The future of digital identity initial perspective

1. 1 TheFutureofDigitalIdentityAnInitialPerspective THE FUTURE OF DIGITAL IDENTITY An Initial Perspective

2. Text © Future Agenda 2018 Images © istockimages.com First published October 2018 by: Future Agenda Limited 84 Brook Street London W1K 5EH www.futureagenda.org

3. 3 TheFutureofDigitalIdentityAnInitialPerspective The Future of Digital Identity An Initial Perspective Dr Robin Pharoah

4. 4 TheFutureofDigitalIdentityAnInitialPerspective This paper provides a provocation for a discussion on the future of digital identity. It emphasises pressing questions raised rather than necessarily attempting to resolve them, and outlines some of the key future issues, as well as opportunities, going forward. One of the trickiest aspects of writing a paper like this for such a vast and complex topic, is the need to tread a fine line between keeping things simple and broad enough to allow all potential stakeholders and participants to see where their own expertise plays a vital part in discussion, and yet recognise the deep complexities (both social and technical) involved in any discussion of digital identity. We fully accept that many of the concepts we casually introduce here deserve much deeper consideration. Where we have over-simplified, we apologise. Our hope is that this paper will serve as a point of departure for deeper and more meaningful conversations about the future of digital identity, or rather, conversations about our future in which the question of how we resolve our digital identity is going to play a significant part.

5. 5 TheFutureofDigitalIdentityAnInitialPerspective Our interconnected digital world has started to make a mockery of traditional forms of identification. Being asked to produce ‘two forms of ID; at least one from each of the two following lists’ already seems hopelessly anachronistic in a world of automated password-managers, RFID-driven payments systems, and bio-metric authenticators on our mobile phones. The need to rifle through one drawer looking for your most recent utility bill, another to find your passport, and your bags and back pockets for a driving license or ID card, is surely not an experience that your children are going to have to live through. Is it? The idea of having a single digital identity that can replace the need for all of these documents is not only one whose time has come, it is one that is all but presumed to exist already. Although it doesn’t quite. Yet. That is not to say that digital identities and digital identification and authentication systems do not already exist. They do, of course. From the earliest days of the internet, people have been developing digital identities. Originally, they may have been no more complex than a username or ‘handle’, sometimes accompanied by an ‘avatar’, used to indicate that it was the same person posting on, say, a UseNet thread. Such ‘handles’ might have had a connotation of gender or race or political affiliation, but these attributes were not verifiable as such. Someone’s online identity might have reflected their true (offline) selves, or not. In the early days of the internet, verifying the truth of the matter, often didn’t matter. With the true dawn of ‘web 2.0’ in the early 2000s, and the subsequent avalanche of social and interactive web and internet services that defined it, the creation and use of digital identities saw a period of rapid expansion. Online ‘accounts’ for social media services, retailers, dating services, membership organisations and so on, invited users to store many of their ‘real-life’ personal attributes such as gender, race, location, age, and photographs in ‘profiles’. Sensitive information such as credit card details, national identification numbers and bank account numbers, often sat alongside. At the same time, digital payments systems were rapidly out-moding chequebooks and signatures, with instant online bank transfers and credit card transactions. The need to protect these accounts, and the information contained within them, alongside the need to verify and authenticate those engaged in financial transactions online, brought the tsunami of account, username and password combinations that still define much of the landscape of digital identity and authentication today. Today identifying and authenticating ourselves digitally in order to access services is a familiar exercise. That is exactly why the continued use of, and reliance on, paper-based identification documents in order to access certain services feels so out-dated. And yet it is precisely this dizzyingly fast and haphazard explosion of opportunities to create digital identities, and the accompanying labyrinth of digital identification and authentication protocols, that has left us with a problem when it comes to releasing a truly reliable, secure and interoperable digital identification system. What we have now is wide familiarity with the concept, but an identification infrastructure defined by confusion, inconsistency, muddled expectations, contradictory social norms, and, as continuing high-profile data-breaches make painfully clear, a profound lack of security. Identification in a digital world Our interconnected digital world has started to make a mockery of traditional forms of identification.

