Calling Utah: SEDI offers template for fast-tracking digital identity schemes

A presentation from Chief Privacy Officer for the State of Utah Christopher Bramwell at the FIDO Identity Policy Forum looks at how the state’s unique culture has influenced its leadership on digital identity in the U.S., in the form of its State Endorsed Digital Identity (SEDI) initiative.

“Part of Utah’s history,” Bramwell says – “why we care so much about privacy, and this does translate directly to digital identity – is when pioneers came to Utah, it was literally for autonomy, and it was to be left alone to live their life according to the dictates of their heart. That’s why many people came to America, whether as pilgrims or pioneers or immigrants: because you want something better and you want to do it according to your conscience.”

“And that’s a lot of what we’re talking about with digital ID. You need to engage in the free market, but do it according to your choice without being tracked, without being surveilled, without undue influence on how you’re operating. So you can live your life in the digital realm according to the dictates of your heart and how you and your family see fit.”

“Our approach is to separate identity from any privileges or licenses that are given by government. Identity should be separate, so that it is not something that there’s any reason to ever take away.”

Facing the reality of miserable data governance

It’s a lofty way for a state privacy commissioner to begin his talk, but Bramwell also lays out the more practical context for SEDI.

“Most cities, counties, towns, states, service districts, universities, and even at the federal level are really struggling when it comes to data governance. I can say confidently at the state level on down, most states have no strategy to actually ever really dispose of data. They’ve never established clear purposes and uses of data.”

“All of this is is piling up now as we’ve modernized with it over the last 20 years, into either we’re going to fix it or there’s going to be less and less trust in government, and government’s going to be ineffective.”

In short, the tech world has always pushed implementation at speed, and laws, requirements and specifications have been perennially unable to keep pace. Bramwell and his colleagues took that as a challenge, and set out to establish a model to “transform government from top to bottom,” with the notion that other states could follow Utah’s lead.

Identity belongs to the individual; the state can only endorse it

Utah’s approach prioritizes comprehensive data governance in law and practice, verifiability, and personal data sovereignty. Bramwell sums up the model as follows: “Whoever controls the key controls the identity.”

“We want to ensure individuals are able to control their own keys and that the state’s role is to endorse their identity, but ensure they have a digital identity that can last their entire life, that can have perpetual verification, perpetual authenticity, and that can be resilient to key compromise so that you can maintain that authenticity and verifiability across key rotations that need to occur.”

He believes accelerated coordination that encompasses W3C verifiable credentials, MDOC, mDL, SEDI, wallets and other pieces can get widespread digital identity up and running in as few as five years.

“If we do this correctly, we can have the entire framework we need so that every city, every county, every federal agency, everybody can have the verifiable records being issued that they need to have issued. Everybody will be able to have a digital identity so that when they use it, they can engage in public and private transactions. They can have privacy. And we can do this in a way where people have equal data rights under the law.”

Long talks amongst stakeholders leads to good legislation

A key principle, he says, is to have buy-in across the political spectrum.

“In Utah, that’s actually what we’ve gotten really good at. We tried to do initial steps for digital identity four years ago and our House and Senate leadership said, ‘Well, you’ve got to get these groups on board first.’ And these were the most conservative groups that are anti-digital ID that you could imagine. So, we’ve actually had to spend three years almost, having the conversations to figure out how do you talk about this? How do you have healthy discussions?”

“Part of our approach is when you have those discussions with policy makers and you bring everyone to the table, you can actually get comprehensive legislation. And then other states are calling us.”

Article Topics

digital government  |  digital ID  |  digital identity  |  FIDO Alliance  |  government services  |  Utah  |  Utah State-Endorsed Digital Identity (SEDI)  |  verifiable credentials