Trustworthiness vs. Trust: UK institute breaks down biometric ID in search for the best system
The Alan Turing Institute has published technical briefing breaking down the idea of trustworthiness of digital identity management.
In an indication of how much the thinking of biometrics-based ID players has become more nuanced, the Turing briefing notes that it addresses trustworthiness, not trust itself.
Authors of the report note that it is important for digital IDs to be trusted, that issuer and holder alike believe in a system’s integrity and competence. This project, however, is about creating systems that are “deserving of trust,” in the authors’ words.
It is part of a larger institute project focused on how to design digital ID programs and components that deliver the privacy and security that governments and their citizens demand of the systems.
The briefing identifies six pillars necessary to address to assure all the stakeholders that a national digital ID deserves their trust: security, privacy, ethics, robustness, reliability and resiliency. All are defined in the document.
The document goes on to identify preliminary trustworthiness-assurance features and mechanisms of the pillars.
Security, for example, is broken down to confidentiality, integrity and availability (which themselves are broken down to constituent parts. And there are more than a dozen features and mechanisms comprising security, all of which would be familiar to a chief information security officer.
Ethics, a squishier topic, is broken down to transparency, fairness and explainability. It, too, has features and mechanisms, including data and process provenance, decisions that are made based on user consent and evidence that ID holders can monitor the use and potential misuse of their IDs.