6. 6 TheFutureofDigitalIdentityAnInitialPerspective Before going any further, it is worth perhaps outlining exactly what we mean by a ‘digital identity’ and in particular clear up the difference between two distinct but overlapping ways of understanding the term: 1) An ‘online’ or digital ‘persona’ created by a user (or collection of users) for use in one or other digital space. Examples of different digital identities might include characters created by players in video games, profiles on digital dating services, the collection of attributes inside accounts on social media profiles etc. A single individual may create multiple digital identities within just one digital context, or across multiple contexts, and these identities may be similar to each other, or differ wildly. They may bear some relation to the individual’s offline (real world) identity… or none at all. It is about how an individual chooses (or individuals choose) to represent themselves in digital spaces. 2) A digitally stored set of verified data ‘attributes’ (such as age, gender, citizenship etc.) that can be used to identify that people (or entities, within a digital system, exchange or transaction) are who they say they are, or have the attributes they say they have. It might be useful to think of the first of these definitions as a social and/or cultural definition, whilst the second is a more technical definition that has arisen from the digitisation of various social and institutional interactions, and financial transactions that require formal identification (such as paying for goods and services, applying to use public services, etc.). The latter definition of digital identity is perhaps better thought of as the digital equivalent of an official ID card or document like a passport or driving license, that can be ‘shown’ during digital interactions or transactions in much the same way as we might produce a passport at an international border. Just like identity documents, the primary purpose of a ‘Digital ID’ would be to verify that someone is who they say they are and/or has the attributes they claim to have, such as the right to travel freely. The immediate differences are simply that (i) whereas physical identity documents tend to contain just certain specific bits of information, a ‘digital ID’ can hold a potentially limitless number of data points or ‘attributes’, and (ii) that the digital equivalent of ‘showing your ID’ needs a slightly more complicated, technology-enabled set of protocols and infrastructure than does pulling a document out of your bag. Assuming that such a ‘digital identity system’ existed however, there would then be no reason why a digital ID could not be used anywhere that had access to that system, including during face-to-face interactions (entering a club, buying alcohol, or hiring a car etc), where we might currently use physical ID documents. This paper focuses on this latter, technical, definition of digital identity as a ‘Digital ID’, whilst recognising that the choices we make now in regard to it, may in turn, have profound effects on our social, cultural ‘digital identities’. After all, as the first section of this paper makes clear, we are currently in a world in which aspects of both understandings of digital identity have been mixed up and mashed together in countless ways, on countless different digital platforms and in countless different digital contexts. Digital identity and ‘Digital ID’

7. 7 TheFutureofDigitalIdentityAnInitialPerspective Authentication Just as we have attempted to define digital identities and Digital ID, it may also be necessary to draw the distinction between a Digital ID on the one hand, and the process of authentication on the other. It is easy to confuse the two, not least because authentication processes often involve the use of attributes that are also contained within an ID, such as a fingerprint. The distinction is important however, because strong authentication is sometimes mistaken for strong ID. Take, as an example, a social media profile in which a collected set of attributes constitute a digital identity. The account which stores this profile may have a strong set of authentication protocols associated with it such that the owner must use a variety of authentication methods (a fingerprint, a one-time- code, a password etc.) to gain access to it, or to use it as a gateway to another service. Yet nothing about this strong set of authentication protocols means that the profile contains verified information that could be used as a ‘Digital ID’ in contexts that require a high degree of confidence that the owner of the account has the attributes they claim to have in that profile. By going through the authentication protocols, the owner of the account has simply verified that they are the owner of the account and of the digital identity it contains. Nothing about how the attributes in the digital identity relate to the ‘real life’ attributes of its owner have been verified. That said, strong authentication processes are critical to the success of any Digital ID system, since their rates of success and failure will ultimately be a key factor in determining overall levels of trust in the reliability and security of that system. The methods and tools that we use to authenticate ourselves can today be categorised according to a simple taxonomy: something you own (like a phone, or credit card), something you know (like a password), something you are (a biometric attribute, such as your fingerprint). New technologies and techniques in authentication are likely to bring innovations in all of these areas, some of which may actually begin to feed back into identities themselves and lead to entirely new ways of thinking about who we are. Strong authentication processes are critical to the success of any Digital ID system.

8. 8 TheFutureofDigitalIdentityAnInitialPerspective For many, the development of fully realised Digital ID that can replace traditional forms of ID is an inevitable evolution, and certainly as we write this paper, the call for strong digital identity systems is getting louder. Convenience The most obvious reason to develop Digital ID is convenience, as many processes that require formal identification feel so anachronistic today. Job applications, airline bookings, opening a bank account, applications for parking permits or state benefits, even mobile phone contracts etc. can all still involve cumbersome exercises in repetitive form filling, document scanning, face-to-face presentations and so on. These processes can be more and less secure, but they all feel slow in today’s world. Security and accuracy The development of strong and secure systems of digital identification is important as it could play a significant role in enhancing cyber security for individuals, organisations and states. Cases of identity theft and cyber-fraud are a growing problem (whether measured in terms of scale or severity), and are often driven by the large-scale theft or distribution of databases full of identity attributes commonly used for identification and authentication (i.e. ‘data breaches’). Cyber-security incidents are also increasing in severity, with critical state infrastructures now facing the same kinds of threat as an individual’s credit card. High profiles incidents, such as the hacking of Democratic Party emails in the USA in 2016, or the attack on Ukraine’s energy infrastructure at the end of the same year, are often popularly portrayed as highly technological, involving ‘injections of malware’, for example. It is worth remembering that attack of this kind most often start with the very same kinds of identity and/or credential theft that drive simpler credit-card frauds. With cyber-criminals becoming increasingly organised and sophisticated, the number of cyber- crime victims rising, quite literally, by the second, and the proceeds of highly organised cyber-crime being used to fund some of the most abhorrent of ‘real world’ crimes, the case for more secure systems of Digital ID and authentication is an easy one to make1 . The case for Digital ID

