Almost every day, no matter where we go or what we do, we often have to provide proof that we are who we say we are. This can be when you open up a bank account, collect a parcel from the post office, or when you make certain purchases.
What all these situations have in common is that we, as citizens, currently have to produce physical documents, whether it is a passport or driver’s license, which contains private information so we can prove we are who we say we are – that is, our identity. This process is also called ‘identity assurance’, which is the cornerstone of most of the interactions between businesses and their customers, as well as the government and its citizens.
For years this cumbersome, unsecure and time-consuming process has led to calls for creating a singular, secure, portable and accessible digital ID. However, this need has been exacerbated by the Covid-19 crisis, which forced businesses and governments alike to complete identity checks digitally to avoid unnecessary in-person contact.
As more services move online, customers and citizens now need the tools to make assertions about their identity both digitally and remotely. Taking a step back, we must now ask ourselves the questions: how has Covid-19 changed our relationship with digital identity and what does the path to secure digital IDs look like going forward?
Pre-Covid and the meandering path to digital IDs
As mentioned, proving one’s identity, particularly online, can be a manual and unsecure process. Think about when you open up a bank account with your high street bank: you’re often required to send scanned copies of documents with the blind trust that your personal information will be stored securely and not misused.
Taking this identity problem online, consumers often have to navigate a large number of online accounts and constantly resubmit the same personal data every time they undertake an identity transaction. Not only does this make it very difficult to track who has possession of personal identifying information, but you also have little control over how your personal data is shared and who has access to it.
As a result, there have been calls for a better, more convenient and effective solution to identity for a long time now in the UK, but with no concrete resolution as of yet. More specifically, there have been unanimous calls for a digital and secure means for managing our own identity-related data and choosing where, when and with whom we share it, without having to repeatedly scan and upload (or send off) our documents.
The Covid-19 effect
Since the Covid-19 pandemic took hold, however, the need to have a secure, portable digital identity has become even more important, for both governments, citizens, and businesses.
More generally, people are relying on the internet more and more to manage their personal and professional responsibilities, from access to banking, government resources, and other critical services. From a business standpoint, as face-to-face interactions with businesses are no longer the norm, consumers’ reliance on digital identity to shop, work, bank, and communicate has only increased. As a result, businesses want to be able to innovate and individuals are keen to quickly and easily access products and services relevant to them, confident they are protected from fraud and that robust privacy protections are in place.
Industries, such as banking, which traditionally relied upon physical IDs to authenticate customers and employees have had to undergo a radical transformation to adapt to the conditions that Covid-19 has imposed on our lives to provide secure online services for their customers
More concerningly, however, the lack of a secure, user-centric, and reusable digital identity left some who fail to pass a credit check unable to get a Covid-19 test. Further, it has also led to a lost opportunity to test and securely roll out new systems, such as ‘immunity’ and ‘health’ passports.
The emergence of immunity passports
To put it simply, the idea of immunity passports is to combine an individual’s COVID-19 test status, alongside their identity. In order for immunity passports to work, they must rely on an individual’s data being taken from an antibody test in order to determine whether that person is now immune to the virus. The idea behind immunity passports can be effective, especially if utilised through the correct technology. The hot question around digital immunity passports, is of course, data privacy and how user data will be handled and processed if the concept gets off the ground.
The concept of digital immunity passports is still unfinished. However, the general consensus is that individuals who qualify as immune could receive digital certificates on their phones, similar to a digital boarding pass. If true, this will bolster reassurances amongst users as their digital passports will be safely stored within their personal mobile devices. This will also prevent any certificates from becoming either damaged or lost.
Despite the digital immunity passport being stored on a user’s mobile, there are still further concerns around the issue of data privacy. As the purpose of digital immunity passports is to handle personal health data, for many, this level of access to this type of data can be uncomfortable, especially if this is what the future does look like in the long term.
What is important to remember for the idea of immunity passports to work is that the concept is there to defeat the virus. So, in order for it to succeed, the questions around data privacy must be answered clearly and honestly. The most pressing of questions being how the data being collected for immunity passports will be handled. The end-user must have the reassurance that their personal data is both protected and unwaveringly linked to their personal identity.
Ultimately, what Covid-19 has shown is that the broader need for secure, user-centric, and reusable digital identity has never been clearer. Done right, digital identity can support inclusion, increase data privacy and control, and protect people from the increasing threat of cybercrime. In the immediate future, it could also be the missing piece of a Covid-19 exit strategy through the use of digital immunity passports.
Most digital ID transactions are based, initially, on physical documents or certificates, but if you have a digital ID you don’t need to produce these documents to access online services.
Importantly, for a digital ID system to work, governments and organisations must have a high level of assurance in a digital ID, which means that the data comprising a digital ID needs to be verified as accurate by trusted parties. Once users have created ‘verified’ digital IDs, they can be used to access multiple services from multiple different organisations.