Home/ Decision Guide / Who Is This Guide For / Understanding Digital Identity / Objectives / Appropriate Roles Of Actors / Establishing Trust / Technological Design Choices / Policy Design Choices / Governance Framework / Responding To Cybersecurity Threats & Failures / Case Studies

Digital Identities

Decision Guide

A project of the Centre for Internet and Society, India
Supported by Omidyar Network India

Decision Guide

This guide seeks to serve as a comprehensive toolkit to enable different parties to make informed decisions around proposed digital ID systems.

Who is this guide for?

POLICYMAKERS

To help inform policy and technological decisions around digital ID systems.

VENDORS

To lay out the range of technological choices available, and shift focus to more inclusive, privacy enhancing and open technologies.

CIVIL SOCIETY

To enable civil society to ask the right questions of, and make appropriate policy recommendations for digital ID systems.

RESEARCHERS & ACADEMIA

To facilitate further scholarship on digital ID systems that builds upon this Decision Guide.

JUDICIARY

To empower future litigants and courts to analyse questions of fact, necessity and proportionality, and best practices for digital ID systems.

Understanding Digital ID

This Decision Guide seeks to serve as a valuable resource when making decisions about a proposed digital ID system. For this, we need a shared vocabulary to understand and critically analyse all aspects of digital ID systems. Through a preliminary study of existing identity systems, we have arrived at this core set of concepts and processes that mark a digital ID system.

Designing Digital ID

Digital ID solutions are often vendor-driven, where a particular vision of technological specification dominates the process of designing the identification system. This is not ideal as it treats the identification system, or rather a pre-decided version of the identification system itself, as the end goal.

The process of designing a digital ID system must begin with its objectives. It must analyse the existing identification system and the desirable purposes it does not adequately meet. All these identified purposes for the use of the identification system must correspond to a legitimate aim identified in the valid law.

Some of the key objectives of a digital ID system are discussed below.

Objectives

Legal identity

National Population Registers and determination of citizenship

Welfare

Access and onboarding to private services

Voter fraud concerns

National security

Handling Covid-19

Appropriate Roles of Actors

A factor that characterises a digital ID system, is the actors that are involved in developing and managing it, and the role the State plays in this process. In this section, we discuss different roles assumed by States in ID systems around the world, the models of creation they have employed, and the policy consequences of these decisions. As part of this, we also address achieving interoperability through design of the system, and some common issues such as that of vendor-lock in.

Roles of the State

The state as the single id provider

The state as endorsing other id providers

The state as broker of id providers

Models of Creation

Service agreement

Build Operate Transfer/ Concession agreement

Vendor Lock-in and Interoperability

Interoperability

Open standards approach

Open source approach

Establishing Trust

At its core, digital ID seeks to solve the trust problem—how can an individual demonstrate who they claim to be, such that verifying parties may trust them. The current models for establishing this trust are largely top-down, with the primary motive of reducing identity fraud. However, there are multiple factors at play in determining the appropriate threshold for establishing trust which should guide the design of identity systems.

IDENTITY PROOFING LOAs

authentication LOAs

federation LOAs

Technological Design Choices

The use of digital technologies to aid the identification of individuals, the subsequent authentication of their identity, and to allow authorisation on their behalf is a common practice in emerging national ID schemes. We describe principles for the appropriate use of digital technologies in ID systems, common technical architectures that have emerged in their design, and summarise some of the key characteristics of these digital technologies.

Appropriate Use of Technology

Digital technologies can supplement existing manual processes but not entirely replace them
Storing biometric data in central repositories is ill-informed and not sustainable
Foundational ID systems must ensure separation of responsibilities
Seamless public-private interoperability increases data sharing and collection

Information Architectures

Source of identity or trust
Storage
Control and fault tolerance
Risk of re-centralisation

Identification Factors

Biometric Factors
PSEUDONYMOUS IDENTIFIERS
DOCUMENT VERIFICATION

Identity Artifacts

QR CODE
CONTACTLESS CARDS
SMART CARD OR SECURITY KEY W/ BIOMETRICS
MICROCHIP-BASED CARDS
SECURITY KEYS
SMARTPHONES & COMPUTERS

Authentication Factors

BIOMETRICS (CENTRALISED)
DOCUMENT VERIFICATION
ONE-TIME PASSWORDS (SMS)
PHYSICAL ID ARTIFACTS
BIOMETRICS (LOCAL)
PASSWORDS
ONE-TIME PASSWORDS (APP-BASED)

Policy Design Choices

With the large-scale deployment of digital ID systems in the absence of appropriate safeguards, it is critical to thoroughly examine all possible policy choices before implementation of such a system. This section attempts to provide an exhaustive list of policy choices that should be considered at the planning stage of any ID system.

