ALDES

Digital Identity Briefing

The ALDES Digital Identity Working Group, formed to inform the debate around digital identity in the party, has now published their briefing. In their words:

The current debate around digital identity is far removed from the old concept of a national ID database. Moving proof of identity is not about copying paper documents onto a digital data base but rather about changing how we think about identity and credentials altogether.

This briefing is aimed at informing everyone, but specifically representatives. If you know a councillor, candidate or MP (and you think this is important), please direct them to this briefing - or send them a PDF copy, if they prefer to read it this way.

Useful concepts

Identity vs. credentials

An identity is an abstract concept made up of a collection of attributes (name, age, address, nationality etc.) An attribute can be proven by sharing a credential from a trusted source (passport, drivers license etc.)

You may have many identities such as your:

  • Workplace, school or ‘church’ identities
  • Online identities used on gaming, blogging or social media platforms
  • Consumer or social life identities

Credentials are proofs of claims about any of your identities such as proof of age, name or nationality. This is commonly what is required by a ‘proof of identity’ check. A full description of the identity is not required but rather proof of one claim about that identity is necessary.

Validation, Verification & Authentication

Validation means that the credential is confirmed to be real e.g. checking the hologram on a passport or comparing an address with the Royal Mail Address File. Further validation may include checking that a credential is still ‘live’ i.e. not stolen or replaced.

Verification is the process when the valid document or credential is matched to the identity in question.

Authentication is used to describe subsequent proofs after the primary verification process has occurred. In other words, the account owner has been verified once and now a password or security question might suffice to confirm that it is the account owner making requests.

Current ‘credential checks’ in the UK

The UK has a distributed system of identity primarily made up of: birth certificate, national insurance number, NHS number, passport, drivers license.

Other specific use systems are available such as the ‘proof of age’ card. And proof of address or name may be supported by council tax, utility bill or bank documentation.

All of these systems rely on a ‘hard copy’ document or card and for many regulated activities where proof of some attribute is required, manual inspection of these documents is written into government guidance e.g. age verification for alcohol purchasing.

Concerns

Over-sharing: Current proofs favour the general-purpose ‘photo ID’ systems such as passport and drivers license. By sharing a general purpose document, the citizen must provide far more information than they may wish e.g. providing your full address when you only wish to prove the claim that you are over-18.

Prohibitive costs: the application fee for a passport is £75-85. The cost of a drivers license is more than £1000 when lessons are taken into account. Because of the risk of poor validation (see below), often multiple forms of credential are required for a single transaction.

Poor validation: Although these hard copy ‘documents’ are often difficult to forge (pushing up costs) there may be many variations in circulation (200+ when foreign variants are included) and staff at any checkpoint may be poorly trained to spot forgeries. Generally there is no system for checking if the document has been stolen.

Poor verification: Staff at any checkpoint may not be well trained in comparing likenesses and/or human error may come in for manual/visual inspection.

Abuse/ conflict: Staff at any manual inspection can be the subject of abuse if they are considered personally responsible for a decision.

Spread of infection: Covid19 has shown the dangers of passing documents between individuals for manual and physically close inspection.

Current digital identity in the UK

Government

The UK government (GDS) produced a system called Verify. The system allowed citizens to prove their identity to Government services (HMRC etc) by sharing credentials from a very limited number of trusted sources e.g. some banks.

The system was considered a failure by the Public Accounts Committee and public funding was announced to be ending in 2018. Limited scope led to limited use and targets were not met. Its use has been prolonged for another 18 months as a result of the Covid19 crisis.

Subsequent announcements have indicated future identity development will involve a much broader, more open ‘market’ of digital identity providers.

Private sector

Several digital identity providers exist in the private sector already e.g. Yoti, Onfido.

These providers work around government reliance on hard-copy credential documents.

The process tends to follow:

  1. An individual registers an account with an ‘app’ on their smartphone
  2. The app takes multiple photographs of the individual and the system uses these to validate that it is a real person (not a mask or photo held in front of the camera) and to build a model for future verification and authentication tasks.
  3. The app validates hard-copy, traditional credential documents like drivers license or passport by reading NFC chips directly or by taking multiple photographs of the document and using AI to e.g. spot the shimmer of a holographic security feature.
  4. The system compares the multi-photo model of the individual with the image and description on the credential document to verify that the credential refers to the individual’s identity.
  5. When proof of credentials is required, the app takes more photographs of the individual to authenticate that this is still the same individual that has been linked to credentials previously.
  6. In order to share credentials with others, the individual can select what to share. To prove that the app is real and connecting to the trusted app provider, the shop or organisation demanding proof provides a code that is entered into the app. The app responds with a code that proves it is in contact with the expected app provider.

