Digital Identity
Feel like remembering all your logon details is becoming a joke?
Knock, knock. Who's there?
Ivan
Ivan who?
Ivan't a clue who you are, can you identify yourself
(OK, so it's a bit weak but I'm working on it)
So, how do you identify yourself in a digital world? Do you write the same stuff, countless times, into each Government website, webinar registration, application for more information from a potential supplier or is there an easier way? Is this the time for a digital identity?
What is digital identity? And how do you prove who you are?
In the olden days, it was a case of taking your paper copies of things like birth certificates and utility bills to prove your identity for things like a mortgage. The paper documents had to be copied and checked and the company kept the copy in their files. Each individual company kept their own separate copy and does anyone know where those copies have gone? The proposed Digital Identity will be a trust framework, letting citizens and businesses know that the data is genuine. The government wants the software to be based on clear legislation to restrict opportunities for criminals.
The solution
Now there are 3 proposals to digitise your identity to make it easier to liaise with Government, the EU or companies that need to be sure that you are who you say you are. The idea behind the proposals is to make it easier, quicker, enable e-commerce and more importantly control the oversharing of data when we're dealing with businesses and Government agencies. Having to constantly prove your identity is especially annoying when dealing with Government agencies. For example, if you were applying for a driving license, wouldn't you feel annoyed that although a school had got data on you, including your age, that DVLA couldn't connect with that data to verify who you were, your age and your address. The type of information that would be stored on the digital identity portal and may be used is legal name, age, driving license, address, right to reside, to work or to study, professional qualifications, employment history. The amount of information that would be used to identify a person would be kept to a minimum. So, what are the 3 proposals?
The three proposals
The first one is the Data Protection and Digital Information Bill is designed to ease the transfer of personal information between citizens and private businesses. The second one is the Digital Economy Act was passed in 2017 and will enable the use of GOV.UK One Login. In both cases, the Government is very keen to say that these are not digital versions of ID cards, which have a mixed reception in the UK. Finally, the third one: the EU is designing a eID wallet which will work in all the member states. Where the UK is outlining guidelines for companies to design software to fulfill the idea of a transferable online identity, the EU has taken a different approach and will provide the software to use in each country.
My comment
I'm not surprised that the UK Government has taken a different approach as it has a poor record of commissioning and supplying software but my fear is that it will end up like the Cyber Assurance scheme. This scheme allowed many companies to provide a certification scheme, using the same framework, to award online companies proof that they met a certain standard. But out of the many companies that provided certification in the early days, it's now been trimmed down to just a handful and not every online/e-commerce company has put themselves forward to be certified because the whole process is so confusing and businesses just don't have the time to do something that's not mandatory.
Implications for event organisation
Could this digital identity scheme be used to allow entry into events? After all, delegates need to prove who they are in both cases but usually exhibition organisers need more information from attendees which they give to their exhibitors. As part of the exhibitors' package, access to the attendee data is the carrot, the opportunity to increase their mailing list and qualify the potential clients for their product/service. So, although the basic sign up process could be carried out quickly, the exhibitors want valuable information like who's got more purchasing power.
Pros and cons of digital identity
Time. It saves time and cuts down the risk of mistakes when trying to identify yourself across all the different Government agencies. It makes online commerce easier and controls the oversharing of data it's cheaper than face to face or call centre to ID someone and the digital identity can be used across many devices.
This all sounds wonderful but there are a few disadvantages, there's the danger of false digital IDs, delegation is not allowed, not everyone has access to the internet and it needs to have a large scale takeup for it to be effective. The ability to delegate is really useful if you've got someone who's suddenly incapacitated and you need to act on their behalf.
How's the EU version different?
EU is suggesting an eID wallet which will work in all member states. Findynet is a Finland based identity network based on a banking TUPAS eID identity system and will be used in the financial sector before being rolled out to other areas.
The UK's approach is to issue guidelines for service providers to create their own Digital Identity software within a defined framework. (It will be used in the financial sector first, then expanded out to other areas of commerce). The legislation, the Digital Economy Act, will also be used to develop the government identity verification system, gov.uk One Login. Although it wasn't going to be used for health and social care, this will now be changed.
To sum up
Digital identity has been legislated for and is being worked on to provide members of public to store essential details to share them with the Government, various agencies and companies. Legislation restricts the amount and type of information that's collected and defines its use to give control back to the citizen. It's designed to save time (and frustration) and to make business easier but whether it's a criminals' charter to hijack our identities, we don't know. Has it any use for event registration, perhaps but exhibition organisers usually want much more information than the details currently proposed for the Digital Identities. Would the EU version be any better? Too early to tell.
Resources
- https://www.gov.uk/government/publications/the-uk-digital-identity-and-attributes-trust-framework/the-uk-digital-identity-and-attributes-trust-framework
- https://www.lawsociety.org.uk/topics/anti-money-laundering/digital-id-trust-framework
- https://www.techuk.org/accelerating-innovation/digital-identity.html
- https://www.pinsentmasons.com/out-law/news/uk-government-launches-consultation-on-greater-data-sharing-across-public-sector
- https://www.pymnts.com/authentication/2023/united-kingdom-digital-identity-verification-legislation-promises-improved-interagency-data-sharing/
- https://bills.parliament.uk/bills/3322
- https://www.gov.uk/government/consultations/draft-legislation-to-help-more-people-prove-their-identity-online/consultation-on-draft-legislation-to-support-identity-verification
- https://gds.blog.gov.uk/2022/06/16/how-we-are-improving-inclusion-for-digital-identity-in-government/
- https://www.ukas.com/accreditation/about/developing-new-programmes/development-programmes/uk-digital-identity-and-attributes-trust-framework/
About the Author
Leave a comment