The following report is by David Mahdi – CSO and CISO Advisor at certificate/PKI firm Sectigo, and a former Gartner research VP, identity, cryptography and cybersecurity visionary – via Biometric Update:
As an increasing amount of personal and critical business information is available online, stronger provisions are required to ensure the sensitive data is correctly safeguarded. A growing movement among government bodies is the adoption of a digital identity framework that allows users to provide alternative forms of security clearance to access important services, such as banking or medical records.
This involves creating a digital identity process and framework that can be used as a complement and in some cases an alternative to physical documents such as passports or ID cards. This certification process allows enterprises and users to prove themselves within the rules of the trust framework. The benefits of this are notable; it eases the burden on consumers, reduces delays in any conveyancing process, and crucially, helps reduce the risk of both fraud and cybercrime.
The UK government has set out its own research into establishing a digital identity framework, while France is set to release its government-issued digital verification mobile application. To make sure these frameworks are not only operational but also successful, there are a number of considerations.
UK Going Cashless As Over A Third Of Brits Abandon Physical Tender For Contactless Payments
The Fabric Of A Framework
When it comes to any given trust framework, the fabric can be one of two things. Either it is centralized, like a credit card network with a central operator, or decentralized, such as a high-assurance blockchain-based network. For instance, look to Canada’s digital identity network, verified.me, which citizens can use to access government services. Canada was an early adopter to leverage blockchain technologies to further help drive better privacy as well as data controls for citizens. How this works is, as an example, when someone opens a digital wallet to make a transaction and that person selects bank and various factors of identification, the framework will check if all these factors meet the requirements to access certain accounts or pieces of information. This is all without the user having to get involved, whilst still knowing their data is staying secure throughout the transaction journey.
It is important to examine already established and existing examples of digital identity frameworks to learn best practices. Aside from Canada, there are a number of countries successfully implementing their own frameworks that can act as guiding lights of best practices, but also highlight pitfalls to avoid. The Nordics, for example, have been using BankIDs. This helps facilitate digital businesses in Scandinavian countries.
Norway’s Banks Will Now Replace Mobile Web Interfaces With International Biometric ID System
Although these cases specifically are yet to fully solve the problems that they set out to solve, they are the most mature in this journey. They also help act as evidence for the actual step-by-step process of building out a framework.
The Building Blocks Of The Framework
The steps involved in the process of developing a digital identity system or framework are two-fold. The first is the technology and the second are the people that will make up the framework.
From a technology perspective, the full software, the hardware and the connectivity stack will need to be aligned. This requires multiple parties to all be on the same page including the device manufacturers, the operating system providers as well as the identity solutions providers. All with the view of openness and interoperability; that is leveraging open standards that allow for maximum interoperability.
Additionally, and perhaps most critically, there is the non-technical alignment, clarifying who runs the systems and who owns what parts. This is particularly important in cases where there are any logistical issues such as a breach. While the technology has been available for quite some time, more often than not, the non-technical aspects are what have held governments and other parties back from adopting these initiatives. This is because the greater challenge is in ensuring that there is trust in this framework, or no one will use it.
Rooting A Framework In Trust
When it comes to implementing a digital framework to ensure the securing of identities, the main factor to consider is the trust itself. This means user control is critical when deciding what digital identities they will want to use in any given transactional process. To make sure that users are in control of their data, the first step is establishing this trusted framework that is backed by policies and by government.
Before committing to this framework, users must be assured throughout the process that any institution authorising the transaction (such as banks), does not need to store their data. Instead, they can use a cryptographic checkmark from the network. This gives users trust in the platforms they are using, while simultaneously improving the overall user journey. The goal here is furthered by reducing friction in the process and enabling the continuation of a successful business.
However, while it is important that the framework is trusted, it cannot be treated as a flawless system. We should always try and verify it. When looking at software and hardware, trust can be eroded at any moment and at any layer of the framework. This could be due to a system failure, clerical error, or a cyberattack. Therefore, trust can never be fully assumed.
Furthermore, while these risks are known, the unknown risks pose serious danger. As we continue on into the digital world, it is very likely that new threats will be created that do not exist today. So it is vital when establishing digital trust, that we pre-determine today’s known risks while anticipating potential threats and strategizing the best way to mitigate them with identity-first security principles.
It is very likely that in the next 10 years, our identities will be increasingly more digital. To prepare for that, governments and businesses alike must recognize the need and benefit of creating a digital identity system or framework. Users must have the option of whether or not they want to use the system, particularly those who would rather have non-digital options. Whether centralized or decentralized, to have a successful framework, all must anticipate different levels of reliability and responsibility.
AUTHOR COMMENTARY
Indeed, these biometric IDs will be the the only form of transactions in ten years or less. But there will be zero choice: biometrics and being plugged into the grid, or living a “19th century lifestyle,” as the World Economic Forum prophesizes by the year 2030:
My biggest concern is all the people who do not live in our city. Those we lost on the way. Those who decided that it became too much, all this technology. Those who felt obsolete and useless when robots and AI took over big parts of our jobs. Those who got upset with the political system and turned against it. They live different kind of lives outside of the city. Some have formed little self-supplying communities. Others just stayed in the empty and abandoned houses in small 19th century villages.
The Forum wrote in an essay
Clearly, these advancements in the biometric space is only leading to the mark of the beast system.
[16] And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: [17] And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. [18] Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six.Revelation 13:16-18
[7] Who goeth a warfare any time at his own charges? who planteth a vineyard, and eateth not of the fruit thereof? or who feedeth a flock, and eateth not of the milk of the flock? [8] Say I these things as a man? or saith not the law the same also? [9] For it is written in the law of Moses, Thou shalt not muzzle the mouth of the ox that treadeth out the corn. Doth God take care for oxen? [10] Or saith he it altogether for our sakes? For our sakes, no doubt, this is written: that he that ploweth should plow in hope; and that he that thresheth in hope should be partaker of his hope. (1 Corinthians 9:7-10).
The WinePress needs your support! If God has laid it on your heart to want to contribute, please prayerfully consider donating to this ministry. If you cannot gift a monetary donation, then please donate your fervent prayers to keep this ministry going! Thank you and may God bless you.
This will be a test of patience and diligence for those of us who like doing it the old way. One thing you’ll notice, when you use cash virtually all the time you will have a jarful of change or coins and thinking up ways to get rid of them haha