Inside the Information Society: Digital identity (Who’s who?)

Each week David Souter comments on an important issue for APC members and others concerned about the Information Society. This week’s blog post reflects on digital identities.

Identity matters to us. It defines who we are; and, to a considerable extent, it defines how others treat us – including government agencies and others we rely on.

Most of us want to define our own identities (not always accurately – one of the reasons that pseudonyms are so popular online). Much of the time, though, they’re defined for us by others (also often inaccurately).

Why legal identity’s important

Knowing who you are, and being able to prove it, matters for both individuals and societies. Development agencies have stressed the importance of legal identity for decades, for two reasons.

Around one and a half billion people worldwide lack legal identity. Without this – a birth certificate, an identity card, a national insurance number – it’s difficult for them to access the rights and benefits of citizens, health and education services, jobs and bank accounts, or the protection of the law.

Lack of identity especially affects more vulnerable groups. Around a quarter of a billion children have not had their births registered. Anonymity, for them, means missing out on services they need to make adulthood better. Ethnic minorities and refugees are frequently denied or lose documentation, which makes it hard for them to integrate, easy for others to discriminate against them. Those with limited literacy (or minority languages) can be especially disadvantaged.

There’s an issue, too, about the quality of public policy and services. Economic and social development need good data, particularly data that include vulnerable groups. Public services should be planned with evidence about the scale of need. It’s harder for governments and other agencies to design policies that include and empower people if those who lack empowerment are undocumented, as well as harder to ensure that they receive the rights and benefits to which they are entitled.

That’s the case for legal identity. It’s why one of the targets in Sustainable Development Goal 16 is to ‘provide legal identity for all, including birth registration, by 2030.’

Digitising identities

How identity’s defined is changing in the information age. Why? Because identities can be created digitally, by default, rather than relying on people choosing to register or being found by registrars. Because far more data are gathered about people now than was ever previously the case. Because those data can be combined in complex data sets for different purposes. And because our identities have commercial value (to Google, Facebook and their advertisers) as well as personal, social and (perhaps) political importance.

More and more governments are seeking to digitise legal identities, often using biometrics. The advantage, from their point of view, is that ID systems become multipurpose – moving on from mere identification to providing direct access to public services and managing the state’s relationship with citizens (for example, through taxation).

Development agencies have been enthusiastic about the potential and results, suggesting this has improved targeting of services and reduced corruption. But there are potential problems too. Gathering data on individuals by default alters the relationship between the citizen and state. Collating data from many different sources on a single card or database means that individuals have less control over their own identities and how those can be used – by governments, by businesses, and potentially by criminals hacking into databases.

Not every state’s collecting data with benign intent. Legal identities should be used to target services on those that need and are entitled to them; but they can also be used to discriminate against individuals and communities, on political, religious, ethnic or other grounds.

Different views

Some countries – and some Internet professionals – have embraced digital identities enthusiastically; some – especially some Internet professionals – have not.

India has one of the most elaborate digital ID systems in the world, known as Aadhaar. I was present years ago when India’s then president set out his vision of an identity card that would include everything that government agencies might need to know about a person – including criminal as well as health and education records. Most of his audience was enthusiastic, but some were – and remain – concerned about risks to do with privacy and cybersecurity.

Estonia has introduced a mandatory ID card which citizens can use for many purposes that suit them as well as government, including digital signatures. Estonians appear enthusiastic, but citizens of other European countries have been warier of comprehensive digital IDs. The British government had to abandon a much less intrusive ID card proposal a few years back because of widespread hostility. Germans are said to be wary of detailed ID systems because of past (pre-war and, in the east, post-war) experience. Some Internet insiders prioritise anonymity over identity.

What’s new

The Information Society’s constantly presenting variations on a basic challenge: how to maximise the benefits of digitalisation without threatening the rights of individuals? The question’s almost never binary (all good or all bad), though some of those discussing it may want to think that way. The search is (or should be) on to find consensus on how to make technology inclusive and sustainable while mitigating threats to privacy and choice.

Last month, the World Bank published a set of Principles for Identification in the digital age, with the endorsement of UN agencies, IT businesses and NGOs. It looks for that consensus where digital identity’s concerned. Ten principles in three main themes.

First, inclusion. The Principles call for universal coverage from birth to death; no discrimination due to fees or differences in the availability of ICTs; and no discrimination resulting from the way that information’s used.

Second, principles for design. Systems should be robust, interoperable and sustainable; they should use open systems; and they should protect privacy by default, with proportionality and minimal disclosure.

Third, governance. There should be a comprehensive legal and regulatory framework to safeguard data privacy, security and user rights, including protection against inappropriate access and recourse for citizens when they feel their rights have been abused.

An assessment

I’ll make three final points.

First, these questions of identity will become increasingly important. The next wave of Information Society development (the Internet of Things) and the growing dependence of people in all societies on data-driven applications mean that far more data will be retained by default. Those we deal with will use those data to define us, rather than relying on what we tell them. That will include (for example) prospective employers, credit and insurance companies, and personal partners. Many services will become available primarily online. We’ll need digital identities to access them effectively.

We need to think now about how we want identities to be defined in future if we want to retain much say about how they are recorded and how they’re used.

Second, questions such as these are never binary. Digitisation doesn’t make things better or worse; it makes them different. The kind of multistakeholder discussion that’s become the norm in ICTs is well suited to finding rough consensus between opportunities and threats.

Guidelines like those the World Bank has prepared will never be perfect and may not be long-lasting, but that should not deter us from them. If we’re to shape the Information Society, or retain principles we value in the digital age, we’re going to need many exercises of this kind. Without them, we’re likely to see rights and inclusiveness take second place to government/business efficiency.

Third, agreeing guidelines is just one stage in a more substantial process. They help to set a tone for governance, but implementation’s going to vary between countries. Citizens in some are going to be warier of ID systems than citizens in others. Governments in some are going to be more respectful of citizen’s rights than those in others. Some governments will use ID systems to oppress their citizens rather than to help them. Monitoring guidelines will be as important as agreeing them.

Next week I’ll comment on Mark Zuckerberg’s recent manifesto for our online future.

More about David Souter here.

Topic: 
Region: 
« Go back