Digital Identity — why it will never be truly global

ˌīˈden(t)ədē
noun
the fact of being who or what a person or thing is.
synonyms:name, ID

The term “identity” draws many connotations. There are different ideas and arguments on what it is, who owns it, and who has the right to issue one.

That is not what this article is about.

Here, we will cover the nature of digital identification as it is used in practice. No pie-in-the-sky ideas with limited relevance to existing economic conditions and regulatory bodies. Here are things as they stand and this will show you why we have a segregated, inefficient system; more importantly, why there is nothing wrong with this — for the time being.

Why providing citizen service is a precursor to anything else

India

There are so many jurisdictional differences with a wide breadth of coverage, that it does not make sense for digital identity to be global.

Government services such as social security, and fundamental needs like food rations and child care benefits are a necessity for larger populations in the world.

Government entities need to be certain that individuals are who they say they are, with a means to track and distribute their services; especially in areas where the potential for malicious actors is higher. This goes beyond credit card theft and can threaten basic needs such as food.

This brings me to Aadhar; India’s recently released digital identity service which uses biometrics such as fingerprints and iris scans, along with a unique identification number to enable a seamless method of verification. Now, let’s not sugarcoat it. This is a contentious topic, especially with libertarians. But for a country of 1.4 billion people that currently struggles with providing individuals with access to basic fundamental benefits, this is a progressive step.

Did I mention that it is linked up to Indiastack? IndiaStack is a set of APIs that allows governments, businesses, startups and developers to utilise Aadhar to access India’s market and develop solutions and streamline the way business is done.

An open source link to Aadhar that enables delivery of documents, payment gateway and infrastructure. All in an attempt to streamline the way business is done.

I’m not here to give an ideological argument, simply to lay out the state of the world.

Singapore

I have recently visited Singapore, a country with a population of approximately 5.6M. Similar to India, the Singapore government owns the capital stack and infrastructure, and therefore has the ability to pass economic and social changes through. As a result their services are more efficient, and believe me, Singapore is anything but lethargic.

SingPass is the Identity system rolled out to interact with over 60 Government agencies. Think about that for just a second, 60 different agencies, for a population of 5.6M

Estonia

Estonia, with a population of approximately 1.3M, has an e-identity system that is currently one of the most advanced in the world. Easier to implement within a smaller population, but the principles are essentially the same. Specific government services, over high level ideas such as portable self sovereign ID:

  • legal travel ID for Estonian citizens travelling within the EU
  • national health insurance card
  • proof of identification when logging into bank accounts
  • for digital signatures
  • for i-Voting
  • to check medical records, submit tax claims, etc.
  • to use e-Prescriptions

This goes back to the concepts of trying to integrate a one-size-fits-all solution across jurisdictions. Similar to a multinational company looking to expand globally, there are many variables to consider including local culture and standards, along with local regulatory bodies, systems and infrastructure. The world is not harmonized, much to the dismay of most.

Switzerland & FINMA

It is interesting to see how different governments and regulatory organizations approach forms to online identity. While you might see a lot of hype around self-sovereign ID’s and the internet, what people don’t see is that the scope of typical financial transactions is often different between regulators. Those digital KYC mechanisms are thrown out of the window, and you cannot participate in the financial system.

The Swiss financial regulator, FINMA, has a newly proposed method of online identity verification. This shows positive steps to improve the onboarding procedure for individuals.

One of the elements that was changed from the previous method of digital onboarding was the requirement of a money transfer from a bank in Switzerland. This requirement was restrictive for global business. They also removed the requirement for the use of using a one time password during a video identification procedure, another hurdle that was sometimes counterintuitive.

Among these additions to the new approval process is the requirement to use liveness detection during digital onboarding; a trend that is taking place around the world , which requires checks during the onboarding process to confirm that it is actually a real person who is registering using a system that goes further than a selfie but actually requires the individual to “look up, look left, look down” and a random screen is taken from that process.

There are many more countries that belong on this list, including some with e-identity services as well as those developing these services. The cross between all of these mini worlds on a global scale will be an interesting one.

Digital Identity and Customer Onboarding

Now, this is all great; different ID’s, different systems, different government benefits… we all see the use case. But what about products and services? We have all done some kind of identity verification and business transaction online, so, what happens there?

There is a difference between identity as it is needed from a regulatory perspective, and KYC which is centred around two fundamental questions:

Are you the person that you say you are?

Are you a malicious actor?

Financial transactions fall under different regulatory bodies regionally and globally. A fundamental reason these are monitored under stringent guidelines is a result of Anti-Money Laundering (AML), and Anti-Terrorist Financing which lead to different requirements as shown in the FINMA example above.

Securities and KYC

This brings me to my last topic : Raising capital. When buying shares of a company, one would want to know the details of their cap table and this means following regulation specifications. In some cases, it is counterintuitive to what is best practice in the identity space — but sometimes the world is far from perfect.

This is where we can differentiate between multiple elements such as document authentication, liveness checking, barcode checking and matching against global sanctions and watchlist databases. An example of this is FINTRAC in Canada, the financial standard that organizations have to adhere to. According to FINTRAC, it is not sufficient to use a passport, and liveness and checks to onboard your investor. Counterintuitive, like I said. To meet the requirements you must do a credit bureau and SIN check OR document authentication and get proof of residence. The former can be automated, the latter often cannot which puts certain firms in an advantageous position to offer these services: yet ultimately there is still friction for the end user.In closing

This article is by no means all-encompasing, but it is meant to show the different e-identity programs and digital onboarding regimes available in the world, and highlight that there can be massive jurisdictional differences depending on what kind of transactions you are performing. For this reason, while I am optimistic on novel ways to protect privacy and create digital identities — ultimately citizens of countries need access to government services and the ability to participate in financial markets, and I just dont see a short term — or even medium term where some of the new services are used for more than just onboarding for the next consumer web-app.

In closing

This article is by no means all-encompassing. It is meant to show the different e-identity programs and digital onboarding regimes available in the world, and to highlight that there can be massive jurisdictional differences depending on what kind of transactions are being performed. For this reason, while I am optimistic on novel ways to protect privacy and create digital identities, citizens need access to government services and the ability to participate in financial markets. I don’t see a short term or even medium term solution where some of these services are used for more than just onboarding for the next consumer web-app.

The world is kind of weird.

Q

Thanks Zafira Rajan and Alex Worthen for the edits

Comments, issues, suggestions? I would love to hear from you, drop a comment below…

read original article here