FB pixel

Westminster Forum talks digital ID regulation, rollout and security

Westminster Forum talks digital ID regulation, rollout and security
 

Digital Identity is the focal point of the latest Westminster Forum policy conference, for which key stakeholders and policymakers in the biometrics and digital ID fields came together to discuss the rollout and use of digital identities and identity verification services in the UK by businesses, public bodies and consumers. Topics ranged from regulatory matters such as the Digital Identity and Attributes Trust Framework, to challenges with digital identity rollout, to digital inequality and inclusion.

On policy, Professor Anna Beduschi, a professor of law at the University of Exeter, spoke on the complexity of regulating a system that often focuses on privacy, but in fact encompasses many broader issues. Existing frameworks, rapidly evolving technology and a plurality of interested and affected parties all add to the overall complexity of the digital ID landscape.

Regulation and trust frameworks, Beduschi says, are “quite useful as a way of navigating the complexities of the digital identity landscape, because they provide these agreed set of rules and standards” by which all stakeholders must abide. She points to the pan-Canadian trust framework and work in the EU on digital wallets as solid examples.

She says challenges with implementing digital identity schemes tend to center around surveillance and distrust in digital ID from a data protection standpoint. People do not yet trust digital identity enough to embrace it. Which, says Beduschi, is exactly why privacy and data security need to take precedence in design.

“It is important to have data protection and privacy that should be at the center of the design development implementation,” she says, “but also evaluation of digital identity systems once they are already implemented. In this way, a data privacy centered digital identity framework would be one in which data protection and privacy considerations are not just a mere afterthought – they’re really integrated into the design of this digital identity system.”

To win people’s trust, design digital ID that includes them

Another pathway to trust is inclusivity. Privacy is not always the primary concern, and Beduschi points out that distrust is often rooted in experience. It is important, she says, for people to understand and trust that, on a holistic level, digital identity systems will not exacerbate existing inequalities for marginalized communities, thereby marginalizing them even further. Clear provisions on transparency and compliance mechanisms are needed to win the hearts and minds of a wary public. “So this idea of not leaving anyone behind, I think it’s very important to communicate in this field of digital identity. And that is quite closely linked to the idea of digital identity systems that should enshrine accountability.”

Beduschi’s final piece of advice on digital identity regulation is simple: have a digital identity regulator. Or at least look at places where current roles and offices, such as the biometrics and surveillance camera commissioner or information commissioner, overlap.

Safety and security key considerations in age of hypercharged fraud

Robin Tombs from Yoti is among those who offered thoughts on the question of digital ID safety and security. Reusable identities like the ones Yoti provides via selfie biometrics, says Tombs, are inevitable, given the long list of ways in which highly determined fraudsters can hijack identity transactions for fraud.

“It might feel like very bad news that fraudsters find it very easy at the moment to beat systems,” says Tombs. “But reality is it will drive up the use of reusable IDs. I think that as fraudsters get really, really good at putting your information into web forms, or creating ID documents with your details on the document and sending them in, that becomes a real problem for regulators and businesses and for individuals. And it will drive more and more people eventually to use reusable digital identities where you take control of your unique passport, and take control of your unique face, and you bind them together in a reusable ID.”

Tombs expects policymakers to eventually patch up holes and start expecting businesses to use reliable verification and authentication methods such as encrypted biometric reusable ID. “Regulators are likely to remove the weakest ID methods as they begin to see that most of the ID fraud comes through certain things like just putting stuff into a webform or sending an email attachment,” he says.

Digital ID rollout depends on a foundation of trust

For now, uptake remains a problem on both an institutional and individual level. Interoperability and knowledge-sharing are issues. And while data privacy and data security are ostensibly foundational to digital ID, it always comes back to trust. Not only trust in organizations, digital ID providers and governments, but also in ourselves.

“I think we’re also putting a huge amount of faith in assuming that actually individuals want to take responsibility for their identity,” says Gus Tomlinson, chief product officer at GBG, which offers secure user onboarding services and identity verification. “And when we think about these things that actually have been managed by gatekeeper organizations for such a long time, putting that then into the hands of the consumer, whether digital savvy or not – and whether just turning 18, or getting to a retirement age – that’s a huge, huge thing that we’re deciding to do.”

Regulatory compliance is a key piece of the puzzle. But, like Professor Beduschi, Tomlinson also advocates for a more nuanced view of digital identity. “If we all work together to get a more complete view of a digital identity, and combine those data points to get a more precise and nuanced view of it, we can actually make the whole ecosystem easier, faster, safer,” she says. Tomlinson emphasizes that there is no silver bullet for any aspect of digital ID, and that “understanding the diversity of international identity features is also really, really key.”

Robin Tombs expects that the younger demographic’s love affair with phones will clear some of the hurdles to widespread adoption of mobile digital ID, but that forcing the issue on doubters in the meantime may not be helpful. Make it voluntary, says Tombs – and see how many people decide to stick with the old way.

“You know, let the consumer get on and choose what they want to do,” he says. “If people don’t ever want to have a reusable ID, that’s fine, as well. But I suspect they may find that some of the alternatives are more time consuming and more painful and possibly involve driving somewhere with a paper document. But if that’s what they wish to do, then that works as well. You know, I think a voluntary system is a jolly good idea.”

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

HHS removes Login.gov from grantee payment system after cyberattack

The U.S. Department of Health and Human Services has removed Login.gov from its grantee payment platform after a security breach…

 

City of Clemson pilots Intellicheck ID verification to prevent underage drinking

Identity verification provider Intellicheck and the city of Clemson have launched a 12 month pilot program that uses identity verification…

 

Rumors of liveness detection’s defeat have been greatly exaggerated

Photo and video face filters are perhaps the most mainstream use case for augmented reality –  and an illustrative test…

 

Companies House takes new measures to fraud fight, but not biometric IDV

Companies House, the UK’s business registry, has begun rolling out new tools to fight fraud and help cleanse the register…

 

Mitek: quarterlies, annuals, SEC actions

April 4, 2024 – Mitek is getting back on track with its financial reporting, which may be more reflective of the…

 

Jamaica parliament soon to receive draft digital ID regulation for scrutiny

Plans are being finalized to send the draft regulation on Jamaica’s digital ID program to the country’s parliament for examination…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events