Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation A joint World Bank Group – GSMA – Secure Identity Alliance Discussion Paper JULY 2016 The GSMA represents the interests of mobile The World Bank Group launched the Identification operators worldwide, uniting nearly 800 operators for Development (ID4D) initiative in July 2014, with more than 250 companies in the broader with the objective to support progress toward mobile ecosystem, including handset and identification systems using 21st century solutions device makers, software companies, equipment that enable access to services and rights for providers and Internet companies, as well as all. The initiative is focused on addressing the organizations in adjacent industry sectors. The challenge of the 1.5 billion who have no form of GSMA works with mobile operators on digital official identity, and therefore unable to access identity and authentication through its M4D services and rights. For more information visit Digital Identity Programme (www.gsma.com/ www.worldbankgroup.org/id4d mobilefordevelopment/programmes/digital-identity) and the Personal Data Programme via Mobile Connect (www.gsma.com/personaldata/). The Secure Identity Alliance (SIA) is dedicated Discussion Paper prepared by to supporting sustainable worldwide economic growth and prosperity through the development Julia Clarka, Mariana Dahana, Vyjayanti Desaia, of trusted digital identities and the widespread Marta Iencob, Stephanie de Labriollec, Jean-Pierre adoption of secure eServices. The Alliance brings Pellestorc, Kyla Reidb , Yolanda Varuhakic together public, private and non-government organizations to foster international collaboration a The World Bank Group, Washington, DC, USA on Digital ID challenges and the issues of data b GSMA, London, UK security, citizen privacy, identity, authentication c Secure Identity Alliance, Paris, France and more. For information about its growing membership and range of activities visit www.secureidentityalliance.org © 2016 International Bank for Reconstruction and Photo credits Development / The World Bank 1818 H Street NW Front cover: Washington DC 20433 Telephone: 202-473-1000 Man guiding another in using a fingerprint scanner. Internet: www.worldbank.org © leezsnow. This work is a joint work of The World Bank, GSMA, Woman holds an ID card. ©Sebastien Rieussec/ and Secure Identity Alliance (“the Contributors”). Safran. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the Using smartphone. © mihailomilovanovic. views of the Contributors, their Board of Executive Directors, or the governments they may represent. Back cover: The Contributors do not guarantee the accuracy People forming thumbprint. © Digital Storm of the data included in this work. The boundaries, colors, denominations, and other information shown Additional: on any map in this work do not imply any judgment on the part of the Contributors concerning the A boy holds his birth certificate, outside African legal status of any territory or the endorsement or Development Bank Zanzan II Primary School, acceptance of such boundaries. in Bondoukou, Côte d’Ivoire. © UNICEF/NYHQ2011-2489/Asselin. Rights and Permissions Fingerprint. © Jose Luis Gutierrez. The material in this work is subject to copyright. Because The World Bank encourages dissemination A refugee filling an application at the UNHCR of its knowledge, this work may be reproduced, in registration center in Tripoli, Lebanon. whole or in part, for noncommercial purposes as ©Mohamed Azakir / World Bank, _ZAK6881F. long as full attribution to this work is given. Any queries on rights and licenses, including subsidiary rights, should be addressed to the Publishing and Knowledge Division, The World Bank Group, 1818 H Street NW, Washington, DC 20433, USA; fax: 202-522-2625; e-mail: pubrights@worldbank.org. DISCLOSURE CONTENTS 6 ABSTRACT 7 GLOSSARY OF TERMS 8 1. DIGITAL IDENTITY FOR SUSTAINABLE DEVELOPMENT: 10 OPPORTUNITIES AND CHALLENGES Introduction 10 Digital Identity for Sustainable Development 11 Key Risks and Challenges 14 2. DIGITAL IDENTITY AND THE ROLE OF PUBLIC AND PRIVATE ACTORS 16 The Identity Lifecycle 16 Stakeholders and Roles 22 Digital Identity Ecosystems: Existing Landscape of Public and Private 25 involvement Models for Private Participation in Official Digital ID Systems 28 3. COMMON PRINCIPLES FOR UNLOCKING THE VALUE OF DIGITAL 33 IDENTITY ANNEX: CASE STUDIES 35 Albania – eID and e-Passport 35 Chile – eID and e-Passport 36 Estonia – Mobile eID 37 Finland – Mobile eID 38 India – Aadhaar Unique ID 39 Moldova – Mobile eID 40 Nigeria – National eID 41 REFERENCES 42 4 | Contents Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation LIST OF TABLES AND FIGURES Box 1 Defining Digital Identity 11 Figure 1 Digital Identity Lifecycle and Key Roles 17 Box 2 Establishing a Minimum Set of Unique Identity Attributes 18 Figure 2 Common Authentication Factors 20 Figure 3 Levels of Assurance 21 Table 1 Key Identity Stakeholders and Roles 24 Figure 4 Examples of Digital Identity Ecosystems 25 Figure 5 Examples of Private Sector Involvement in Official Digital Identity Systems 29 Contents | 5 Disclosure The findings, interpretations, and conclusions expressed in this paper are entirely those of the authors and should not be attributed in any manner to the World Bank, its affiliated organizations, the members of its Board of Executive Directors, or the countries they represent. Reference to names of firms and commercial products and processes does not imply their endorsement by the World Bank Group, GSMA or SIA. Citation and the use of material presented in this paper should take into account this provisional character. The paper is work in progress and is being provided to for information purposes only, in order to facilitate the debate on the latest trends and issues in the area of identification systems. This work builds on past and on-going efforts and is based on the World Bank Group’s ID4D Strategic Framework, the GSMA and SIA joint publication “Mobile Identity – Unlocking the Value of Digital Economy”, as well as other strategic documents and research produced by the World Bank Group, GSMA and SIA partners. Because it is a work in progress, there could be some inaccuracies in the data presented in this draft and there could be some parts that are either missing or will be revised. Permission to cite any part of this work must be obtained from the authors. 6 | Disclosure Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Abstract The ability to prove one’s identity is increasingly recognized as the basis for participation in social, political, economic, and cultural life. Yet at least a billion people in developing countries lack any form of officially recognized ID. This problem disproportionally impacts rural residents, poor people, women, children, and other vulnerable groups in Africa and Asia. Digital identity, combined with the extensive use of mobile devices in the developing world, offers a transformative solution to this global challenge and provides public and private sector entities with efficient ways to reach the poorest and most disadvantaged. This discussion paper, divided into three parts, explores the connection between digital identity and sustainable development. Part I illustrates how the use of digital identity promotes efficiency gains, financial savings, social inclusion and access to basic services and rights, with examples from countries that have adopted digital identity systems. The paper then outlines some of the key risks and challenges that must be overcome, specifically in the areas of political commitment, data protection and privacy, cost, and sustainable business models. Part II of the paper lays out the digital identity lifecycle and the roles of public and private sector players, and suggests some key considerations in the design of business models. Finally, Part III of the paper suggests some common principles—including universal coverage, appropriate and effective design, and privacy and data protection—and enablers for maximizing the potential of digital identity to contribute to sustainable development. Keywords: Digital identity, ID4D, mobile, smart card, biometrics, public-private collaboration, business models, common principles. Abstract | 7 Glossary of Terms1 Digital identity the terminology used throughout this document to refer to a set of electronically captured and stored attributes and credentials that can uniquely identify a person. Digital identification the process of validating a person’s attributes and characteristics—including uniqueness—in order to establish his or her digital identity. Digital authentication the process of verifying a person’s digital identity using one or more factors or credentials in order to establish that they are who they claim to be. Authentication is therefore a process of establishing confidence in a person’s digital identity. Functional registrar an entity created in response to a demand for a particular service or transaction, which may issue identity tokens such as voter IDs, health and insurance records, bank cards, etc. These may be commonly accepted for broader identification purposes, but may not always bestow legal identity. Identity assurance the ability to determine, with some level of certainty (Level of Assurance – LoA), that a claim to a particular identity made by some person or entity can be trusted to actually be the claimant's “true” identity. Identity credential a mechanism, process, device or document that vouches for the identity of a person through some method of trust and authentication. Legal registrars of entities that carry out registration of vital events (including births, marriages and deaths) natural persons or civil identification for the purpose of establishing legal identity. Mobile identity an extension of digital identity provided via mobile networks, data and devices. Proof of legal identity official, government-issued and recognized identity evidence that includes basic information attesting to the holder’s identity, such as name, identity number, place and date of birth, citizenship, marital status, and/or legal relationships. National digital identity a government-supplied national system that provides digital identities based on identity system attributes defined by national law. Unique identification a number that uniquely identifies an individual and can be used to link an identity across number (UIN) databases and systems in both the public and private sector. National identity providers may issue a UIN to citizens and residents for their lifetime. 1. Based on key definitions laid out in the World Bank’s ID4D Strategic Framework and as agreed with GSMA and SIA. Other sources: Vanderabeele, C. and Lao, C., 2007. Legal Identity for inclusive Development. ADB; World Bank 2014; Harbitz, M. and Kentala, K., 2015. Dictionary for Civil Registration and Identification. IDB; Gelb, A. and Diofasi, A. 2015. Scoping Paper on Identification and Development. Center for Global Development. 