The TBI “A New National Purpose: Innovation Can Power the Future of Britain” report calls for a decentralised government-managed Digital ID.
Is this the right approach?
Let’s break this down:
Decentralized IDs. In a modern Digital ID ecosystem, the user is in control of their own ID and data. This is often referred to as a decentralised Digital ID. Trust is afforded to the users Digital ID through an ID proofing process, which may use government documents or data; but this DOES NOT result in a national ID database or national ID card. If a user has undergone an ID proofing process to a government certified standard, their Digital ID can be issued a level of trust that makes it equivalent to paper “ID documents” such as a passport or driving licence. Once it has this level of trust, the Digital ID can be used to gather other credentials to prove what the user is eligible to do. As a result, the Digital ID can then allow the user to meet the trust needs of service providers who wish to accept digital versions of their credentials. So, as we can see, decentralised Digital IDs are a good thing.
Government-managed Digital ID. Digital IDs are complex; to be useful they need to carry both public and private sector credentials and allow ‘smart’ use of these. Governments are unlikely to create a smart Digital IDs that will fulfil all the user’s needs, as many of these needs are in the private sector. This is because a government issued Digital ID is unlikely to:
- allow the user to also gather and share myriad private sector credentials, meaning the user will need separate private sector Digital ID capabilities too. Even if it did, users may be uncomfortable hosting some of their private sector credentials in a government issued ID, regardless of its distributed nature.
- be ‘smart’, meaning it can process complex rules from the acceptors of Digital IDs in a way that means: the user does not have to understand those rules, but the user can rely on the Digital ID to provide data minimisation services and combined credentials as the users trusted agent. Users may find a government Digital ID service acting as their agent in the private sector unpalatable.
In our view, Government should focus on issuing user managed ID proofs into certified private sector smart Digital IDs, or wallets. This will allow the private sector to provide users innovative Smart Digital ID services that blend trusted ID proofs from government, with public and private sector credentials.
Chief Identity Strategist, Open Identity Exchange