top of page

Reimagining digital identity: an urgent need

In light of our transition into the digital age and the staggering number of nearly 850 million individuals who continue to lack proper legal identification, there is an urgent need to prioritize the development of a new identification system. The World Economic Forum (WEF) has recently released a report on "Reimagining Digital ID".

Numerous organizations and governments have been actively exploring diverse strategies for digital identification. For instance, the European Digital Identity initiative aims to offer a personal digital wallet for EU citizens, residents and businesses, effectively allowing them to gain access to both public and private EU services. And at home, Canada has been moving faster than we might think on the matter of digital ID, with the Canadian provinces of British Columbia, Alberta, Ontario, Quebec, and Newfoundland and Labrador reported to be working on digital ID plans.

Indeed, it was with great pleasure to hear about the collaborative effort between the provinces of Quebec, Ontario and British Columbia at the recent conference organized by ULaval in May “Colloque - Tendances Récentes en Blockchain: Les Infrastructures Gouvernementales et Sociétales du Futur.” Notably, Quebec is already quite advanced in its exploration of the Service québécois d’identité numérique (SQIN, pronounced skin), having completed the alpha phase (where it confirmed its minimum viable product, MVP) and currently in its continued development and testing of that MVP (beta phase).

This report from The World Economic Forum (WEF) places significant emphasis on one specific approach: Decentralized ID (DID), also referred to as Self-Sovereign Identity (SSI). This approach aims to empower individuals with the ability to manage and control the sharing of their personal information and data, while facilitating the participation of various entities in contributing attestations or credentials. A DID approach could also provide greater privacy and security for individuals' data, as well as improve verifiability of data and enable data minimization at scale.

Lots of benefits

Specifically, through the use of cryptography, digital wallets and related technologies, DID allows different entities to issue credentials, while providing the following benefits:

  1. Empower holders, increase control over credentials, sharing information on a more granular way and enhancing privacy

  2. Increase efficiency, reducing the number of intermediaries by allowing individuals to exchange credentials directly with one another or a service provider through the DID system

  3. Enhance effectiveness, reducing redundancies in the verification process, notably by reusing credentials

  4. … which could in turn increase convenience, reduce risk and diminish costs

Importantly, DID attempts to strike a balance between Web3 transparency of public blockchain protocols (Bitcoin and Ethereum) and anonymity of certain protocols like the one of the virtual currency mixer Tornado Cash, that is: “to protect individual privacy and control while facilitating compliant access to goods and services.” (p.11)

Moreover it presents an interesting alternative and benefits over the current ID paradigm of centralized and federated models that dominate today’s internet. The paper rightly emphasizes “the rise of surveillance and data harvesting at the expense of institutional security and individual control” for instance, that poses a threat to privacy, but also the amount and extent of personal information being collected for purposes of carrying out KYC (Know Your Customer), AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) and other due diligence processes, through centralized organizations which can also have the impact of undermining privacy and access, and leading to insecurity and high costs in addition to increasing and creating cybersecurity risks - to name only these (p. 11-12).

Adding to this, is the threat that artificial intelligence (AI) poses to privacy and its potential to break authentication mechanisms, which makes the development of digital ID systems capable of preserving privacy while providing reliable authentication even more relevant with the increasing use of digital technologies across all spheres of our lives. As with other use cases of blockchain, the objectives can differ across different users, different jurisdictions, reflecting the current internal and external context. The report emphasizes the “values of privacy, security, inclusiveness, utility, appropriateness and choice” as key guiding principles of DID, outlining the importance of intentionally and clearly determining the priorities in its context, given its context, so as to better mitigate the risks. Similarly, the costs and benefits of implementing DID (as with any approach of ID) ought to be carefully weighted. And as with the approach taken by the Quebec government, the end users (i.e. Quebec citizens in this case) should be at the center of these decisions, of the solution.

Source: World Economic Forum, Identity in a Digital World: A New Chapter in the Social Contract, September 2018.

Risks remain and must be addressed

Various technological innovations and standards support digital ID, all with various potentials as well as important limitations that must be assessed against those guiding principles. These include Verifiable credentials (VCs), Zero-knowledge proofs (ZKPs), and Soulbound tokens (SBTs), among others (see Chapter 2 for a discussion on the subject). These are continuously adptating to meet evolving demand, needs and mitigate some of the challenges and risks. It is no surprise that ZKP received over $700 millions in investment in 2022 from venture capitals (CB Insights (2022); BlockZero Analysis (2023)). According to the paper, some of the risks to consider also apply to analogue or paper-based forms of ID, including:

  • Political risks: In some cases, such as when issued by social media companies, digital ID could weaken democracy and civil society, to the extent they could be used to contribute to political polarization - as advanced by the Trust Over IP Foundation.

  • Data exploitation risks: To the extent that credentials are stored centrally or accessible by organizations that want to commodify the data, then certain forms of digital ID could open the door to data exploitation. However, highly sensitive data such as biometrics or ethnic affiliation for instance should simply not be collected. And while digital ID aims to mitigate this risk by allowing them to store their data themselves or with greater control, the use of a third-party to help manage their data could reintroduce that risk, notably through linkability across domains that use a common identifier. Implementation choices can however mitigate this risk too.