8 | Glossary of Terms 1 Digital Identity for Sustainable Development: Opportunities and Challenges Introduction Over 1.5 billion people in the developing world lack populations to access key services. Yet with this any form of officially recognized identification, either potential come important challenges, and both public paper or electronic-based.2 This identity gap is a serious and private stakeholders must work together to ensure obstacle for participation in political, economic, and that digital identity systems are effective, secure, social life—without a secure way to assert and verify her inclusive and trustworthy. identity, a person may be unable to open bank account, vote in an election, access education or healthcare, The prospect of increased public-private collaboration receive a pension payment, or file official petitions in to provide digital identity for sustainable development court.3 Furthermore, poor identification systems mean creates the need for a deep analysis of the benefits and that states will have difficulty collecting taxes, targeting challenges of various models of cooperation. This paper social programs, and ensuring security. Achieving is a first step toward meeting this need and setting the inclusive development therefore requires a sustained scope for future work and further analysis. It begins with effort to address the world’s identity gap, as reflected in Part I by describing the identity gap and the potential the new Sustainable Development Goals (SGDs). benefit of digital identity for a variety of development outcomes—financial inclusion, healthcare, women’s Much of this effort will be undertaken by national empowerment, service delivery, and governance—as governments and supported by development partners well as key risks and challenges. Part II then discusses and the donor community. However, given the role that the digital identity lifecycle, relevant stakeholders, and private firms play in the digital identity ecosystem, we examples of digital identity ecosystems and public- are also likely to see evolving models of public-private private cooperation. Informed by this analysis, Part III partnerships to build and strengthen identification in lays out a preliminary set of principles for creating digital poor countries. In particular, there is significant scope national identity systems. We hope that these will serve for private sector innovations in new technologies as the basis for further discussion and adoption among a to strengthen the ability of remote or vulnerable wide range of stakeholders. 2. The WBG ID4D global dataset, as of January 2016. This number is an initial broad estimate based on available information for 198 countries. For countries where there are no reliable and timely data on people in posses- sion of IDs available from government web sites or reports estimates are produced using data from other foundational or functional registers, mainly birth registration data and data from the electoral registers.

 3. Gelb and Clark, 2013; Gelb and Diofasi, 2015. 10 | Digital Identity for Sustainable Development: Opportunities and Challenges Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Digital Identity for Sustainable Development Over one and a half billion people in developing the ability to leapfrog the development of paper-based countries lack any form of officially recognized ID.4 systems and rapidly establish robust identification The problem disproportionately affects children and infrastructure. Digital identity (see Box 1) already women from poor rural areas in Africa and Asia. This underpins many public and private sector interactions is a critical stumbling block to economic growth and and transactions in both the real and virtual worlds sustainable development, as the ability to prove one’s and can leverage the extensive use of mobile devices identity is the basis for participation in modern social, in developing countries. When digital identity systems political, and economic life.5 In order to address this are available, they have the potential to produce huge gap, the 2030 Agenda for Sustainable Development savings for citizens, government, and businesses; has declared provision of official identity as a proposed increase transparency and accountability; and drive target (#16.9) and a key enabler necessary to achieve innovation in service delivery. For example, a global many other SDGs.6 survey conducted by Boston Consulting Group7 finds that digital identity systems create gains in efficiency Digital identity provides a potentially transformative and convenience that could save taxpayers up to $50 solution to this global challenge by offering countries billion per year globally by 2020.8 BOX 1 Defining Digital Identity A Digital identity is a collection of electronically captured and stored identity attributes that uniquely describe a person within a given context and are used for electronic transactions. A digital identity system refers to the systems and processes that manage the lifecycle of individual digital identities. A person’s digital identity may be composed of a variety of attributes, including biographic data (e.g., name, age, gender, address) and biometric data (e.g., fingerprints, iris scans, hand prints) as well as other attributes that are more broadly related to what the person does or something someone else knows about the individual. When these data are collected and verified, they can be used to identify a person by answering the question “who are you?”. These attributes, along with credentials issued by the service provider (e.g., unique ID number, eDocument, eID, mobile ID) can then also be used as authentication factors to answer the question “are you who you claim to be?”. The attributes and authentication factors used in a digital identity may vary from one context or country to the next depending on the type of identity system. 4. World Bank Group, Identification for Development (ID4D) Strategic Framework, Jan 2016 5. Gelb and Clark, 2013. 6. Dahan and Gelb, 2015. 7. Boston Consulting Group, 2013. 8. SIA eGov study, based on analysis from Boston Consulting Group, 2013. Digital Identity for Sustainable Development: Opportunities and Challenges | 11 In addition to providing proof of identity (as do financial services (e.g., without ID to open a bank paper-based forms of ID), digital ID has the potential account, cash transfers targeted to women may be to provide public and private sector entities with new deposited in a household account and thus more likely and efficient ways to reach and serve their populations, to be coopted or misused). Increasing the identification especially the poorest and most disadvantaged. of women can improve their inclusion and autonomy. Specifically, the evidence suggests that well For example: implemented digital identification systems can have a significant positive impact on financial inclusion, • Using NADRA’s national ID database, Pakistan gender equality, access to health services and social was able to provide direct cash transfers to safety nets, and governance.9 women for the first time. As a result, households spent more on nutrition and children’s education, Financial and Economic Inclusion: Fewer than half and women’s participation in household decision of all adults in the poorest 40 percent of households making increased.12 have a bank account. Approximately 375 million unbanked adults in developing countries (18 percent) • After a drought increased food insecurity in are prevented from obtaining one because they lack northern Malawi in 2006, the Dowa emergency the necessary ID documentation.10 In addition, many cash transfer program (DECT) was able to provide countries now require that pre-paid SIM cards only benefits directly to female heads of household be activated when registered with a proof of identity; using biometrics and a smartcard.13 those who lack this ID could be denied access to mobile communication, further exacerbating digital, Access to Health Services: In order to increase access social and financial exclusion. Accessible, robust, and to health services and universal coverage, countries verifiable ID systems can facilitate the Know Your must be able to identify potential beneficiaries of Customer (KYC) requirements of providers and expand specific health benefits and services (immunizations, the use of financial services. For example: insurance, etc.). Additionally, digital ID and vital statistics systems based on civil and population • T he Reserve Bank of India approved the use of registries (CRVS) can help monitor health targets and the Aadhaar identification number issued by the track service delivery including vaccinations, HIV/AIDs Government of India as proof of identity to meet and TB treatment.14 For example: the regulatory KYC requirements of Jan-Dhan basic savings accounts. Approximately 200 million bank • India and Gabon are implementing national health accounts have now been opened using Aadhaar.11 insurance plans that authenticate beneficiaries using fingerprints and smartcards at points of service. • I n Pakistan, the national mandate to register and verify SIM cards against the NADRA database • I n Benin and Nepal, the Vaxtrac program, piloted allowed branchless banking operators to meet by the Gates Foundation, uses portable enrollment KYC requirements and extend services to SIM stations and biometrics to establish a mobile registrants remotely. vaccination registry that can uniquely identify patients and ensure continuity of treatment.15 Gender Equality: Women are less likely to have access to a personal identification than men due to economic • I n Pakistan, Ghana, and Tanzania, mobile operators and social barriers. As a result, they are less likely to are facilitating data collection for CRVS through be able to assert their rights over assets (e.g. property, piloting mobile birth notifications, and are finance) and access public and private benefits and exploring how these can link to maternal and child services including welfare payments, healthcare, and health services. 9. See the World Bank’s ID4D Strategic Framework (2016) for a thorough discussion of these benefits as well as potential risks and challenges to developing inclusive and robust identity systems. 10. Global Findex database: http://www.worldbank.org/en/programs/globalfindex 11. http://www.pmjdy.gov.in/home 12. Dahan and Hanmer, 2015. 13. Gelb and Decker, 2011. 14. SIA, 2015. 15. Gelb and Clark, 2013. 12 | Digital Identity for Sustainable Development: Opportunities and Challenges Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Social Safety Nets: Accurate identification of the poor and the corruption and theft occurring in paper-based and vulnerable makes it possible for social protection systems, where entitlement payments are siphoned off programs—including those providing humanitarian from their intended recipients. Authentication protocols and emergency relief—to reach beneficiaries efficiently, based on national identity registers contribute to make securely, and conveniently through digital transfers. For government institutions more efficient, accountable, example: and transparent. For example: • India’s fuel subsidy program provided cash • I n Nigeria, biometrically enrolling civil servants transfers to Aadhaar-linked bank accounts for the through its Integrated Personnel and Payroll purchase of liquefied petroleum gas cylinders, Information System saved approximately US$74 which saved the government approximately US$ million in the first phase and eliminated 43,000 2.2 billion in 2014/5. ghost workers and “double dippers.” • F ollowing devastating floods in 2010, Pakistan • B iometric identification and mobile phones have was able to target relief to affected areas using been used for monitoring employee attendance. In NADRA’s robust database. Through the Watan card India and other countries, for example, they have program, the government issued pre-loaded VISA been used to reduce teacher absenteeism. payment cards to 1.5 million families.16 • I n Argentina, the government’s modernized digital Governance: Digital identity systems improve identity system linked 13 public databases and government efficiency, accountability and distinct ID registries for a savings of US$104 million transparency. Through online transactions and other in reduced leakage and tax evasion.17 e-services, digital ID systems reduce operational costs 16. Barnwal, 2015. 17. Gelb and Clark, Ibid. Digital Identity for Sustainable Development: Opportunities and Challenges | 13 Key Risks and Challenges Despite the potential benefits of digital identity for  Create or revise legislation and internal procedures development, efforts to build official identification governing program implementation to (a) provide systems may face a number of challenges, including holistic guidance to government ministries, issuers, political complexity, lack of up-to-date legal framework and users, (b) minimize the risks of duplication, and issues related to data protection, privacy, cost, and overlapping or conflicting mandates, technology sustainability. In order to create and maintain effective incompatibility, (c) ensure adequate protection systems that are secure, robust, and trusted, actors of individual rights, monitoring, and enforcement, must work to mitigate these risks. and (d) minimize security risks (e.g., cyber attacks) to identity infrastructure, systems and data. Legal Political context: Creating an identity system is a frameworks for data collection and storage that complex political process. First, issuing legal identity were designed for non-digital, non-integrated documents is often coupled with the sometimes- systems may have to be significantly revised. contentious process of determining who is eligible and has access to particular rights and entitlements.  