| | | Effective PR

Digital identity

BIScom Subsection: 
Nigel Morris-Cotterill

The subject of "digital identity" suffers from one big problem: what does it mean?

In researching this article, I concluded that it is so imprecise as to be meaningless except as an umbrella term covering a wide range of loosely connected topics. Perhaps, one day, these topics will converge but that day isn't now nor is it any time soon.

In 2019, the UK's government issued a consultation paper. This is what it said "This call for evidence seeks views on how government can support the development and secure use of digital identities fit for the UK’s growing digital economy."

That preliminary note raises three questions. The first arise from what is says: what is a "digital identity" and what is a "digital economy." The second is why stop there?

I was having a cup of tea with Des Hellicar-Bowman last week and this topic came up in the context of payment cards. That brief discussion played in my mind for some time.

Mr Hellicar-Bowman wears a ring, one of several on the market, that is programmed with certain information. But while he can use it to board a bus, he can't use it to board a plane. For that he needs a passport. While he can buy a cup of coffee in a shop, he can't buy a coffee pot online.

This is where digital identity falls down.

Let's be clear: the basic problem is far from new: everything from AmEx and Diners' Club cardholders being frustrated when they find out that they are almost useless in most countries to the present where the plethora of digital wallets means that it's impossible to pay for e.g. car parking if you don't have the correct wallet.

The problem isn't digital: the problem is that there are so many disparate places that any individual's identity is registered, each of which wants control over the data and the related security that there is no realistic prospect of harmonisation, must less centralisation, globally, of the necessary data.

Let me give you an example: while most banks, within a country, use a single account number once, so that no other customer has that number, one large UK bank didn't do that. In fact, each branch had the same range of numbers. Even today, there are frequent complaints that payments made to an account number end up in the right number but the wrong name at the wrong branch. And when that happens, the bank tries to say it's someone else's fault. But while that is a domestic problem, other banks run the same risk when they operate in multiple jurisdictions.

So, before addressing issues of "digital identity," the question of identity must be resolved.

How many identities do you have? There's the one that the government has for you. In a national system there's a tax record, a pensions record, a state insurance record, a health insurance record, medical records, a driving licence, a residence record and a voter's register. There's a criminal record (including a record of where no conviction was recorded), even a CoVid-19 record and, of course, Companies House. And there's the passport.

Then there are local records for business licences and the like, registration for e.g. parish councils, disabled parking, education and - of course - the increasingly ubiquitous parking app which requires a district by district e-wallet. There's even registration, in many countries, for a low-value pre-paid card for use on public transport.

If any government is serious about creating a digital identity, the first thing it needs to do is to combine all of those into a single identity which can be demonstrated with.... well, exactly how will it be demonstrated?

Will it be with a ring, with a card, with an app on a phone? How will any of those be used online? You can't wave a ring at your PC and tell Amazon to charge it. Nor can you renew your passport, order an online visa for e.g. Australia or do any of the myriad other things that you need to use multiple services for today. Try sitting on the train on the way to the airport and realising that you've forgotten to create a visa without which you won't be allowed on the plane. You have to go to a website, create an account (which it may insist has to be verified with reference to an e-mail, so pre-supposing that you have e-mail on your phone) then get out your passport so that you can copy the information into the online form, then get out a payment card to make that payment. Then you have to wait until you get an SMS (presupposing that you have a signal) and put that into the bank's security system so that the visa can arrive, via MMS which you may not have authorised especially if you are roaming, so that you can show it at check-in. All I can say is that when you need to do that, I hope you have a seat and enough space to fidget about with your bags and phone.

Digital identify must be universal if it's to work: it must take the place of everything including passports.

That, however, requires an extraordinary infrastructure. And extraordinary co-operation between countries.

I would be absolutely delighted if I was issued with a single, pan-global, identity that allowed me to cross borders (backed by e.g. a global database of biometric data), to pay in a currency of my choice (or the merchant's choice), to establish my identity at hotel, airline and car-hire check-ins, to demonstrate membership of whatever and so on.

But what I don't want is a range of stuff on my phone which I am bound to lose and which, no matter what people tell me I know is a far-from secure method of proving I am who I say I am when I log onto a bank website. I want one simple piece of kit - a ring is quite ideal - which carries everything and which can replace all those annoying wallets with a single link back to my bank account - in fact, simply a debit card that works by waving. It needs an on-off switch (current versions don't have one) so that the RFID only works when I want it to - and so that there is no danger of "drive by" charging or data download.

And it needs to interact with e.g. the PC so that, when I need to fill in a form, I don't need to do it at all: my digital identity - let's call it my passport number - is enough provided it is validated.

So, while the digital identify people are focussed on the tech, I think they are focussed on the wrong thing. Yes, it's very cool tech but the tech isn't actually the problem. The problem is too many identities. Fix that and we solve so many other problems, too, ranging from fraud to money laundering and, even, multiple nationalities.

---------------- Advertising ----------------