The United Kingdom government has announced plans to establish new legislation to manage the advent of digital identities for use in modern society in a secure manner (1).
While announcing the news last week, following a consultation period (2), the DCMS department for culture, media, and sports stated that digital identities might soon replace physical documents like driving licenses and passports.
Online authentication that requires physical document scans will soon allow users to utilize an online identity instead. The digital analog could also be used to purchase age-restricted commodities like alcohol in retail outlets.
The digital ids will not substitute physical documents, according to the DCMS. Still, they will be available to anyone who wants to use them – there will be no requirement to obtain a digital identity in the UK.
The ODIA, Office for Digital Identities and Attributes, a new governing body for the technology, will be established. Companies tasked with handling the personal details associated with digital identities will be required to apply for a new, to-be-created Trustmark to demonstrate adequate protection.
“The ODIA will have the authority to award a readily recognized Trustmark to accredited digital identity organizations, confirming that they meet the security and privacy requirements necessary to handle people’s data securely and consistently,” the DCMS stated (3). “The ODIA will verify that trust-marked organizations conform to the strictest security and privacy requirements.”
The DCMS stated that the legislation would be introduced as soon as parliamentary time permits.
For it to become law, a legal gateway must be built that enables organizations to safely conduct verification checks and adequate checks to assure that digital ids are legally equivalent to physical identities.
Such digital identities will be accessible via applications and online portals. The government believes that it would help tackle the “record high” levels of fraud in the country, with about 5 million cases in the year ending September 2021, the DCMS said (4).
Digi-pilot programs in India and Other Nations
The UK’s centralized ID model would entrust the management of its people’s digital identities to specified third-party organizations.
Meanwhile, India has also suggested its own “Federated Digital Identity” concept, which would link and keep each citizen’s multiple digital identities under a single ID (5).
India’s Federated Digital Identities
Earlier this year, the MTY, India’s electronics and information technology proposed a new model for “Federate Digital Identities,” which would allow Indian citizens to interlink their multiple digital IDs like PAN Card, Aadhaar Card, Passport, etc. and store and access them via one unique id (6).
According to the draft proposal submitted by the ministry, this digital identity umbrella will empower our people by allowing them to control their identities and offering them an option of choosing which id card to use.
In addition, the proposed framework also highlighted that the federated digital identity would offer as a key to store and register all identities across states and union territories. People can also use their digital identity to avail other third-party services via consented eKYC and authentication.
The Indian ministry has moved the proposal under the IndEA, India Enterprise Architecture 2.0.
The ministry first proposed IndEA in 2017; the officials have updated the framework since then.
The 2.0 version proposes a pattern that allows people and private companies to create and design an IT infrastructure that “span beyond their organizational boundaries” to provide “holistic and integrated services” to their customers.
This month, the United State’s TSA Transporation Security Administration will also participate in a pilot program of Apple digital identities at its two airports.
The Initial US Digital Identities Study
Air travelers with Apple iPhones will soon be able to prove their identification at TSA checkpoints at two US airports by producing a digital ID document saved in Wallets, such as their mobile driving license (mDL) or state ID (7).
The TSA will begin testing the use of Apple digital IDs as part of a test program that will roll out to airports in “two additional states around March of 2022,” allowing travelers to undertake an automated identity verification process by tapping their Apple device on an NFC reader or scanning it with a QR scanner.
“Standards-based digital Identities, such as state-issued mDL, will assist expedite and strengthen the identity verification process,” the TSA said at a Secure Technology Alliance event, confirming a “phased implementation” with “mDL Apple Wallet integration as its initial step.”
“A machine will automate examining a physical Identity card, manually verifying a traveler’s ID photo to their face, and verifying flight information,” the TSA said. “To commence the data transmission, travelers will tap an NFC scanner or utilize a QR scanner. A TSA employee will be on hand to supervise and verify the verification process.”
Apple had also announced that two TSA airport security checkpoints were among the first locations that would support the use of digital identities stored in its Wallet when it unveiled the feature in June last year (8). In September, the tech giant had also confirmed that users would soon be able to provide their state ID or driving license to the TSA by tapping their Apple Watch or iPhone at an identity reader (10).
