We recently wrote about six questions you should ask on a digital identity programme. One of them asked whether an existing universal identity proof for citizens was already available, such as a national identity card scheme. If you don't have one, you will have to solve the identity problem at the same time as meeting the challenges of digital adoption. If you do have one, great! But it still probably isn't universally used and you need to design for adoption in any case. So the answer to this question will shape your country's strategy for digital identity.
Foundational identity systems
A foundational identity is an identity established or changed as a result of a foundational event (e.g. birth, immigration, legal residency, citizenship, death, bankruptcy). In countries which have strong processes linking citizens to that identity, such as an identity card system or equivalent that everyone uses in everyday life to prove their identity, we can say that a foundational identity system is in place.
Most nations and states in the world have such a system, although many are not available as digital services. Digital examples include Aadhar in India, or the Estonian e-ID, where entire identification, issuance and usage processes have been created.
When there is no foundational identity system
But where there is no foundational identity system in place, a digital identity programme will need to set up its own processes. This will probably involve enacting legislation and the creation of new services to issue and help users and organisations manage their identities, as well as stitching together the digital services for everything to work.
In the UK for example, there is no commonly agreed and universally held proof of identity. Many people think their driver’s licence or passport is an identity card, but while they have strong identity verification as part of their issuance process, neither of the issuing departments stand behind them as a general purpose identity card. But more importantly, 12% of the adult population do not have either document, rising to 30% of the user base trying to verify their identity for some services.
So, to achieve the same outcome for users, a wider variety of documents and data and verification methods are needed. These can include things like birth certificates, household bills, bank statements, credit reference data or knowledge based verification questions. These are bound together by a set of government standards that show how combinations of identity evidence will reach a level of confidence.
And this happens with every service, meaning there is no reusable proof of identity issued. Unlike in other jurisdictions, users have to assemble their proof of identity each time they encounter a new service. Although, programmes such as GOV.UK Verify started to solve that problem for the digital services in the public sector, as is also the plan for its intended successor.
So, unlike in jurisdictions where a foundational system is in place, users and services that require identity may be confused about what is required to verify identity, and so more explanation and support may be required.
Further, users and services may be more vulnerable to identity theft due to a reliance on combinations of evidence that may be easier to obtain by fraudsters. The additional support for users who have trouble proving their identity, that we discussed in our previous post will have to be put in place by each service, causing repeated exclusion and waste due to failure demand.
Much of the focus in the UK has been on dealing with the problems associated with the lack of a commonly agreed and possessed proof of identity, rather than, say, the specific challenges and opportunities of *digital* identity.
When there is foundational identity, the challenge and opportunity changes
Where a foundational identity system is in place, the challenges and questions of digital identity still apply, but the hard work of initial identity verification is already done. This changes the expectations of your users, and the focus of the programme. Additionally, you cannot assume that it will be universally held across the population.
Public Digital has recently worked with British Columbia. They have several foundational identity documents, each with a standard issuance process - the BC Services Card, the BC drivers license or BCID, and combinations. Penetration of just the BC Services card is over 4.7M (out of a population of around 5M).
Our work with them focussed on how they might expand the uptake and utility of the mobile version of the BC services card. The existence of the services Card meant that the question we were trying to answer was not how do we verify identity, but how do we use identity most effectively digitally, how to reduce digitally created barriers to more people and organisations using it.
Any identity service needs to take the time to understand their users' needs. This is about digital access and usability, but it’s also about how people react to the concept of digital identity - which for many will be a new idea. Building a service that is trusted with people's most personal data is still a service design challenge even with a foundational identity in place.
In both scenarios you will still need to work closely with government agencies, the private sector and stakeholders from within the community to understand their needs and concerns to ensure success, particularly around privacy, data control and inclusion.
So if you are reviewing and comparing international approaches, first check to see the foundation they are building on. Wherever you start from, start with user needs, and design for adoption.
To discuss digital identity with Public Digital, email [email protected]
This post is part of a series on digital identity.