Governments around the world have different systems for identifying their residents. Many countries are surging ahead to institute digital identity systems for both on and offline purposes. How such systems are designed, and what measures exist to protect citizens from harm, are influenced by not only the government, but the biggest technology companies and global governance institutions like the World Bank.
Digital identity systems aim to combat a big issue for government: an estimated 1.1 billion people in the world lack any form of legal ID. These unidentified people risk exclusion from government services while causing issues regarding accurate population statistics.
The UN acknowledges this problem in its Sustainable Development Goals that has called for “providing legal identity for all” by 2030. This general need for legal identification for all is interpreted by many as a call for all-purpose biometric, digital ID systems, as opposed to physical IDs.
For example, the World Bank’s Identification for Development Initiative encourages developing countries to “leapfrog” to biometric and digital IDs to curtail fraud and increase efficiencies. This leap, however, brings with it new risks and concerns and should not be uncritically embraced.
Digital ID systems typically tie together multiple pieces of data about a person, which could include home address, citizenship status, marital status, financial information, and often their “biometrics” (a photo, fingerprints, iris scans or even DNA). This information may be used for everything from collecting tax payments, to allocating food subsidies, to voter identity authentication. These systems may use chip-based smart cards containing biometric data or unique number IDs for those who use mobile-based identification and authentication. Potential linking opportunities within these systems create a powerful tool for mass surveillance.
In practice, many of these systems have not lived up to stated aspirations. They are often built and administered by private companies under opaque government contracts that offer people little, if any, option to identify problems or complain about errors. The consequences of a system like this can be dire, especially for marginalized or vulnerable populations.
India uses an ID system called Aadhaar which has become a mandatory prerequisite for accessing essential public services and benefits like education, healthcare and food subsidies. Yet technical errors and glitches in the system have actually prevented some Indians from accessing vital resources like food subsidies. And in multiple incidents, millions of Aadhaar card holders’ private data has been leaked on the internet, leaving personal identification information open for misuse and harm.
In 2017, civil society advocates challenged the Aadhaar scheme on privacy grounds in India’s Supreme Court. Although the court ruled unanimously to uphold privacy protections as a fundamental right, the Aadhaar scheme has proceeded apace. Technology and policy experts have worked to expose the security and privacy problems in the Aadhaar system, but their efforts have not been well-received by officials.
India is not the only country that has seen robust civil society resistance to a national ID system. In Kenya, human rights groups took the government to court over its soon-to-be-mandatory National Integrated Identity Management System (NIIMS), which was intended to capture people’s DNA information, the GPS location of their home, and more. Kenya’s High Court suspended key components of the plan in April, thanks to these petitions from civil society.
On the other hand, Estonia’s digital citizenship program has been lauded for its accessibility, strong (though not flawless) security protections and robust integration with state agencies. It is designed to put control in the hands of users, rather than the ID authority or the requesting entity.
Implemented correctly, ID systems can empower vulnerable and underrepresented populations but it’s far from clear that digital (and especially biometric) systems are necessarily the best way to go about this. Without adequate protections, state agencies may use these systems to conduct surveillance, profile voters, or exclude communities. Private companies will have the opportunity to take advantage of the ability to link discrete databases, affecting people’s privacy, safety, and online lives in ways that we are only beginning to understand.
For the many national governments still contemplating adoption of a national ID system, these examples should be instructive. Emerging research initiatives seeking to evaluate these systems and their positive and negative effects on people’s lives will be instrumental in charting the path forward. For digital ID systems to empower communities adherence to constitutional and international human rights standards, must be baked into their design and implementation from the start.