Digital identification systems present a set of unique challenges for both implementing agencies and users. As countries around the world roll out their digital ID systems — for purposes such as financial inclusion and access, providing easier access to healthcare services, aiding the disbursal of government rations, subsidies, etc. — there are concerns around the efficacy of and privacy offered by such systems. The ID4D Workshop on Good ID in Practice sought to arrive at practical solutions to some of these challenges.
The themes covered in the sessions included country experiences, which highlighted the development of ID systems and takeaways from their implementation in India, Pakistan, Peru and Thailand, as well as Canada and Malawi; the role of legal and regulatory frameworks in protecting privacy and other rights and the importance of civic engagement with these processes; the need for privacy by design (aspects of which were engaged with by breakout groups that discussed biometrics, informed consent and innovations in privacy by design) and interoperability and sustainability; as well as glimpses into current research on Digital ID. The workshop concluded with a discussion of the ID4D Principles on Identification for Sustainable Development.
Biometrics serve the dual purpose of deduplication during enrollment, and authentication. Biometrics are often posited as a solution for ID systems in countries without robust civil registration systems or foundational ID systems. However, this could lead to potential exclusion of sections of the population that are unable to provide biometrics for various reasons. The discussion centred around other issues that arise around the use of biometrics, such as whether biometrics should be used when alternative solutions to establish uniqueness are available, particularly in light of concerns around privacy and data protection. The level of accuracy to establish uniqueness to serve each particular purpose was also highlighted. Further concerns were raised around the increasing use of facial recognition, given the ease of capturing facial images without consent.
Federated authentication helps decentralise information and reduce the risk of surveillance. This has traditionally been mobilised in high income countries by governments and the private sector. These systems are now being considered in countries with fewer resources such as Thailand (National ID Platform), the Philippines and Indonesia. The limitations of this approach in these country contexts was discussed — such as difficulties in implementing a fully decentralised or federated system in the absence of reliable foundational documents, and consequently whether authoritative sources of identity need to reach an established level of quality before federated or decentralised authentication systems are deployed.
The ID Enabling Environment Assessment (IDEEA) was highlighted as a tool to identify legal and regulatory gaps in different ID frameworks. The importance of documenting and learning important lessons from recent court cases involving ID systems was also highlighted, particularly legal challenges to mandatory use of ID.
The participants recognised that the push for privacy by design must be reflected in legislation. New approaches to privacy by design were discussed, such as tokenisation to prevent linking data across registries, secure ways to authenticate biometric data, and how to enable more informed consent. Further discussions around consent centred around revocation of consent and consent of children, and how to incorporate these approaches to existing systems.
Presentations from open-source ID solutions such as OpenCRVS, Modular Open Source ID Platform (MOSIP) and Open Standards Identity API (OSIA) highlighted how they can enable greater interoperability and vendor-neutrality of ID systems. These systems require greater cooperation between public and private partners, as well as civil society.
There is an increasing amount of research on the impact of digital ID on marginalised sections of society and potential exclusion, as well as welfare and administrative benefits. Existing research does not capture such data for many countries, which should encourage officials in these countries to work in tandem with researchers in order to make evidence-based decisions.
Civil society participation is essential to make sure that identification empowers individuals rather than infringing on their rights, as well as being accessible and having a legitimate basis. This is why civil society engagement should be encouraged from the design stage itself, and multiple channels should be provided for engagement between different stakeholders.
The Principles on Identification for Sustainable Development were developed in 2016 by a collection of NGOs, think tanks and private sector organisations to meet SDG 16.9 (“to provide legal identity for all, including birth registration”) while guarding against the associated risks. At the Workshop, participants agreed that the Principles are a useful primer on good practices, but highlighted certain ambiguities in the language and the need to highlight certain perspectives, as well as widen the ambit of stakeholders consulted with.
This website presents research undertaken by the Centre for Internet and Society, India on appropriate design choices for digital identity frameworks, and their implications for both the sustainable development agenda as well for civil, social and economic rights. This research is supported by a grant from Omidyar Network India.
CIS is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. Through its diverse initiatives, CIS explores, intervenes in, and advances contemporary discourse and regulatory practices around internet, technology, and society in India, and elsewhere.