OpenID emphasizes human-centric approach, risk reduction for govt ID implementation

As the global shift towards national digital identity systems gains momentum, the complexities and risks in their implementation grow. A recent report published by the OpenID Foundation probes the challenges. It offers insights for digital identity stakeholders, emphasizing the centrality of human rights, user-centric designs, security essentials, and the importance of data standards in the realm of digital identity and biometrics.

The role of government in protecting digital identity

Governments have started various national identity initiatives, recognizing the importance of identification in achieving their social development and service delivery objectives. These initiatives are in line with the UN’s goal of universal legal identification by 2030. The growing global push for this Sustainable Development Goal has resulted in the launch of several government-led initiatives worldwide that are exploring digital identity technologies and systems.

The report states the importance of considering the risks and responsibilities that come with this push as governments and private entities develop these systems.

Firstly, it warns that technology has the power to enhance any negative human impacts already present within a given nation’s approach to legal identity. History offers many examples of intentional human rights violations enabled by legal identity systems.

Secondly, governments and their partners are asked to consider that they can cause harm in the way they process digital identity data, affecting society and unintentionally undermining human rights. All technologies are built with an embedded set of values that affect outcomes, whether those values are explicit, implicit, or even unconscious. Biased algorithmic judgements can negatively affect people’s lives, blocking access to benefits, insurance, employment, tenancy, or other critical needs.

Thirdly, as digital identity systems act as gatekeepers to a wealth of personal data, the report calls out that this may cause large-scale cross-sector outages and the loss of vast amounts of personal data to bad actors, affecting individuals and entire societies.

Additionally, as the capture, storage, and use of biometric technologies grow, the report proposes that so can the possible negative impact, as individuals can more easily replace a string of numbers than they can replace their iris, facial template, or fingerprint.

Addressing current digital identity paradigms

The report describes five paradigms (types) of current digital identity systems, noting that not one identity system will work everywhere. Nations have unique histories, social complexes, expectations of government and cultures that require different solutions.

It asks governments to strategically consider the risks, mitigations, and trade-offs of any project and design for the different use cases within which individuals and legal entities rely (or may come to rely) upon the exchange of digital identity data.

Recommendations for digital identity systems

With a call to focus on human rights and democratic values, the report advocates for a human-centric strategy in governing digital identity, recognizing inherent system risks. Endorsing the 2023 OECD Recommendation on Digital Identity Governance, this paper provides insights from sources like ID2020 and the World Bank’s ID4D without introducing a new framework. Instead, it suggests five key pillars unified by these principles, offering specific recommendations for governments. The pillars are human-centricity, strategic design and governance, secure and privacy-protecting identity systems and international interoperability.

Conclusion

According to the report, the opportunities afforded to societies and their governments by digital identity systems are vast, and the complexities and risks match them in scale. It proposes that through human-centered collaboration — embedding core values within every layer of technical and institutional design — that governments will deliver digital identity ecosystems that sustain and promote human rights and protect important identity data.

Article Topics

biometrics  |  data protection  |  digital identity  |  NIST  |  open standards  |  OpenID Foundation  |  SDG 16.9