UK govt urged to step up role in digital ID as public good at Westminster eForum
Digital identity is a public good which requires government support and regulation while tech and service providers are going to have to take responsibility for security and fraud, rather than individuals as attacks become more sophisticated. The UK needs to make decisions quickly on areas such as verifiable credentials otherwise it will be isolated from international interoperability and decreasingly attractive as a place for investment.
These were some of the thoughts coming out of the latest Westminster eForum, which aimed to deduce the next steps on digital identity in the UK.
Public and private and make it this year
TechUK, a trade body for the tech sector and its societal impact, is committing to focus on examining digital identity in healthcare and the metaverse in 2023, and also has some priorities for progress for the concept in the UK generally, as outlined by Sue Daley, its director for Technology and Innovation.
The trade body with close to a thousand members wants to see the delivery of the UK Digital Identity and Attributes Trust Framework (DIATF), build public trust and confidence in digital ID, ensure interoperability between public and private sector digital IDs and prioritize international interoperability.
“This year we must deliver the framework,” said Daley, hoping the government will get it over the line and that it will be “practical, proportionate and pro-innovation.”
“TechUK fully supports DCMS’s high objective to enable interoperability to ensure optimal outcomes from the perspective of the end-user and data subject,” said Daley. “Therefore, to truly represent interoperability, we strongly advocate the use of private sector digital IDs across government services and vice versa.”
International interoperability – if the UK is clear on what it wants
Interoperability and common global standards in digital identity would “prevent a fragmented global market” and lead to greater take up, added Daley.
Andrew Bud, founder and CEO of the UK biometrics provider iProov said that while there is a lot of innovation and policy activity in the UK for digital ID, there is no clear political leadership on the issue. Whereas in the EU, there is a clear industrial policy, such as the decision to embed verifiable credentials in the EU digital identity wallets. There is no sign of VC’s being part of ID in the UK.
“We’re making great strides forward,” said David Rennie, director of Market Strategy for Digital Identity, Idemia. “In many ways the UK has been a leading market in pioneering the concept of digital identity; perhaps because of our complicated past and our complicated relationship with the subject.”
Rennie noted that there are two approaches emerging – both private and public digital identity. He warned that there needs to be clear policy on identity in the country if it is to secure investment from firms such as Idemia, the French identity giant.
Martin George of the Digital Identity Expert Group at the Biometrics Institute concurred that policy is key. According to the group’s ‘Three Laws of Biometrics,’ policy must come first, followed by process and finally the technology. He also warned of the lack of public testers of biometrics solutions, noting that NIST in the U.S. is one of very few.
Threats to society and individuals
“As a community, as an industry we need to get this right. The harm that compromised digital identities cause to citizens individually, to organizations and to society as a whole is becoming dramatic,” said iProov’s Bud.
He believes that the scale of fraud – £88 billion (US$109 billion) laundered each year in the UK – “corrodes the very basis of Western society.”
“Much of what is required for digital identity is a public good. If we’re talking about widescale trust, network effects, adoption – these are public goods, they are externalities. And public externalities, public goods: these are things that government has to intervene in, in order to remove barriers to entry, in order to promote innovation, in order to drive adoption and in order to drive trust. So regulation is essential.”
TechUK also hopes that digital identity will reduce fraud, instil greater confidence in people and give them greater control of their own data.
Firms must take responsibility
The roll out of digital identity must be inclusive and tech providers must take responsibility for security, said Bud. A trend of identity security being linked to the security features of a particular device or handset could end up being discriminatory towards those who cannot afford the latest models, according to Bud.
“Most importantly of all, when I hear people saying ‘We have to educate the public on this, we have to teach them about that’ I think that is fundamentally wrong,” said Bud. “The binomial between usability and security is no longer acceptable and it’s especially not acceptable in the world of digital identity. It is our task to relieve users of the burden of responsibility, to make the problem of usable security ours rather than theirs.”
Legal clarity on benefits of digital identity
The use of digital identity tools in the legal sector can actually improve compliance and lead to improved customer outcomes, found a study by LawtechUK, an organization backed by the Ministry of Justice and that aims to transform legal practices.
Head of LawtechUK, Aleksandra Wawrzyszczuk, said that an oft-cited barrier to adopting digital ID tools was “other regulatory duties including practitioners putting themselves at risk, particularly over AML responsibilities.”
In a statement put out by Regulatory Responses Unit, a forum managed by LawtechUK and that brings together legal services regulators and public bodies, members clarified that when practitioners outsource AML, they are liable in the same way whether they use digital identity verification tools or manual checks. The legislation applies equally.
Their study found that no regulator in UK jurisdictions prevents use or reliance on digital means of identity verification in legal services, that such tools can improve compliance and that they are a valuable tool in anti-money laundering.
“It is critical the legal community keeps up with advancements in technology and responsibly deploys them to the benefit of their clients and wider society,” said Wawrzyszczuk.