9. 9 TheFutureofDigitalIdentityAnInitialPerspective The expansion of digital service provision The number of services that are now accessed and delivered digitally is growing. As governments in particular, move increasingly toward online service delivery and access, so too do the number of ‘official’ identification and authentication procedures associated with them. In fact, governments around the world have been leading the way in terms of creating and implementing Digital ID systems. National ID systems vary in form and scope of course, but in many cases they are paving the way for broader Digital ID systems and, perhaps more importantly, building and embedding a set of citizen/ consumer behaviours around the use of stronger Digital ID. They have also, sadly, highlighted some of the risks associated with poor implementation, and the temptation for bad actors provided by the treasure trove of data that Digital ID systems contain. The large-scale breach of the Indian Aadhar national ID system2 is a case in point. Alongside the expansion of services to the digital world, there is also an expansion of access, for users, to different service providers. Where once services requiring strong identity verification might have required a face-to-face transaction, people now have the opportunity to access services across national borders, geographical expanses and through an array of different channels. Digital IDs have the potential to make such transactions much simpler and more secure, especially where they are recognised across different jurisdictions, digital or otherwise. Transaction cost reduction Simply put, the costs involved in trying to deliver services that require some form of identification, in a world without Digital ID, seem to be an unnecessary burden. Further, they are increasingly an active barrier to innovation. Consider the UK’s drive for ‘open banking’ for example. This initiative has the potential to transform the relationship between individuals and their money, and their financial service providers. But the possibilities offered in terms of speed of access, portability of financial histories etc. are all constrained by the need for secure identity and authentication procedures, which, in a world without a fully realised Digital ID system, still rely on cumbersome protocols, face-to-face visits, and so on.3 Combining identification attributes Traditional forms of ID, such as a passports or driving licenses, often contain very specific pieces of information (names, dates of birth, addresses etc.). Digital IDs need not be so restricted. A single Digital ID, for example, could contain all of the attributes that are currently distributed across different documents. The rights to drive certain vehicles currently contained in a driving license could sit alongside passport identification attributes, our health and education records, even a student ID, allowing a single digital identity to be used in a wide range of different contexts. Interoperability Interoperability in relation to Digital ID is difficult to define accurately, and difficult to conceive in practise. The easiest way of thinking about it perhaps, is to consider how an individual, with a Digital ID, would experience a truly interoperable Digital ID system. In such a system, a user would be able to present their Digital ID or specific attributes from within a Digital ID, in the way they want to, affirm their ownership of that ID, and move their ID attributes between Digital ID providers, whenever, and in any context, in which they needed to do prove their identity or a specific attribute within their identity. At the moment, we are long way from this world. Current digital identities, such as social media profiles, do not offer anything like the degree of trust required for say, financial transactions. Conversely, financial service providers do not store enough identity attributes for use in all contexts that demand ID. And finally, identity attributes in general, which may be stored in multiple different places (digitally or otherwise) are not stored according to widely used standards and formats that would otherwise allow for use across a wide-range of contexts. The closest thing we have to an interoperable system of identification and authentication today, is that which underpins financial transactions and payments across the globe.

