Your identity is not only a way to discern you, it’s a human right defined by the United Nations. International law exists to defend it and policies are built to protect individuality. As complicated as managing identities is across the world, identity is inherent to who we are and fundamental to society. It gives us access to healthcare and education, guarantees our right to vote, validates where we live and work, and grants us the freedom to self-expression.
The methods governments use to record and recognise identity centre around physical documents, primarily focusing on paper birth certificates and passports — a format that is impractical for daily use. In an age where technology encompasses services to make them more efficient, this method of identification seems archaic. Modernising identities could represent a large leap forward in positively impacting access to things if implemented correctly.
Unlike many other countries, Estonia has begun to innovate around identity. The state now issues a digital identity, a chip-and-pin e-card designed to authenticate people. The country’s program, called e-Identity, allows its citizens to safely identify themselves and use e-services from a laptop, phone or anywhere with connectivity. And with more activity happening online than ever before, citizens can use their official digital signature on their ID-card, Mobile-ID or Smart-ID.
Combining this approach with digital data such as biometrics and identification numbers, opens the door to a large array of public services. The ease at which citizens can digitally sign documents through the e-Identity system provides efficiency far beyond what is currently capable with the traditional notion of identity.
But it is not only Estonia pushing the convention. India’s Aadhaar scheme issues a 12-digit unique-identity number to all Indian residents based on their biometric and demographic data, enabling fuel subsidies and food rations. With India’s vast 1.3 billion population, it is the largest biometric identification program in the world today.
But how is this being translated in the enterprise? As more and more organisations adopt technology, and more people both within and outside of an organisation require access to digital offerings, it can result in multiple identities and login tokens for users. This hampers business productivity and increases the number of IT-related queries for forgotten passwords. Having one identity and single sign-on capability at work eliminates this friction and increases productivity and security for organisations of every size.
It’s not as plain sailing for countries and government entities. While technology is opening up new opportunities in shaping modern approaches to identity, these new schemes are largely untested and may invite risk.
In Estonia, a breach in September 2017 put 750,000 identities at risk, ironically just days before it hosted a big EU exercise on cyber warfare. The Aadhaar scheme has come under criticism for similar security breaches and ‘big brother’ concerns for violation of a person’s right to privacy.
As more people and services become connected, threats to identity will put pressures on Estonia and India’s digitised solution. In the quest for a more modern identity system, security should not be overlooked in the path towards convenience. As technology advances, so should the underlying algorithms.
The world is becoming more digital and more vulnerabilities will no doubt be discovered and patched, but at the same time, technologies such as blockchain are emerging to help mitigate risk.
Blockchain is built to ensure data exchanges cannot be erased or adapted without leaving a record, making it very difficult to hack. It is also excellent at controlling information and avoiding duplication, which is key in an area with such serious consequences.
Microsoft has already begun experimenting with this concept, having announced plans to pilot a blockchain-based digital ID platform enabling users to control access to sensitive online information via an encrypted data hub. That said, it is also one of the most complex and unwieldy new technologies around, so a lot of work must be done to make it a workable backbone for identity management.
To get blockchain ready for primetime, collaboration between the private and public sectors is critical. One example is Project Jasper, a joint effort between the private sector and Canada’s central bank to explore how the technology can be used to facilitate payments. Only through stronger facilitation of these partnerships, will blockchain be in an optimal position to secure identity.
Recent breaches shouldn’t deter from the merits of these programs, but serve as learning experience for future implementations. We are living in an exciting era where technology can solve age-old problems. Whether that’s contactless cards in banking or biometric recognition in smartphones, it has ignited our imagination to improve what’s not working.
Digitising identities is the way forward and as security continues to advance, it won’t be too surprising if we see these identity systems exported to more countries around the world.
Sourced by Jesper Frederiksen, head of EMEA, Okta