Your digital identity is critical to accessing electronic resources, but to truly unlock the economic and social potential of the Internet, services that are still only being conducted offline must be brought online. However, these services require systems that provide a high level of confidence about a person’s identity, which an effective digital identity management should provide.
You wish to conduct following activities over the Internet: send an email; order a book; or even transfer some funds from your savings to chequing account. Even before you are allowed to perform any of those actions, you must first register on the respective website and establish an identity online. The website owner then assigns you certain privileges to use facilities available through the website. Thereafter, whenever you log in, your registration details are used to authenticate you as the authorised account holder, and if successful, you are allowed to carry out the desired transaction.
Increasingly persons are required to follow a formal access procedure in order to secure a particular facility or service. However, there are still several critical services that are not yet available over the Internet, especially in the Caribbean, because of the systems to provide the necessary assurance about person’s identity online are absent. This post examines the digital identity and identifies some of key considerations in managing it.
What is a digital identity?
The term digital identity (ID) is used in different ways, but in the context relevant to this discussion, it refers to an entity, including humans, devices, digital resources and computers, being represented in the electronic space. With regard to people, a digital ID would be the online equivalent of each individual person that participates in electronic transactions on behalf of the person in question.
Managing our digital ID: why is it important?
A digital ID is a critical aspect in maintaining online privacy and security. It acts as a key that unlocks access to specific services, and allows persons confirmed as authorised users, access to resources or services that they are entitled to access.
In the online space, digital IDs are required not only to order goods and services, or to carry out banking services online, increasingly we must now share fairly personal information in order to browse a particular website. More importantly, the access requirements for a particular website or digital space is not standardised. You may find that the information required to access on online game, for example, is almost identical to or even more intrusive than what is must be entered to set up an online banking account.
However, for those of us who use the Internet, we generally do not have just one digital ID. The information that comprises that identity varies depending on the requirements of the online/electronic service provider. Further, for security purposes the providers tend to demand, as part of that identity that we create strong passwords, which means they are long, cannot be found in any dictionary, and should be used just once. However, since these access frameworks are becoming more common, we are not only expected to keep track of the various combinations of our digital ID, but inherently we also have the added responsibility of assisting the providers in maintaining the security and privacy of their network.
Notwithstanding the ad hoc requirements that currently obtain, digital IDs are critical for trust-based digital services. Currently, there is still a broad range of activities in the Caribbean, such as government-generated documents and transactions that cannot be accessed electronically. A key reason for this is due to the fact that effective digital ID management strategies have not been established. Such strategies are critical to drive innovation, and to enable the region to continue to realise the economic and social potential of the Internet.
What are some of the considerations?
Current digital ID management systems are not robust enough to offer the requisite level of assurance to allow certain offline service to migrate online. Much of the concern and challenge is with respect to authenticating the information that the user has provided. Authentication can be achieved in a number of ways, such through an “identity provider” which verifies and confirms a person’s identity.
Perhaps the most important identity provider in the Caribbean is the Government. It already issues, birth certificates, ID cards, driver’s licences, passports, etc., all of which are essential for offline transactions as providing a high level of assurance of a person’s identity. However, if government-certified credentials cannot be accessed online, it in turn limits the services, especially the high-trust services – such as opening a bank account online – that will be available electronically.
What can our government do?
To varying degrees, most of our governments have been engaging in e-government initiatives to improve not only linkages between its member ministries and associated agencies, but also to provide a broad range of information and services to its citizens. Since all citizens must interact with Government throughout their lives, Caribbean Governments have an invaluable opportunity to spearhead how digital ID systems are developed and managed within the region through the processes and products it establishes to interact with the public and to provide online services.
Further, as a regional (or sub-regional) grouping, developing a common digital ID management system could benefit from economies of scale and scope. More importantly, it could establish cross border assurances within the region. For example, your digital ID as authenticated by the Government of Dominica should be accepted without difficulty or challenge in Jamaica or Grenada, which in turn would truly foster the free movement schemes that are being currently advocated and implemented.