Create or revise legislation and internal procedures Stakeholders need to plan carefully to ensure that to avoid excluding or deterring vulnerable identity systems are inclusive and easy to access. populations (e.g., women, minorities, migrants and Additionally, most countries already have some refugees, orphans, etc.) from accessing identity identification systems in place and may face resistance services in law or in practice. from actors who have no incentive to change. The creation of a national identity system (digital or Data Protection and Privacy: Countries that choose otherwise) therefore requires a unified vision and to adopt digital identity systems must have robust approach that can overcome the common fragmentation legal and technical frameworks for data protection and of identity by ministries, departments, regions, or donor- privacy. Missteps in handling citizen data can erode funded projects related to identification. To mitigate trust in government and decrease the value of the these risks, stakeholders should18 system, threatening revenues and the efficiency gains derived from personal data applications. A recent study  Assess the existing components of a country’s estimated that in 2020 alone, two-thirds, or $480 billion, identity infrastructure—including legal and of the potential value of digital ID in the European Union functional identity cards, national registers, and would be at risk if personal data are not trusted.19 To each agency’s processes and workflows related mitigate these risks, stakeholders should to identification services etc.—even if they are not (yet) being used in a digital context. This should  Establish a harmonized, transparent, and cohesive include an evaluation of existing laws and identity legal framework for the collection, management, management practices that may help or hinder protection, and use of personal data, under access to identification for vulnerable groups. the consultation of public and private service providers and citizens. Critically, governments  Work to build strong political commitment among should update existing privacy frameworks in the relevant stakeholders to guide program design context of planned and potential future uses of and implementation. This requires including digital ID services. relevant ministries and other stakeholders from the beginning of the process, and working to align the  Establish clear and well-publicized procedures incentives of various actors to support and adopt for citizen redress in the case of errors or in the the new system. event that the security of a person’s identity is compromised. 18. For an elaboration of many of these risks, see World Bank, 2016. 19. GSMA and SIA, 2014. 14 | Digital Identity for Sustainable Development: Opportunities and Challenges Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation  Build authentication and service delivery systems  Develop robust ICT procurement guidelines, open that use a minimal amount of contextualized data standards, and common frameworks to avoid to protect user privacy, and give citizens more vendor or technology lock-in and enable an array oversight over how their data is viewed and access. of public and private sector actors (government agencies, businesses, and citizens) to participate Cost and sustainable business models: Creating a in the ID ecosystem. A competitive, open process digital identity system is a costly project that may and smart technology choices will contribute to require extensive investment in building or updating efficiency and cost savings. infrastructure and technology. Discussions with key stakeholders about technology choices and business  Design digital infrastructure appropriate for the models—including ways to accelerate national and context, including strategies to reach remote regional deployment and uptake—are pivotal for areas and ensure “last mile connectivity.” Off-line avoiding unforeseen costs and ensuring that identity solutions can complement the absence or loss of systems can grow efficiently to meet future needs. on-line connectivity.20 For example, possible “vendor lock-in” situations can increase costs, reduce flexibility and sustainability, limit  Ensure the technical capacity of government market competition, and/or result in an unsuitable agencies, private sector and other stakeholders system design. Local context and capacity vary, in the digital identity ecosystem (including end- including prior experiences implementing sustainable users) to operate and maintain new systems and and appropriate ICT systems, and may necessitate devices. Global standard setting bodies, identity different business models and digital identity solutions. organizations, and donors can assist countries by To mitigate these risks, stakeholders should providing technical assistance and capacity building to ensure that technology choices are sustainable  Develop a financial model that details expected and that the benefits of digital technology are costs and potential revenue streams (e.g., accessible by the poor and disenfranchised. additional services) that could help offset the cost of developing a digital identity system. This may include public-private partnerships (PPPs) in which the private sector contributes significant financial capital to a project, as well as support from the donor community. 20. SIA, 2015. Digital Identity for Sustainable Development: Opportunities and Challenges | 15 2 Digital Identity and the Role of Public and Private Actors The digital identity ecosystem is increasingly complex, and private identity and the different types of identity with a wide range of identity models and actors with ecosystems that currently exist, including centralized, diverse responsibilities, interests, and priorities. This federated, and open market models. Finally, it focuses on section begins by describing the identity lifecycle and potential business models for public-private cooperation discussing the roles that key stakeholders play in this to create national digital identity systems. cycle. It then looks at the relationship between public The Identity Lifecycle Digital identities are created and used as part of a termination of identities (see Figure 1 below). This lifecycle that includes three fundamental stages: (a) section describes each stage and then discusses how registration, including enrollment and validation, the protocols that an identity provider uses during (b) issuance of documents or credentials, and (c) registration and authentication determine the system’s authentication for service delivery or transactions. level of assurance (i.e., how secure and trustworthy it is). Identity providers also engage in ongoing management The following section discusses the primary stakeholders of the system, including updating and revocation or involved throughout the identity lifecycle. 16 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation FIGURE 1 Source: Authors’ analysis, based on World Bank, 2014 and GSMA and SIA joint white paper, 2014. Digital Identity Lifecycle and Key Roles Citizen/End-user ? Service Provider Identity Provider UPDATING Enrollment USE REGISTRATION Service AUTHENTICATION Lifecicle Validation Digital Identity Management Authentication Attribute Provider Provider ISSUANCE Credential ID Organizations & Trust Donor Agencies & Regulatory Agencies Standard-Settings Bodies Frameworks Development Partners Registration (e.g., fingerprints, iris scan) and an increasing number of other attributes. Which attributes are Enrollment. Registration is the most important step captured during this phase and the method used to in creating a digital identity. The process begins with capture them have important implications for the enrollment: capturing and recording key identity trustworthiness of the identity (see the discussion attributes from a person who claims a certain identity, of levels of assurance below) as well as its utility and which may include biographical data (e.g., name, interoperability with other domestic and international date of birth, gender, address, email), biometrics identity systems (see Box 1). Digital Identity and the Role of Public and Private Actors | 17 Validation. Once a person has claimed an identity • Uniqueness: It is claimed by only one individual during enrollment, this identity is then validated by (i.e., the person is unique in the database). This checking the attributes presented against existing process is also called de-duplication and can be data. The validation process establishes whether accomplished using combinations of a variety or not the claimed identity has one or more of the attributes (although biometrics are currently the following properties: most accurate).21 • Existence/liveness: It exists at the time of enrollment • Linkages: It can be linked to existing social (i.e., the person is alive and present) and can be identities, such as those in existing identity localized (i.e., the person can be reached through databases, civil registries, population registries, their address, phone number, or email). tax registries, property registries, social security databases, police records, etc.22 BOX 2 Establishing a Minimum Set of Unique Identity Attributes A minimum set of unique identity attributes is the set of data attributes that uniquely represents an individual, and is usually available from a national identity system. It is essential for establishing digital identity across actors within a country’s ecosystem and also across borders. It typically contains a number of mandatory attributes but may also contain one or more additional optional attributes. For example, the European Union’s eIDAS Implementing Regulation (2015/1501) established that the minimum data set of unique identity attributes for a natural (i.e. a physical) person includes both mandatory attributes (current family name(s), current first name(s), date of birth, and a unique identifier which is as persistent as possible in time) and additional attributes (first and family name(s) at birth, place of birth, current address, gender).23 It is the responsibility of the state to ensure that when establishing a legal identity, a minimum set of attributes uniquely representing the individual in question is provided, in accordance with the technical specifications, standards, and procedures set forth in the law. Furthermore, it is recommended that private sector entities follow the same principle when creating user identities for online authentication so that third parties are able to confirm an individual’s digital identity with an appropriate degree of confidence. However, according to best practices, authentication for an online service should require only those attributes that are adequate, relevant, and not excessive to grant access the service. Using attributes disproportional to the use case puts user data and privacy at risk. Issuance used) by a person. Traditionally, ID issuers provided documents (e.g., a birth certificate) or credentials A registered identity goes through an issuance or (e.g., eDocuments, (e)IDs, (e)Passports). For an ID to credentialing process before it can be asserted (i.e., be considered digital, the credentials or certificates 21. Gelb and Clark, 2013. 22. World Bank, 2014. 