What kind of ID system should be implemented?

What is the intended purpose of the ID system?

What should be the ID credential?

How should verification be done?

Who is eligible?

How should one think about interoperability?

What makes the ID open/closed?

How to ensure inclusivity and trust?

Governance Framework

As governments implement new and foundational digital ID, or modernize existing ID programs, there is an urgent need for more research and discussion about appropriate uses of digital ID systems. This also raises concerns about privacy, surveillance and exclusion harms caused by state-issued digital IDs in several parts of the world. Given the sweeping range of considerations required to evaluate Digital ID projects, it is necessary to formulate a framework for evaluation that can be used for this purpose.


RULE OF LAW TESTS

RIGHTS BASED TESTS

RISK BASED TESTS

Responding to Cybersecurity Threats & Failures

A key consideration in the adoption of any technological solution, particularly one that is intended for use as public infrastructure, is the design of safeguards to prevent or minimize the impact of cybersecurity threats and failures.

In this section, we summarise key cybersecurity practices from both government and industry, primarily collected from the NIST Cybersecurity Framework and Google’s Infrastructure Security Design Overview paper. These serve as an introduction to the steps that need to be taken to define and protect against threats, detect incidents when they occur, and respond to and recover from them.

Defining Threats

The first step towards defining threats is threat modelling. It is the process of enumerating potential risks to security in order to develop appropriate safeguards against them.

In the context of digital ID systems, this entails:

  1. Enumerating ‘Attack Surfaces’
  2. Assessing risks and harms

Protection & Detection

It is necessary to put in place mechanisms to protect against cyber attacks and detect incidents.

The key considerations are:

  1. Encryption in transit
  2. Encryption at rest
  3. Code audits and security testing
  4. Vulnerability disclosure programs
  5. Access control
  6. Access logs and anomaly detection

Response & Recovery

Responding to a cybersecurity incident entails ascertaining what data is breached and what services are affected, removal of any ongoing unauthorised access, and restoring data and services impacted by the incident.

Broadly, the steps involved in incident response are:

  1. Identification
  2. Coordination
  3. Resolution
  4. Closure and continuous improvement

Case Studies

Exploratory Research Maps are a result of our global survey of digital ID systems. These maps provide a coherent view of digital ID in each country. They shine a light on the pervasiveness of digital identity, and dissect digital ID systems in a way that brings attention to the actions of key stakeholders, and to kinds of data and how they are shared. Designed as stepping stones to further research, the maps facilitate the identification of points of accountability and intervention.

Nigeria

India

UK

Estonia

Digital Identities: Design and Uses

This website presents research undertaken by the Centre for Internet and Society, India on appropriate design choices for digital identity frameworks, and their implications for both the sustainable development agenda as well for civil, social and economic rights. This research is supported by a grant from Omidyar Network India.

Designed by Pooja Saxena, Saumyaa Naidu
Illustration by Akash Sheshadri
Developed by Sumandro Chattapadhyay, Tanvi Bhakta

Built using Semantic UI and Hypothes.is
Fira Sans and IBM Plex Serif by Google Fonts
Social media icons by Font Awesome
This website uses icons from The Noun Project
Hosted on GitHub

Copyright: CIS, India, 2019
License: CC BY 4.0 International

Team

Akash Sheshadri

Amber Sinha

Anubha Sinha

Divyank Katira

Pooja Saxena

Saumyaa Naidu

Shruti Trikanad

Yesha Tshering Paul

Contributors

Aparna Chivukula

Kushang Mishra

Nikil Augustine

Prakriti Singh

Pranav MB

Sumandro Chattapadhyay

Sunil Abraham

Vrinda Bhandari