The concept of digital ID “poses significant risks,” the most serious of which potentially being “exclusion, marginalization and oppression.”
That’s one warning from a new World Economic Forum (WEF) “Insight Report” on the possible benefits and drawbacks of digital identity technology. The report assesses the considerable potential benefits of digital ID, and particularly decentralized digital ID, which can help to foster greater social inclusion and enhanced privacy protections when implemented properly.
But there are risks outlined in the report, many of which will be familiar to critics of digital ID programs. The WEF notes that by making access conditional, ID of any kind “is, by its nature, exclusionary.” One can’t get a driver’s license, for example, without providing a home address—excluding those who don’t have a home address. And in situations in which sensitive data is collected, “there are also risks of marginalization and oppression, with ID being used to facilitate the identification, surveillance and persecution of individuals or groups,” the report says.
There is also the problem of consent. Critics of digital ID efforts often object to the possibility of being forced to participate in the program, and this is something that governments exploring digital ID are now straining to address.
The United Kingdom, for example, felt compelled to publish a fact sheet on its own plans to roll out a cross-government login system, dubbed “GOV.UK One Login”, after encountering numerous critiques in a public consultation earlier this year. And one of the claims it has sought to dispel is the idea that using GOV.UK One Login will be mandatory for citizens. The government insists that it won’t, stating, “Offline and face-to-face routes will be available for individuals who do not want to use the online service.”
(The UK government also insists that its planned login service is not “a digital or physical ID card,” but this may be a matter of semantics: its fact sheet also explains that the login system will let end users “prove they are who they say they are in order to access government services online,” and that they “will be able to ‘reuse’ their proven identity”.)
For critics, the WEF’s risk assessment offers little reassurance. “As an system expands, the consequences of not participating in it can become so severe as to make registration effectively unavoidable,” the report says. “When access to a good or service is conditioned upon the possession of a form of ID, and that ID is widespread, individuals may be effectively coerced into obtaining that form of identification, even if there is no legal basis for requiring it.”
As the WEF points out, these same risk factors can also be found in traditional ID programs. But digital ID brings with it certain technological concerns, such as data exploitation.
“Sensitive data, such as biometrics, carry a high risk of exploitation,” the report notes. “For instance, biometrics can be exploited through ‘man-in-the-middle’ attacks, where attackers gain access to biometric data that they can in turn use to access an individual’s financial resources.”
While criminals sometimes are able to use genuine, physical biometrics to gain access to accounts, such as in recent robberies that used drugged victims’ faces to unlock their smartphones, concerns about the theft of biometric data through man-in-the-middle attacks are relatively outdated. A user’s biometric data — particularly their face data, which is commonly used for digital ID – is public by nature, and is easily found across the internet and social media. In recent years, the challenge faced by the biometrics industry has been ensuring the authenticity of a submitted biometric scan, a field of innovation that has become quite advanced. Readily available liveness detection technology, advances in cryptography, and data management best practices have advanced to counter this threat.
That having been said, any risk of compromise can be further minimized through a decentralized approach, in which data is stored on a user’s device, rather than in a centralized location.
“A crucial aim of decentralized ID, but one that is difficult to achieve, is to create accessible, easy-to-use tools that enable anyone to exercise control over their information,” the report states. “However, if individuals use third-party intermediaries to help manage their data, the risk of data exploitation could return.”
It’s a more positive outlook for decentralized digital ID, but the report itself insists that it does not advocate this particular approach to digital ID, or the use of any particular form of ID. Nevertheless, the World Economic Forum has demonstrated a curiosity about digital ID as a socially beneficial tool, while other forums of global cooperation, such as the World Bank, have begun to finance digital ID projects.
June 21, 2023 – by Alex Perala