Editorial

2021 predictions: Digital Identity

What does the digital identity industry think is on the cards for 2021?

Posted 23 December 2020 by

2020 saw the Government make headway with its plans to update existing laws to enable digital identity to be used as widely as possible. They include plans to update existing laws to enable digital identity to be used as widely as possible, alongside a new set of guiding principles for policy development.

DCMS said the proposals were announced after 2.6 million people made a claim for the Self-Employment Income Support Scheme online since its launch in May. DCMS said 1.4 million claimants had no prior digital identity credentials and needing to pass through HMRC’s identity verification service.

The COVID-19 pandemic has fuelled the debate around digital identity. Jenn Markey, project marketing director at Entrust says the use of tools like identity proofing − originally designed for consumers to authenticate – will increase to facilitate the onboarding of new and existing remote employees.

“There will also be an increase in the issuance of mobile/digital credentials (vs badges and smart cards) to securely access to company resources from anywhere,” she said. “Organisations will adopt more credential-based password-less authentication with proximity-based login to mitigate the risk of less secure home office environments.”

Stuart Sharp, VP of technical services at OneLogin also believes 2021 could spell the end of the password as we know it.

“What we’ve seen this year reinforces the inadequacy of passwords in maintaining the security of online services,” he said. “All too often individuals reuse passwords across accounts and it takes just one breach for one or more accounts to be hijacked.”

Sharp predicts next year will see an increasing number of applications following the trend towards a password-less future, where authentication can be achieved through device-based biometric solutions. “The more simplistic methods, such as authentication by way of text messages, are better than nothing, but they are too susceptible to the malicious schemes of bad actors who can manipulate telco-based communications for their own benefit. Biometrics, however, is based on ‘who you are’, and when used with the FIDO2 WebAuthn standard, something you have is much tougher to subvert. In light of COVID-19 and the increased reliance on all things internet, it will be interesting to see is if this trend towards a password-less world rapidly accelerates.”

Government services

So, what does this all mean for government and public sector?

Professor Carsten Maple of The Alan Turing Institute, the UK’s national institute for data science and artificial intelligence (AI), believes we are moving towards establishing foundational digital identity systems as part of the national infrastructure for government services.

“These systems are increasingly seen as an opportunity for new value creation, providing access to citizens’ rights through underpinning services and social benefits, and to address inequities by improving societal inclusion and economic prosperity. Indeed, the COVID-19 pandemic has led to governments and businesses alike fast-tracking plans to develop the enrolment and verification services needed to extend social safety nets and reliable online transactions and services. 

“Digital Identity systems have evolved over the last two decades, with advances in technology, and different approaches creating a varied landscape of processes, infrastructure and services, for collecting, registering, issuing, verifying and managing identity data. With such a critical role to play in underpinning economy and society, we can anticipate growing public debate that puts a spotlight on the trustworthiness of the design and deployment of these systems, including the ethical considerations that arise. To date, many identity services have been developed to suit private-sector requirements. As the use cases move into the public sector, we see ambitions to support public governance accompanied by fierce debate around what may or may not be acceptable to citizens.”

Professor Maple notes that in the early days of the pandemic, proposals for controlling the virus included linking temperature reading devices in airports with identity systems were discussed. Now, as COVID-19 vaccines emerge, the conversation has moved on to linking identity with vaccination records.

“Records of vaccination against other diseases have long been a requirement for travel to many countries and the process of doing so is generally trusted. Concerns can rise however, around the level of trustworthiness in a ‘last-minute’ system that manages records of COVID-19 vaccinations to access facilities and services that underpin everyday life. A breach of this record would be a clear infringement of an individuals’ right to privacy and presents significant risk of discrimination and societal exclusion.”

The Open Source software community, which increasingly examines such questions, is developing its influence in the identity arena. Projects such as MOSIP tackle the evolving characteristics and functionality of identity systems, and The Turing’s own Research Engineering Group is actively contributing to open source developments as part of the Trustworthy Digital Infrastructure for Identity Systems project. 

Crisis of confidence

However, Andre Durand, CEO of Ping Identity believes that as a digital society, we are facing a privacy reckoning and a crisis of confidence — and we’ll see it come to a head in 2021.

“The level of data collection by tech companies has reached a new peak, and consumers are losing faith in service providers’ ability to manage their data respectfully. 2021 will be the year that consumers demand more control of their personal data and how it’s used and shared.

“The identity security industry, specifically, will evolve to address this demand with new ‘personal identity’ frameworks that give consumers control over their identities and which attributes to share with service providers. By allowing people to pick and choose specific data and identity attributes to share with apps, and giving them the capability to validate their identity without revealing more than necessary, we’ll put an end to the status quo of giving up excessive amounts of personal data to do basic tasks in our everyday lives.”

The debate around digital identity, and how best to implement is on a national scale, will grow in volume in 2021.