Digital ID governance frameworks must promote inclusivity, trustworthiness, reliability
Representatives from governments, leading international institutions and civil society organizations working on digital ID development are convergent on their views that strong governance frameworks are a prerequisite for successfully implementing digital ID schemes.
Experts and researchers from the United Nations Development Programme (UNDP), the United States National Institute of Standards and Technology (NIST), the Organization for Economic Cooperation and Development (OECD), as well as officials from the governments of Kenya and Malawi, shared their views on this topic during a recent ID4Africa Livecast.
The virtual event, the 45th in the series, was premised on the theme “UNDP and NIST guidelines for digital identity and its governance.”
During the discussion, which focussed on addressing some of the challenges inherent in the implementation of digital identity projects, participants agreed that for digital ID systems to be successfully deployed, efforts have to transcend technological and infrastructural considerations.
Panelists observed that despite the rapidity in the development and deployment of digital identity systems, the design of robust and appropriate governance frameworks to guide those systems is not happening with the corresponding pace.
In their view, governance frameworks seeking to oversee digital ID systems must be inclusive, trustworthy, reliable, and accountable.
In the first segment of the discussion, panelists looked at the lessons which can be drawn from the UNDP framework for digital identity which was recently released, as well as the one designed by the OECD, a 38-member organization that has been working to strengthen government policy for better service delivery since the year 2000.
Governance framework not limited to regulation
Sarah Lister, head of governance, bureau for policy and program support at the UNDP, and Barbara Ubaldi, head of digital government and data unit at OECD, began by breaking down what governance means in relation to digital ID, before opining that a proper governance framework for digital ID doesn’t only mean having a specific law or regulation. It is an assemblage of many things, they explained.
“At the UNDP, we understand governance as a system of values, policies and institutions by which a society manages its economic, political and social affairs. This involves interactions between all stakeholders, including those from the private sector. In summary, it is the way a society organizes itself to make and implement decisions and to get mutual understanding, agreement and action. Public participation and people’s confidence and trust is vital,” said Lister.
“Governance is not just about having the legal or regulatory framework. To make a regulation or a law work, you need to have a system of other elements that work together to create an environment in which the law or the regulation can be implemented,” Ubaldi stated.
She added: “If you want to have a good digital identity mechanism, it is not enough to have an institution that coordinates the work, but you need to have many other stakeholders around the table. It’s important to speak the same language. A comprehensive set of policy levels is needed to compliment the regulation and even make it much easier to implement the regulation.”
“Governance systems need to be effective, inclusive and accountable to ensure that sustainable development takes place and that no one is left behind,” said Lister, adding that the demand for the introduction of such a guide for digital ID came from their partner countries and from the UN agency’s many years of work on legal identity and digitalization.
On how the framework should be used, Lister noted: “The UNDP digital ID framework is intended as a very practical tool to help countries as they are navigating the complexities of their current situation. We are not technology-driven.”
“It is meant to help people ask the right questions, align with normative frameworks to take them forward in their digital ID journey. Governance systems need to be effective, inclusive and accountable to ensure that sustainable development takes place and that no one is left behind,” she said.
To Ubaldi, the recommendations from the OECD’s own proposed framework include priority action that should be taken by any government to make sure the digital ID system developed is user-driven, has the right governance in place and that related characteristics like cross-border interoperability become a reality.
Civil society, an important player
Sharing her perspective, Nanjira Sambuli, research fellow at the Carnegie Endowment for International Peace, a development think tank with headquarters in the United States, said there have been too many assumptions made by governments when deciding frameworks for either legal or digital identity, or digital issues from a broader perspective.
Civil society is an important stakeholder in getting the right governance framework in place, she said, insisting that multi-stakeholder participation is essential. She added that it is also important for people who are largely affected by the implementation of these frameworks to be actively involved in their development and rollout at different levels.
UNDP’s digital ID framework in a nutshell
In another part of the Livecast, Risa Arai, program specialist for legal identity at UNDP, and Emrys Shoemaker, director at Caribou Digital, an advisory and research services company, explained details of the UNDP framework and how it should be used. In a synoptic manner, Arai noted that the framework seeks to address several inadequacies observed in identity systems.
They both detailed the eight categories of high-level elements that are crucial for the building of a robust digital ID governance framework. This, they said, include equality and non-discrimination, accountability and the rule of law, the legal and regulatory framework, capable institutions, data protection and privacy, user value, procurement and anti-corruption and participation and access to information.
Taking their own turns, Marianne Hernandez from digital rights group Access Now and Adeboye Adegoke of Paradigm Initiative, which works in the same domain, also shared their views on how they think digital ID systems can better be designed and implemented. This campaign, they said, is part of the work their respective organizations have been doing over the years. They posited that a good digital ID framework should address issues such as discrimination, privacy and security, and surveillance fears.
Govts committed to closing potential digital ID gaps
From the government perspective, Prof Julius Bitok, the Principal Secretary for Immigration and Citizen Services at Kenya’s Ministry of Interior, explained the efforts being made by Kenya to have an effective digital ID system in place.
“Kenya is on the road towards digital ID. For us as a country, it’s a very critical endeavor. Kenya feels that it is time to move with the rest of the world,” said Bitok.
Kenya early this month indefinitely suspended plans to launch its new digital ID scheme.
In terms of putting place the right governance framework, Bitok said a lot of work has been done, and is still being done, to ensure that they “close every gap and bring everybody to walk with us in this journey.”
Mphatso Sambo, Principal Secretary at the National Registration Bureau of Malawi, shared his country’s own experience. He said the country seeks to amend its National Registration Act with plans to factor in some of the recommendations of the UNDP’s digital ID governance framework. “A consultant is supporting us, making sure that we align with the UNDP framework,” said Sambo.
Malawi has one of the highest rates of digital ID coverage by any African country.
NIST updates on digital ID guidelines
The second part of the Livecast focussed on the NIST’s special publication 800-63, and the draft updates to its digital identity guidelines. The details of the changes were discussed in another webinar in July.
Ryan Galluzzo, identity program lead for NIST’s Applied Cybersecurity Division, told participants during the ID4Africa Livecast that the updates to the organization’s digital ID guidelines were prompted by various reasons, including the emergence of new threats and evolving attack patterns.
Connie LaSalle, senior technology policy advisor at NIST’s Information Technology Lab, explained some of the high-level features of the Base Volume for the 800-63 guidelines. She also spoke about the functions and roles of each of the volumes.
David Temoshok, NIST SP 800-63 program lead, talked about changes to the guidelines for identity proofing and enrolment.