23. For more information, see http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015R1501 18 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation issued must be electronic, in the sense that they Authentication store and communicate data electronically. Types of electronic credentials include Once a person has been registered and credentialed, they can use their digital identity to access the • Smartcards: These cards offer advanced security associated benefits and services. For example, citizens features and record digital credentials and/or may use their eID number to pay taxes through an biometric data on an embedded computer chip. eGov portal, while bank customers can use smart Smartcards can come in the form of a contact/ debit cards or mobile financial services to make contactless card, or Near Field Communication purchases. In order to access services, the user must be (NFC)-enabled SIM card. Data stored on a smartcard authenticated using one or more factors that generally can be accessed offline for authentication where fall into one of four categories illustrated in Figure 2: there is no internet connection or mobile network. what a person is, what she knows, what she has, and what she does. Authentication using these attributes • 2D Bar code card: Cards can be personalized with can occur through various pathways, including an encrypted 2D bar code containing a person’s personal data and biometrics, either instead of or • Smartcards: People with smartcards can in addition to a chip. The 2D bar code is a secure authenticate their identity using multiple and cost-efficient mean to provide a digital identity authentication factors for varying levels of and to authenticate holders using biometrics. It assurance. For example, a simple PIN for low risk has been widely deployed in Africa, Latin America, use cases or a digital signature based on public and the Middle East, including Lebanon, Mali, and key infrastructure (PKI) technology for high risk Ghana, and more recently in Egypt to authenticate use cases. Fingerprints can be used to establish a holders during the last elections. non-ambiguous link with the user. Because they store data locally on a chip, smartcards can also • Mobile identity: Mobile phones and other be used for offline digital authentication or remote devices can be used to provide portable digital locations where connectivity is limited. identity and authentication for a variety of online transactions. For example, providers can issue • Mobile identity: Using smartphone applications, SIM cards with digital certificates or use other USSD or SMS-based authenticators, or SIM mobile network assets that can enable secure and cards, mobile identity can incorporate multiple convenient identity and authentication of users for authentication factors for varying levels of eGovernment (eGov) services and other public or assurance. For example, a simple PIN for low risk private platforms. use cases, multiple-factor authentication solutions (including with the use of biometrics) or a mobile • ID in the cloud: Unlike portable credentials such signature based on public key infrastructure as smartcards and SIM cards, some systems store (PKI) technology with a secure element (SE) certificates and biometrics on a server only. In this for high-risk use cases. Authentication can be case, a physical credential may not be issued, or strengthened by using third and fourth factors may be issued in non-electronic form (e.g., India’s such as the individual’s location or behavior. Aadhaar program issues only a paper receipt). A tamper-resistant environment for secure • I D in the cloud: Instead of issuing an identity cryptographic key generation and management document or mobile credential, a digital identity will increase the security of an ID in the cloud system can rely on biometrics for remote against theft. authentication. In this case, an identity is asserted and verified via a computer or other device with a biometric reader that connects to the cloud. A cloud-based system eliminates the need and cost of physical credentials, but requires robust ICT infrastructure for connectivity. Digital Identity and the Role of Public and Private Actors | 19 FIGURE 2 Source: Authors’ analysis, based on World Bank, 2015a. Common Authentication Factors WHAT A PERSON... is knows has does e.g. e.g. e.g. e.g.  Age  Password  Access badge  Motor skills  Gender  Passphrase  Smartcard  Handwriting  Address  PIN  Security token  Gestures  Fingerprints  Sequence  Mobile phone  Keystrokes  Face  ID document  Application use  Irises  Voice The context within which this information is captured e.g. Geo location, IP address, Links to others, Device used Lifecycle Management on the degree of security assurance provided and the context in which the information is captured, referred Throughout the lifecycle, digital identity providers to as the level of assurance (LOA).24 Assurance levels manage and organize the identity system, including depend on the strength of the identification and facilities and staff, record keeping, compliance and authentication processes, and are critical to access auditing, and updating the status and content of control and reducing identity theft. As depicted in digital identities. For example, users may need to Figure 3, the higher the LOA, the lower is the risk update various identity attributes, such as address, that service providers will rely on a compromised marital status, profession, etc. In addition, identity credential during a transaction. For “identity proofing”, providers may need to revoke an identity, which the LOA is dependent on the method of identification, involves invalidating the digital identity for either including the scope of personal information and fraud or security reasons, or terminate an identity in attributes collected about an individual during the case of the individual’s death. enrollment, and the degree of certainty with which these attributes are ascertained (i.e., whether or not Levels of Assurance they are validated). For example, if personal data are collected during enrollment but not de-duplicated When a person identifies or authenticates herself or checked against existing databases for veracity, using one or multiple identity attributes, the degree of this would constitute a low LOA because there is no confidence that she is who she claims to be depends validation of the identity information. 24. Examples of existing standards for security assurance level for digital identity and authentication include: ISO29115/IEC DIS; UK Cabinet Office; European Commission, etc. There are four Levels of Assurance (LOA) in accordance with ISO 29115: 1. LoA1 - no identity proofing; little confidence that this is the same person 2. LoA2 - basic identity proofing; single factor of authentication (e.g., username/password or possession and control of a device) 3. LoA3 - more stringent identity proofing; multi-factor authentication [e.g., something I have (the device) + something I know (a PIN)] 4. LoA4 - in-person identity proofing required; strong cryptographic authentication of all communicating parties and all sensitive data transfers between the parties (e.g., mobile signature) 20 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation FIGURE 3 Source: Author’s elaboration. Levels of Assurance Out of LOW SUBSTANTIAL HIGH eIDAS definition scope LEVEL 1 LEVEL 2 LEVEL 3 LEVEL 3 LEVEL 4 ISO 29115 levels Weak Secure Strong Strong Very Strong Authentication Authentication Authentication Authentication Authentication Legacy password • Seamless • USSD • SIM Applet • SIM Applet with • SMS+URL • SIM Applet • Smartphone App PKI in TEE • Smartphone App Authentication/ • USSD • Smartphone App in TEE with PKI electronic ID • SIM Applet • Token OTP + pw • Token OTP (PIN + certified TEE • PKI eID (PIN) • Smartphone App • Biometrics or SE) • PKI ID (PIN + SE • Token or OTP • Biometrics (SIM /eSE) • Biometrics Presentation In-person Identity No Identity of identity Verification of Identity information registration with proofing during Proofing information verification registration EXTREMELY MITIGATED LOW MINIMAL MINIMAL Risk Level HIGH Key: OTP = one-time password; PKI = public key infrastructure; (e)SE = secure element or embedded secure element (a tamper-resistant hardware platform); TEE = trusted execution environment (a secure area of the smartphone); USSD = unstructured supplementary service data (“quick codes”). Note: NISTIC 800-63A draft standard guidelines on identity proofing also allow for virtual-in person proofing and enrollment transactions25 For authentication, the strength of the identity applications (e.g., checking Facebook) but higher credential and authentication depends on the security transactions (e.g., collecting benefits or robustness of the technology and the authenticators signing an official document) may require additional used. Different types of transactions will require or multiple factors of authentication to augment the different LOAs, and not all transactions will require the user’s credentials. These factors must be robust and highest level—the greater the risk of the transaction, secure.26 The possession of a secure device, such as a the greater the assurance level must be. Typically, physical token, a mobile phone, or a smartcard allows single factor authentication—such as ID number or for secure authentication and can be complemented knowledge of a password—is not sufficient to prove a by a personal identification number (PIN) or attribute person’s identity or provide accurate authentication. (such as a biometric feature or behavior) in order to This level of risk may be appropriate for some provide stronger security.27 25. Source: https://pages.nist.gov/800-63-3/sp800-63a.html and http://nstic.blogs.govdelivery.com/2016/05/08/announcing-draft-special-publication-800-63-3-digital-authentication-guideline/ 26. The robustness and security of these factors comprises three elements: 1. Authentication robustness - Is this the same person? 2. Security robustness - Is the authentication tamper-proof? 3. Identity proofing robustness - Who is this person? How much do I trust the veracity of the information provided? 27. One example of an authentication protocol is GSMA’s Mobile Connect solution, which enables customers to create and manage a digital universal identity via a single login. The solution works by employing the user’s unique mobile number combined with a unique PIN and secure network of the mobile operators to ensure the validity of the mobile device and user for more secure use cases, including government services. It enables the use of mobile operator data and business process to enhance user security and combat identity theft. Digital Identity and the Role of Public and Private Actors | 21 Stakeholders and Roles Within any identity ecosystem, there are a number citizens or residents which require some proof of primary stakeholders that play varying roles in the of identity and entitlements. Oftentimes, they identification and authentication processes depending are linked to the national identity system and/ on the country context and the type and scope of or functional registers. Examples include EESTI the digital identity (e.g. a national eID vs. an online (Estonia), MyGov (Australia), Gov.UK Verify (UK), banking platform). In general, individuals (e.g., citizens Hukoomi (Qatar), Suomi (Finalnd), eAlbania, etc. or clients) are the primary end-users in a system, while government bodies and private firms are the • Private firms: primary providers of digital identity, authentication, and services. Other key stakeholders are public actors  Commercial service providers are firms that responsible for regulation, and public and private either use digital identities in order to provide actors responsible for standard setting and trust services to their clients and/or enable end-users building. A summary of main stakeholders and the to transact in a digital environment providing typical roles they play in the digital identify ecosystem digital identity and authentication services. is provided in Table 1 below; Figure 1 above illustrates This includes banks, mobile network operators, where these roles fall within the identity lifecycle. utilities, healthcare providers, online commerce