“It is imperative that governments world wide recognize that it is their fiduciary responsibility to take on the management and governance of Digital Identities in the evolving global economy.” ~ Jamie Glennon
Yes, I said it out loud. I have many times before and I will many times again. It is a statement that could and should create an interesting discussion depending on whom it is that I am talking to and their view or understanding of what ‘Digital Identity’ is.
This of course is not meant to be a technical statement, meaning that governments do not need to build the systems themselves in order to enable this. It does mean however, that they need to invest in services that allow citizens and business to prove who they are with a high degree of confidence on the Internet. They must put these services in place to help citizens protect themselves from their worst enemy; themselves.
In the physical world, the government is responsible for providing citizens “Government Issued ID”. Governments globally make large investments that ‘enables’ citizens to prove who they are at local, national and international points of contact . The organizations that want to provide services to citizens use standard and well known processes to accept the government issued ID and they make the investments in in services and infrastructure to support that. For the most part of course, this is in the form of training people and incorporating the identity proofing into their business processes. This allows them to be compliant with the rules and regulations put in place by the government organizations that issue the ID.
In this context, when a citizen must prove who they are with a their government issued ID to a company providing services, that company is under a strict set of rules and laws on what they are allowed to do with that personal information. Part of that process is to have the citizen ‘consent’ to them actually collecting that information and ‘consent’ with what it is the company is going to do with it.
In simple cases it may be quite harmless and the personal information may just be used for reference purposes. They company may need an address for correspondence or to be able to differentiate you from another person for billing purposes. In other more complex situations there are stricter guidelines when a person is seeking to access more sensitive information such as personal health or financial information.
These types of rules and regulations also exist in the Digital World, but the problem is that most people haven’t got a clue what is being collected and what they are agreeing to. When you provide your personal information to a bank or medical office at their office with your government issued ID, their staff are typically mandated to explain to you what they will do with the information and ask for your consent to do what they explained. They may even have you sign a piece of paper stating that you agree to providing it and may ask you if you have questions. This interaction and the piece of paper helps them if they are audited to prove that they are in compliance with those rules and laws.
This goes the same for any information that is collected about you by a department within the government. One government organization cannot share your personal information with another one without you saying it is okay. In rare cases where they have the legal right to do so (eg. In a criminal investigation or in situations where social services or mental health are involved) it may be allowed but it is not common. These government organizations are mandated and often motivated to be compliant with the rules and protect your information.
This is very different than what happens in some commercial settings, and more specifically the Digital World where electronic commerce and social media intersect. Those two domains can be quite confusing to the average person and quite frightening if you were to realize how tightly linked the two are. That topic will be the basis of a future entry, or even multiple entries.
Much like in the physical world, the Digital World involves providing services to citizens but of course there are no traditional human interactions. If a company wants to do business on the Internet and needs to know who their clients are, they must make the investment in the technology, services and education to support this. They must also be compliant with the rules that are in place that govern these interactions. This includes similar if not the same laws and regulations just like they do in the physical world. The problem that arises here though is that while in principle these things seem to be the same, there are different motivations and the rules can be easily broken, or more specifically ‘bent’ in the favour of the company doing the business.
For the most part, there is no way for a citizen to provide that government issued ID in any way similar to that in the physical world . A clerk at a service counter can look at the ID, validate it, and record the personal information required. This in turn puts either the company providing the service at risk of being the victim of fraud or having invalid information , it puts the citizen at risk of being victimized through identity theft or error, and it puts an overall weakness in the fabric of the Digital Economy.
To resolve this, governments must evolve the notion of government issued ID to the Digital Economy. It is imperative that governments world wide recognize that it is their fiduciary responsibility to take on the issuance and governance of Digital Identities in the evolving global digital economy. Governments must work with citizens and industry to create universally accepted policies, processes , procedures and services to support this with the result being a Government Issued Digital ID.
This of course does not come without some heavy lifting including changes to long standing policies and standards that have been implemented worldwide. But with the Digital Economy growing at a rate of 8-10% annually it is a mandatory requirement of governments world wide in an effort to avoid a collapse in the Global Economy if the infrastructure is not there to support it.
It will be a while before a Government Issued Digital ID will replace the current systems, processes, rules and policies we have in place today. That said, governments worldwide must immediately begin the process of moving forward with this in a meaningful way in the interest of their citizens and to support the businesses that drive the economy in their respective jurisdictions.
Government Issued Digital Identification will provide an incredible amount of service delivery value for both commercial and government organizations while simultaneously protecting the citizen and providing them control of their personal identity information.
Safe Identity Canada 