4 principles for securing the digital identity ecosystem

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Colin Soutar, Managing Director, Cyber Risk, Deloitte

  • With services increasingly digital, proving identity online remains critical.
  • Cross-system use cases require a common meaning of trust.
  • Increased security and confidence in identities can incentivize greater participation.

When we travel through airports with passports that allow us to enter countries, it is sometimes easy to forget all the underlying steps that went into establishing trust between the issuing and the receiving countries. At a minimum, there’s the international standardization definition of a “neutral expression” for the facial recognition software; the passport’s machine-readable zone that carries our biographical information; the interface characteristics of the on-board chip; and, most importantly, the processes used to initially identity-proof the owner and their rights to the passport, and the subsequent authentication steps used to verify that they are in fact the one presenting the passport at airports and borders.

Just as a physical passport provides ease of movement, imagine the convenience of having your own digital identity “passport” you can present every time you want to access a new online service, without providing all the usual personal information and creating a username password, and other authentication factors. But while the online world – increasingly pervasive due to the global pandemic – does not require any standardized physical documents, identity-proofing and authentication are becoming inexorably more complex as users try to access a broad range of services and benefits without any direct, in-person interaction. For transactions of a single purpose, either in commercial or government sectors, self-contained identity solutions are nowadays often robust and easy to use. The challenges start to arise when we leverage credentials created by one system for use on another.

Why is this so hard? At the heart of the challenge lie two important inter-related considerations: trust and incentive. With travel documents, an issuing country has the incentive to allow its citizens to travel to other countries, and both countries have agreed on the operating conditions for the passport – so there is mutual trust. Securing the digital identity ecosystem matters because it can help to establish the basis for such trust online: among service providers, identity services, and – most importantly – users who will drive the commercial and government transactional engines.

This trust needs to be aligned, though, with incentives for the various parties. For example, users who manage and reuse their identity credentials like passports would likely be incentivized to drive greater online economic growth due to more convenience and confidence. Further, if commercial identity providers are incentivized to enable users to reuse credentials to access a multitude of services, then that helps limit the amount of unnecessary, replicated online personal information that consumers are required to provide. This would mean overcoming any liability concerns between the parties, or the natural tendency for organizations to want to retain information about their customer base for their exclusive use.

The 4 governing principles of digital identity
The 4 governing principles of digital identity Image: Deloitte

While there is still much work to be done around these considerations, the international trust aspect of digital identity is rapidly maturing. Based on supporting programmes across government and commercial organizations for well over a decade, Deloitte recently articulated four specific principles that are important to achieve broader, stronger and more convenient online transactions:

  • Digital identity solutions should be user-controlled and portable. This means citizens and consumers can easily access many online services with the same secure digital identity and not have to create multiple different ones for each service.
  • Digital identity services should be flexible and adaptive. Services should support the rapid integration of different end-user devices and authentication mechanisms – such as biometric technologies and low-friction solutions like behavioural analytics – based on evolving technologies and the shifting threat environment.
  • A broader digital identity ecosystem will likely emerge where verified information is consumed. For example, a citizen may establish reputational trust around their digital identity that can then be used to post online information or receive threat alerts, such as compromised email addresses or other information that may be shared among organizations in the ecosystem.
  • Strong digital identity systems should enable bi-directional trust. That is, governments need to know that authorized citizens are accessing services and information. But citizens also need to trust that they are interacting with a legitimate service, that their personal information will be protected, and that they can efficiently access services.

As noted, trust should extend throughout the full range of identity and service providers in the identity ecosystem. Although federation tools exist that help with technical interoperability (i.e. does the format of the data make sense?), there still remains a gap in defining “rules of the road” that can quantify the trust embodied in an identity credential: That is, are we really sure that the person presenting the credential is who they claim to be?

With respect to incentives, there is the potential for data-sharing among participants within a digital identity ecosystem. Such data could include shared threat signals, information on new vulnerabilities, profiles of emerging threat actors and broad information that helps unlock identity ecosystem-wide security capabilities in support of trusted transactions. This would allow governments and commercial organizations to deploy a layered approach that dynamically adjusts security controls based on the current known situational and transactional risk. It would also enable all participants of the broader digital identity ecosystem to have more confidence in the data that they rely upon and therefore encourage a richer set of participants.

What is the World Economic Forum doing about digital identity?

In an era of unprecedented data and ubiquitous intelligence, it is essential that organizations reimagine how they manage personal data and digital identities. By empowering individuals and offering them ways to control their own data, user-centric digital identities enable trusted physical and digital interactions – from government services or e-payments to health credentials, safe mobility or employment.

The World Economic Forum curates the Platform for Good Digital Identity to advance global digital identity activities that are collaborative and put the user interest at the center.

