial institutions have developed “BankID” for things like identification and account access, tax declarations, and document signing. BankID has an estimated 8 million active users; however, in 2018 14 people were found guilty of stealing the equivalent of about $160,000 by calling users, pretending to be a bank representative, and having the users log in to BankID while on the phone. Stakeholders in all sectors and industries should create collaborative business models, shared principles, standards, frameworks, and identity systems that are genuinely interoperable
.
Privacy and Data Protection
Protecting privacy and personal freedom is key for any well-designed digital identity
While a digital identity can enable greater access and add convenience, it also creates significant issues related to freedom and privacy. India’s biometric digital identity system, for example, dubbed “Aadhaar,” sparked public and legal debate that ultimately resulted in the Supreme Court limiting its use - while recognizing privacy as a fundamental right - in 2018. That same year, it was revealed that data analysis firm Cambridge Analytica had harvested information about millions of Facebook users without their knowledge in order to build a political profiling and advertising tool. Some recent responses to privacy and data protection concerns include the European Union’s General Data Protection Regulation, a requirement in the US state of Vermont for data brokers to register with the government, and California’s legislation enabling residents to refuse to have their data sold. China places strict requirements on data use and transfer outside of the country that give the government priority to intervene. In total, 107 countries have put legislation in place to protect data and privacy, according to the UN Conference on Trade and Development, though more than a fifth, mostly in Asia and Africa, still have made no related headway.
Independent oversight from data protection bodies or privacy commissioners can bolster accountability and provide more ways to seek recourse and resolve conflicts of interest on matters like national security and individual rights. Meanwhile the entities that issue digital identities can be disincentivized from unnecessarily collecting and aggregating personal data, and business leaders can be prompted to place a greater focus on privacy. Microsoft CEO Satya Nadella has urged technology companies to treat privacy as a human right and make it a global norm, while Apple CEO Tim Cook has called for comprehensive privacy laws in the US. Increasingly, governments are embedding privacy into design; Estonia, India, and Austria employ minimal data collection, and use randomized unique identity numbers and tokenization in their national systems. Meanwhile startups like Privitar and BigID are building tools to help organizations conduct big data analysis while abiding by data protection laws. Despite a generally growing emphasis on greater privacy, related attitudes still vary - and identity-related data can be easily abused, or fed into artificial intelligence systems that discriminate. Stakeholders in all sectors and industries should embed privacy and informed consent principles in their business strategies and designs, harmonize relevant regulations, and incorporate independent oversight into identity governance.
The Economic Value of Digital Identity
Digital identities can translate into serious economic gains
In a study of seven countries published in 2019, the McKinsey Global Institute estimated that providing digital identities could result in added economic value equal to as much as 13% of GDP by 2030, save 110 billion hours via e-government services, and help the estimated 1.7 billion people who remain without access to formal financial services - often as a result of a lack of documentation. Businesses could meanwhile benefit from improved efficiency, lowered costs and fraud reduction, and save up to $1.6 trillion thanks to digital identities, according to the study. Estonia, for example, facilitates public services including healthcare, banking, and voting via a digital identity system; in 2014 alone it was used over 80 million times for authentication and 35 million times for digital transactions, it saves people an estimated five days per year that would otherwise be spent dealing with bureaucracy, and it cuts costs equivalent to 2% of GDP. Meanwhile India’s “Aadhaar” digital identity system is a centralized, national means to promote social inclusion and access to government services - as of 2017, it covered 95% of the population and had saved the government an estimated $9 billion by reducing fraud, according to Deloitte and the Center for Global Development.
The travel and tourism industry in particular should see economic benefits from the use of digital identities. As international air arrivals increase by an expected 50% between 2016 and 2030, according to the World Tourism Organization, concepts like Known Traveller Digital Identity, developed by a group of governments and businesses, could ease the pressure by using biometric and biographical data to quickly assess risk and verify identities. In the supply chain industry, digital identity can help combat counterfeit goods, which constitute about 3% of global trade, according to the OECD; companies including BMW and IBM are members of the Mobility Open Blockchain Initiative, for example, which uses blockchain to reduce the use of counterfeit replacement parts in order to enhance safety and increase transparency. Digital identities can also be used to verify businesses online; Singapore created “CorpPass” to help facilitate digital transactions between businesses and the government, and the governments of British Columbia, Ontario, and Canada created the “Verifiable Organizations Network” to digitize government-issued credentials for businesses like registrations, permits, and licenses. Stakeholders in every sector and industry should be investing in digital identity as a foundational infrastructure, designing flexible solutions, and unlocking more identity use cases.
Source: World Economic Forum