What are the advantages of decentralized digital identity?
The use of civic identity evolves with digital identity. Initially used for physical checks, identity is associated with a document that allows the holder to prove his identity by checking his photo. As the digital world develops, identity tends to be used for new purposes, including the possibility of providing access to online services or electronic services (e-services).
The steps of daily life, especially with the administration, are increasingly done online. This trend requires citizens to prove and secure their identity, just as with a national identity card or passport in physical space. Associated with a physical identity document, digital identity is the ability to authenticate securely in order to access, in person or remotely, government services.
For a State, different options exist for issuing and managing the digital identity of its citizens. Generally speaking, a distinction should be made between two types of architecture.
Under a centralized architecture, the digital identities of citizens are managed in a central database and each citizen is associated with their identity through one or more factor authentication.
India’s Aadhaar identity system is a prime example of centralized architecture. It is the largest biometric identification system in the world, based on the enrolment of people with their biometrics and the association of an identity number with a set of biometric data. Aadhaar has undeniably marked an important development in the identity system in India. Online identity verification is performed through a biometric match with a central database whenever a user needs to have his identity verified. The Unique IDentification Authority of India (UIDAI), the entity behind Aadhaar, has decided not to issue any official documents to citizens. However, this system based solely on biometrics has led to several problems:
- Biometric data are kept in a central database, at the risk of being compromised. According to the World Economic Forum (WEF) 2019 Global Risks Report, “The largest (data breach) was in India, where the government ID database, Aadhaar, reportedly suffered multiple breaches that potentially compromised the records of all 1.1 billion registered citizens. It was reported in January that criminals were selling access to the database at a rate of 500 rupees for 10 minutes, while in March a leak at a state-owned utility company allowed anyone to download names and ID numbers.”
- In the absence of official documents, users have to rely on other proof of their identity, which has led to an increase in fraud rates.
- This type of solution requires providing the police with costly biometric control equipment.
- The control can only be carried out in online mode, requiring global coverage of the country by a telecom infrastructure.
This type of architecture makes the system more sensitive to security attacks: whether these attacks are related to a technological aspect or to a human failure. Indeed, centralized systems are increasingly targeted by attacks or system shutdowns (denial of service attacks). For example, on April 27 2007, the first cyberattack targeting a State structure took place in Estonia where a major attack was carried out against the infrastructure of a third State. In the future, quantum computers are likely to become another means of attacking centralized databases.
With the decentralized architecture, the citizen keeps with him the proof of his identity contained in one or more identity media. Feedback shows that using a single document as a key to access government or private electronic services generally tends to meet limited adoption by citizens. A digital identity, derived from the root identity contained in the identity document and integrated into a mobile device (PC, tablet, mobile phone, etc.), is the most successful proposition in Europe. The inclusion of digital identity in the identification system becomes an essential enabler, allowing the adoption of e-services by citizens. For instance, identity cards issued by the Estonian government allow citizens to:
- Travel within the European Union
- Benefit from nationwide health coverage
- Prove their identity when connecting to bank accounts
- Generate digital signatures
- Be authenticated to vote
- Check their medical records, submit tax claims, etc.
- Take charge of e-prescriptions
- And much more!
Among the different identity management systems available, those based on the decentralization of identities offer the greatest security and have the most citizens' confidence: several hundred million new documents are produced each year, without any major attack suffered at this day. The digital identity card, a means of electronic identification, contains the citizen's root identity. Citizens manage the confidentiality of their data and the generation of derived identities in different potential formats via their identity medium:
- Proof of legal identity
- Proof of attributes (for example over 18) or of rights without disclosing all identity data
From a usage point of view, establishing a decentralized identity architecture based on an accurate population register and a reliable identity document infrastructure allows governments to offer a wide range of additional services to their citizens. These additional services are increasingly a combination of government-run public services and private initiatives.
Access to e-services can also present challenges related to the low penetration of information and communications technologies in some countries, to the internet fraud and the privacy concerns, due to the appearance of various types of spyware and security vulnerabilities.
The main driving force of the success of e-services is political will. Coordination between government agencies and services is essential to develop cooperation between different authorities in order to better meet the demands of society. The role of government can range from being a regulator of services (in finance, telecommunications, education, health or a subset of these) to being an active coordinator in the deployment of services.