FB pixel

Privacy and security concerns from digital identity growth addressed by civil society, governments

Privacy and security concerns from digital identity growth addressed by civil society, governments
 

Even before the pandemic hit, digitization was growing at an incredible rate. Now, the need for contactless services has increased the global appetite to provide eGovernance platforms and the digital IDs to securely access them. While some nations seek to retrofit their systems to adapt to these new requirements, others are attempting to leapfrog into providing digital identity via their emerging mobile markets. But this jump into the digital age is a far more complex undertaking than the introduction of a new government website or app.

With growing digitization comes a greater need for legal and technical safeguards to ensure privacy and security.  And as such, sufficient security infrastructure and legislation seem to be the one common concern shared in the global digital ecosystem. Various international actors and governments are now examining (and in some cases re-examining) their approach to digital ID to better protect their citizens’ privacy, including the World Bank and the European Commission, NGOs, and nations such as Switzerland and Portugal.

World Bank digital ID initiative to help nations develop data protection frameworks

The World Bank is currently driving global efforts to build an inclusive and trusted digital ID framework through its Identification for Development (ID4D) initiative. Among the main goals of this project are data integrity, security, and protection amid the rising global trend of digitization. ID4D will provide advocacy, research, and technical guidance to help partner nations leverage the advantages of digital identity for development according to a World Bank blog post.

Trust and inclusiveness are at the center of this digital initiative, as World Bank believes that these will be the guiding factors ensuring the success of national digitization programs. According to the bank, growing global digitization provides a significant opportunity to provide vital services to larger groups thanks to increased accessibility. Yet, no matter how innovative an approach may be, the bank believes that it can only succeed through proactive data protection measures.

As part of its ID4D efforts, World Bank is currently providing the necessary guidance to Nigeria, Somalia, and the Philippines. Assistance currently includes legal and regulatory frameworks, financial and technical assistance. One highlight is ID4D’s cooperation in driving privacy-enhancing technologies such as the Philippines Identification System’s privacy-by-design features that include data minimization and tokenization to protect sensitive personal data. Data Protection and the new digital economy will also be highlighted in World Bank’s 2021 World Development Report.

Eurosmart publishes policy paper on European Digital Identity

Eurosmart addresses several concerns regarding the preservation of European sovereignty and security issues amid the European Commission’s proposed digital identity initiative, EUid, in a policy recommendation paper.

The paper proposes a thorough review of the EU’s governance of digital identity providers to ensure compliance with EU laws. Eurosmart thus recommends a so-called “Europeanity” condition that would dictate a digital ID provider to be European registered. Furthermore, the paper calls for the European Commission’s introduction of identification and authentication security legislation for remote-server signing. Finally, Eurosmart suggests the EU align the Cybersecurity Act’s Levels of Assurance with those of the eIADS to strengthen the digital identity legal framework.

Swiss digital ID to be reviewed via referendum amid privacy concerns

Switzerland’s proposed digital identity is facing an uncertain future as opponents are forcing a referendum amid data privacy concerns. Opponents are primarily worried about the government’s limited role in the program as it currently decentralizes the eID, ultimately allowing private companies to handle citizen’s data.

The referendum was forced after a series of opinion polls showed nationwide opposition to the private sector’s role in overseeing the national digital ID program, writes SwissInfo.

Swiss civil society groups, trade unions, and left-wing parties came together and organized a 65,000-signature petition drive which produced more than enough support to force a referendum (Swiss law requires at least 50,000 signatures for this to happen). The vote will determine the fate of the proposed eID as well as Switzerland’s eGovernment platform, as it seeks to restrict private sector access to sensitive citizen data. Currently, Switzerland puts control over the digital ID and the associated data in the hands of each of its regional authorities (known as cantons) and, by extension, their private-sector contractors. If opponents succeed in their demands, the Central government would henceforth manage and control both the program itself and its data.

The proposal is the latest in a succession of digital identity efforts in Switzerland. In 2019, after a series of unsuccessful attempts, the central government passed a law defining the framework of the nation’s new digital identity to ease access to digital government services. Yet, while the program was a welcome step into innovating government services, its current implementation has alarmed critics as it allows private companies to handle sensitive personal data.

The real issue, however, is not private-sector control but that these companies are not being regulated like many of their European counterparts. Switzerland is not a member of the European Union, and therefore its eID does not need to conform to regulatory frameworks such as the EU’s GDPR. As such, opponents feel that their data would be in much safer hands were it to be handled by the central government.