platforms, credit rating agencies, etc. End-Users  Identity solution suppliers are firms that • Individuals: Individual citizens and clients are the provide hardware, software, and support for end-users of digital identity systems. They enroll the development of digital identity systems. in identity systems and use the credentials they They may be contracted to provide a specific receive to access the benefits and services of a set of inputs at a particular stage in the digital given country or company. identity lifecycle, or may provide services on an ongoing basis. Providers Government bodies generally play one or more • Government bodies: principle roles in the digital identity lifecycle, at times in partnership with the private sector:  Legal registrars are the agencies in charge of providing legal identification to citizens. This • Digital identity providers are those actors that may include national identification authorities create digital identities for users by registering (NIAs) in charge of creating and maintaining them (including enrollment and validation) and national ID cards and other documents, as issuing documentation or credentials. In general, well as national population registers and birth identity providers also store and manage data and registers that record life events. credentials on behalf of the users. In the public sector, legal registers are the most common digital  Functional registrars are agencies that ID providers, although functional registers, such as create and maintain identity registries for a electoral commissions may also create and manage specific purpose or service, including electoral digital identities (e.g., a voter register). Commercial commissions, tax agencies, social security service providers are also frequently digital identity authorities, hospitals, etc. These registries may providers. For example, mobile companies provide be linked to legal registries such as a national SIM cards and banks issue debit cards, in each case population register, or they may be separate after enrolling and verifying the identities of their identity systems. customers. Oftentimes, private identity providers rely upon or use legal identity provided by the  eGov service providers are government agencies public sector (e.g., your SIM card may be linked to a or platforms that provide online services to national identity number). 22 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation • Attribute providers are entities that hold verified authorities such as the European Data Protection user data and either verify or provide these board, EU MSs Supervisors as per eIDAS attributes to third parties (subject to user consent). requirements. In addition, there are a few instances Such information may pertain to the individual’s of self-regulatory bodies like T-Scheme in the UK.28 identity data (e.g., name, address, age, gender, The goal of these actors is to ensure that digital etc.), or data related to the credential device (e.g., identity and authentication providers follow legal network information data about the individual) standards and best practices for the collection, or any other information about the user including storage, and use of personal data. other linked identifiers such as telephone number, email address, national insurance number, social • Standard setting bodies are organizations that security number student enrollment number, etc. provide protocols for digital identification and In many cases, there is overlap between digital authentication. This includes public sector agencies identity and attribute providers. In some cases, such as European Committee for Standardization however, actors provide attributes upon request of (CEN), and NIST, as well as private and non-profit the identity providers or relying parties. organizations such as the ISO standard body, the Open ID Foundation, FIDO Alliance, GSMA, and • Digital authentication providers verify a user’s Secure Identity Alliance. The goal of these agencies attributes or identity in order to determine his or is to increase interoperability and build open and her right to access a service or benefit. In the public scalable identity solutions. sector, those agencies that are directly involved in delivering services that require verification— • Identity organizations and trust frameworks including functional registers and eGov service define technical, operational, legal, and enforcement providers—are commonly authentication mechanisms for information exchange related to providers. In some cases (e.g., Aadhaar), national identity management. This includes public sector ID authorities will also authenticate on behalf of a actors such as the Trust Framework Provider service provider. In the private sector, commercial Adoption Process (TFPAP) developed by the U.S. service providers authenticate users. Identity, Credential, and Access Management (ICAM) subcommittee in partnership with the non-profit • Service providers are those entities that provide Open Identity Exchange (OIX), and private sector services directly to end-users (citizens and clients). actors like the Mobile Network Operators developed This may include public agencies such as functional solution Mobile Connect. registrars and eGov service providers, as well as private service providers. Service providers • Donor agencies and development partners may themselves be digital ID and authentication including the World Bank and regional development providers, or they may outsource these functions banks, the European Union, IOM, IMCPD, UNHCR, to other agencies. UNDP, UNICEF, USAID, the Gates Foundation and others provide support in the form of funding and Enabling and Supporting Actors technical assistance for the development of digital identity systems. In some cases, this support may The work of digital identity, authentication and service be intended to generally strengthen the country’s providers is embedded in the larger ecosystem of identity system, and in other cases it may be one public and private actors who enable and support component of a program that requires identification identity systems, including: (e.g., electoral support, cash transfer programs, etc.). In the latter case, donors may also be • Regulatory and oversight agencies and providers of identity, authentication, and services organizations regulate, control and audit digital (e.g., UNHCR uses a biometric registry to distribute identity systems. This includes primarily national- food aid to refugees). level public sector agencies, and supra-national 28. T-scheme is the independent, industry-led self-regulatory scheme set up to create assessment criteria against which it will approve Trust Services http://tscheme.org/about/ Digital Identity and the Role of Public and Private Actors | 23 TABLE 1 Key Identity Stakeholders and Roles STAKEHOLDERS ROLE PRIMARY GOALS • Accessibility Individuals END-USERS • End users • User-friendliness Voters, migrants, bank customers, etc. • Data protection & privacy Legal registrars • Digital ID providers • Effective & efficient services National ID agency, e.g., UIDAI (India), • Attribute providers • Security & user trust NADRA (Pakistan); national population or • Authentication providers • Fraud reduction birth register, passport agency, etc. • Service providers • Universal coverage & access Functional registrars • Digital ID providers • Effective & efficient services GOVERNMENT Electoral commission, tax agency, social • Attribute providers • Security & user trust PROVIDERS security authority, pension office, • Authentication providers • Fraud reduction hospitals, etc. • Service providers • Universal coverage & access eGov service providers • Effective & efficient services • Authentication providers Gov.UK Verify (UK), EESTI (Estonia), EIDO • Security & user trust • Service providers (UAE), HUKOOMI (Qatar), etc. • Fraud reduction Private firms • Digital ID providers Mobile network operators, banks, utilities, • Attribute providers • Effective & efficient services PRIVATE PROVIDERS healthcare providers, online commerce • Authentication providers • Security & user trust platforms, credit rating agencies, hardware and software developers, systems • Service providers • Fraud reduction integrators, total solution providers, etc. • Identity solutions suppliers Regulatory agencies • Consistent identity Public sector: National agencies; supra- management national authorities (European Data • Regulation & oversight Protection Board, EU MSs Supervisors as • Data protection & privacy per eIDAS requirements or self-regulatory • Security & user trust bodies like T-Scheme in the UK). Standard setting bodies Public sector: CEN, NIST. • Build open, scalable, Private & non-profit sector: ISO standard • Standard setting interoperable, and robust body, IEEE, Open ID Foundation, FIDO identity solutions Alliance, GSMA, Secure Identity Alliance, ENABLING AND ETSI, Biometrics Institute, 3GPP, OMA, etc. SUPPORTING ACTORS Identity organizations & trust frameworks Public sector: TFPAP, USGSA. • Establish trust among Private sector: Mobile Identity (Finland), • Trust building digital identity ecosystem digital identity banking federation stakeholders (Scandinavia), and Mobile Connect, etc. • Support client government Donor agencies & development partners • Funding & Technical goals World Bank, European Union, IOM, IMCPD, assistance • Effective & efficient donor UNHCR, UNDP, UNICEF, USAID, Gates • Digital ID, authentication & program delivery Foundation, etc. service providers • Capacity building 24 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Digital Identity Ecosystems: Existing Landscape of Public and Private involvement Governments and private sector firms share a Similarly, private firms often rely on official forms of common interest in promoting robust digital identity identification (e.g., birth certificates, national IDs) to systems that enable identification and authentication validate the identity of their users. of end-users for a variety of functions and services. Furthermore, both public and private stakeholders We see increased potential for public-private may rely on each other to build and manage identity collaboration in building digital identity ecosystems. systems. For example, governments may outsource This section takes stock of the current types of various aspects of their identity architecture to ecosystems that countries have developed to provide private firms (e.g., system development), and may digital identity services for public and private use, and also collaborate with the private sector to ensure offers key considerations for partnerships to build more interoperability of an official ID with private services advanced digital infrastructure. (e.g., for metro passes, KYC requirements, etc.). FIGURE 4 Source: Author’s elaboration. Examples of Digital Identity Ecosystems 1. Centralised identity framework based on an official eID as a root Belgium Netherlands UAE India Italy Pakistan Omanuma 2. Structured identity framework under a Finland Estonia Norway Sweden Singapore federation of endorsed identity providers UK Australia 3. Open identity market without any national scheme USA Sign in Or, type your email address 4. Self asserted, Sign in using your email address Go Open digital identity Don't have an email address? Get a new Gmail address Digital Identity and the Role of Public and Private Actors | 25 Ecosystem Types 3. Third is a decentralized, open Identity market without any national scheme (e.g., USA). In a At present, digital identity ecosystems at the national decentralized, open identity system, public and level can be loosely categorized into four types that private sector organizations create, utilize and result from different cultural, legal, and political manage their own digital identities on the basis approaches to identity management. These types vary of a self-regulated framework. In the USA for based on the degree to which core digital identities— example the a National Strategy for Trust Identities those used as the basis for most public and private in Cyberspace (NSTIC) has taken