Identity is one of those unique topics that matters to every human being on the planet. Being able to prove your identity and use it to access healthcare and education, to get a job, travel, or buy groceries, is what makes our society function. Identity is also central to all development problems. According to the International Telecommunication Union of the UN, 10 Sustainable Development Goals (SDG) need a coherent identity solution in order to be achieved.
While identity is an age-old issue, identification is entering a new phase of discussions and work due to three factors that are testing the boundaries of the old model:
- Needs of the end-user. Over one billion people around the world lack an officially recognized ID. Among them are refugees, the stateless, and forcibly displaced persons. Those who do have ID are impacted by privacy breaches like the Equifax breach in 2017 and frustrated with the lack of convenience and control as their online and offline lives converge.
- Regulations. The EU General Data Protection Regulation (GDPR) is demanding new levels of user-centricity focused on protection of personal data with individual rights including: Right to access, right to be forgotten, data portability, and privacy by design. Though regionally-specific, this regulation has sparked a global conversation.
- Technology advances. With recent advancements in technology (e.g., blockchain, mobile), we have the means to create user-centric, secure identity solutions for all.
Earlier this month, I had the opportunity to host a conversation on the topic of future of identity at the NetHope Global Summit in Dublin. I was joined by the experts from across the sector – Rosa Akbari from Mercy Corps, Kim Cameron from Microsoft, Christine Leong from Accenture, and Paige Nicol from Omidyar Network.
Our panel set out to explore the future of good identity. We discussed what ‘good identity’ is and how do we know that we have it, and what it will take to make ‘good’ identity possible, including the role of the nonprofit sector. We talked about both barriers and opportunities, roles of organizations and individuals, and the necessary conditions for making identity accessible and usable by all, in the contexts in which they live.
Here are the key takeaways from the discussion.
What is ‘good’ identity, and how do we know that we have it?
Good ID must be trustworthy, private, secure, inclusive, and sustainable – for users, for issuers, and for relying parties. It needs to be:
- User-centric. When we speak about Good ID, we must ask - “Good for whom?” A good ID is user-centric to the extent that it gives people control and awareness over what identifiers and personal information are released in any situation. For those who already have access to ID, the focus may be on providing protections against identity theft and the convenience to use anywhere and anytime with a digital wallet that is similar to what we have in the physical world.
- Linked to services. Having an identity is insufficient. For ID to be ‘good’ for end-users, it needs to be tied to what users value in their contexts -- services like education, healthcare, or cash transfer.
- Portable and inter-operable across services and across borders.
What are the necessary conditions for ‘good’ identity to be possible?
- Stakeholder engagement and collaboration. All speakers agreed that without the active engagement and collaboration among governments, NGOs, healthcare providers, technology companies, financial institutions, and other key stakeholders - Good ID will not be viable. For example, Mercy Corps is engaging a wide range of stakeholders to put in place cash-transfer programs in Iraq, Jordan, and Colombia, including: end-user, small businesses (that operate at transactional level with IDs), other NGOs, international organizations including UN agencies and World Bank, governments, and banks. Omidyar Network asserted that “It is critical that the voices of civil society are engaged in this debate. Journalists, digital rights activists, and other advocates for individuals have an important role to play in shaping and strengthening laws that enable ‘good’ identity, as well as holding governments and other issuers accountable throughout implementation.”
- Technology that supports development of Trust Frameworks and puts users in control of their identities. While technology is not a silver bullet, technology that is standards-based will ensure that Good ID is user-centric and durable beyond any single solution and vendor. Humanitarian organizations need standards-based, interoperable technology that makes it possible for them to “accept” and enhance existing identities as much as issue new ones while enabling end-user portability of identity from one supplier or context to another (e.g. from a health service to a financial service, and within service area like health to avoid issues like re-vaccination of children on the move). When asked about the pros and cons of blockchain for identity, Microsoft responded: “Let people have their identity information stored in wallets they control and let’s use blockchain to ensure that our wallets can communicate with each other, i.e. enable PII to be available only when it’s shared by the user.”
- Data-sharing agreements. Technology is not a replacement for well-defined data exchange and governance agreements between organizations. While such agreements may take a long time to develop and adopt, such agreements are critical for enabling a service model that is designed for end-user data protection and privacy.
- Ability to operate within the regulatory environment. Humanitarian agencies have to operate within the regulatory environment which means that decisions on technology and partners will be based on who has experience in navigating regulations or can at least be a good partner to the humanitarian agencies to understand how to operate within those regulations rather than prioritize piloting a certain technology. Humanitarian agencies have an obligation to ensure they address both local and international requirements around data usage and storage. They can benefit from the experiences of the technology sector and partners in this space and ensure they operate in a manner which protects the end user.
What should nonprofit sector do today?