Benefits

Protection of original documents: the individual need only expose their high-cost documents once, subsequent proofs can rely on the smartphone alone. Smartphones provide lock and cryptographic protections that hard copy documents do not.

Control over sharing: the individual can choose to share only the credentials they wish e.g. “over-18” instead of “23 years old” or sharing only their date of birth without sharing their address at the same time.

Recording of sharing: the individual can keep a log of which credentials were shared with what organisations and when, allowing for better forensics of identity theft or other criminal behaviour.

Improved validation: these systems could improve the robustness of validation of credential documents via specialisation, having benchmarks and standards, and removing human error.

Improved verification: these systems should reduce human error in comparisons between credentials and the individual at point-of-proof.

Reduced conflict: by using a digital system as an external but definitive authority, there should be less aggravation directed at point-of-proof staff.

Reduced spread of disease: an app providing a single credential and confirmation code can present that information clearly enough to be shown at some distance, rather than handing over a compact, fine-script document.

Concerns

Technological standards: what accuracy does an app provider have in validation, verification and authentication; for how many credential documents? Lib Dem Lords recently attempted to amend the Business and Planning Bill to temporarily allow these systems to be used for proof-of-age checks in off licenses during the Covid19 crisis but concerns over accuracy, sensitivity and other technological standards resulted in the amendment being blocked by the government.

Data protection – user modelling: Many digital services today collect a lot of information about their users including behavioural or ‘profiling’ data. A digital identity provider could store a lot of high-value, sensitive information from credential checks e.g. proof of age. This behavioural and transactional data may be linked to private activities that the individual does not want tracked, modelled or even sold on.

Data protection – over-verification: If credentials can be shared easily then some service providers may request more than is required for their purpose. Users may not question this, taking the simplest route to accessing the service.

Data protection – cross-service matching: If digital identity providers make it easier to verify official credentials such as passport number then more services might request these unique identifiers to allow matching of users across services.

Conformity: Current passports enforce a binary gender definition. As digital systems (and data specifications) are developed, we should not continue to enforce such ‘norms’ and conformities, instead planning for adaptable specifications.

Next Generation digital identity – verifiable credentials

Government often sets the legal underpinnings for what documentation is acceptable as proof and it also manufactures and distributes the main types of documentation such as passport and drivers license.

Without leadership from government there can be very little development of digital identity as a market.

The primary development would be a move away from hard copy documentation (although this would still be available) and towards digital modes of ‘verifiable credentials.’

Requirements

The individual would need some software to store these digital credentials - a digital wallet.

This technology, already exists. Individuals already may use ‘digital wallets’ for crypto-currencies like BitCoin or for digital variants of their traditional bank debit and credit cards such as Apple Pay or Google Pay.

Using digital wallets for digital identity credentials would simply require the adoption of a technical standard for how these things should be shared, stored and secured. An emergent standard has been produced by the globally respected W3C.

Concepts

As per the Google Pay and Apple Pay wallets for traditional bank cards, the concept underpinning digital identity wallets is ‘choice’ and decentralisation.

It is expected that an individual would have a choice of wallet providers – so long as they match the basic requirements or standards set by government and industry regulations – and could store multiple ‘credentials’ from multiple sources of proof. Individuals may transfer their credentials from one wallet provider to another if they felt the service was better in some fashion.

Services may vary wildly but it is expected that the basic, minimal function would allow an individual to store multiple credentials securely and then to choose which credentials to share when asked. Such identity transactions would be conducted securely i.e. in an encrypted protocol like sending payment details via a form on a website.

Benefits

Benefits are the same as current ‘workaround’ digital identity systems in terms of reducing conflict at point-of-proof and reducing spread of disease. They could also include the same improvements for verification if desired (using the app, photographs and AI to confirm that the person holding the phone is the same as the one in the credential photograph) but this is not a necessary part of the wallet function.

Next generation systems also add:

Definitive validation: the digital wallet acts as a direct conduit between the official source of the credential (e.g. UKPO or DVLA) and the organisation conducting the credential check (casino, off license etc.) There is no need for smart AI algorithms and technical benchmarks to say that the wallet is correctly validating the hard copy document. The digital credential proves itself to be authentic.

