As the lines between our physical and the online world begin to disappear, the call for mandatory digital ID cards is gaining traction, with prominent figures advocating for their adoption as part of a “technological revolution.”
As more essential information like vaccine records and travel details becomes available on our devices, it might seem strange that we don’t have a complete digital identity system for public records. But would digital identity ecosystems enhance or erode our privacy?
Digital IDs: The Experiments So Far
While many countries are still beginning to discuss the role of digital identity in society, Estonia has had a digital identity in place for 20 years.
Estonia’s digital identity system operates on the principle of ‘once only,’ where citizens only need to provide information to the government once, which is then shared across government departments.
With 99% of services accessible online and the ability to file tax returns digitally in minutes, it is working well with citizens.
But, news that a hacker stole 286K ID scans from government systems provided a timely reminder of the dangers of eGovernment.
Elsewhere, India’s Aadhaar, a pioneering biometric digital identification system, has reduced government fraud by a remarkable $9 billion over five years and provided a secure and efficient means of identity verification for over a billion citizens.
However, a data leak also led to the personal data of 815 million’ citizen and passport records’ being sold on the dark web. These instances provide a much-needed reminder that cyber-attacks and data breaches constantly threaten the public sector.
The U.S. and Europe’s Stance on Digital IDs
In the U.S., a leak earlier this year suggested a draft executive order was being prepared to expand the US federal government’s Login.gov service into a national digital identity service.
This would place many government services under a single login.
States differ on their stance — with physical IDs such as a driver’s license still the de facto way to go, but in Louisiana, for example, the state’s mobile app “LA Wallet” is acceptably by state police.
Over in Europe, the European Union reached a provisional agreement in November to establish the “European digital ID” or “eID,” an unprecedented move towards a centralized digital identification system for all Europeans.
The initiative aims to give citizens a unique and secure European digital identity. This digital identity will be stored in ‘digital wallets,’ initially voluntarily, housing digital versions of critical documents like ID cards, driving licenses, diplomas, medical records, and bank account information.
The eID promises to streamline access to online services across Europe, allowing citizens to easily prove their identity and share electronic documents.
However, concerns have emerged, with critics dubbing it the precursor to a “European digital surveillance state,” raising fears about extensive data collection and citizen monitoring.
The eID debate underscores the challenge of balancing a centralized digital identity system’s benefits and potential threats to individual privacy and civil liberties in an increasingly digital world.
Balancing Act: Convenience and Privacy in the Digital Identity Pitch
The sales pitch for an EU-wide digital identity system undoubtedly revolves around the allure of convenience. We are asked to envision a tech utopia of seamless experiences where we can pay bills, access local government services, or securely upload vital documents like medical records or a driver’s license, all through a single, lifelong ID number.
For some, this prospect feels like a significant convenience, akin to navigating borders effortlessly with a digital COVID-19 certificate. However, it raises Orwellian concerns for others, with fears of encroaching mass surveillance and control.
As data breaches and fraud continue to increase, individuals are becoming increasingly vigilant about their personal information and demanding privacy-first, user-managed solutions. But the debate around whether the EU digital wallet will offer convenience or a potential threat to privacy and internet freedom will gather pace next year.
In the UK, a similar approach to implementing compulsory citizen digital identity has been met with concerns and misconceptions, echoing the broader debate on digital identity systems. The UK government has clarified its intentions to address these issues with a myth-busting fact sheet.
It follows a report by former Prime Minister Tony Blair and former Conservative leader William Hague. Their report presents a compelling case, asserting that such a transition can occur without compromising civil liberties or data privacy.
The proposed legislation emphasizes that it does not include any proposal to create mandatory digital or physical ID cards. By contrast, the goal is to simplify online identity verification for government services.
It also states that offline and face-to-face options will remain available for those who prefer not to use the online service. But this did little to convince critics who believe it would be slowly phased out.
However, cybersecurity and data protection are highlighted as paramount concerns. The UK government emphasized its commitment to safeguarding user data through robust security measures and compliance with data protection legislation and guidance.
On the controversial topic of data collection, the government confirmed that it would solely be used to verify identity for accessing government services, dispelling misuse concerns or broader surveillance.
The fact page also underscores its commitment to transparency, with public authorities required to be open and transparent in their data disclosures, backed by a Code of Practice.
The legislation is being framed as a means to improve access to government services rather than a precursor to a cashless society or the implementation of a social credit system. These clarifications reflect the UK government’s efforts to balance enhancing digital services and addressing privacy, surveillance, and data security concerns.
In the pursuit of modern conveniences, we often sacrifice the protection of our data. Every online interaction, from social media posts to online shopping, generates a trail of data that various entities can harvest, analyze, and potentially exploit.
As we begin to shape the future of digital identity, the debate around its merits and pitfalls intensifies.
Looking ahead to 2024, we have valuable lessons from nations like Estonia and India, pioneers in this field. Yet, we must tread cautiously, fully aware of the implications ahead.
Navigating this digital identity dilemma requires a delicate balance between protecting personal data, enhancing the digital experience, and respecting individual rights, all in a climate of growing political mistrust.