steps to create transactions and for identity verification by secondary a user-centric “Identity Ecosystem” of public and identity providers—are centralized or decentralized private sector organizations that utilize secure, and whether or not they are provided by the public or efficient, and interoperable identity solutions to private sector. As illustrated in Figure 4, they can be access online services in manner that promote thought of as a continuum, with significant variation confidence, privacy, choice and innovation. The between countries: strategy is completely voluntary and focused on providing high level guidance to the private 1. The first type of ecosystem is a government-driven sector.29 This model not yet been utilized in a centralized system where individuals’ identity developing country context in the absence of attributes are stored in one or more government- credible national identification and low birth owned database(s) and state-issued eID serves registration rates. as the basis for all or most digital transactions for both the public and private sectors (e.g., 4. The fourth type is a self-asserted digital identity Belgium, Germany, UAE, Italy, Pakistan, Malaysia). ecosystem driven by the largest internet players Furthermore, the official eID can be used as the (e.g., Facebook, Google, Yahoo and other internet basis for verifying other digital identities, such as platforms). In a self-asserted ecosystem, users banking and mobile phone credentials. choose their own digital identity attributes, and no verification against official identity documents 2. The second is a semi-centralized, federated is required, resulting in a lower level of security. system of multiple, government-endorsed digital At the time of writing there are no examples of identity providers (e.g., Sweden, Finland, UK, countries that have considered this approach to Australia). In a semi-centralized system, citizens provide access to their digital services, and it is are free to choose between multiple trusted thus out of scope for this paper. identity providers (e.g., banks, mobile operators, etc.) and use these credentials to access a broad Considerations for Strengthening Identity Ecosystems range of public and private digital services via an identity hub or gateway that facilitates While governments will nearly always play a large authentication across multiple platforms. In this role in digital identity systems, the scope and mode type of ecosystem, private firms often play a key of private sector participation will depend on the role as digital identity providers, after governments particular context, needs, and financing constraints. offer an official basis of identification using breeder When choosing an appropriate model for digital documents (such as birth certificates). However, identity infrastructure and services, stakeholders public agencies may also be trusted identity should consider the existing identity landscape, the providers, and the government plays a central role capacity of government systems, and the ability of the in defining and regulating the identity framework private sector to provide the required level of security and endorsing providers. and privacy protection. 29. In addition, the government has also funded the start of a private sector led Steering Group - the Identity Ecosystem System Steering Group (www.idesg.org). The IDESG includes representatives from over 200 organiza- tions, that just recently released the Identity Ecosystem Framework to provide a baseline set of standards and policies for private and public organizations to follow. The Framework can be found here: http://www.idesg.org/The-ID-Ecosystem/Identity-Ecosystem-Framework/IDEF-Core-Documents. They are about to roll out a Listing Service for companies to self-certify that they meet some or all of the framework. http://www.idesg.org/The-ID-Ecosystem/Registry 26 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Identity Landscape and Government Capacity • In other countries there is potential for trusted private sector entities to provide electronic The landscape of identification that already exists identification and authentication for government in the country will shape the development of digital and private services using verified private sector identity ecosystems and the nature of private sector complementary attributes under a semi-centralized participation. Countries vary substantially in their certified scheme (e.g., the United Kingdom). existing identity architecture and capacity, including the extent to which government agencies maintain Even if a unique database exists, however, it centralized records of a majority of the population commonly does not contain all of the attributes and whether these records are digitized. In many required to provide a specific service. In this case, low-income countries, identification is local and an identity model might consist of a combination offline, or “village-based”, and the overall volume of of unique identification provided by the state and identity-based transactions is low. In these cases, complementary attributes collected by the private the private sector may offer some infrastructure for sector (See Box 2 for the example of the EU, online transactions (e.g., mobile-based), but this will Aadhaar and Estonia are others). In order to ensure be limited by the lack of robust official identification interoperability between systems (both public and as a source of trusted identity. Countries with more private), stakeholders must come to a consensus on a developed administrative capacity generally have minimum set of identity attributes. centralized identity management systems that are increasingly digital, which allows for a rapid increase in In countries with inadequate or nonexistent civil the volume of id-related transactions for both public registration or national identity systems, there may be and private service providers. a role for private sector actors to play in supporting the government in the creation of an official digital identity The strategy for digitizing identity systems depends that can be authenticated and used for a variety of on a number of issues, including a country’s approach online and analogue services. See for example the role to privacy and security and existing legacy systems of corporate social initiatives undertaken by the mobile and identity management models. Common to all operators in Ghana, Tanzania, Pakistan, Senegal and models is the need to create secure, reliable, and Uganda for birth registration purposes.31 trustworthy digital identity credentials. This requires the existence—or creation—of robust databases that In all circumstances, the roles and responsibilities of underpin the issuance of secure credentials which both public and private sector organizations must be can be used as a foundation for both public and clearly defined ahead of time to ensure transparency, private sector identification and authentication.30 For and the definition of what constitutes official legal example, in countries with digitalized civil identity or identity should remain the purview of governments population registers: and their citizens. • Private sector companies may use a minimum set Privacy and Security of unique identity attributes from the government identity provider in order to issue their own user Another critical issue is the capacity of the private sector credentials. Then, these private sector-issued to provide trustworthy digital identity, offering the credentials or tokens can be used for identification, same standards of privacy and security protection as authentication, and authorization purposes. Private those provided by the state, for similar services and in sector organizations assert the identity of the compliance with national privacy regulations (along with user and act as digital identity and authentication international conventions, where applicable, national providers (e.g., Finland’s semi-centralized system sovereignty and governance principles). For example, or Estonia centralized system). there is a difference between those companies that are 30. See Alan Gelb, 2016, p. 4. 31. See, for example, Uganda Mobile Vital Records System is using mobile technology to overcome the poor communication network between rural villages and registration offices. Thanks to mobile phones, village regis- tration agents are able to record births and send details about vital events on new-borns for legal registration. The data is transmitted to local hospitals via a 3G web-based application and then is stored in a computer database. A challenge will be how to tying the data to the identity of the child as it matures and progresses through society, school, work, migrates, etc., including ensuring continuity of identity and choice and control as the child becomes mature enough to exercise legal rights. Digital Identity and the Role of Public and Private Actors | 27 bound by national legislation and privacy frameworks government identification system will increase the and companies that operate globally but are not private sector’s ability to offer services that are obligated to adhere to local privacy laws. useful and valuable to consumers, enabling more efficiency in service delivery. Building trust between Benefits of public-private cooperation eco-system partners can help accelerate innovation and stimulate investment. There are a number of benefits to public-private cooperation to build digital ID ecosystems, including: Managing Risks • For Governments: Digital transformation, However, while a public-private partnership can offer modernization and use of integrated systems will benefits to the development of a digital identity reduce cost of implementation and interoperability program, cooperation also comes with risks that by allowing for the secure transfer of citizen need to be outlined and managed by both the data and lowering existing barriers to entry government and the private sector. Adequate risk for governments to harmonize national digital mitigation by the government is required to ensure identity systems. Private sector companies may that the digital identity program (whether for legal be positioned to leverage existing assets and or functional use) is based on good governance, footprint, helping to drive efficiency and scale in open standards, fiscal efficiency, user affordability, the development of digital identity ecosystems. and operational effectiveness, and promotes innovation and a competitive marketplace. Similar • For the private sector: Enlarging the digital identity measures are required by the private sector to ensure ecosystem and enabling private sector parties to that contractual agreements are upheld, financial create a trusted identity ecosystem between the investments are protected, and a level playing field is government and the private sector itself. A stronger available for market players. Models for Private Participation in Official Digital Id Systems In addition to public-private cooperation to develop coverage of their identity systems by utilizing private digital identity ecosystems more broadly, we have begun sector cooperation, services, and investment. to see a range of partnerships that focus specifically on strengthening government identity systems. In When it comes to public-private cooperation for the European countries such as Estonia, Finland, Norway, provision of national digital identity systems, models Switzerland, and the United Kingdom, for example, the vary based on the type of the project and the scope private sector—and the mobile industry in particular— of private sector involvement, as shown in Figure 5. has played a key role in building national digital identity Traditionally, the most common form of private sector systems and authentication programs and unlocking participation in national identity systems has been the potential of digital identity for the economy through as suppliers of publicly procured inputs—including leveraging existing assets and business processes.32 hardware, software, systems design, etc.