Identity for All – Creating an Accessible Identity

Guest blog from Susan Morrow, Head of R&D at Avoco Secure and Tech, Security and Identity Expert

Posted 1 April 2019 by Lucy Brown

I’m going to tell you a personal story. I don’t normally do this in my writing, but it helps to set the scene.

A few years ago, I became sick with an illness called “dermatomyositis” (I know, it is hard to say and even harder to live with). It affects your muscles. During the acute stage of the disease, I became disabled. I could only walk a few steps, but eventually moved onto using a walking stick, and now I can walk as an able-bodied person; I only had a small taste of what it is to be disabled. However, I do still have residual issues with muscles, especially in my hands.

Recently, I setup an account with an online organisation. As part of setting up this account, I had to hold up my passport next to my face and take a selfie using my phone. Sounds easy enough. Well, it isn’t if several fingers on each hand don’t function well. Several attempts later, with fingers aching and not working properly, I gave up. They are not the only game in town, and I moved onto a competitor.

According to The World Bank (TWB), 15% of the world’s population have some form of disability; that is 1 billion of our fellow humans. In the UK, Government figures show disability affects 11 million citizens.

A report by TWB points out that the 2030 Agenda for Sustainable Development states:

“disability cannot be a reason or criteria for lack of access to development programming and the realization of human rights”.

If digital identity is viewed as a human right, and I amongst many believe it should be, then how do we ensure it is attainable by those of us who have disabilities?

What is Online Accessibility

When I was involved in the Verify program, I had to help look at accessibility within the offering of the service. GDS has very strong mantra around making the system accessible. The service had to conform to W3C accessibility standards which are defined in the Web Content Accessibility Guidelines (WCAG). This set of standards explains how to improve the usability of a website so that it is accessible for all, including people with disabilities. Similarly, the EU Standard – EN 301 549 has a set of requirements around accessibility specific to the needs of public procurement and that cover a wide-range of service functions. However, I believe that digital identity systems should have an extended set of guidelines around accessibility and I’ve outlined a few here as food for thought.

Ideas for Improving Accessibility in Identity Systems

The guidelines offered by W3C are incredibly helpful, giving practical advice and suggestions for improving the UI of any online site or application. However, in the identity space, we have some unique challenges in accessibility, especially when we try to gather data from people with physical disabilities and let them use their digital identity. We need to think more carefully about the options available within given use cases that impact disabled persons. In this category, I also include those suffering from chronic illnesses.

Here are some of the issues that we need to consider when designing the services/systems or deciding to procure them:

  1. Interacting with identity services: Options are always a good place to start when covering the use of identity services with a wide-demographic. Especially one that needs to support a wide-range of people with physical disabilities. Wherever possible, build multiple channels of interactive support for the user. This may well include paper channels, a user being offered an identifier in a QR code on paper, for example. Wearables are also useful for certain use cases in transacting with an identity – hospital wrist bands could potentially hold an identifier that can be used to perform an identity data-based transaction. Other channels that we can now reach out to are digital assistants. Offering keyboardless registration and consented data sharing perhaps asking, “Alexa, create account” or “Alexa, share my birth certificate with…” could make on-boarding of sight impaired users and others much easier.
  2. The allure of friction-free registration: Being a pragmatist I know that the having your assurance cake and eating it is not as simple as folk make out. Having a high assurance identity needs data and checks to be done on these data. This means collecting information. Friction-free registration experiences are a golden chalice, especially for the physically disabled, but the reality is less friction-free and more wading through mud. However, there are ways and means to reduce friction. Federating with existing accounts is one way – if a disabled user has already been through the pain of getting an ID account, let them reuse it. This may mean that users come in at a lower level of entry, but it is still part of building a relationship. Slowly, over time, at the pace of the user, you can build up a profile that ticks your boxes and gives the user an assured identity account.
  3. Flexible solutions with options. There are many types of disablement and many phases of disablement within any given time frame of a person’s lifetime. I myself, have gone from being unable to walk more than a step or two to being more or less fully able-bodied. Back then, I’d have struggled to find the stamina to complete the UK Verify enrolment process. Being flexible about how we engage users, register them, and interact with them, can make the difference between being truly accessible or just ticking boxes.
  4. Delegated accounts. Sometimes, even with the most amazing UI/UX a person just can’t create or use an online identity service. Just because you are unable to use digital systems doesn’t mean you should be excluded from them. Delegated accounts can come in very handy for these use cases. But they have to be fit for purpose which includes having expiry settings, and perhaps multi-person execution. Notarization services can also be linked to delegation too.

On a Final Note

In the UK the Equality Act 2010 has a section on what constitutes a disability. This means that service accessibility enters the legal realm. But to my mind, this should not be about legalities. This should be about reaching your entire audience. Government services, perhaps more than any other service, have to be able to be used by everyone, no matter what restrictions they live with. The term ‘wide-demographic’ was almost invented for government services. With this in mind, designing government and commercial services that are usable by all, makes sense. Our audience comes in all shapes and size, some can walk, some not, some see clearly, some much less so, some have hands that work perfectly, some suffer stiffness and pain in their hands.

The creation of accessible identity systems is a chicken and egg situation. Accessibility starts with the people who make the technology behind the identity systems. They have to build accessibility into their design remit of their product from the outset. But government and commercial buyers also need to set out realistic and achievable accessibility requirements in their tenders. Ultimately, the whole is greater than the sum of the parts if the vendors and buyers come together to imagine something better. By talking to each other and understanding the constraints and the possibilities can we then build better systems for those of us less able-bodied.