Apple has also updated its Wallet page, which confirms that in addition to state digital identities and mDLs, it is adding support for digital corporate passes and employee IDs that allow users to get access to their offices and places like fitness centers, exclusive lounges, and even pay for a meal at their company cafe.
In an initial US test, 90% of participants indicated they considered their mobile licenses were held properly and securely (11).
Mobile driver’s license projects are also gaining traction in South Korea, Australia, Denmark, and the Netherlands.
Microsoft’s Decentralized Digital Identities Model
The rollout of digital identities proposed by the UK government will operate on a centralized model with selected third-party organizations managing several people’s digital IDs in the country.
And it goes against the model Microsoft suggested. It has proposed a system for decentralized identity storage that it hopes the world will adopt in the next five years (12).
According to Microsoft, simply digitizing a physical id such as a driver’s license and utilizing it as a like-for-like substitute allows businesses to view more information than is necessary. Instead, it recommended a decentralized paradigm in which the individual retains complete ownership of their identity and the ability to reveal or withdraw portions of the digital identities as needed.
“By confirming their digitally signed credentials, you can establish the individual is the authentic owner of the real-world identity,” it stated. “Individuals can save their identity data in a secure, encrypted wallet and simply manage access to it.”
“A decentralized identity might eliminate the need for login details, relying instead on other types of verification to offer the necessary level of attestation,” added Microsoft.
Want to learn more about Microsoft’s decentralized identity solutions? Click here.
Instead of simply maintaining a scan of your identity documents, a decentralized ID platform might save a certified token that verifies the information contained within. You could then use those pre-verified credentials instead of the actual documentation or data when you’re carded at a bar or need to prove your citizenship.
Microsoft has a decentralized platform called Azure AD Verifiable Credentials in the private sector that saves official data on the blockchain without the need to keep physical documents.
Rather than storing a scan of your identity documents, the platform would save a certified token or QR code that verifies the data. Microsoft’s platform is similar to Apple Pay or Google Pay, but instead of credit cards, it uses IDs.
“I can validate where you went to school if you have a decentralized identifier; I don’t need you to bring me all of the info,” says Joy Chik, corporate VP of Microsoft’s cloud and enterprise identity unit (13). “All I need is that digital credential, which I can trust since it’s already been confirmed.”
Likewise, Mastercard is also testing a similar plan for decentralized, universal digital identities (14).
According to Emin Gün Sirer, a computer scientist and co-director of Cornell University’s Initiative for Cryptocurrencies and Contract (17), “Achieving privacy, decentralization, and trustworthiness simultaneously is extremely challenging.”
“Blockchains make privacy difficult, decentralization makes it complicated to recognize trustworthy credentials, and various choke points in the ecosystem may mean that these technologies’ availability ends up going through centralized portals,” added Gün Sirer.
“More importantly, new technologies necessitate a reassessment of identity. Most businesses fail here because their business strategies are inextricably linked to understanding and monetizing every piece of data on their customers.”
Nonetheless, it does not rule out the possibility of a functional decentralized identification network, says Gün Sirer.
Moreover, a business like Microsoft is uniquely positioned to help a new technology gain widespread adoption. At the same time, decentralized ID services may be difficult to sell, both to companies that don’t want to cease gathering data and those that don’t want to adopt another essential service led by a large company like Microsoft.
“Decentralized digital identification solutions, when properly deployed, offer to provide people more control,” Gün Sirer argues. “I just don’t think a centralized software vendor can deliver the breakthrough we need.”
The Global Outlook
One billion individuals around the world currently lack proper identification.
By the end of this decade, the United Nations and the World Bank hope to have given everyone on the earth a legal identity (18).
The UK is currently looking to establish a new governing body for its Identity technology to identify trustworthy corporations to hold digital identities.
And we believe that a major national digital ID program in the UK, whether centralized or decentralized, could persuade other countries, or possibly the entire UN, to adopt similar digital identities by 2030.
Even though these digital identities can completely replace physical IDs, they could also have serious implications for citizens’ privacy and identity protection. We will talk about it in the second part. Stay tuned!