—used to build We have now begun to see similar partnerships in a national identity database and/or to set up identity developing countries that have sought to extend the authentication and verification33 (e.g., Pakistan and 32. For example, see GSMA case studies such as: Finnish Mobile ID: A Lesson in Interoperability; Estonia’s Mobile-ID: Driving Today’s e-Services Economy; Norwegian Mobile Bank ID: Reaching Scale through Collaboration; Swisscom Mobile ID: Enabling an Ecosystem for Secure Mobile Authentication; Mobile Signature in Turkey – A Case Study of Turkcell: MobilImza; Mobile Birth Registration in Sub-Saharan Africa: A case study of Orange Senegal and Uganda Telecom solutions. 33. In the latter case, the private contractor leverages the value of the digital identity system and may introduce a fee system based on authentication requests from private companies (e.g. mobile, credit rating agencies, smart card providers, etc.) or the public sector. In the UK, for example, the Identity Assurance Programme (IDAP) took a procurement approach for their government certification program, which enables private sector organizations—including mobile network operators and other private providers—to become authorized digital identity providers. A Draft of Identity Assurance Provider Framework Agreement is available here (https:// data.gov.uk/data/contracts-finder-archive/contract/1690273/) which also include a description of the charges structure used in the agreement between the government and the identity assurance private sector provid- ers. See Accenture study, forthcoming for more examples. 28 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Peru). In some countries, governments have begun to emerging ways in which the private sector is involved in consider Public Private Partnerships (PPP) such as BOTs the provision of national digital identity, the remainder (build-own-transfer) or concessions (e.g., Albania), of this section focuses on private involvement that goes service agreements (e.g., India, Nigeria, Moldova), beyond traditional procurement-type contracts (which and other arrangements that specify a deeper level of are plentiful and generally well known).34 private sector engagement. In order to highlight the FIGURE 5 Source: Author’s elaboration Examples of Private Sector Involvement in Official Digital Identity Systems INDIA MOLDOVA Aadhaar Number Mobile e-ID (PKI System) Design & Register Credential Services Design & Register Credential Services Build Build Designed Validates issues digital authenticates created PKI checks users issues digital provides Aadhaar system identities identity and identify for infrastructure against certificate services using & technical paper certificate public/private population e-signatures standards for services database registration anyone can enrol residents, built systems issue PKI- verify identity enrolls users at charges users paid by gov per to interface w/ enabled SIM using Aadhaar telecom offices per e-signature person gov PKI cards number PAKISTAN & PERU ALBANIA National eID National eID and Passport Design & Register Credential Services Design & Register Credential Services Build Build designed and enrolls issues authenticates provides eGov & built eID system residents, smartcards credentials for other services; validates public/private paid a portion identities services enrolls of user fees issues designed and residents, smartcards/ built eID system validates passport authentication identies banks etc. use for services; eID for services collects user fees Key: Public Sector Private Partner Note: Figure depicts who is responsible for the primary activities in each phase of building an official identification system. In reality, even phases for which one sector has clear responsibility often involve a supporting role for other actors. For example, although the government executed the design and building phase in the cases of India, Pakistan, and Peru, the private sector was involved as a supplier of key hardware and/or software inputs. Similarly, even though Albania awarded a complete concession to a private company, the government was still involved in planning and oversight. 34. In a typical public procurement project, governments contract vendors to supply a defined set of inputs or outputs, funding capital expenditures and retaining ownership of assets (and risk). In this model, the national or regional government is responsible for the set-up and delivery cost of the technology solution and bears the responsibility of its running costs, although they may look to the private sector to bring in needed expertise and efficiencies. Digital Identity and the Role of Public and Private Actors | 29 Partnerships for Digital Identity • India: The Aadhaar program relies on private firms to enroll residents’ biographic data and biometrics, We surveyed a number of cases of significant which are then sent to India’s Unique Identification private-sector involvement in national digital ID Authority (UIDAI) for validation and issuance. systems, including Albania, Chile, Estonia, Finland, UIDAI enters into MOUs with public and private India, Moldova, and Nigeria. These cases are not Registrars (e.g., banks and insurance agencies), exhaustive,35 but illustrate a variety of potential models. who contract with other firms as Enrollment In general, they can be placed in categories along two Agencies that meet UIDAI’s rigorous technical dimensions. The first is the type of partnership, either standards. Enrolling agents are then paid by the a service agreement or a BOT/concession, while the government on a per-transaction basis.37 second is the scope of partnership, whether it covers registration of digital IDs or the provision of services. • Nigeria: Nigeria’s Identity Management Within these categories, there is variation in the degree Commission (NIMC) has begun to issue new to which private firms are involved in (1) designing and smartcards in partnership with financial service building identity infrastructure, (2) financing initial and companies. These cards are linked to a pre-paid ongoing capital investments, and (3) operating and account number with a participating bank that can maintaining digital identities throughout their lifecycle, be used by the cardholder for public or commercial including registration, issuance, authentication, and transactions at accepting merchants. The cards are services. There is also variation in whether the source intended to create demand for connectivity and of revenue for private firms is government fees or user electronic services in Nigeria. fees. See the Annex for more case details. • E stonia, Finland, & Moldova: Each of these Although these examples are illustrative of different countries has partnered with mobile network models of partnerships, it is important to highlight operators to deliver mobile authentication services the fact that not all models will be appropriate in to eID cardholders. In each case, the mobile all countries. For example, the context—including companies issue users with a PKI-enabled SIM, and political, institutional and technological maturity—of then charge a per-use fee when they use a digital identification systems in countries such as Estonia, signature to authenticate themselves for eGov and Finland, and Albania is quite different from that of other online services. many countries in Africa, Asia, and Latin America. BOT/Concessions Service Agreements In contrast to service agreements, where the In the service agreement model, the government government contracts limited (though potentially vital) contracts with a private firm or firms to undertake a aspects of a project to private firms, build-own-transfer specific role in one or more stage of the digital identity (BOT) or concession-type partnerships are ones in lifecycle. In these cases firms receive revenue directly which the private sector is solely or primarily in charge from users, or from the government on a performance of designing, building and operating a project, usually basis. Whether or not these agreements meet the strict for a fixed concession period. These are considered definition of a PPP above depends on the extent to PPPs according to standard definitions, as the contracts which they are long-term partnerships (most are) that bundle together many services and entail significant require significant investment on the part of the private risk and financing on the part of the private party. In actor.36 Key examples include: these cases, contracts are often awarded to a single 35. Pakistan’s ID system involves a different type of private sector involvement. Its National Database and Registration Authority (NADRA) is an autonomy agency that contracts with the Pakistani government to provide identity services. NADRA also delivers identification and system integration solutions internationally, and its clients include the governments of Sudan, Kenya, Bangladesh, Sri Lanka and Nigeria. 36. For a categorization of PPP arrangements in eGovernment systems, see World Bank, 2015b. The Bank’s PPP Knowledge Lab (https://pppknowledgelab.org/) is also an excellent resource for understanding PPPs for infrastructure development and defines a PPP as a “long-term contract between a private party and a government entity, for providing a public asset or service, in which the private party bears significant risk and management responsibility, and remuneration is linked to performance.” 37. UTI, 2014. 30 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation contractor or consortium, project costs and outputs are • Services: A majority of the digital identity cases predetermined, and payment is performance-based with public-private cooperation involve the provision and can include a fixed set up cost. Revenue generated of services to end-users, after enrollment has been by the ID system is allocated between the private and conducted by the public sector. This is expected public sectors according to the contract. given that private sector service providers are primary stakeholders in the creation of digital Key examples include: identity. Many service-based partnerships have been added on to already existing digital ID systems (e.g., • Chile: Chile’s Registro Civil e Identificación (SRCeI) Moldova, Finland, and Estonia). An exception to this awarded a concession to a private firm to modernize is Nigeria, where the smartcard service agreement its existing civil identification system through was designed into the project from its onset. building, installing, and maintaining new hardware and software, integrating databases, training Choosing a model SRCeI staff, and personalizing eID smartcards and passports. The government operates the system and Each country context is unique, and a thorough pays a fee per document issued. analysis of this context is necessary before adopting a particular business model. The selection of an • A lbania: Uniquely, Albania’s Ministry of Interior appropriate business model will require careful Affairs has awarded a full concession to design, consideration of the following factors: build, operate, and maintain an eID and e-passport system. The firm is in charge of enrolling residents, • Sustainability/Financing. Stakeholders should issuing IDs, and collecting usage fees, a portion consider the overall estimated costs of the project, of which are paid back to the government. In estimated volume and demand of digital public 2013, the original concession was extended for an services, and the revenue-generating potential additional 10 years. for the private sector. In general, PPP-type arrangements like BOTs and concessions offer Scope of Partnership the advantage of lower (or no) up-front costs for the government, which may enable those In addition to the distinction between service lacking investment and initial funding capability agreements and BOT or concession-based to deploy and sustain modern national digital partnerships, we can categorize these partnerships identity systems. Nevertheless, they may not be according to stage in the lifecycle in which the private appropriate for all types of projects.38 sector is involved: • Legal and ethical issues. There may be risks • Registration: A few of the cases have involved associated with transferring management of the public actors undertaking all or part of the effort national identity system to a private company to register citizens in the creation of a new under certain partnership arrangements (for national digital identity system. Logically, this example, private ownership of public data may includes the BOT/concession type partnerships not be legal, advisable or socially acceptable). For where firms are involved in designing, building, example, according to a recent survey conducted and operating the ID system for a fixed period by Accenture on behalf of GSMA, it is important for of time (e.g., Chile and Albania), but may also liability reasons for government to lead the delivery include service agreements (e.g., India). of civil registration systems, even though these can be facilitated by private sector entities. 