Deloitte Perspectives: In Search Of A National Identity
Why distributed ledger technology might help overcome Britain’s opposition to a national identity scheme
The World Bank estimates that over one billion people cannot officially prove their identity. Verifying who we are, to institutions and to people, is of paramount importance to societal and financial inclusion. The concept of universal digital identity, where all individuals are able to assert and prove who they are through an accessible identity has often been discussed as a means of achieving this. Despite the huge social benefits, there are several considerable barriers to verifiable universal identity, which are both technological and political. These however, are starting to be overcome. Examples of progress include China’s impending social credit system, and 99% of the Estonian population having access to the nation’s digital e-identity, which could hold important examples for the UK. These models, when combined with distributed ledger technology might create the ideal ecosystem for a new way of managing our identity. This blog will look at the future of digital identity and how it could benefit British citizens and the provision of government services.
Universal digital identity holds out a promise of substantive social change. It is therefore of no surprise that one of the most ambitious schemes being implemented is India’s Aadhaar scheme. The unique 12-digit biometric identification record issued by the Indian government, is believed to have already delivered significant social benefits. The scheme has been linked to a wide range of public and private services from financial services to telecoms. A study by ID insight, an international research agency, found that between 2017 and 2018, 76% to 95% of new bank accounts opened in different states in India relied on this form of biometric identification. It is now significantly easier for Indian residents to set-up and access bank accounts, set up phone contracts, access healthcare and more easily participate in the financial ecosystem.
So how then, might a distributed or ‘self-sovereign’ identity platform be the answer? Could a decentralised network offer a more appealing alternative to a centralised identity scheme, allowing the government to leverage all the benefits associated with digital identity, while ensuring the project remains palatable for weary Brits? Most distributed identity platforms rely on blockchain protocols to create a decentralised ecosystem for the secure management, verification and sharing of identity credentials. Users have the ability to create and own their identity data, which is digitally signed by trusted third-parties (e.g. a government authority) to ensure its validity. Once verified, the user can then determine which organisations have access to this data. Private operators, governed through a framework of data standards, provide enabled services (including data storage) and secure access to users. Such a platform could provide a way to offset challenges around centralisation by creating an ecosystem for customer-owned identity, delivering increased security and no single-point of failure. Greater trust between counterparts within digital transactions might also provide a means of limiting fraud and identity theft.For Britain, personal identification has played and still does play a huge role in society, from wartime identity documents, the New Labour government’s attempt to introduce biometric identity cards, to news that the NHS has begun building its own platform for ID verification. When Brits want to set up a bank account or travel abroad they need to be identified. There are still systemic challenges with the current centralised identity model. Issues around data sharing, coupled with the UK still being stuck with a series of hard copy documents, including driving licences and passports, are highlighting the challenge that better forms of ID verification could deliver better results. Why then, does it not have its own citizen identity scheme?
National identity schemes are widely used and accepted across Europe. However, Brits appear to be much more comfortable fumbling around stuffed wallets for multiple proofs of identity, only useful in very specific circumstances. A driving licence might get you into a nightclub, but won’t be much use getting you through immigration at Paris’ Eurostar terminal. The UK government has historically struggled to win over a sceptical public that sees a centralised ID scheme as unnecessary surveillance. Britons are inexplicably repelled by the thought of a central national identity programme. Public concerns around an Orwellian state and the risk to data privacy have kept successive governments from implementing a full identity register, opting instead to provide limited digital services through more manageable schemes such as Gov.UK Verify.
The challenge with a centralised identity platform is that it is often reliant on a single institution, responsible for holding and managing a central database of identity data. This is not aligned with how customers want to manage their identity, or how regulators want customers to manage their identity. In a post-GDPR world where the focus is on customer control and ownership, managed data and the ability to share information between different organisations; centralised identity schemes appear to be an imperfect fit. This is where distributed identity might provide the key to an efficient identity system that is also acceptable within British society.
The government clearly stands to benefit. Government agencies are likely to continue to administer the issuance and control of key identity documents. Standards, regulatory compliance and the validity of government issued credentials can still be tightly controlled by public authorities (or delegated to trusted private service providers), while handing off the cost and political sensitivity of owning the identity infrastructure to the market. Citizens in turn, are empowered with a single, universal identity record, control of their data and access to a rich ecosystem of digital public and private services.
This ecosystem could mean that third parties, from mortgage providers, to GPs surgeries, to bars could verify the specific information they need to complete a transaction without having access to all the identity records of a given individual. Take proof of age as an example. Today, an individual is forced to share an unnecessary amount of information with a bar trying to confirm whether they are above the legal drinking age. Your driving licence provides the bartender with access to not only your date of birth, but also your address, full legal name and driving qualifications. That’s assuming the licence shared is even genuine. What if an individual could share an “over 18” claim, digitally signed by a trusted third-party (your bank, for instance), perhaps in conjunction with a verified photo, without sharing any of the underlying data found on a driving licence. Not even your date of birth.
There are of course constraints with the use of distributed identity platforms. Blockchain is still a relatively young concept at only nine years old. Identity platforms enabled by it are less mature still. Live implementations are hampered by the lack of universal standards, scalability issues, and questions around the storage of data in a GDPR-compliant fashion. These are linked to an ongoing debate around the use of private (limited to permissioned actors) or public (open to all) blockchain protocols and the associated risks and benefits. Finally, the realisation of a universal identity ecosystem requires collaboration across all facets of government and private sector. This will take time to gather momentum but is already in motion.
Nonetheless, giving people the ability to create verifiable identities that they hold and manage could be very powerful. The opportunity is too great to ignore. Benefits counted, there are also external pressures from Brexit to GDPR, that are helping to build a convincing case for a new identity solution. Distributed identity is a chance for Britain to rework how information is shared and make wallets slimmer as a result.