The Digital ID & Authentication Council of Canada (DIACC), a public-private sector coalition working on the Pan-Canadian Trust Framework for interoperable digital ID, has released its annual survey of Canadian attitudes towards digital ID.
Among the findings:
- 88 percent of those surveyed were very or somewhat supportive of the concept of digital ID.
- 75 percent felt the COVID pandemic made it more important to have a secure, trusted, and privacy-enhancing digital ID to help Canadians transact safely online.
- 80 percent of respondents believed it was very or somewhat important that Ottawa and the provinces move quickly to enable a safe and secure digital ID for Canadians.
Additionally, the House of Commons finance committee released a pre-budget report with a long list of recommendations tied to digital IDs. One of them suggested that Ottawa “implement a digital identity system that empowers Canadians to control their data that is held by the federal government.”
The Commonwealth Bank of Australia (CBA) has suggested that Australia’s digital ID system oversight is best left to existing, broad-based regulators and, where possible, industry self-regulation.
The Digital Transformation Agency (DTA) has been working on Australia’s digital identity system for several years, going live with the myGovID and accrediting an equivalent identity service from Australia Post in 2020. According to Zdnet, there has been conversation around extending digital ID to allow the private sector and state government entities to develop their own platform, still legislation is required to allow such participation.
The DTA has been consulting on how to best shape the legislation, proposing an oversight body to provide governance of the digital identity system, but the CBA suggested that oversight is best left to existing, broad-based regulators and, where possible, industry self-regulation.
According to the bank, the Office of the Australian Information Commissioner is best placed to review matters relating to privacy, while the Australian Cyber Security Centre is best places to assist victims of cybercrime, and so on.
Furthermore, CBA believes that because certain consumers will potentially interact with different providers the ‘proliferation of regulators in the data economy would likely create confusion in the minds of citizens and increase barriers to redress’, ZDnet added.
Taiwan has underestimated the risks posed by its proposed digital ID system to user privacy and cybersecurity, according to a report from The News Lens published as part of a series on different digital identity models around Asia.
The island nation’s plan to begin issuing digital identity cards in July has been put on hold to buy time for the establishment of a legal basis for it. It is the third attempt by the government to stand up a national digital identity, after projects launched in 1998 and 2005.
Concerns with the new system identified by the Lens include the lack of a full assessment of the information security risk associated with the ID, increased risk of surveillance by the state or private entities, national security concerns related to Chinese contractor involvement, and the lack of a dedicated personal data protection law in Taiwan.
Japan and Malaysia
The second article in the series considers Japan’s optional My Number Card digital ID and Malaysia’s mandatory MyKad.
About 20 percent of people in Japan have been issued that country’s national digital ID, and the government is hoping to increase its adoption. Healthcare insurance information will be supported by the cards starting in March, and driver’s license information is planned to be integrated, effectively making it a mobile driver’s license.
Malaysia’s card includes fingerprint biometric data, unlike Japan’s, and also optionally functions as a driver’s license. The country is also in the process of establishing a mobile device-centric biometric national digital ID as a complement to MyKad.
You might also like
The Lens notes weak data security and data protection law are concerns in Malaysia, as well.
Singapore and South Korea
Both Singapore and South Korea’s national digital IDs are smartphone-based and non-mandatory, though SingPass is increasingly the de facto method for accessing government services.
The SingPass Mobile app provides a range of functions, including form auto-filling, and is secured with fingerprint or face biometrics. The Lens notes that a physical token option, which only about 2 percent of SingPass users have, will be phased out this year.
South Korea’s digital ID services are run by the private sector, after the Digital Signature Act of 2020 marked the end of a government monopoly.
The country’s three largest telecoms have worked together to develop the PASS authentication app, and to introduce a digital driver’s license with the police and traffic authorities.
The Lens notes that Singapore’s SingHealth recently lost 1.5 million medical records in a breach, and the personal data of 20 million Koreans has also been leaked, reinforcing the need for a stronger foundation for Taiwan’s nascent digital ID.
Biometrics Update reports that the Netherlands State Secretary for the Interior and Kingdom Relations Raymond Knops has proposed to parliament that the government should establish a foundational digital ID and a legal and regulatory basis for its functional use, including by the private sector.
Written after consultation with various government departments, academic institutions and identity service providers, the letter calls for the government to provide the infrastructure for a robust digital ID system, and the legal framework to maintain trust within it, and preserve user privacy.
The digital ID system should be inclusive, secure and reliable, supportive of government services into the future, and able to unlock economic opportunities, Knops says.
The four pillars of the system, he advises, should be reliable data sharing, digital access, a government-issued identity credential, and a legal and regulatory framework.
The letter goes into the vision in some detail, noting that the system may include biometrics, but not stipulate their use.
Cybersecurity and IoT company WISeKey International has announced that it will apply to receive an independent identity provider status for its WISeID platform for the Swiss Federal Act on Electronic Identification Services (e-ID Act).
The Swiss electorate is scheduled to vote on March 7, 2021 to approve the legislation introducing a federally recognized electronic identity, the e-ID, which regulates how people can be uniquely identified on the internet. Once the e-ID Act is approved, anyone who wants an e-ID must apply through a federally approved identity provider.
Using Swiss-made technology, WISeKey’s WISeID Identity platform protects the personal identifiable information (PII) of users, offers strong authentication and encrypted personal vaults to protect digital assets and secure electronic transactions, all of which are significant aspects of the e-ID Act.