Digital Identity: Evolving, or just cloning itself?

The premise of the report is this: full participation in today’s societies and achievement of one’s desired potential are increasingly likely to depend on the ability to identify oneself; however, some 1.5 billion people are reckoned to lack “legal identification”, and action should be taken to remedy this.

The report acknowledges that private companies and other non-governmental organisations are stakeholders in such an identity infrastructure, and further notes that identity, in the desired sense, does not necessarily imply nationality or citizenship. Off-hand, two examples where “legal identification” systems already conform to this model are:

  • Estonia, where the government issues an “e-citizen” credential which, although legally recognised, does not imply citizenship, and is independent of nationality;
  • The Scandinavian Bank-ID system, in which credentials issued by banks (and therefore independent of nationality or citizenship) are legally recognised by public sector bodies.

The mindset behind the “historical” model of identity is one in which identity is something conferred upon the individual by an authoritative body (generally the state). That mindset is understandable, from the state actor’s perspective, but it tends to understate or even omit the notion of user control. For instance, you cannot typically choose or limit the information disclosed about you via your passport or driving licence.

We also see a trend, in various countries, towards insisting that there should be no online access without authentication – in other words, that all online access should be identifiable – with corresponding risks to freedom of expression and freedom of access to information. While these factors affect all of us, they are likely to have a far greater proportional effect on the next 1.5 billion people to go online, given the economic and political context in which they do so.