SSI models offer best hope for building effective digital ID, academics posit
Authors of a position paper which delves into the technical and legislative frameworks of some digital identity systems around the world have expressed a penchant for the self-sovereign identity (SSI) model, saying it offers “the best technical and governance conditions for building a national digital identity management system.”
This, the authors believe, is especially important in a context where state surveillance and all forms of cyber-crime are on the rise, just as is the yearning for trust by citizens and even service providers.
SSI systems based on blockchain infrastructure place a high premium on personal data protection and privacy, they argue.
“SSI operate in zero-trust environments where the trust is rooted on decentralized ledgers, users have full control and ownership of the identity management data and able to present service providers with reliable credentials certified by trusted issuers,” the researchers say.
They emphasize that an SSI system should not be seen as doing away with the role of public authorities and trust service providers. They propose instead that those actors be integrated into the SSI ecosystem in a way that strikes a balance between “the user’s experience, security, and liability, and the efficiency of a national identity system.”
Whatever the architecture, model and legislative frameworks are, the writers sustain that “a national digital identity solution should be able to provide a trusted way for businesses and private entities to onboard their customers and for customers to subscribe and enroll to different services in a simple, secure, and privacy-preserving manner.”
The authors also argue that systems incorporating self-sovereign identity are “easier to open to the private sector than other systems because of their decentralized nature and the high level of user autonomy they provide.”
Importance of data privacy
Emphasizing the need for personal data privacy, the paper holds that legal frameworks for online identity should balance privacy with accountability for fraud, hate speech and cyber terrorism.
“Technological choices for building online identity solutions must align with legal frameworks. The same logic applies to national digital identity solutions where users are provisioned with trusted digital identity attributes that can be used to perform the needed online transaction in a secure and private way,” the paper reads.
It mentions that while the implementation of national digital ID systems and solutions differ from state to state at various levels, there are fundamental common aspects that must occupy a preponderant place in the design and implementation process, one of which is a proper foundational governance framework.
Legal frameworks for digital ID schemes, they posit, often include personal data protection measures which are important for building and guaranteeing trust. Because this aspect is vital, the authors laud the growing number of countries adopting personal data protection legislations, even if they do not yet run national digital ID systems.
“It is positive to see that personal data protection Acts are being adopted [by countries] even though they do not have national digital identity solutions. From one end, such Acts will provide protection for users while using any online solutions. From another end, they will lay the appropriate legislative ground for future digital identity systems.”
Kernel of the position paper
Released earlier this month, the position paper takes an intent look at the various technical and legislative templates of digital identity systems in some countries around the world, and their different models and field implementation realities. The similarities, differences and functionality of different ID system such as those in the EU (eIDAS), Britain, France, Estonia, India’s Aadhaar and Singapore’s Singpass are examined. Their advantages, limitations, and use of biometrics or other de-duplication methods are compared.
The authors note that while the use of digital identity is increasingly gaining ground as a seamless means of identifying and authenticating people seeking access to different forms of online services, it is of prime importance to address a number of related questions which belie the form and manner in which such systems should be run.
To the authors, the kind of legal framework guiding the design, deployment and use of trust services that come with national digital ID solutions is crucial.
The position paper is described by the authors as a guide for policy makers, solution providers and potential users to have a better understanding of the complexities of designing, deploying and using digital identity.
It also recommends that “states must encourage industries to create value and services around national digital identity solutions to ensure that the ecosystem is sustainable.”
Bhutan is one country currently implementing a digital ID system based on SSI principles.