Reduced cost: removing the need for any hard copy documentation may open up official credentials to more individuals and reduce cost for the taxpayer.

Cryptographic protection of documentation: better than simply ‘keeping documents at home’ the removal of the need for documents puts official documentation into complete cryptographic protection.

More control on disclosure: digital, verifiable, credentials allow for partial disclosure inherently. The individual is not reliant on the wallet or app provider to facilitate partial disclosure of their credentials – they just require a credential issuer to support that facility.

Concerns

Similar concerns exist for this technology as with the current work-around digital identity systems. The technology is far simpler however and so there are fewer concerns about technological standards and benchmarks.

Data protection is a concern because the wallet provider or any other service providers may ask for more information than is required (the individual needs to know and care to enforce their rights) and may attempt to build up logs of transactional and behavioural data.

Enforced conformity remains an issue for any new digital representation of old paper concepts. We should not stick to a rigid idea of “only two boxes fit on this form” and we should not simply convert paper forms or formats into digital files. Digital transformation allows for adaptable and flexible formats and we should utilise this where possible to reduce enforced conformity.

Recommendations

  1. Open market approach: Since the failure of Verify, the UK government has indicated that it will pursue a more open market approach (rather than working with a limited few providers). This should be supported and, used to emphasise the sort of distributed, decentralised approach that is facilitated by next generation technology.
  2. Government leadership: It is not sufficient to rely on ‘workaround’ technologies as we are seeing at present where concerns are then raised regarding the accuracy of document and credential validation and verification steps. The government must show leadership and:
    • Adopt and enforce a technical standard for ‘verifiable credential’ sharing that is acceptable to its agencies and bodies such as the W3C standard on verifiable credentials.
    • Create or adopt an acceptable digital wallet to ensure there is at least a number of providers in the market
    • Turn official UK credential issuers into digital credential issuers-Turn official UK offices into the first receivers/accepters of digital credentials.
  3. Strengthening of data protection: GDPR already protects individuals from many of the concerns raised in relation to this technology but we also see companies hiding behind unreadable service agreements or relying on consumer apathy to gain the ‘consent’ to conduct considerable monitoring and profiling activities.
    • Data protection legislation must be maintained and perhaps strengthened
    • Regulators may require more powers
    • It may be necessary to legislate a blanket ban on e.g. recording transactional behaviour via these services (rather than relying on informed consent from the public)
  4. Technical standards to enforce data protection: Where the government will need to set a benchmark is in choosing a global standard for its own issuing of credentials, thus driving the standards underpinning the market. The government must adopt a standard such as the W3C verifiable credentials standard that inherently empowers the individual to limit disclosure of credentials and otherwise increase the individual’s control over their credentials, data and identity.

Summary

The current debate around digital identity is far removed from the old concept of a national ID database.

Moving proof of identity is not about copying paper documents onto a digital data base but rather about changing how we think about identity and credentials altogether.

As with most digital concepts, a large part of digital credential service provision is decentralisation and distribution of services, it is not desirable (outside of government) to have a single, national system.

As with many digital services, the user or individual can have a lot more control – they are facilitated to give consent and in more nuanced ways (using their DVLA credentials but no longer releasing their address at the same time as proving their age for example) but there is a risk of individuals following the easiest route and not proving fully informed consent.

There is a risk of greater tracking of transactional and behavioural data – more profiling of the individual by corporate interests. Currently showing your passport at a nightclub does not inform the government or any 3rd party service providers of your behaviour – a digital service or network of digital service providers could choose to store that information and invasively profile individuals in new ways.

Beefing up data protection legislation and regulators, setting higher standards or even setting technical standards that prevent negative behaviour are all possible remedies to avoid or reduce extensive profiling and should arguably be applied for existing technologies, not just digital identity.

Next generation technology is actually simpler than the current AI-driven ‘workaround’ approaches to digital identity. Simple emerging standards allow for credentials to be verified definitively with a few lines of code rather than relying on complex and ‘smart’ systems that can visually identify traditional holographic standards on plastic cards held in front of a smartphone camera.

Part of the simplification of next generation identity systems means that there should be even more of an open market approach and even if data protection regulations are not changed, it is likely that civic groups will produce their own data protection enforcing offerings for the market.

Liberal Democrats have some clear recommendations that reflect traditional liberal values – an active government to seed an open market approach, with strengthened protections and independent watchdogs to protect the individual The approach is a science-based transformation of outmoded systems and provides more control for the citizen while ensuring that the state doesn’t take too much control itself.