World foundational digital identity systems under review by Privacy International
Privacy International has begun a series of investigations into the technologies behind foundational digital identity systems in place around the world. Their aim is to assess the platforms in terms of technology and infrastructure, but also any associated issues such as exclusion and the potential for abuse of surveillance and tracking of individuals across all government agencies and private sector providers via a unique identifier.
The investigatory series will look at the major foundational systems in use around the world. India’s black box proprietary Aadhaar, Estonia’s open source X-Road based system e-Estonia (also in use in Finland, Azerbaijan, El Salvador and the Faroe Islands) and the Modular Open Source Identity Platform (MOSIP), in use in Morocco, Guinea, Ethiopia and the Philippines, with Sri Lanka deploying its system soon.
Report 1: MOSIP
The additional reports dedicated to each of the three systems will be published in due course, with the MOSIP one already available.
MOSIP is an open source and open standards-based foundational digital ID platform. It is modular and API-based. This means any particular component can be replaced, with no vendor lock-in issues. It is funded by the Omidyar Network and the Bill & Melinda Gates Foundation as well as India’s Tata Trust. It is governed by an Executive Committee and Technology Committee and has an International Advisory Group with members such as UNHCR, ID4D, ID2020 and ID4Africa.
Privacy International gives an overview of the digital identity technology stack behind MOSIP, and examines its deduplication processes which can require manual adjudication with a queue system.
The documentation available also explains what a state would need to do to implement the system in terms of legal frameworks and ensure transparency.
Overall, the report assesses MOSIP as a sure step towards establishing an identity system based on privacy and which can be continually updated. Though there is no guarantee that a country would enforce these principles of engagement.
There has been a recorded issue of exclusion in its implementation in Morocco. The General Directorate of National Security announced a new generation of identity cards in 2020, but according to a draft law the card would only be printed in Arabic — one of the two official languages of the country — and French, a foreign, non-constitutional language. The second official language, Tamazight, an artificial standardized version of Berber, is omitted.
This contravenes regulations aimed at gradually including Tamazight in Morocco’s public life and encouraging the usage of the language in administrative documents, including national identity cards.
biometrics | data protection | digital ID | digital identity | identity management | MOSIP (Modular Open Source Identity Platform) | national ID | privacy | Privacy International | surveillance | X-Road