  • Technical risks: they give rise to the possibility of data leakage or theft in addition to technical risks and limitations that are specific to each technology (e.g. around privacy and data-protection by storing information on-chain as with SBT, or the ability of a credential to be changeable or revocable) and in some cases symptomatic of the relatively technological immaturity.

  • Risks of exclusion, marginalization and oppression and of amplifying existing risks in this domain: With about 21 million Americans without official ID, which has been linked to exclusion from full participation in society, digital ID could reify conditional access and therefore magnify these risks.

And transcending all these risks is that of an uncertain regulatory landscape.


Obstacles along the way

However, there are several barriers to implementation, and different solutions (decentralized, hybrid or otherwise) will pose different challenges as well. Among those outlined in the WEF paper, we note the following ones:

  • Technical immaturity and a lack of standards alignment, fit-for-purpose user-experience design (and more), meaning: developers are still experimenting and standards, even the best ones, are still evolving to responding to these learnings but also quickly evolving nature of these technologies, such that a lot more work is still likely needed. Additionally, the difficulties of standardization may represent obstacles to interoperability, without which vendor lock-in risks will arise. And the paper rightly notes also that “many decentralized approaches also lack effective user-interface and user-experience design”, notably when it comes to user account key changes and recovery or even simply keys management. But even if solutions become more user-friendly, scalability will require user education and depend on their ability to develop the skills needed to manage wallets and keys, and as briefly touched in our white paper regarding custody, this may not be as simple as thought with the variety of options and elements to consider.

  • Policy challenges to the development of decentralized ID, including the lack of-assurance official ID in some jurisdictions and enabling policies and/or political will. For the latter, the WEF provides the example of the US, where “an absence of sufficiently enabling policy effectively discourages leveraging reusable credentials to fulfill know-your-customer (KYC) processes.” (p. 22) Similarly, without regulations or policies to develop privacy-enhancing technologies, stakeholders may lack the incentive to develop these systems.

  • Various governance and implementation barriers, including communications, utility, economic viability and exclusion-related obstacles. Ultimately, without clear utility and recognition of digital ID, demand and thus scale will be unlikely. And given the aforementioned technological challenges as well as the “myriad conspiracy theories linking digital ID to untrue and malicious speculations” (p. 23), the communications challenges regarding any decentralized ID systems will make explaining the benefits of these technologies this much more difficult. As for the economic viability of a decentralized ID system, given the costs, efforts and challenges involved, incentives are likely needed to develop an effective business models so that the network of issuers and verifiers can scale the system. An alternative view that has emerged though is that of approaching digital ID “as a digital public good, with governments shouldering the burden of costs.” (p. 23) As with other blockchain-related innovations, the education and communications efforts are a long-term investment that must be made so that all stakeholders can apprehend these innovations and their news, to make informed decisions. Lastly, but not the least, the challenges of exclusion, even in implementations that focus on advancing inclusion, will persist, and will require addressing the digital divide and for the systems to be able to function in low- and no-connectivity environments (note that technological advancements have been made in that regard and are currently being tested in contexts of CBDCs, although more effort will be needed).

“Fragmented and uneven access to digital tools and services, as well as a lack of basic digital literacy, can stymie the progress of any technical solution, especially one as complex as decentralized ID. Indeed, even in areas with connectivity, individuals can be excluded from participation in the digital world due to factors including cost, language and literacy.” (p. 24)

Last recommendations

The WEF concludes with a set of recommendations to address these risks and challenges, as outlined in the table below:

Looking at these recommendations, one can appreciate the complexities of bringing a DID system to market, and importantly scaling it to widespread adoption to reap its full potential. While Quebec’s SQIN shows the province’s leadership in the development of a digital ID system and that it is more advanced than most would think on that front, much work remains to be accomplished beyond the technological exploration and before the population sees a full, at-scale deployment.

Notably, talent development (public AND private), public-private collaborations and policy and regulatory framework investigation/design are all key elements that will require more focused and dedicated attention in the coming years. Education at large will be a massive undertaking as well, in order to develop trust and ensure effective communication of the use and value-added.

Blockchain innovations have received quite a bit of bad press over the past year, and are often attributed/confused with Bitcoin (which uses a fully decentralized blockchain, and which would not be the case for a government-controlled digital ID system) or other cryptocurrencies, without taking into account the wide variety of blockchains and use cases of blockchain. Strategic public-private collaborations could help address this challenge while also promoting the development of a strong digital ecosystem across Quebec and contributing to developing the talent both in the public and private sector. A policy and regulatory assessment that looks both internally but also externally (in other regions and other use cases of digital and blockchain innovation such as CBDC or real asset tokenization for instance) could help inform future policies and regulations.

As a leading blockchain and digital assets consulting firm, we firmly believe in the transformative potential of Digital ID. It is our mission to help governments, businesses and institutions leverage this powerful tool to drive innovation, improve efficiency, and build trust with their stakeholders. Thanks to our diverse team of professionals that combine strategy, finance, risk, economy and policy as well as technology backgrounds, we have a holistic view of blockchain-enabled projects and programs.


----------
For more information about SQIN, click here


64 views0 comments

Comments


bottom of page