A discussion recently about national digital identity systems revealed that some stakeholders feel they need to own the implementation and the deployed operational system, as well as the legal authority for the root of foundational identity.
We can discuss separately, the idea of self-sovereign identity, and the use of the social net (parents, friends&family, colleagues, situation etc) to build a fully peer-to-pee digital id system, without any need for central government agency - indeed, you can imagine having this, as well as a more "traditional" system, with birth certificates, passports, national insurance numbers, biometric data etc etc
but for now, for the latter case: who should build and run the digital id infrastructure?
well, the analogy I want to draw is with currency. The national bank (e.g. Bank of England) underwrites the value of the national currency (coin of the realm, sterling). They also participate in various mechanisms to maintain the relative value of different national currencies (i.e. exchange rate mechanisms or the Gold Standard, etc).
But who mints cons/notes? Could be anyone really. Who makes the machines that do that minting? Whoever wins the contract. Why should digital id infrastructure be any different? For example, british passports contain digital information about the holder and are issued by Her Majesty's passport office, but are physically made by Gemalto, owned by French firm Thales. In the past, anyone could issue banknotes (up til early 20th century!), but now the physical currency in the UK iis a monopoly, but of course there is a wide range of digital ways to store and transmit value as well, run by credit and debit card companies, and fully virtual currencies are legal in some countries.
So it seems that even a national, government approved or mandated or supported identity system could be outsourced. Indeed, many components of functional id based on some notional national id already are implemented and run (e.g. DVLA for driving licenses) by 3rd parties.
This also argues for why one needs to consider at least some level of federation for digital id systems to allow for moving provider, inter-operating, and even comprehending how extreme federation such as self-sovereign systems can co-exist with more traditional centralised registeries and the vouchsafing of who you are.
No comments:
Post a Comment