To a government, a digital identity is a digital representation of who someone is. It lets them prove who they are online or in person. For citizens, this means that they can interact with government and other services quickly and conveniently, while being confident that their information and entitlements are protected. And for the government, this means that more services can be put safely online, while reducing cost and minimising fraud.
If you are working on a programme to deliver digital identity, here are 6 key questions we think are helpful in determining the shape of a digital identity service and the work you might need to do. We’ll explore these in some short posts which will consider digital identity at a strategic level so that leaders and teams can better drive service design and technology choices.
1. Do you even need identity for your services?
Identity verification adds complexity and cost to a service, and may create barriers to essential services, so it is important to ensure that the identity system fits the need. Some services may need true identity verification, where the risks of identifying the wrong person are significant. Other services may merely need a secure sign in process where a user’s identity is unknown, but the service can be confident you're the same person over a period of time. And some services may not even need a sign in if the transaction is low risk and one time.
2. Which foundational identity systems already exist?
The availability of an existing universal identity proof for citizens, such as a national identity card scheme, will make a big difference to the shape and complexity of your digital identity system. Without this, you will need to spend significantly more effort on helping users through the maze of identity verification itself. If you do have a foundational identity, the focus of your service shifts to developing trust in digital identity and understanding what is needed to move users into an online journey, including those who are currently still excluded from the existing identity system.
3. Who does digital identity exclude?
In a government context, the services that are most needed often have high numbers of users that are already excluded by society. Requiring users to prove who they are makes accessing a service harder and may even create new excluded groups. A digital identity service is an opportunity to improve on what has gone before. By doing the hard work to really understand the users and services that will need digital identity, you can prevent identity verification becoming a tool for exclusion.
4. How will you prioritise privacy, control and convenience?
Governments are grappling with the need for greater privacy and control within their own political and policy context. However, often a user is trying to verify their identity at a time of extreme need, so convenience is their focus rather than data privacy. You can find the balance by engaging with users, community representatives and a range of stakeholders to develop a framework for creating and using digital identity.
5. How can you ensure you have control of your biggest risks?
Digital identity is an area with much complexity. Successful approaches start with something simple that delivers value at scale, before increasing complexity. These may include choosing to deliver identity for government first, before opening up to the private sector. Or starting with a closed ecosystem before opening it up. Successful programmes also keep the riskiest parts of their service close, in the hands of teams able to learn and adapt quickly.
6. Apart from digital identity, what else might you need to do to secure services?
It’s important not to see identity as a “once and done” activity. Trust that your user is who they say they are can degrade over time. Riskier activities like changing bank details can require an increase in trust. Identity on its own cannot solve this problem.
There are a lot of technology options that will help governments achieve things that were really hard in the past, and that can be really exciting. But technology on its own is hardly ever a silver bullet, and without the right safeguards it can work against the needs of citizens. So our questions are not about technology - they’re about intent, strategy, needs, and above all context. This is also why there aren’t any easy, “one size fits all” answers in digital identity. But these 6 questions can help you find the answers.
Anna Hirschfeld and Stephen Dunn are two of our Public Digital experts on identity. They’ve both been heavily involved in the development of GOV.UK Verify and the identity journey within Universal Credit (a payment to help with living costs in the UK). They have recently worked with British Columbia on the next steps for their digital identity journey and will be speaking at FWD50 on digital identity and service design.
To discuss digital identity with Public Digital, email firstname.lastname@example.org
This post is part of a series on digital identity.