This is a revolutionary moment for society: governments are seeking to rapidly digitize the identities of their citizens—and most recently, the SARS-CoV-2 virus has been decisively shaping this governmental decision.
Amid the pandemic, citizens may rely solely on e-government services and, through the use of digital IDs, they are promised:
- Frictionless login—to encourage citizens to access government services more often
- Flexible security—to protect citizens’ accounts and personal details
- Outspoken privacy focus—to preserve citizens’ trust
It is, however, not that simple.
A digital ID “involves more than simply storing personal details online,” explains KPMG. “It’s an entire infrastructure for creating and maintaining citizens’ digital identities, and ensuring [that] they can access government services efficiently and securely.”
Digital IDs are ripe for exploitation if the security of this infrastructure is baselessly neglected. Citizens may not blisteringly oppose the government’s effort to digitize their identity information, but many of them are categorical over the security matter:
“For a digital ID system to work without becoming an easy target for hacking, it should be decentralized and otherwise adhere to recognized principles for good digital security.”
—Brett Solomon, Author at WIRED
What needs to be done before digital identification systems promptly streamline citizens’ interactions with the government?
Governments should have a clear picture of what they’re up against—namely, cyberattacks and the lack of citizen trust. That is to say, a granular examination of the risks brought by these electronic documents is deemed necessary to productively assess and thwart any potential threats.
The Main Reasons for Caution
Digital IDs expeditiously satisfy an otherwise time-intensive bureaucratic activity. In the era of cyber espionage, it’s only fair to ask: do they also offer top grade digital security?
As governments are building a more connected digital society, the level of fraudulent activity is expected to reach new heights. “Think about it,” experts encourage, “it’s impossible to hack a paper birth certificate, but it’s very possible to hack a digital ID.”
The evidence in support of this claim is provided by the breach of the Aadhaar program—the world’s largest digital identity framework: “10 minutes, and you have access to [billions of] Aadhaar details,” writes The Tribune.
If that wasn’t already troubling enough, be prepared: it gets worse. All it took for The Tribune’s reporters to gain unrestricted access to names, email addresses, phone numbers, and postal codes in the government’s database was $8, which they paid to an anonymous seller over WhatsApp.
Meanwhile, the Aadhaar data was proclaimed to be fully safe and secure—a misleading claim that inevitably corroded citizen trust of the government; and in low-trust environments, political opposition may always derail the drive for digital identity.
The lack of citizen trust may, in fact, put the entire digital identity program in a fix.
Worse still, governments going to great lengths to tackle digital ID fraud through the use of blockchain and biometrics might do untold damage to their reputation.
“Even biometric data (i.e. fingerprints and iris scans) is not 100 percent safe from hackers. […] Theoretically, a hacker could break into the biometric database, steal someone’s identity and personal information, and use that digital ID to claim benefits due to someone else.”
—Nicole Lindsey, Senior Correspondent at CPO Magazine
Security issues aside, building a digital identity is nearly impossible for citizens in rural or remote locations with no—or very limited—Internet connectivity. Yet, as the government extends affordable and secure Internet access for its citizens, the public is growing more upbeat about the possibility of state surveillance.
Although government surveillance is primarily used to fight terrorism, this program sweeps up impressive amounts of citizen data—which may swiftly curtail people’s rights and represent a threat to the liberty of any citizen.
With the growing risk of cybersecurity attacks and state surveillance, should citizens turn against the regime?
The public may soon have an answer. The Digital IDs Are More Dangerous Than You Think story published on WIRED questions why the use of a digital identification system is mandated and explains that citizens “should have the option to say no to any demand that [they] have a digital ID.”
Building a Trusted Digital Identity
The public opinion is somewhat fractured over digital IDs.
It is true that the on-and-off periods of social distancing restrictions that may be needed through 2022 will accelerate the move to digital voting; and in this particular case, digital IDs would rapidly enable e-voting—which, in turn, can increase voter participation and reduce election costs.
Compared to paper-based systems, digitized IDs might also aid developing economies in growing their annual GDP by up to 13% in the coming years.
Industry players, however, should be careful not to declare premature victory in the attempt to briskly digitize citizen identity.
Identity fraud is growing. As they establish their digital identity programs, authorities need to ensure that citizens are not trading their privacy for a frictionless interaction with the government.
Citizens need to easily—and, above all, securely!—access public services without constantly worrying about getting hacked.