SMEX advises against biometric digital ID in Lebanon

Digital advocacy group SMEX advised Lebanon against introducing a new biometric digital ID program to fight voter fraud and ease access to government services and benefits. The organization made the recommendation after it examined the feasibility of having a biometric digital ID for Lebanon in its latest report: The Future of Biometrics and Digital ID in Lebanon: Assessing Proposed Systems for Elections and Social Assistance. The report examines whether the upcoming 2022 elections could revive Lebanon’s failed digital ID program and how such an initiative could affect election integrity.

While proponents of biometric digital IDs regard it as key to ensure fair elections, SMEX disagrees as its data shows that the proposed ID’s would not curb fraudulent practices. The group further explains that fraud does not occur during the voter authentication process but after the ballot has been cast. This can be caused by questionable practices such as voter ID confiscations by party officials, who then endanger ballot privacy.

In addition to this, SMEX argues that digital ID would fail to provide vital government services more efficiently thanks to shortcomings in Lebanon’s bureaucratic infrastructure. The NGO believes that rather than increase benefits and social services, a digital ID would only make citizens subject to surveillance and discrimination. This, they argue, is mainly due to Lebanon’s poor record in data protection and handling due to shortcomings in its technical infrastructure.

Another serious shortcoming, SMEX says, is Lebanon’s lack of sufficient legal guardrails to protect data privacy. As such, Lebanon’s E-Transactions and Personal Data Law is outdated and does not provide the same protections as similar legislation in Europe such as the GDPR. The group made a set of recommendations in place of introducing a biometric digital ID program. To fight electoral fraud, SMEX believes electoral reform is needed. Furthermore, it suggests a review and re-design of Lebanon’s legal frameworks and infrastructure. SMEX also suggests initiatives to increase transparency in the biometric data collection process before full implementation.

Portuguese report highlights nation’s move to digital identity

A recent report published by Portugal’s Administrative Modernization Agency AMA highlights the European nation’s journey to establishing a national digital identity. Portugal began launching its move to digitalization in 2007 and has since introduced various innovative programs to meet the evolving demands and challenges of the digital world.

The comprehensive overview follows Portugal’s path to a digital identity by providing a timeline of developments beginning with its Citizen Card launched in 2007. This smartcard contained citizens’ identification data on an embedded chip and allowed individuals to authenticate and identify themselves as well as provide digital signatures. Portugal’s Citizen Card also made a group of previously needed government-issued documents, such as the Tax ID Card, the Social Security Card, or the National Health Card, obsolete. While the Citizen Card offered many advantages, it also ran into some physical hurdles as it required smartcard readers and integrated card reading devices. Portugal introduced the Digital Mobile Key (DMK) in 2014 to streamline its digital identity process. This new approach allowed users to securely authenticate themselves and sign documents using their mobile devices, making physical smartcard readers obsolete.

Building on the success of its previous initiatives, Portugal introduced the Professional Attributes Certification System (SCAP) in 2018. This new platform combined digital identity services for citizens with business and organizational attributes to enhance business and other professional transactions using electronic signatures. These technologies were finally amalgamated into Portugal’s ID.gov.pt mobile application which acted as a mobile digital ID and wallet making physical documents obsolete. Finally, Portugal’s combined eID ecosystem was moved to authenticao.gov to provide a comprehensive platform for the nation’s digital identity and government services. Portugal hopes to meet the rising needs and challenges with further innovations, as the shift towards a digitized world is being accelerated even faster due to the ongoing pandemic.

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

US Justice developing AI use guidelines for law enforcement, civil rights

The US Department of Justice (DOJ) continues to advance draft guidelines for the use of AI and biometric tools like…

 

Airport authorities expand biometrics deployments with Thales, Idemia tech

Biometric deployments involving Thales, Idemia and Vision-Box, alongside agencies like the TSA,  highlight the aviation industry’s commitment to streamlining operations….

 

Age assurance laws for social media prove slippery

Age verification for social media remains a fluid issue across regions, as stakeholders argue their positions to courts and governments,…

 

ZeroBiometrics passes pioneering BixeLab biometric template protection test

ZeroBiometrics’ face biometrics software meets the specifications for template protection set out in the ISO/IEC 30136, according to a pioneering…

 

Apple patent filing aims for reuse of digital ID without sacrificing privacy

A patent filing from Apple for ensuring a presented reusable digital ID belongs to the person holding it via selfie…

 

Publication of ISO standard sets up biometric bias tests and measurement

The international standard for measuring biometric bias, or demographic differentials, is now available for purchase and preview from the International…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events