Nearly 2020: And Still No Digital Citizen ID System?
2020: And Still No Digital Citizen ID System?
Well, 2020 was a big target for many countries … with transformations in health, education, energy, governance, e-commerce, and so on. But we are now in 2020 and lack many of the digital building blocks that could be used to take our world out of the 20th Century.
As every day, every month and every year that passes, the governments of the world that fail to provide proper citizen-focused digital ID and signing infrastructure, will fall further behind others in the world who have adopted it. Basically all the data that exists within most government systems should be deprecated … aged-out … as it cannot be trusted. A new architecture is required, and trusted digital IDs and digital signing must be at the core of this.
The era of the wet signature has gone, as it has almost zero credibility in this information age.
The era of the pseudo ID has gone, too, as there is virtually no credibility in it. We give people numbers, as that is the way we have done it for centuries. To the UK government, I am a health ID, a tax ID, a NI ID, and so on. We are just a number to them, and that is how it has been for centuries. When required we create a scrawl, and that scrawl identifies us to them. In terms of a true digital ID - and something I can truly prove myself - I am almost non-existent. I am only a login ID and a password, and which they simply link my login ID to my pseudo ID. It is a 1970s viewpoint of the world, and using 19th Century methods of record keeping.
We need governments now to push forward on creating purely digital systems, and where IDs are not just numbers anymore, but are properly digital, and then for these IDs to be used to verify and sign for things. We now need to build new business models and government services on the back of one thing … digital IDs. We need to create scaleable systems which can be trusted for every single transaction, and get citizens and businesses on-side in using it.
Estonia and Finland
The X-Road is the backbone of e-Estonia [2]. X-Road is an integration layer that allows all public (and some private) databases to interact, making integrated digital services possible. Institutions are not locked into any one type of database or software provider. Databases are decentralised — every government agency or business can choose the software/hardware product that is right for them. All of the Estonian e-solutions that use multiple databases use X-Road, and outgoing data from the X-road is digitally signed and encrypted. A key feature is that all incoming data is authenticated and logged, too.
National ID cards are mandatory in Estonia, giving digital access to all of Estonia’s secure digital services. The embedded chip on the card uses 2048-bit public key encryption, making it a secure and definitive proof of ID in an e-environment. The ID card is regularly used in Estonia, such as for:
- As a national ID card for legal travel within the EU for Estonian citizens.
- As the national health insurance card.
- As proof of identification when logging into bank accounts from a home computer.
- For digital signatures.
- For online voting.
- For accessing government databases to check one’s medical records, file taxes, etc.
- For picking up e-Prescriptions.
One of the strengths of the Finnish health care system has been in the usage of national registers. Rumrich et al [4], for example, used registers to study maternal smoking in Finland. This involved data from the Finnish Cancer Register and which was established in 1953. It included a PIN (personal identification number) (PIN), and, from 1964 onwards, has been used to identify permanent Finnish citizens.
The Finish model uses a similar approach to Estonia, and defines that interoperability is built at four levels: political, organisational, semantic and technical. A key feature is that the model goes beyond health and care and aims to stop digitising existing paper processes. This provides a core mandate for a common approach to identity as a method of enhancing citizen ownership and transparency, and to develop and mandate the use of a single data exchange layer. Within the Finish model, though, there are additional features including: increased social care data integration; the development of a modular personally held record; and more automated and analytics-driven decision support and workflow.
Canada
British Columbia are showing great vision in transforming at scale, and using cryptography to build new (and more trusted) ecosystems for business. Why can’t a company register digitally with its own ID (and signing key), and then others can prove that they are register? British Columbia thus want to give rid of red tape, and make things easier for small businesses? Why do we still push bits of paper around?
The work has been created by Verifiable Organizations Network (VON), and which involves the governments of British Columbia, Ontario, and Canada. Their goal is to focus on reducing red tape for an open-source framework, and look to contribute to Hyperledger Indy. The result is Orgbook BC,and which has 529,000 digital IDs for companies and 1.4 million credentials, and where there are likely cost savings of over $10 billion a year in unnecessary red
tape.
In Canada there are at least three different tax numbers (SIN, GST/HST and CRA BN) — for local, provincial and federal — and this new project brings these together into a single entity, and thus simplifying the process. When government is looking for a new business, they can simply turn to the Orgbook BC, and where small businesses have as much opportunity to be found than large companies.
Conclusions
2020 is nearly here, and I still have no proper digital ID.
I have no meaningful engagement with any government or council service (apart from tax, of course), but where a parking ticket can be traced to me in seconds. There is no-one around that outlines a map that I can point to, and see where we will be in five or ten years time. London, though, in the UK stands out as a place that does want to create a proper architecture, and use digital methods to improve health care across the city. But the rest of the UK?
Without a proper digital ID system, our citizens and businesses will be at any increasing disadvantage, and were we fail to use digital systems to improve the lives of our citizens. We must focus on innovation and cybersecurity, and every country/city should have an architecture — a road map — for the route they wish to take. Creating human and digital trust must be at the core of this, and digital ID is the common linkage. Estonia, Finland and Canada are doing great work in building trustworthy systems that will scale. For me, the only bits of paper I get through the post now are from the NHS, government and my council.
Some day, governments will wake up to the potential of truly digital services, and which are trustworthy. They will wake up and realise that cybersecurity is not just another word for cybercrime. They will realise that the businesses of the future will be created within the new digital worlds that we are creating, and if you don’t build them, the businesses won’t come, or thrive. The countries of the world who will strive are the ones who will innovate fast, and the others will struggle to compete with them.
References
[1] . Jormanainen, “Large-scale implementation and adoption of the finnish national kanta services in 2010–2017: a prospective, longitudinal, indicator-based study,” Finnish Journal of eHealth and eWelfare , vol. 10, no. 4, pp. 381–395, 2018.
[2] E. Shapiro, “Foundations of e-democracy,” arXiv preprint arXiv:1710.02873, 201.
[4] I. Rumrich, M. Viluksela, K. Vähäkangas, M. Gissler, H.-M. Surcel, J. Jokinen, and O. Hänninen, “Evaluation of register study feasibility using maternal smoking as a risk factor in finland,” in Proceedings of the 28th annual conference of the International Society for Environmental Epidemiology (ISEE). Rome: The Publisher is Environmental Health Perspectives (Abstract Number: P1–302| ID: 4140) , 2015