How Singapore can shape the future of digital identity
By DXC Technology
DXC's Gordon Heap shares how the government can implement a vision for a unified and ageless digital identity.
There’s a whole patchwork of systems used to prove our identity - both in the form of the cards we carry and the different databases that power them. “There is a great opportunity to be considered by merging physical and virtual identities, and ultimately just needing the one digital identity,” says Gordon Heap, General Manager, Singapore Public Sector at DXC Technology.
He outlines four key methods that will shape the future of digital identities.
1. A unified identity
Governments are moving to create a single identity that either merges or connects the different physical and virtual ones that exist today. “If we implement this effectively, as a national initiative, and ultimately an international initiative, then the application of this identity permeates every interaction of our life,” Heap says.
Singapore has benefited from having a single national identity card following the introduction of the National Registration Act (1965), he says. “It's been fairly foolproof.” But even in this case, the government has had to rewire internally to allow people to use an integrated digital identity, SingPass. “It has required a lot of changes to a lot of different systems to allow the citizens to have that access,” he adds.
The European Union has an ambitious vision for a single digital identity to be recognised across its 28 countries. The ‘Once Only’ principle sets out that if citizens provide biometrics to one country, they should not have to provide it to another EU nation.
Digital identities should be issued and regulated by the government, but open to all private and public sector parties to use. New Zealand , for example, is looking to integrate its RealMe identity with Facebook and Google profiles.
2. Multi-biometric
Biometrics have already emerged as a good way to identify people, but governments will need to adopt a “multi-biometric” approach to provide the highest level of assurances. Digital identities should be backed by a combination of different biometrics, such as fingerprint, voice and facial recognition, to make it difficult to tamper with and allow access to services via different biometrics.
Systems that converge traditional and emerging biometrics, like the earlobe, will deliver heightened assurance of identifying an individual uniquely, Heap says. “Our earlobes are unique and also don't change as much over the course of our life. Fingerprint identification has been around for a century, but is not as accurate as people believe. Our fingerprint is susceptible to change as we start to age, it is actually not that reliable.”
Many nations, including the United Kingdom, have a comprehensive centralised “biometrics as a service” vision . Citizens would need to provide their identification information just once to the government and would then be able to use that to access services.
For example, citizens can use their fingerprint on their smartphones to access a range of crucial public services. Many governments already use facial recognition, iris reading or fingerprint scanning to clear travellers through airport immigration for a truly hands-free experience.
3. Ageless identity
The biggest piece of the puzzle has been that our identities are often incomplete, with the early years and end of life excluded. Most countries, including Singapore, issue national identity numbers in the teenage years, Heap says. “And yet, from birth to the age of 15, a lot happens in one's life. That information is lost, or at best not recorded against a future digital identity.”
Some of this information from our early years, like health and education records, is critical for future services. Our “digital twin” should be created at birth, so information and records are built over time. “If we're going to create a digital identity, why would it exclude periods of one's life? It really shouldn't,” says Heap.
At birth, citizens would be given a digital identity and, if required, the birth certificate itself should be digital. Biometrics like iris and fingerprints can be added to this at a later age once they are more developed. All of this is possible with the right type of technology including biometrics and possibly blockchain, Heap adds. Brazil, for instance, is issuing digital identities at birth, he says.
The other missing piece of information is death. We are reliant on our next of kin to update numerous government agencies and our social media. “It's a very difficult issue to deal with. People are grieving at that point, and to be honest, may not know every government department, private sector service and social media platform that the deceased has engaged with during their life,” he adds.
But it’s possible that once a death certificate is issued by the registrar, it would set off a series of activities to ensure our health, financial, employment and tax records are updated. “Our digital identity should be updated to reflect that. And if this is available to the private sector, our Facebook account and Twitter page could be retired.”
4. Citizen controlled
Many digital identity programmes have hit roadblocks with questions of privacy. In India, this led to a landmark Supreme Court case on whether the Aadhaar project violated a constitutional right to privacy. Ultimately, the ruling allowed the government to continue collecting biometric data but within new limits. Private sector organisations like banks and telcos can no longer use this data in India.
Fundamentally, such controversies come up from a lack of trust in the system, Heap says. “Citizens feel that they're not in control and they are not sure what the government is using this information for,” he says.
The answer is to ensure that digital identities and the information linked to it is controlled by citizens. There could be mechanisms for users to choose biometric verification in some cases and not in others.
Having identity stored digitally allows citizens greater control if the data is managed correctly. In the case of minors, for instance, parents would be able to give consent, and control could be automatically transferred at adulthood.
Blockchain is one way of doing this, Heap adds “It can be consensus based: I can share the data on me that I want to share; it's immutable; and it can be validated through my digital identity and backed up with my biometrics.”
With these four methods, Singapore can build a digital identity that will serve its Smart Nation ambition: one that is seamless across all aspects of our lives, secure and easy to use, and trusted.