copy the linklink copied!1. Introduction

In our interactions with the people we know we don’t give any thought to the proof of their identity. When we meet someone for the first time we trust that they are who they say they are. Sometimes an introduction is brokered by another person, a mutual, trusted, acquaintance who knows both parties. However, in our transactional dealings with businesses and government there is a greater expectation of being able to prove who we are, where we live and what we can access.

There is therefore a need for identity to be provable, but how do we know somebody is who they claim to be? How would I demonstrate to you that I am the person I’m claiming to be, a person born in a particular place, living at a certain address and having the legal standing to do business, cross borders, access medical care and generally go about life in any of a myriad different ways.

From the other side of those questions, how does government have confidence that they know who is entering and leaving their country? How do they safeguard citizens from crime by identifying perpetrators and bringing them to justice? How do they make sure only trusted parties access and alter data related to citizens, business and organisations? How do they make sure services are accessed only by those with the entitlement?

Box 1.1. A timeline of identity verification briefly traces the evolution of identity proof from origins of the significance of how people dressed or marked their bodies through to the development of physical tokens that would be carried. The original of these was the ‘passport’, a document not created with identity in mind but as a form of protection for the holder in passing through foreign countries based on an association with their home nation.

Over time, records of birth, marriage and death have been adopted to confirm verifiable sources of fact about an individual’s life whilst licences for driving, practicing a particular profession or operating a business form part of the legal framework for regulation of the state. These documents underpin many of the most significant face to face interactions which take place and act as the mechanisms by which activities are policed, in person.

In many countries, these needs have given rise to the creation of a multi-purposed identity document. The ubiquitous ‘ID’ allows people to prove their age for leisure pursuits, register at hotels when travelling, or confirm to authorities that the person they have in front of them is the person they think they’re looking at. Such devices have been open to abuse and introduce vectors for counterfeit and fraud resulting in ongoing evolution in the technology underpinning these tokens. Nevertheless, the challenge of face to face identity validation is supported by a mature and accepted model.

Face to face processes were built on top of these existing identity mechanisms. As that model has matured it has come to underpin the delivery of public services. With countries turning their attention to facilitating access to government services online, the e-government agenda has created a new challenge – the need of being confident in the identity of someone who is not physically present.

With an increasing desire to see public services on the internet this has been a priority for many countries with investment in technology to accompany it. Generally the incremental approach of this shift has meant that countries took existing processes, and existing interactions, and digitised them as they were with the result that in those cases where a ‘wet signature’ was still required it produced services that were mostly online, but which would ultimately require offline steps to complete.

Technology has been applied to this problem through creating digital signatures and the increasing adoption of password based account services introduced new modes of service delivery but more often than not these were ad hoc solutions, poorly coordinated and resulting in multiple variants on authentication credentials for government, and citizens, to contend with.

As more and more countries explore how to shift their services online in a way that is digital by design and recognises the importance of providing services that meet the needs of their users these existing interactions have been shown wanting in satisfying the burden of proof required by more advanced public services.

Thus, as countries explore how to implement public services of the internet they have turned to new models of digital identity (DI) to enable the transformation of the experience of the state. Those countries who have attempted to respond to these issues have found themselves subject to the increased expectations of a public who are used to simple, interchangeable identity mechanisms provided by existing accounts created with Google and Facebook. However, such approaches to identity lack the substance required to confidently confirm that the absent party is who they claim to be.

Whilst countries wish to benefit from the digital transformation of their services they must remain mindful of threats from hostile forces, fraudulent behaviour and the errors of their users. The resulting challenge for government is therefore to respond to the needs of their citizens, businesses, and visitors, whilst also balancing the concerns of a public which views government over-reach as a dangerous thing.

DI is required for people to exploit the digital economy and interact with a digital government. It provides the link between authentication and claims about a person’s identity which are a fundamental enabler to transformation in government and business.

DI enables omnichannel services, giving users choice over the most effective service channel whether through a browser, on a mobile device or over the telephone. At the same time, DI supports moving away from analogue experiences of proving identity, and enables the redesign of user experiences to create more efficient organisations and more ambitious services. This is particularly relevant in the case of government where DI enables interoperability, empowers the exchange of electronic data, and can transform processes and services that are better focused on meeting people's needs.

To gather best practices and compare the developed solutions from different cultural, social and economic contexts, 13 approaches for DI were assessed to elaborate the analysis include in this Study1, namely in Austria, Canada, Denmark, Estonia, India, Italy, Korea, New Zealand, Norway, Portugal, Spain, United Kingdom and Uruguay. Following the initial evidence provided by these countries, the OECD followed up with a selection of these (Austria, Canada, Italy, Spain, Portugal and the United Kingdom) to further develop some of the themes.

The impact of DI on the digital transformation of the public sector is assessed with the scope detailed in Figure 1.1. It considers the context for delivering DI in terms of the initial foundations, DI technical solutions, the level of take-up, and the post-implementation monitoring mechanisms in place.

copy the linklink copied!

Figure 1.1. DI assessment scope

copy the linklink copied!DI assessment framework

Following this scope, Figure 1.2 indicates the expanded dimensions being considered. First, in presenting the Foundations for DI there is an analysis of national identity infrastructures, the content and focus of DI policy, and models of governance and leadership.

Secondly, the DI solutions built on those foundations to deliver DI policy are considered. This analysis explores the features, requirements, and channels (for use and enrolment) across single factor, smart card, mobile, and biometric systems.

Thirdly, the rate of adoption for DI solutions is helpful in understanding the effectiveness of a given model and its supporting governance. The role of policy levers in areas of legal and regulatory frameworks and models for funding and enforcement are considered alongside the impact and adoption of DI on the digital transformation of government, the private sector, and society through exploring the services that result given the context in which they operate

Finally, these approaches are examined in the context of their transparency about access to an individual’s data, their openness about performance data and the ways in which impact is assessed.

copy the linklink copied!

Figure 1.2. DI assessment framework