Editorial

Digital Identity: Global Roundup

Digital identity news from around the world

Posted 14 June 2021 by Christine Horton


Canada

A bill that makes it mandatory for Canadians intending to visit a pornography site to go through a face biometrics age verification test is raising privacy concerns.

The privacy concerns about the move in Canada were raised by the country’s Privacy Commissioner Daniel Therrien during a recent Parliamentary committee hearing. He was speaking in reaction to Bill S-203 tabled by Sen. Julie Miville-Dechêne, which suggests regulation around access to online explicit content, National Post notes via Biometric Update.

According to the lawmaker, the problem is not just with the age verification issue, but the suggested use of face biometrics, arguing that biometric technology is “very intrusive” and there are no guarantees about the level of accuracy of the age verification as there are considerable error margins.

Therrien said that if certain corrections are not considered to the bill, it could “increase the risk of revealing adults’ private browsing habits,” the report mentions.

Although the bill is not specific about the kind of age verification to be instituted, some of the options being weighed include presenting some sort of an ID to a third-party organization, or the use of biometric and artificial intelligence technologies for age verification, the report notes.

Uganda

Millions of Ugandans struggle to access vital public services and entitlements as they lack digital identity cards, six years after they were introduced, according to human rights groups.

Government data shows that a quarter of Ugandan adults, or 4.5 million people, did not have a biometric identity card in 2020, with pregnant women being turned away from health centres and old people unable to claim welfare payments, they said.

“There are significant weaknesses in the digital ID system,” said Salima Namusobya, head of the Initiative for Social and Economic Rights (ISER), one of three co-authors of Tuesday’s report, which described the IDs as a “national security tool”.

“Applying it to service delivery is causing exclusion for many people, especially the poor and the vulnerable,” she said, calling on the government to “immediately” end the requirement of the ID card, known as ndaga muntu, to access social rights.

More than 15 million digital ID cards – which are needed to open a bank account, buy a mobile SIM card, start formal employment, get a passport or a student loan – have been issued since they were introduced in 2014, government data shows.

Rosemary Kisembo, head of the National Identification and Registration Authority (NIRA), which administers the system, acknowledged the “urgent need for improvement”.

India

India’s federal government is in the preliminary stages of developing a ‘Universal Family ID,’ similar to India’s current biometric Aadhaar system, in order to track beneficiaries of flagship social benefits schemes in the country, reports The Print.

Under the proposed system, each family will be registered as a unit via a national digital platform, which, the Ministry of Electronics and Information Technology (MeiTY) says, will make governmental welfare schemes more effective by removing gaps in the system created by a lack of individual identification. Each member of a family will receive a unique digital ID code.

Other states around the country have been looking into developing similar initiatives, for example, Haryana state launched a (reportedly) mandatory family digital ID program in summer 2019, called Parivar Pehchan Patra. Similarly, each family’s data is stored on a digital database, and produces a unique eight-digit code. However, privacy concerns about data usage have been arising since the scheme began collecting information including birth and death certificates.

“Family ID will link existing, independent schemes like scholarships, subsidies and pensions, so as to ensure consistency and reliability and at the same time enabling automatic selection of beneficiaries of various schemes, subsidies and pensions,” according to the Haryana state government website.

USA

Apple plans to offer the ability to store state-issued identification cards digitally on iPhones and added user privacy protections on its iCloud storage service and email apps, among several updates to the software on its devices.

Apple said users will be able to scan state-issued ID cards in participating US states and the cards will be encrypted in a user’s digital wallet, where the company currently offers the ability to store credit cards and transit cards in some US cities. It is working with the US Transportation Security Administration to accept the digital IDs at airports.

Guinea

Guinea’s National Agency for Economic and Social Inclusion (ANIES) plans to use a digital identity and biometrics management system based upon OSIA’s open standards approach, to reach vulnerable communities in the country, announced Secure Identity Alliance (SIA).

Idemia will provide ANIES with the digital identity system that eliminates vendor lock-in and prioritizes reaching those most in need in the country.