10. 10 TheFutureofDigitalIdentityAnInitialPerspective As argued in the World Economic Forum’s landmark paper “A Blueprint for Digital Identity”4 , the closest thing we have to an interoperable system of identification and authentication today, is that which underpins financial transactions and payments across the globe. As such, it may be that this infrastructure provides us with the ‘blueprint’ for building a truly interoperable Digital ID system5 . Digital inclusion The UN estimates that more than 1 billion people around the world lack identification documents, either due to forced migration, restrictive legal environments or simply due to a lack of proper access to bureaucratic structures, or a fixed address6 . Lack of identification documents can lead to exclusions from, or restricted access to, all manner of critical services, from banking and housing, to work and even a mobile phone. Digital ID systems could go some way towards addressing this, since Digital IDs can theoretically be issued to, and used by, anyone with even intermittent access to a mobile phone or the internet. Furthermore, with the expansion of digital identification attributes, digital identities can be created in the absence of certain attributes (postal address, for example) that are often required for the issuance of a document- based ID. Peronsalised services Services are becoming increasingly personalised and tailored to individual citizens, service-users and consumers based on the increasingly sophisticated collection and analysis of personal data. Digital ID could play a significant role in this developing feature of a digital world. In the first instance, Digital ID could greatly enhance the accuracy with which service providers can determine who they are providing services to. But beyond this, Digital IDs could provide a means for individuals to securely store vast amounts of personal data of many different kinds, and selectively share it with (or temporarily grant access to) service providers, in exchange for personalised services. This would not only give individuals greater control over the use of their personal data, but would incentivise service- providers to be transparent when it comes to the collection, analysis and use of personal data. Privacy A case is often made that digital ID can enhance privacy in a data-driven world, by giving citizens and consumers the ability to have more fine-grained control over the types of data and information they share, in different contexts and with different institutions and service providers. This is certainly possible, but the claim needs some unpacking, as the promise of greater privacy depends entirely on the ways in which digital identity systems are implemented and controlled. The UN estimates that more than 1 billion people around the world lack identification documents,

11. 11 TheFutureofDigitalIdentityAnInitialPerspective It is beyond the scope of this paper to outline all of the technical complexities around different ways of implementing a Digital ID service and/or system. However, some broad-brush comments on the implications of different implementation decisions are necessary. Security and privacy The processes by which digital identities are presented and authenticated digitally will need to have a high level of security to ensure both that personal data is kept private, and also that authentication does in fact foster trust among all parties in a transaction, that all parties are who they say they are and have the attributes they say they have. Encryption is a given, but there is more than one way to implement encrypted exchanges of information, and key decisions will need to be made over what is (and is not) kept ‘secret’, the precise moments within a process that encryption and decryption occur, and the physical locations in which encryption and decryption are handled. Different protocols have different implications in terms of convenience and usability, but also in terms of both security and privacy. Poorly handled implementations could lead to catastrophic data breaches and, potentially, a loss of faith in a provider of Digital ID services, or perhaps even in the whole principle of Digital ID. The same may also be true, for example, of implementations that use a veneer of security to hide invasions of privacy7 . Of course, Digital IDs actually have the potential to provide more security during digital transactions than their paper-based counterparts. Digital identities can include identity attributes that are much harder to mimic or steal (such as AI- determined behavioural bio-metrics) which can be used in highly secure authentication protocols or leveraged in real time to determine suspicious attempts to use a Digital ID. Furthermore, transactions involving digital identities can be highly specific, potentially limiting the data that is at risk of being exposed. The commonly cited example here is the use of a Digital ID to prove that a person is above the legal age required to buy alcohol. During this kind of transaction, the only data that might need to be transferred from one party to another, is a simple affirmation of a specific attribute (i.e. ‘current age is greater than X years’). By way of contrast, the presentation of a physical form of identification, such as a driving license, is likely to expose a far greater amount of personal data, not least, a precise date of birth8 . This last point is often used as a start-point for an argument that using Digital IDs may afford users a greater degree of privacy in an increasingly data- saturated world. If users have fine grained control over the kinds of data attributes that are held within a digital identity and there is transparency over precisely the kinds of data that are being shared, during which transactions, and for what purposes, the argument goes, then we get greater privacy. Couple this with new technologies such as zero knowledge proofs (ZKPs) in which, theoretically, authentication of certain attributes can happen without the sharing of any data at all, and we have the hallmarks of a system that would radically alter the privacy landscape as it appears today. Implementation matters

