Role of biometrics in national identity systems debated in Good ID Twitter chat
National digital ID systems should be focused on the individuals who use them, rather than driven by vendors, and should not treat all services the same way, according to comments from participants in a Twitter chat on the ‘appropriate uses of digital ID’ hosted by @GoodID.
Participants in the chat included Janaina Costa of the Institute for Technology & Society of Rio (ITS Rio), Isaac Rutenberg of the Centre for Intellectual Property & Information Technology Law (CIPIT), and Yesha Tshering Paul of the Centre for Internet and Society (CIS). Other groups participating included Unwanted Witness, J-PAL Africa and Privacy International.
Tools needed for appropriate digital identity practices technically savvy people who can understand the security concerns of implementing ID, according to CIPIT, and a comprehensive evaluation framework, according to CIS. Unwanted Witness notes the importance of an accompanying legal framework, and suggested a biometrics guide to provide an in-depth overview of the technology’s use in digital ID systems. ITS Rio emphasized the importance of human-rights centered design.
Natalie Smolenski of Hyland Credentials pointed out that security and privacy must be recognized as distinct concepts.
Asked about the impact of COVID-19, UK-based Simon Davis of Unfold Stories said the rush to implement unready systems had increased his skepticism of digital ID systems, while researcher and consultant Alexandre C. Barbosa pointed out the need for identity systems backing financial infrastructure to facilitate government measures like social assistance transfers.
The expansion of digital ID applications due to the pandemic, sometimes resulting in intrusive surveillance practices, was also noted.
@GoodID also asked to what use cases should be relied on in the design of digital identity systems.
“For too long, implementers of ID systems have been driven by vendors, overlooking use cases,” responded ID Consultant Jerome Buchler. “We work hard to reverse this trend. All stakeholders should have a say in the matter but the analysis should be balanced by a thorough risk assessment done with civil society.”
CIPIT noted that national ID at its core has only a single use case, which is the reliable verification of who an individual is, and warned against expanding digital ID use uncritically.
The conversation also covered how to safeguard against the misuse of digital identity systems, how to ensure appropriate usage in emerging markets, and how to ensure Good ID remains beneficial as technology evolves.
CIPIT suggested stakeholders should stop “pushing for biometrics,” due in part to the risk of data breaches. Others asked what could substitute for biometrics to establish the uniqueness of an identity, and CIPIT replied that many services do not require the level of assurance of uniqueness that biometric technology provides.