Within Guinea’s population of 12 million people, around 40 percent are undocumented, meaning access to governmental support programmes is limited. The biometric registration, run by ANIES will provide each citizen with a legal identity and a beneficiary card allowing access to a range of governmental services. Nearly 60 percent of the population lives in poverty, and Idemia says the government intends to promote financial inclusion through a cash transfer program enabling access to financial and payment services under the National Economic and Social Development Plan (PNDES).

OSIA (Open Standards Identity APIs) enables digital identity as a service, and works with an advisory committee including governments and major corporations, to develop appropriate contractual and technical frameworks which focus on assuring data portability and interoperability. Innovatrics, also a member of OSIA, provided technology to Guinea for civil registration projects in 2019.

Singapore

UOB has become the first bank in Singapore to pilot the use of Sign with Singpass, the country’s national digital identity framework, to confirm transactions or product applications using a customer’s digital signature.

Under an initial 12-month pilot, the Bank will test the use of Sign with Singpass with a set of its retail and corporate customers. Some of the transactions the pilot will cover include forms for individual wealth planning services and the PayNow Corporate application.

Once rolled out across all markets, electronic signatures will cut down the use of more than two million multi-page hardcopy documents each year which in turn will save more than 700 trees per year, says the bank.

Susan Hwee, head of group technology and operations, UOB, says: “The initiative will not only increase the convenience for our customers but also remove one of the roadblocks – the need for physical signatures – in fully digitalising the documentation process.”

Australia

IT News reports the federal government has provided a comprehensive look at planned legislation for the expansion of its federated digital identity scheme to state and territory governments and the private sector to date.

The Digital Transformation Agency on Thursday released a position paper for consultation ahead of the planned introduction of the legislation, dubbed the ‘Trusted Digital Identity Bill’, to parliament in “late 2021”.

It follows a first round of public consultation last year on the development of bill, which will enshrine governance and privacy protections, including some those within the trusted digital identity framework (TDIF), in law.

The legislation is necessary for state and territory governments, as well as the private sector, to apply for accreditation. Only the Australian Taxation Office’s myGovID credential and Australia Post’s Digital iD credential are currently accredited under TDIF.

It is expected to “include subject matter that will not need to regularly change to keep pace with technical developments”, with other rules and other written guidelines and polices to “outline technical information and requirements detailing how the system operates”.

The paper reveals few changes to the scheme’s planned whole-of-economy expansion since the first consultation, with privacy and consumer safeguards and plans for an independent Oversight Authority – which will assume the DTA’s interim role – the same.

While the DTA is still “considering which agency is best suited to provide staff to the Oversight Authority”, it has suggested either Treasury, the Australian Competition and Consumer Commission or the Department of Prime Minister and Cabinet.

The planned accreditation of government agencies and private sector firms also remains largely the same, through the DTA appears to have added a second tier for those wanting TDIF accreditation but not wanting – or ready – to participate in the system.

Those entities, dubbed ‘TDIF providers’, will need to meet the same privacy standards as ‘accredited providers’, though will not be subject to the liability and redress framework, charging and most civil penalties.

USA

The US Department of Defense says that its digital ID, credentialing and access management project, first trialed in 2018, will serve all corners of the department by next summer.

That is rapid development for a federal IT project of any description, but then, ICAM, as it is known, is essential to creating a zero-trust architecture. The Pentagon was trialing ICAM as recently as last October.

FedScoop is reporting that the DOD’s Defense Information Systems Agency (DISA) expects in the next year to create a global directory used to identify all department personnel. Biometric sign-in will be one recognizable zero-trust tool.

The agency continues to experiment with other recognition tools, according to FedScoop, that run more to the behavioral/surveillance roles. Gait recognition systems reportedly are among those tools.

France

Two French companies are in the race for the contract to supply 12 million smart cards for national identity cards as the government aims to replace the existing citizenship cards with such cards for official purposes.

Thales and IDEMIA are the two companies that participated in the bid and the selected bidder will be responsible for designing, manufacturing, supplying, delivering, testing and production support of multipurpose biometric smart cards, according to the Department of National ID and Civil Registration.

Their bids were opened on May 28 and evaluation is underway.

Thales is reportedly the lowest bidder. Thales Dis Singapore, the regional office of Thales, has quoted $14.38 million while the IDEMIA Identity and Security, France has quoted $14.61 million.