12. 12 TheFutureofDigitalIdentityAnInitialPerspective There are perhaps two counter arguments: First, is the question of ‘from whom are we keeping our data private?’. In the scenario imagined above - in which a person needs to prove they are over the legal age required to buy alcohol - it seems perfectly plausible to see how a Digital ID system can limit the data that the retailer receives. But what about the data footprint of the transaction itself? The fact that the user has used their digital identity to buy alcohol. Whether this kind of data is kept private, and from whom, will depend on the digital identity eco-system and implementation. We could imagine, for example, that in a highly centralised digital identity system, there is in fact the potential for identity ‘keepers’ to gather vast amounts of data about their users as they deploy their Digital IDs in myriad social, political and economic contexts. It is also hard to imagine, at the time of writing, that a digital identity system rolled out in China, in which the Chinese government had a key role to play, would afford its citizens greater privacy. Second, many of the promises made around Digital ID are made on the back of data collection, rather than data minimisation. Personalised services, new methods of bio-metric authentication, cross-border interoperability etc. all involve significant amounts of data capture and storage. Multiple partners and stakeholders Any digital identity eco-system is going to require a number of different stakeholders and partners. Aside from the users/holders of Digital IDs, we will need: institutions that can initially collect and verify the attributes that are going into the ID; institutions and organisations that can manage the authentication process across a wide range of contexts; and, of course, institutions and organisations that will accept and trust Digital IDs to do the job of ensuring that entities are who they say they are and have the attributes they claim to have. Trust – on a number of levels - is the key factor here for all parties. There is the question of who we, as users, trust to collect and verify our identity attributes, who we trust with the task of keeping those attributes safe during different types of interactions and transactions, and who we trust in terms giving access to our identity attributes. For organisational or institutional parties in the system the same questions will apply. For example, which bodies will be trusted to accurately collect and verify identity attributes of their users or customers? Centralised or distributed? The question of whether a centralised system for the management of digital identities, or a de-centralised system, based for instance on blockchain technologies, is the more preferable, is still open to debate. A blockchain-enabled or otherwise distributed implementation might remove the need for users to place their trust in a single specific institution, but may also be a barrier to seeding and developing the wide-spread uptake and interoperability critical to the development of a fully functioning digital identity eco-system. Conversely, more centralised Digital ID systems will aid the development of an interoperable and widely accepted eco-system, but require us to ask the question of which (few) institutions we trust to hold the keys to our identity; a question which is unlikely to yield a single or unchanging answer, particularly when we consider the question in a global context. There is also a question for the future, around to what extent users might be able to store and maintain their own Digital ID on their own devices. Distributed implementation might remove the need for users to place their trust in a single specific institution, but may also be a barrier to seeding and developing the wide-spread uptake and interoperability.

13. 13 TheFutureofDigitalIdentityAnInitialPerspective Different identities in different contexts Just as we use different forms of traditional ID to access different kinds of services, it is possible to imagine a world in which we come to have multiple different digital identities too. During the very first rounds of Future Agenda Open Foresight discussions in 2010, this insight was writ large with the use of the phrase ‘Cocktail Identities’. In a non-digital world, a library card seems more than enough to ensure we have access to borrowing books and we might baulk at having to produce a passport; but we might equally be unimpressed by a bank that only required us to produce a library card to prove our identity during a financial transaction. In a digital space the same might also be true. A social media identity might be sufficient to provide access to a community web- forum, but insufficient to enable us to buy airline tickets. In this way, it is possible to imagine a world in which citizens and users have multiple different Digital IDs that are deliberately separated, rather than combined, for use in different contexts. In this scenario, we may well see a proliferation of Digital ID providers offering different, context-based, Digital-ID-as-a-service propositions. To some extent we are already seeing this, with tech providers (Facebook and Google most prominently) offering authentication services that can work in a number of different contexts. What is still missing however, is the interoperability that could provide users with the choice of using different Digital IDs for a single moment of authentication and identification. As an example, many digital service providers currently offer users the ability to use a ‘Facebook login’ or a ‘Google login’, an ‘OpenID’ login or to create a ‘unique login’, but in order to provide these options, users must be presented with four separate login forms.

14. 14 TheFutureofDigitalIdentityAnInitialPerspective Regulation In keeping with many of the other aspects of the digital revolution, Digital ID is likely to land and expand very quickly, with both benefits and consequences arriving in the wake. Regulators will almost certainly, and yet again, be faced with the task of ‘building the aeroplane whilst flying it’. On the one hand, regulatory approval or mandates for certain institutions to accept Digital ID could play the critical role in the development of a Digital ID system. On the other, regulators will have to respond to the challenges such mandates create. These could include: • Addressing the unique tendency for digital systems to tend towards monopolies - especially in a field in which there are a limited number of players that can deal with the sheer scale of the task - and therefore the potential emergence of a Digital ID oligopoly. • The need to create or address a framework of rights and responsibilities around Digital ID, possibly as part of a broader consideration of digital rights. • Addressing the question of who pays for the maintenance of a properly regulated Digital ID infrastructure. • Dealing with the regulatory consequences of emergent Digital ID business models (e.g. stronger digital privacy laws, rights of redress etc.). • The need to address political (state) and individual concerns around data sovereignty and whether and how valuable data should be kept within borders in an interoperable Digital ID eco-system. • The need to establish and maintain common standards for the purposes of secure and convenient interoperability. Adoption What are the key factors that will drive user and consumer adoption of a Digital ID system? Will it be the identification of certain unique use cases that are so compelling to consumers that adoption is all but inevitable (e.g. zero-wait time at border crossings, instant access to government services, etc)? Or will adoption require regulatory or legal incentive? Interestingly, private sector organisations often imagine adoption of new technologies and services initially taking place at the ‘top of the market’. In the case of Digital ID, the earliest adopters may well be nearer the bottom of the pyramid, those who need to become familiar with Digital ID in order to access basic needs through government services. Digital literacy and identity education Digital literacy is an issue whose prominence is growing thanks to increasingly stark digital divides and the lack of transparency that marks the pace of change in a digital world. A wholesale move toward Digital ID could be one of the more profound moments in the shift to a digital life, and may require it’s own programme of education to teach people how to maintain their Digital ID, keep it safe from attack and ensure that it works for them. What might matter even more In the case of Digital ID, the earliest adopters may well be nearer the bottom of the pyramid, those who need to become familiar with Digital ID in order to access basic needs through government services. Regulators will almost certainly, and yet again, be faced with the task of ‘building the aeroplane whilst flying it.’