- Adopt a different mindset. Shift the mindset from “I’m running everybody’s identity” to “I am accepting everybody’s identity”; from thinking about end-users (e.g. refugees) as passive recipients to active participants — actively managing and controlling their identity. At the same time, build the foundation for the future including the knowledge of digital tools as we well as requirements for security, privacy, and ease of use for end-users.
- Focus on the problems that need to be solved right now. It’s important for NGOs to focus on solving the identity-related problems that need to be solved today. Whether helping individuals meet Know-Your-Client (KYC) requirements for cash transfers, verifying vaccination records, or substantiating educational records for children on the move - some proof of identity is needed. In the discussion, Accenture emphasized the importance of shifting the work from broad access and coverage of identity to usage of identity and identity being accepted by a diverse set of stakeholders.
- As you begin developing and implementing digital identity solutions in low resource settings, make sure to avoid vendor lock-in. Some of the most significant issues occur when NGOs or governments seeking ID solutions are contract with or “lock-in” to a specific technology or provider. This raises concerns around persistent data ownership and heightened costs when wanting to switch to new and better technologies later. These challenges don’t just affect organizations and governments; they ultimately hinder individuals’ ability to fully and freely access basic services. To help address these concerns, Omidyar Network recently invested in a modular, open-source, identity platform (MOSIP), read more below.
- Collaborate to ensure that we don’t end up with a fractured world of NGOs that doesn’t benefit the end user. Mercy Corps urged NGO and UN agencies to focus less on technology and introducing identity products and more on working together to develop sector-wide solutions that serve the needs of end-users including health, education, livelihoods and more: “This isn’t a race to find the most innovative technology and be the first NGO or UN agency to employ it. It’s to improve an end-user’s access to services and ensure their benefit is the primary driving force.”
About the speakers and their organizations’ work in identity space:
- Rosa Akbari helps Mercy Corps field teams leverage technology in sustainable and responsible ways. Practical focus on humanitarian cash transfer programs, which includes (digital) ID management in complex implementation environments. Mercy Corps’ work in identity space include: (1) raising awareness around how to access proof of identity documents (Jordan); (2) helping refugees meet KYC in order to receive digital payments in places like Uganda, DRC (3) Piloting Simprints open source biometric solution in Northeast Nigeria as part of *verification* process within CTPs. Mercy Corps is also beginning to explore partners that offer services to *create* interoperable digital IDs.
- Kim Cameron wrote the seminal paper on “good identity” (the Laws of Identity) in 2005. Chief Architect of Identity at Microsoft, responsible for Azure Active Directory and consumer identity products since the early 2000’s. Microsoft focused in two areas: (1) Enterprise: Microsoft operates a cloud service for enterprises, organizations, and governments enabling them to interact with individuals in the way that supports good identity. It accepts identities from different sources and connects people into the organization’s existing infrastructure. (2) Personal: Microsoft has a project of turning people’s identities over to their owners (i.e. end-users). These identities can convey claims issued by governments and organizations, but overall identity belongs to the user and they control it. Microsoft intends to transition technology from the old model of organization managing your identity to you as the end-user controlling it in conjunction with claims you obtain from organizations.
- Christine Leong leads Accenture’s Digital Identity Innovations group, led the ID2020 work on behalf of Accenture and is the project advisor and author for World Economic Forum’s recently published white paper on ‘Identity in the Digital World’. Accenture is At looking at the full range of identities in the digital world, from enterprise identity to identity of you and me, of things, natural resources and virtual entities. In the new model, Accenture is focusing on how consumers use identities and focus on how different entities would need to work together in order to better serve their end-users and enable users to use and re-use their identity.
- Paige Nicol leads Strategy & Insights for Luminate, part of the Omidyar Group. Since 2016, she has worked closely with the team building Omidyar Network’s portfolio of work on Digital Identity. Omidyar Network provides a combination of grant making, partnerships, and investments, all in pursuit of the goal of expanding access to “Good ID” that is private, secure, and controlled by the individual. Some of Omidyar Network’s larger global partnerships have been with the World Bank ID4D program and the World Economic Forum. Omidyar Network has also worked to introduce user perspectives and more rigorous evidence into the debate, especially through initiatives like the State of Aadhaar report.
References and Resources:
- Mercy Corps Cash Transfer Implementation Guide
- Decentralized Identity Foundation (DIF) is an example of the establishment of open standards by the tech sector. Through such standards they seek to establish an open ecosystem for decentralized identity and ensure cross interoperability.
- The Laws of Identity on the Blockchain, by Kim Cameron
- MOSIP: MOSIP provides a secure, standard-compliant, vendor-neutral, affordable, scalable, and customizable platform to build a digital national ID system. It is being made available for free, as a public good, by the International Institute for Information Technology – Bangalore (IIIT-B) through GitHub and at www.mosip.io. Morocco is the first country to use MOSIP to implement its national population register for delivering social safety programs to its residents.
- Omidyar Network’s POV about Digital ID and Privacy - suggesting several characteristics of empowering digital identity systems.