This article was originally published on govinsider.asia and reproduced with permission from GovInsider.
Your ears could be the key to proving your identity in the future. Scientists have found that the outer ear is one of the most accurate ways to identify people. Ease of use and unerring accuracy are necessary features of digital identity programmes.
There’s a whole patchwork of systems used to prove our identity — both in the form of the cards we carry and the different databases that power them. “There is a great opportunity to be considered by merging physical and virtual identities, and ultimately just needing the one digital identity,” says Gordon Heap, general manager, Singapore Public Sector at DXC Technology.
He outlines four key methods that will shape the future of digital identities.
A unified identity
Governments are moving to create a single identity that either merges or connects the different physical and virtual ones that exist today. “If we implement this effectively, as a national initiative, and ultimately an international initiative, then the application of this identity permeates every interaction of our life,” Heap says.
Singapore has benefitted from having a single national identity card following the introduction of the National Registration Act (1965), he says. “It’s been fairly foolproof.” But even in this case, the government has had to rewire internally to allow people to use an integrated digital identity, SingPass. “It has required a lot of changes to a lot of different systems to allow the citizens to have that access,” he adds.
The European Union has an ambitious vision for a single digital identity to be recognised across its 28 countries. The “Once Only” principle sets out that if citizens provide biometrics to one country, they should not have to provide it to another EU nation.
Digital identities should be issued and regulated by the government, but open to all private and public sector parties to use. New Zealand, for example, is looking to integrate its RealMe identity with Facebook and Google profiles.
Biometrics have already emerged as a good way to identify people, but governments will need to adopt a “multi-biometric” approach to provide the highest level of assurances. Digital identities should be backed by a combination of different biometrics, such as fingerprint, voice and facial recognition, to make it difficult to tamper with and allow access to services via different biometrics.
Systems that converge traditional and emerging biometrics, like the earlobe, will deliver heightened assurance of identifying an individual uniquely, Heap says. “Our earlobes are unique and also don’t change as much over the course of our lives. Fingerprint identification has been around for a century, but is not as accurate as people believe. Our fingerprint is susceptible to change as we start to age; it is actually not that reliable.”
Many nations, including the United Kingdom, have a comprehensive centralised “biometrics as a service” vision. Citizens would need to provide their identification information just once to the government and would then be able to use that to access services.
For example, citizens can use their fingerprint on their smartphones to access a range of crucial public services. Many governments already use facial recognition, iris reading or fingerprint scanning to clear travellers through airport immigration for a truly hands-free experience.
The biggest piece of the puzzle has been that our identities are often incomplete, with the early years and end of life excluded. Most countries, including Singapore, issue national identity numbers in the teenage years, Heap says, adding: “And yet, from birth to the age of 15, a lot happens in one’s life. That information is lost, or at best not recorded against a future digital identity.”
Some of this information from our early years, such as health and education records, is critical for future services. Our “digital twin” should be created at birth, so information and records are built over time. “If we’re going to create a digital identity, why would it exclude periods of one’s life? It really shouldn’t,” says Heap.
At birth, citizens would be given a digital identity and, if required, the birth certificate itself should be digital. Biometrics like iris and fingerprints can be added to this at a later age once they are more developed. All of this is possible with the right type of technology, including biometrics and possibly blockchain, Heap adds. Brazil, for instance, is issuing digital identities at birth, he says.
The other missing piece of information is death. We are reliant on our next of kin to update numerous government agencies and our social media. “It’s a very difficult issue to deal with. People are grieving at that point, and to be honest, may not know every government department, private sector service and social media platform that the deceased had engaged with during their life,” he adds.
But it’s possible that once a death certificate is issued by the registrar, it would set off a series of activities to ensure that our health, financial, employment and tax records are updated. “Our digital identity should be updated to reflect that. And if this is available to the private sector, our Facebook account and Twitter page could be retired.”
Many digital identity programmes have hit roadblocks with questions of privacy. In India, this led to a landmark Supreme Court case on whether the Aadhaar project (unique identification) violated a constitutional right to privacy. Ultimately, the ruling allowed the government to continue collecting biometric data but within new limits. Private sector organisations like banks and telcos can no longer use this data in India.
Fundamentally, such controversies arise from a lack of trust in the system, Heap says. “Citizens feel that they’re not in control, and they are not sure what the government is using this information for,” he says.
The answer is to ensure that digital identities and the information linked to it is controlled by citizens. There could be mechanisms for users to choose biometric verification in some cases and not in others.
Having identity stored digitally allows citizens greater control if the data is managed correctly. In the case of minors, for instance, parents would be able to give consent, and control could be automatically transferred at adulthood.
Blockchain is one way of doing this, Heap adds. “It can be consensus-based: I can share the data on me that I want to share; it’s immutable; and it can be validated through my digital identity and backed up with my biometrics.”
With these four methods, Singapore can build a digital identity that will serve its Smart Nation ambition: one that is seamless across all aspects of our lives, secure and easy to use, and trusted.