iProov and OIX leaders respond to Blair Institute report
A public call by the Tony Blair Institute for the UK government to issue decentralized digital IDs to all who want them in the Kingdom is on the right track, but with some important caveats, two experts in the field of digital identity say.
A report released this week by the think tank suggests mobile device-based storage of all credentials needed for a wide range of digital interactions, and touched off a wave of apprehensive responses.
Voices within the industry are more measured.
Andrew Bud CBE, CEO and founder of iProov, says that digital identity will improve citizens lives “hugely” and “in every society,” but must be widely accepted and respect the privacy, security and ease of use needs of citizens. It must also be inclusive.
“The UK has already seen some successful public solutions, like NHS Login and GDS OneLogin, but to date they’ve been fragmented and citizens have yet to reap the full benefits of a digital ID scheme,” Bud tells Biometric Update in an email.
“What’s clear is that we need a harmonised and universally accessible system, based on global open standards. Many other countries have shown the benefits that such universal systems can bring — from Australia to Estonia, Scandinavia to Singapore,” he adds.
“For a digital ID scheme to truly be a success, it needs two things: Government’s strategic leadership, and adoption of robust global open standards. Only with these two elements will a resulting scheme remain available, highly secure, privacy-enhancing and accessible to all.”
OIX chief on board — partially
Open Identity Exchange (OIX) Chief Identity Strategist Nick Mothershaw notes that modern digital ID ecosystems give users control over their ID and data. ID proofing may utilize government documents or data, but not a national ID database or card.
“If a user has undergone an ID proofing process to a government certified standard, their Digital ID can be issued a level of trust that makes it equivalent to paper ‘ID documents’ such as a passport or driving licence,” he says in an emailed comment. “Once it has this level of trust, the Digital ID can be used to gather other credentials to prove what the user is eligible to do. As a result, the Digital ID can then allow the user to meet the trust needs of service providers who wish to accept digital versions of their credentials. So, as we can see, decentralised Digital IDs are a good thing.”
Mothershaw notes that digital IDs need to carry credentials from both the public and private sector, and make “smart” use of them, to be useful. This necessarily introduces complexity.
“Governments are unlikely to create a smart Digital IDs that will fulfil all the user’s needs, as many of these needs are in the private sector. This is because a government issued Digital ID is unlikely to:
- allow the user to also gather and share myriad private sector credentials, meaning the user will need separate private sector Digital ID capabilities too. Even if it did, users may be uncomfortable hosting some of their private sector credentials in a government issued ID, regardless of its distributed nature.
- be ‘smart,’ meaning it can process complex rules from the acceptors of Digital IDs in a way that means: the user does not have to understand those rules, but the user can rely on the Digital ID to provide data minimisation services and combined credentials as the users trusted agent. Users may find a government Digital ID service acting as their agent in the private sector unpalatable.
“In our view, Government should focus on issuing user managed ID proofs into certified private sector smart Digital IDs, or wallets. This will allow the private sector to provide users innovative Smart Digital ID services that blend trusted ID proofs from government, with public and private sector credentials.”