15. 15 TheFutureofDigitalIdentityAnInitialPerspective It is safe to assume that our collective futures will involve digital identity. The exact form and function of the digital identities we make use of may vary from institution to institution, individual to individual and organisation to organisation, but the case for digital identity is surely too strong now to ignore. As ever more of the transactions and exchanges that comprise human social life migrate to connected digital worlds and spaces, more fragments of our selves must surely follow suit. In this paper we have highlighted a number of the drivers that are likely to take us to a world in which digital identity is commonplace, and have introduced a number of different concepts and facets of digital identity that provide the basis for thinking about the future of Digital ID, and a future world in which Digital ID plays a key part. As a provocation then, it might be worth thinking through some of the potential future pathways and shifts that could come about. You are what you eat One of the potential upsides of digital identity is enhanced security through the development of new kinds of identity marker. The mainstreaming of the uses of bio-metrics such as voice and facial recognition, fingerprints and iris scanners are the first step along this road, but with the growing capabilities of AI-driven pattern recognition, and a steadily rising stream of personal data in which to recognise patterns, new forms of behavioural fingerprinting are likely to emerge. These might simply be more kinds of physical bio- metric fingerprints, such as the unique pattern of pressures we apply to a keyboard as we type, or the idiosyncratic ways in which we tap on a mobile phone screen or move a cursor around, but there is also the possibility that we present other kinds of unique fingerprints in behaviours that look more like cultural or social behaviours; our ‘routines’, if you like. These might include things like the times we get up each morning, who we speak to and when, or the kinds of food we chose to eat at different times of different days. We are still in the early days of learning about what makes us unique. The use of these kinds of identity attributes may be very useful in terms of detecting fraud, especially where AI can be used to detect subtle changes in behavioural patterns. But their emergence will need to be managed carefully. Human history is littered with examples of the use of identity markers such as ethnicity, religion, or gender, to structure systematic programmes of exclusion, violence and discrimination. With the emergence of new kinds of identity attributes, we are likely to see new kinds of bias and discrimination based on previously unimaginable points of differentiation. “I can tell from your voice harmonics, Dave, that you’re badly upset. Why don’t you take a stress pill and get some rest?” Hal 9000, “2001: A Space Odyssey”, Arthur C. Clarke, 1968 Fake ID It would be naïve to imagine that any digital identity system will be immune to abuse. Fake ID, long the goal of every would-be alcohol-drinking teenager along with other bad actors seeking access to services they would not normally be allowed to access, is bound to play a part in any system of digital identification. Fake ID could manifest in two ways: 1) Entirely fake digital identities that bear no relation to any real entity, and 2) Authentic digital identities augmented with fake attributes. As with all digital manifestations of physical world problems, the particular problem with fake digital ID, is scale. Where once a fake passport would only really be used in a single context at any given moment, fake digital IDs have the potential to be used in hundreds of different contexts at the same time, scaling up the consequences in kind. Future directions Fake digital IDs have the potential to be used in hundreds of different contexts at the same time, scaling up the consequences in kind.

