Potential ways to avoid digital ID’s dark side concludes ID4Africa trilogy
Different digital identity systems and technologies were considered in ID4Africa’s final livecast of trilogy on ‘The Dark Side of Identity,’ with reference to the concerns raised in the first two episodes of the set.
Part 3, titled ‘Building responsible ID systems by design,’ began with Executive Chairman Dr. Joseph Atick began by asking Sanjay Jain of MOSIP about his time as an architect of Aadhaar about the lessons learned from the world’s largest national mass-enrollment project. Jain explains that the registrar role came partly out of the desire to keep the managing agency (UIDAI) as a small one. Registrars were tremendously successful, but in some cases did not adhere to the data minimization mandate of UIDAI.
He discussed the data protection in and extent of exclusion from the program, and also notes that at the ten-year point, Aadhaar is undergoing a broad review.
The discussion also touched on the role of population registries and the UIDAI needs to delete authentication data after six months due to an order from India’s Supreme Court. Deduplication requires a centralized system, Jain and Atick agreed, but authentication does not.
Many of the criticisms leveled against Aadhaar, Jain suggested, are drawn from the audits which have proved effective at identifying problems and enabled them to be rectified. He also claims the dispersal of COVID relief funds within 24 hours to hundreds of millions of people was a major victory for Aadhaar.
Different environments, different approaches
Philippe Jung of IN Groupe spoke about Europe’s plans for new eIDAS regulation, and the digital ID situations in France and Monaco. France’s system is based on identity and service providers, each part of a federation, and the France Connect platform.
The eIDAS proposals include the provision of a digital wallet by every European member state, and a toolbox ready by September 2022, and Jung discussed the benefits of interoperable digital identity in the bloc.
The potential for the persistent, unique identifier proposed for all Europeans to clash with the surveillance protections in Europe’s GDPR were discussed following the presentation, as were the technology choices yet to be made for the proposed digital wallet.
Jennifer Walker and James Eaton-Lee of Simprints presented lessons from its experience of biometrics programs in the field, presenting a series of important considerations for ensuring successful deployments, including critical analysis of each project’s requirements and the appropriateness of various technologies, modalities and partnerships. Eaton-Lee noted that in choices of where to store data, inflexibility and inappropriate choices have been observed to negatively impact many projects.
The company presented a seven-point checklist to ensure biometrics deployments are both effective and trustworthy.
The discussion touched on the security and data-sovereignty concerns that can accompany cloud-based systems.
Dr. Gbenga Odegbami of Youverify presented the company’s approach to ID document and selfie biometrics checks, which has improved customer onboarding rates by up to 20 percent. Odegbami explained the company’s SaaS business model and expansion plans into other countries in Africa in 2022.
The company has an impressive customer list for a startup, and appears to be growing rapidly.
The data stored by Youverify and the development of its self-sovereign identity service, currently in beta.
Protecting biometric templates
Frances Zelazny of Anonybit emphasized both the inherent benefits and vulnerability of centralized identity databases, and presented her concept for matching biometrics against biometric templates stored as decentralized fragments on a network without recombining them. The system relies of separate storage, mapping and computation nodes.
Dr. Norman Poh of Trust Stamp presented different options for protecting biometric templates, including cancellable biometrics, homomorphic encryption, cryptosystems and hardware security solutions, and how they relate to the concept of ‘fuzzy tokens’ as in the company’s method for protecting biometric templates.
He then showed an example of a possible ID infrastructure for the humanitarian sector.
ID4Africa is currently seeking speakers for its 27th livecast, on mobile technology for identity management and inclusive identification-for-development (ID4D) in February, 2022.