Centralized, decentralized or neither: which national digital ID system will you choose?
Are you in the market for a national digital identity system, but cannot make up your mind? We take a look back at the issues affecting your options.
2021 has seen progress – at different speeds – among identity schemes of all shapes, sizes and formats. The traditional method of having a central store of data comprising the identities of all of a country’s residents has developed dramatically over the decades as it has been digitized, to a place where more and more aspects of governance can be linked to it.
A different approach emerged, where the individuals have control of their own identities. Estonia is the go-to example for a more decentralized architecture, although other countries have adopted some of the same tools.
But what if neither of these feel right for your country? What if you feel a government digital ID system would be politically or culturally awkward? Then establishing a Trust Framework and leaving it to the private sector, competition and customer choice might be your best choice.
Centralized digital identity in 2021
Good for: a country looking to know as much as possible about its people or that wants to issue a physical card with one number for everything
Technological developments have refreshed what might have felt somewhat old-fashioned so there is no need to feel outdated with a centralized system.
The approach involving a unique identifier number which can track an individual across all sorts of government departments and services is often a politically easier system to sell. However, most of the bad press for ID system abuses has gone to centralized systems over the past year.
India’s Aadhaar system, the world’s largest biometric digital identity scheme, is centralized, proprietary and technically problematic, found a report by Privacy International. Further criticism came from a report by campaign group Access Now warning of what it sees as the dangers of Aadhaar being viewed globally as a standard bearer. Just in the last week the system has caused fresh controversy as the government is attempting once again to link the database to voter ID. Overall, a look through our Aadhaar story index is a regularly updated stream of political issues.
It has been a more mixed year for Nigeria’s centralized scheme as it has slowly edged forward in terms of registrations, hitting the 70 million mark (population 207 million) as more partners join the effort to register people. But while the country is merging its databases such as driving licences and passports, it has once again failed to bring in data protection regulation.
On a more positive note is the modular, open-sourced centralized system, MOSIP (Modular Open-Source Identification Platform). Unlike other centralized systems, this scheme has been mostly well-received this year.
The Philippines has built its ID system on MOSIP and has raced ahead with registrations, with 50 million people expected to have completed the first step in the process by the end of 2021 and more than three million having received the final ID card after completing all steps – and this has taken place during the pandemic. A recent $600 million loan from the World Bank (also a member of MOSIP’s advisory board) will no doubt help the scheme along.
Decentralized approaches in 2021
Good for: a country with high IT literacy, hopes for something more international
If giving every citizen a way to own and control the use of their digital identities seems futuristic, Estonia has been doing it since 2001. Estonia even made the code for all of its public sector integrations available for free online earlier in the year. The country also uses the X-Road open data exchange system, which helps support applications using digital ID, and has been adopted by well over a dozen countries worldwide.
Much of the news this year for decentralized digital identity has been at the technological level, and encompassing Self-Sovereign Identity where individuals have clear control over the use of their ID and data, seen by many as the ultimate or logical endpoint for identity systems worldwide.
Trust Frameworks for digital identity
Good for: a country biding its time, ID-system-averse, wanting to be seen to be doing something, or made up of highly autonomous states or regions
2021 has been the year for Trust Frameworks – regulations, guidelines, codes of conduct for how providers should operate a digital identity, how it can be assessed and how others interact with it.
The UK and Australia have been active in developing these frameworks as a way for the public and private sectors to prepare for digital identities, and without needing to roll out a national system. In a way, they can be seen as an extension of decentralized identity schemes as individuals can choose their identity provider.
For example, Australia has a Trust Framework and pilots for federal issues such as digital ID for buying alcohol, while the state of New South Wales is already developing a digital wallet for decentralized digital identity. Federally, Australia is rapidly developing its framework.
Identity-shy Britain could inadvertently be providing research, ecosystems and even thought leadership on digital identity possibilities reached through Trust Frameworks, rather than a de facto national system. The country’s national institute for data science and artificial intelligence, the Alan Turing Institute, has had a highly active 2021 driving engagement worldwide around its commitment to developing ‘trustworthy’ digital identity, going beyond the concept that credentials should be trusted because of who issued them, to a future where they will be intrinsically trustworthy for how they are built and used.
Within each type of approach to digital identity a broad range of choices and outcomes are possible. One must be chosen, however, to accomplish any of the potential gains of digital identity, and the appropriateness of that choice will go a significant way towards determining its ultimate success or failure.
This post was updated at 11:29am Eastern on December 29, 2021 to correct the relationship between X-Road and Estonia’s digital ID system, and clarify terminology.
biometrics | data protection | decentralized ID | digital identity | government services | identity management | interoperability | national ID | self-sovereign identity | standards | Trust Framework | X-Road