16. 16 TheFutureofDigitalIdentityAnInitialPerspective Null attributes We currently live in a world of data breaches. At the time of writing, Facebook is reporting a breach in its digital identity and authentication system potentially affecting 90 million users, but whenever this paper was produced, it is likely that there would have been news of a recent data breach of similar scale to point to. Many of these breaches involve sensitive personal information of the kind that we would otherwise assume to be critical components of any digital identity and authentication system. Some data breaches leave us with more serious consequences than others when thinking about the future of Digital ID, and three in particular leap out in this regard: the Equifax data-breach that contained detailed financial histories and credit scores9 , the US government’s Office of Personnel Management (OPM) data breach which contained detailed employment histories, social security numbers and even fingerprint scans10 , and the ComElec breach of voter registrations in the Philippines. In each of these cases, highly sensitive information of exactly the kind upon which digital identity systems might be built was stolen and leaked. In the case of OPM, this even involved bio-metric data. This raises a possible future scenario in which certain identity attributes we currently understand to be essential, could become unusable or ‘null’ with regard to a digital identity eco-system. Re-evaluation of cyber-risk Breaches to digital identity systems have the potential to be far more catastrophic than any previously seen data breaches. This may cause organisations to re-evaluate the idea of ‘acceptable risk’ with regard to cyber-security. Stateless netizens As digital identities evolve, collecting different kinds of attributes and providing access to services in a globally networked system of service provision, it is possible that certain people could begin to see their digital identity as more important than their citizenship of states. We are likely to see new networks of individuals bound together by shared identity attributes (some of which may be entirely new) coalescing into new kinds of polity and mutual organisation. Early manifestations of this phenomenon are likely to emerge from among the millions of migrants and refugees being displaced, and effectively rendered stateless, around the world. The battle for ownership Around the world, state actors, private actors and individuals all have an interest in having a controlling hand in a digital identity eco-system. We can expect to see a battle for ‘ownership’ of the identity space in which competing interests are driven to the forefront of identity debates e.g. data for social good, data-driven innovation and economic opportunity, rights to privacy, national security, social order and control etc. Powerful voices are already beginning to emerge in this space (such as the Electronic Frontier Foundation), alongside newer players such as Hu-manity11 , and many others. New digital worlds It is relatively easy to imagine how we will make use of digital identities in the connected world of today, with an internet largely defined by online accounts and online retailers. It is harder to imagine how digital identities will be made use of in the new digital spaces provided by technologies such as virtual reality and augmented realities. For example, augmentations to digital identities might involve 3-dimensional avatars that represent different aspects of our digital identity. Breaches to digital identity systems have the potential to be far more catastrophic than any previously seen.

17. 17 TheFutureofDigitalIdentityAnInitialPerspective Assertion of new digital rights As digital identities collect and accumulate attributes, we will need to think hard about the right to be forgotten, the right to change and the right to delete. It is not hard to imagine, for example, somebody wanting to have their gender re-assigned, and that might be a relatively trivial thing to change within a digital identity. But what if that person also wanted any previous record of their originally-assigned gender removed from their identity? Data-less business models Innovations in AI and new ways of allowing access to data without actually sharing data, may lead to the development of new kinds of business model in which service providers are able to leverage the data contained in digital identities to provide sophisticated and personalised services, without actually collecting and storing it themselves. This ‘data-less’ business model will likely be used as a positive, privacy-preserving, proposition to consumers. A bi-furcated digital realm (or ‘many internets’) It is highly likely that many of the questions and possibilities we raise in this paper will not lead to a single outcome, or single global solution. Instead we may see the internet split into different realms. They might be defined by, for example: an open- internet in which standards reach across the globe, public services, mainstream services and open civic digital spaces are protected and verified by widespread use of Digital ID; a dark internet in which Anonymous IDs, distributed data storage and encrypted connections and transactions are the norm; island internets, with localised Digital ID systems, defined by a lack of interoperability with other connected systems, but which provide connectivity internally. Super-surveillance It is a near certainty that in certain states, and certain market-economies, the potential for Digital IDs to give highly accurate and relatively clean surveillance data, will lead to mass surveillance by those who see an advantage in doing so. China’s much talked-about ‘Social Credit Score’ is surely the first example of one potential outcome of super-surveillance that could result from certain implementations of Digital ID i.e. social control12 , other potentially dystopian outcomes might include ‘Digital ID slavery’ in which our Digital ID and that data it contains is used to deliver services to us, which in turn reinforce the data within our Digital ID, in a feedback loop that would be very difficult to break free from. New Digital ID markets Digital ID has the potential to play a critical role in social and economic life. A whole new range of economic opportunities could emerge around it. This might include: • Bio-metric attribute specialists • ID-AI (the development of AI-driven ID services such as pattern-recognition, intelligent interoperability are likely to proliferate) • Digital ID managers (builders, cleaners, enhancers etc.) • Digital ID insurance providers • And many more… Privacy reclaimed Many potential future pathways for Digital ID seem dystopian, but Digital ID also has the potential to reinsert control, at least in certain contexts, of the data we all generate. New encryption and authentication protocols, alongside local-AI and data management technologies may allow us to simultaneously unlock the power of our data and keep it private, leading to a world in which the promotion of the private individual re-asserts itself as an attractive economic and social option for consumers, citizens, and profit-driven service providers alike.