The Forum convenes public-private digital identity collaborations from travel, health, financial services in a global action and learning network – to understand common challenges and capture solutions useful to support current and future coalitions. Additionally, industry-specific models such as Known Traveller Digital Identity or decentralized identity models show that digital identity solutions respecting the individual are possible.

With the pandemic forcing greater online interaction, it is likely that a more virtual society will persist beyond the crisis. As such, a dynamic and cohesive digital identity ecosystem will be needed to enable citizens and consumers to more efficiently and conveniently navigate online, while governments and commercial organizations gain the assurance that they need to determine that benefits and services are going to the correct individuals. This virtual society will have many diverse circumstances – with use cases spanning a wide range of requirements for digital identities. But it is critical to achieve the right degree of trust and incentive that will instill the user confidence needed to drive economic growth for years to come.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

EU-Turkey leaders’ meeting, 9 March 2020

Humanitarian aid: EU mobilises over €18 million for the Central African Republic in 2019

COVID-19: MEPs urge quick action to prevent “huge recession”

Climate change is speeding up. Our response needs to be even faster

Here are 10 of the most urgent health challenges we’ll face in the 2020s, according to WHO

Mining the deep seabed will harm biodiversity. We need to talk about it

Syrian crisis: EU mobilises an overall pledge of €6.9 billion for 2020 and beyond

MEPs approve €585 million to support refugees from Syria

How listening to patients could change the way we tackle cancer

Brexit: MEPs concerned over reported UK registration plans for EU27 citizens

Mergers: Commission opens in-depth investigation into proposed acquisition of DSME by HHIH

How banks should prepare for robots going rogue

Yemen: UN Envoy ‘guilty’ of optimistic hope that war is ‘nearing the end’

How to promote Primary Healthcare to the Young Healthcare Workforce?

Youth unemployment: think out of the box

Where does our food come from? Here’s why we need to know

Human rights are ‘key’ for economic policymaking says UN expert

The Dead Sea is drying up, and these two countries have a plan to save it

European Agenda on Migration four years on: Marked progress needs consolidating in face of volatile situation

TTIP wins Merkel’s endorsement ahead of 2016 tough deadline

“Who do I call if I want to call Europe?” Finally a name and a number to answer Henry Kissinger’s question

How a new encryption technique can help protect privacy amid COVID-19

The energy industry is changing. Are governments switched on?

Rapid action needed for people to meet challenges of changing world of work

Scotland in United Kingdom: It’s either the end or the beginning of the end

MEPs approve EU’s spending in 2017

This is the environmental catastrophe you’ve probably never heard of

‘Eden bonds’: how rewilding could save the climate and your pension

Commission statement on the vaccine export authorisation scheme

This is how the coronavirus is affecting indigenous people – and how tech is bringing them together

It takes far too long for a rare disease to be diagnosed. Here’s how that can change

UN chief expresses solidarity with Indonesian authorities after flash floods kill dozens in Papua

Security of 5G networks: EU Member States complete national risk assessments

November infringements package: key decisions

Addressing the consequences of digitalisation in the Russia & CIS region

College meeting: European Commission reorganises the “Task Force for Relations with the United Kingdom” into the “Service for the EU-UK Agreements”.

10 months were not enough for the EU to save the environment but 2 days are

The European Green Deal must be at the heart of the COVID-19 recovery

European Parliament speaks out against “killer robots”

How much time has the ‘European Union of last chance’ left?

Impacting society with digital ingenuity – World Summit Award proclaiming the top 8 worldwide

Here’s a simple and fair way to end corporate tax abuse

Libya: $202 million needed to bring life-saving aid to half a million people hit by humanitarian crisis

Can the EU assume the mantle of global leadership?

COVID has shown we can be creative under pressure: Stockholm’s mayor on harnessing a city’s people power

The future of the plastics industry is green

General Elections in Spain: Twitter organises the first digital debate to empower young people.

UN Human Rights chief urges Venezuela to halt grave rights violations

Medical education and violence against women: a gap in women’s rights

An open letter to Europe’s leaders

Will satellites destroy our view of space?

“Prevention is better than cure”: the main goal of modern medicine

Youth Forum calls on Parliament to ease entry into Europe for young people

Clean air is good for business

Coronavirus: the truth against the myths

Advice on fighting COVID-19 from the Red Cross, a chemist and academics around the world: Today’s coronavirus updates

EU-UK Trade and Cooperation Agreement: protecting European interests, ensuring fair competition, and continued cooperation in areas of mutual interest

How digital can transform healthcare in Asia for millions of people

Managing and resolving conflicts in a politically inclined group of team members

UNICEF reports uneven progress in 30 years of child rights treaty

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s