Podcast 🎧 & blog: Digital identity – types, approaches, lessons learned
We could never say it enough – digital identity is a must-have to make societies more digital. It has been around for some time already, so it is natural that types and approaches to its development vary, between contexts and country specificities.
To explore these, Mark Erlich is the speaker of choice for a mini-series of podcast episodes on digital identity. He is the new Senior Expert on Digital Identity at e-Governance Academy. And with his 15-some years’ experience on the matter at Estonia’s Information System Authority, we take a deep dive into typologies and use cases of digital indentity, and lessons learned from Estonia’s, – one of the most digital countries – own journey.
Why we need digital identity in the first place
The short answer is rather intuitive. For the same reason why we need identity and means of authentication at all, even in the physical environment – to identify an individual in digital environment.
But what is the purpose? “Especially in the electronic environment, we need it to access services. Services that give us some kind of benefits or need to access our personal information to do so. All but those that don’t need to identify their customers, starting from an online shop and ending with a government portal, need to understand who you really are. And that you actually are the person you claim to be,” Erlich explains.
“Also, from the user’s perspective, we don’t want someone else to get access to our records or personal information, or the benefits we may be entitled to.”
A thousand and one ways to authenticate oneself
There is not one, single way to make and use identity. “Take a look at your regular life, at your wallet. You have many different loyalty cards there – each is an authentication tool, for this and that shop chain, or sports club. It identifies you as that specific person for that specific service provided. The same thing happens for government services in an online, electronic environment,” Erlich says.
But some identities, in fact, are less service-specific and more universal. “Such as a document issued by the government, be it a passport, a national ID, the driving license.” In this line of thought, we see that digital identities may take many shapes and forms – depending on the purpose, depth of personal information needed, universality.
As Erlich explains, three different categories differentiate usage and end goal of digital identities:
- Private sector-owned, used only for sector-specific services like banking, with potential bridges to other industry-related services too;
- Provided by companies, but more widely accepted by the public sector almost as equal as government IDs;
- Government-issued IDs, usually accepted for all public services, and often bridged for use to private sector service providers too.
Three key ingredients for effective digital identity development
Different types of digital identity imply also different approaches to their development. “Because everything is situation-based, it is not possible to just take one country’s model and copy/paste it to another context,” Erlich warns.
In the case of Estonia, the third instance among those mentioned, government-issued IDs were not the news – it was, instead, the high level of penetration in society reached within just three years’ time from their deployment (~80%). “Back then, in 2002, the second element of novelty was the development of eID as an open-source platform. No direct restrictions were put in place on anyone to simply start using it for authentication,” Erlich explains.
But three prerequisites, Erlich concludes, are to keep in mind for anyone starting to develop digital identity today:
- A functioning population registry, because you need to know who your residents are and who you are issuing and ID to;
- Some services already available online, the most important ones from both the public sector and citizens’ perspective;
- Enough capacity and resources to establish a framework of management for digital identity – with clarity on responsibilities regarding supervision, liability, and transparency.