18. 18 TheFutureofDigitalIdentityAnInitialPerspective Given the emergence of and expected pace of change surrounding digital identity, organisations, governments and their advisors are readying themselves. While some of the key shifts ahead are likely to have short-term impact, others may have a longer gestation. There are a number of emerging questions for many participants to consider. These include: 1. What are the key factors that will drive user and consumer adoption of a Digital ID system? Over what time frame? What key triggers must occur to ensure successful, significant adoption? 2. How should we establish and maintain common standards for the purposes of secure and convenient interoperability of digital identity? 3. How best to address political (state) and individual concerns around data sovereignty and whether and how valuable data should be kept within borders in an interoperable digital identity eco-system? 4. What ethical considerations, must we consider now, as opposed to after the ‘horse has bolted’ with regards to digital identity systems? 5. Which bodies will be trusted to accurately collect and verify identity attributes of their users or customers? 6. Who will pay and how? 7. How will we ensure that privacy is appropriately maintained? 8. How can we adequately ensure that we don’t create increased opportunity for still greater and more damaging data breaches? 9. How can regulators usefully keep ahead of the coming digital wave to support innovation and protect the market? 10.How, when and who creates a framework of rights and responsibilities around Digital Identity, possibly as part of a broader consideration of digital rights? 11.What is required to help people understand how to maintain their digital identity, keep it safe from attack and ensure that it works for them? 12.Are we doing enough to ensure that data seen as unique today (e.g. fingerprints), remains as such going forward and does not become compromised through rogue actors? Emerging questions

19. 19 TheFutureofDigitalIdentityAnInitialPerspective

20. 20 TheFutureofDigitalIdentityAnInitialPerspective This ‘initial perspective’ is intended to provide a provocation for discussion. We hope that it provides a point of departure for a meaningful conversation between different stakeholders about the future of digital identity, how it might develop and its role and value in society. We would welcome your feedback and contribution to help build a richer view. In addition, we are also undertaking a set of 5 expert workshops across 4 continents in Q4 2018 (London, Singapore, Sydney, San Francisco and Brussels). If you would be interested in joining please do get in touch via james.alexander@futureagenda.org Next - Building a broader perspective

21. 21 TheFutureofDigitalIdentityAnInitialPerspective

22. 22 TheFutureofDigitalIdentityAnInitialPerspective Contact details To discuss this project further please get in touch Dr Tim Jones Programme Director Future Agenda tim.jones@futureagenda.org www.futureagenda.org +44 780 1755 054 @futureagenda References 1 For a more detailed study of the mechanisms and consequences of cyber-crime see “Into the web of profit” (McGuire, 2018) https://www.scribd.com/document/377159562/Into-the-Web-of-Profit-Bromium-Final-Report 2 This article provides a thorough account of the implementation of the Aadhar national ID system and its weaknesses https://www.eff.org/deeplinks/2018/02/can-indias-aadhaar-biometric-identity-program-be-fixed 3 For more detail see https://assets.publishing.service.gov.uk/media/57ac9667e5274a0f6c00007a/retail-banking-market- investigation-full-final-report.pdf 4 http://www3.weforum.org/docs/WEF_A_Blueprint_for_Digital_Identity.pdf 5 For a more detailed discussion of the concept of interoperability in relation to Digital ID, see https://cyber.harvard.edu/ interop/pdfs/interop-digital-id.pdf 6 http://www.undp.org/content/undp/en/home/blog/2017/6/1/Moving-towards-digital-technology-for-legal-identity.html 7 An example of this might be the recent revelation that Facebook has been using data provided by users for the express purpose of enhancing security, to deliver targeted advertising. https://gizmodo.com/facebook-is-giving-advertisers- access-to-your-shadow-co-1828476051 8 For far more detail, see http://www.dgwbirch.com/words/books/identity-is-the-new-money.html 9 https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/ 10 https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/ https://www.theguardian.com/technology/2016/apr/11/philippine-electoral-records-breached-government-hack 11 https://hu-manity.co/who-we-are/ 12 https://en.wikipedia.org/wiki/Social_Credit_System It is worth remembering that much about the social credit system is shrouded in secrecy, and therefore guesses about how it will work and what it will mean remain just that for the time being.

The future of digital identity initial perspective

The future of digital identity initial perspective

Wait! Exclusive 60 day trial to the world's largest digital library.