A project of the Centre for Internet and Society, India
Supported by Omidyar Network India
This guide seeks to serve as a comprehensive toolkit to enable different parties to make informed decisions around proposed digital ID systems.
To help inform policy and technological decisions around digital ID systems.
To lay out the range of technological choices available, and shift focus to more inclusive, privacy enhancing and open technologies.
To enable civil society to ask the right questions of, and make appropriate policy recommendations for digital ID systems.
To facilitate further scholarship on digital ID systems that builds upon this Decision Guide.
To empower future litigants and courts to analyse questions of fact, necessity and proportionality, and best practices for digital ID systems.
This Decision Guide seeks to serve as a valuable resource when making decisions about a proposed digital ID system. For this, we need a shared vocabulary to understand and critically analyse all aspects of digital ID systems. Through a preliminary study of existing identity systems, we have arrived at this core set of concepts and processes that mark a digital ID system.
Digital ID solutions are often vendor-driven, where a particular vision of technological specification dominates the process of designing the identification system. This is not ideal as it treats the identification system, or rather a pre-decided version of the identification system itself, as the end goal.
The process of designing a digital ID system must begin with its objectives. It must analyse the existing identification system and the desirable purposes it does not adequately meet. All these identified purposes for the use of the identification system must correspond to a legitimate aim identified in the valid law.
Some of the key objectives of a digital ID system are discussed below.
A factor that characterises a digital ID system, is the actors that are involved in developing and managing it, and the role the State plays in this process. In this section, we discuss different roles assumed by States in ID systems around the world, the models of creation they have employed, and the policy consequences of these decisions. As part of this, we also address achieving interoperability through design of the system, and some common issues such as that of vendor-lock in.
At its core, digital ID seeks to solve the trust problem—how can an individual demonstrate who they claim to be, such that verifying parties may trust them. The current models for establishing this trust are largely top-down, with the primary motive of reducing identity fraud. However, there are multiple factors at play in determining the appropriate threshold for establishing trust which should guide the design of identity systems.
The use of digital technologies to aid the identification of individuals, the subsequent authentication of their identity, and to allow authorisation on their behalf is a common practice in emerging national ID schemes. We describe principles for the appropriate use of digital technologies in ID systems, common technical architectures that have emerged in their design, and summarise some of the key characteristics of these digital technologies.
With the large-scale deployment of digital ID systems in the absence of appropriate safeguards, it is critical to thoroughly examine all possible policy choices before implementation of such a system. This section attempts to provide an exhaustive list of policy choices that should be considered at the planning stage of any ID system.
As governments implement new and foundational digital ID, or modernize existing ID programs, there is an urgent need for more research and discussion about appropriate uses of digital ID systems. This also raises concerns about privacy, surveillance and exclusion harms caused by state-issued digital IDs in several parts of the world. Given the sweeping range of considerations required to evaluate Digital ID projects, it is necessary to formulate a framework for evaluation that can be used for this purpose.
A key consideration in the adoption of any technological solution, particularly one that is intended for use as public infrastructure, is the design of safeguards to prevent or minimize the impact of cybersecurity threats and failures.
In this section, we summarise key cybersecurity practices from both government and industry, primarily collected from the NIST Cybersecurity Framework and Google’s Infrastructure Security Design Overview paper. These serve as an introduction to the steps that need to be taken to define and protect against threats, detect incidents when they occur, and respond to and recover from them.
The first step towards defining threats is threat modelling. It is the process of enumerating potential risks to security in order to develop appropriate safeguards against them.
In the context of digital ID systems, this entails:
It is necessary to put in place mechanisms to protect against cyber attacks and detect incidents.
The key considerations are:
Responding to a cybersecurity incident entails ascertaining what data is breached and what services are affected, removal of any ongoing unauthorised access, and restoring data and services impacted by the incident.
Broadly, the steps involved in incident response are:
Exploratory Research Maps are a result of our global survey of digital ID systems. These maps provide a coherent view of digital ID in each country. They shine a light on the pervasiveness of digital identity, and dissect digital ID systems in a way that brings attention to the actions of key stakeholders, and to kinds of data and how they are shared. Designed as stepping stones to further research, the maps facilitate the identification of points of accountability and intervention.