38. See World Bank (2014) and World Bank (2009) for a more complete analysis of the potential benefits and risks of PPPs. Digital Identity and the Role of Public and Private Actors | 31 • Government capacity. All identity systems require • P rivate sector activities. The extent to which significant government capacity. Even where digital identity and authentication services are governments are not building and managing already commercially available and interoperable identity systems in-house, they must clearly define will dictate potential public and private sector the roles and responsibilities of different identity use cases and cooperation. In any arrangement, actors and provide the legal and regulatory stakeholders should structure contracts to help framework to establish trust and protect privacy leverage private sector expertise and innovation and personal data. For PPPs, special legislation to enable interoperability both at cross border and may be required and strong governance practices cross sector level. In PPPs, for example, private are necessary to oversee project implementation firms are paid based on output and thus able to and enforce regulations. In contrast, traditional design inputs to maximize efficiency. public procurement projects involve well-known and often simpler contracts. However, projects • Length of partnership. One benefit to PPPs is the where government officials are involved in ability to capitalize on a long-term partnership. In operating identity systems—such as in public some cases, however, there is a trade-off between procurement— may require significant technical the opportunities of a long-term contract and the knowledge transfer. ability of public actors to change suppliers when needed to avoid vendor or technology lock-in. 32 | Digital Identity and the Role of Public and Private Actors Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation 3 Common Principles for Unlocking the Value of Digital Identity Advances in digital and biometric technology, combined and resilience, interoperability, proportionality, with the already extensive use of mobile devices in the vendor and technology neutrality, and fiscal and developing world offer a transformative solution to the operational sustainability. Principles in this area global identity gap. In order to realize this potential, could include: however, public and private sector stakeholders and development partners must collaborate in order  Prioritizing end-user needs and demands to overcome the challenges to achieving digital identification that are described in Part I of this  Integrity of systems paper. This requires a sustained effort among actors, underpinned by common objectives and understanding.  Proportionality Building on a series of consultation forums, broad multi- stakeholder discussions, and previous research, we have  Open standards and outcomes-based identified three preliminary thematic areas to serve as approaches the basis for principles of cooperation:  Long term financial sustainability 1. Universal Coverage. Identification management systems should strive for continuous universal 3. Building and Sustaining Trust. Identity systems coverage: officially recognized identification and must be built on a legal and operational foundation authentication services should be accessible to all of trust and accountability between public agencies, individuals from birth to death. Principles in this private sector actors and individuals, who must be area could include: assured privacy and protection of their data, and the ability to exercise control and oversight over its use.  Non-discrimination and inclusivity Principles in this area could include  Affordability  The protection of privacy and security of data and users rights  Accessibility  Strong accountability mechanisms 2. Appropriate and Effective Design. Identity systems should be context appropriate and  Legal and trust frameworks supported by adaptable for long-term needs, including measures impartial adjudication to ensure their demand, robustness, integrity Common Principles for Unlocking the Value of Digital Identity | 33 In order to enable the creation of identity systems At the time of publication, multi-stakeholder that meet these standards, government and industry consultations were on-going to define and agree stakeholders must also develop a consensus a set of principles. We recommend the continued regarding standards for (1) the legal and regulatory development of these principles and enablers through environment, (2) technology, (3) governance an inclusive process so that they may be endorsed by structures, (4) public-private cooperation, (5) a variety of stakeholders. Adhering to these principles stakeholder awareness, (6) convenience, and (7) will help align different actors, accelerate national facilitating a competitive market place. identification strategies and enhance trust in the digital identity ecosystem for the benefit of governments, citizens, and the private sector. 34 | Common Principles for Unlocking the Value of Digital Identity Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Annex: Case Studies Albania – eID and e-Passport What is the project? In the early 2000s, Albania began its “Digital Albania” initiative in order to improve public and private service delivery. One of the goals of the initiative was to modernize the national identification system and begin issuing passports that complied with European standards. Identity became a priority in 2008, when the government needed to issue secure ID cards ahead of the 2009 elections. To implement this project, it awarded a concession to deliver 1.5 million eID cards to citizens. To date, some 3.2 million smartcards and 2.6 million biometric e-passports have been issued. In 2013, the concession was renewed for 10 years. These cards are used as voter ID in elections and for a variety of other services. Who is involved? The Ministry of Interior Affairs is the main agency in charge of identification, although other public agencies were involved. The concession was awarded to Aleat, an Albanian subsidy of Morpho and joint venture AAEF, which was created to manage the national identity project. How does it work? Before this project, Albania’s national identity system included a number of paper-based registers across different provinces that were inherited from the Soviet era. Rather than attempting to digitize these records—many of which were inaccurate—the Ministry of Interior Affairs partnered with the private firm to re-register the entire population and create an entirely a new, digital database. This was a full concession, and company implemented and managed every aspect of the project, including technology development, operation, and maintenance. In order to obtain an eID or passport, citizens enroll in one of 400 centers nation-wide, and their data is then validated against the central database. Cards are then printed off-site and sent back to the municipal enrollment center for later pick up. The private firm has added optional services to the process, including a fast- track system that allows citizens to get their passports within 24 hours or less for an extra fee. In addition, the smartcard includes digital certificates that can be used to access eGov services via kiosks. With the new passports, Albania reached an agreement with the European Commission in 2010 that allows Albanians the right to travel throughout the Schengen area without a visa. Who collects and stores data? The private firm collects, manages, and stores all the data, and a copy of the data is provided to the Ministry of Interior Affairs. Although the firm technically owns the data, there are security measures in place to ensure that only Ministry officials can gain access to sensitive data. How are investments and revenue divided? As a full concession, the firm incurs all design, building, and operational costs. The company collects the user-fees from the eIDs and e-passports, and pays the government a portion of these fees. Annex: Case Studies | 35 Chile – eID and e-Passport What is the project? In 2013, Chile began a follow-on project as part of the process to modernize its national identification and passport systems. The goal was to strengthen and automate the registration and verification of citizens and foreign residents, increase the security of systems and documents, and comply with international standards for border crossing. In addition, the government sought to increase citizen’s access to identification and passport services, particularly in remote areas. To implement this system, the government awarded a 10-year concession to a private firm to upgrade its national identity system and issue 25 million eID cards and 4 million e-passports by 2020. Who is involved? The project was undertaken by the Registro Civil e Identificación, housed within the Ministry of Justice, which is in charge of civil registration and documentation for all Chileans and foreign residents. The main private sector partner for the provision of passports and the new ID cards is Morpho Chile. Sonda continues to provide the platform for civil registration. How does it work? At the start of the concession, the private firm upgraded the Registro’s existing technology platform—including hardware, software, and systems integration at the central database and the country’s 900 enrollment stations—and also trained civil service staff on the use of the technology. Citizens enroll at one of the enrollment stations, and their data, including biometrics, is validated against the central database. The company then personalizes the eID smartcard or e-passport and sends it back to the enrollment station for the person to come and collect. The identity system uses a unique identifying number, RUN (Rol Único Nacional), which links the national ID, passport, and a number of other databases, such as the ministry of health and the ministry of social development. The connectivity of the registration process and integration with multiple databases has dramatically reduced enrollment time to only one hour. In addition, the biometric e-passport system has allowed Chile to become the first Latin American country to gain access to the US Visa Waiver program. With this system in place, Chile is now exploring expanded functionality for the smartcard, including digital signatures for authentication. Who collects and stores data? All data is collected and stored by the Registro Civil e Identificación. How are investments and revenue divided? The private firm invested significant capital to upgrade Chile’s identity system. The Registro Civil e Identificación collects fees for issuing eID cards (around $3,000 pesos or USD 4.50) and e-passports (around $89,660 pesos or USD 134), and then pays the firm per document issued. 36 | Annex: Case Studies Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Estonia – Mobile eID What is the project? Estonia’s Mobile eID Solution (m-ID) was among the first of its kind and has been heralded as a model case internationally. The Government of Estonia has been offering services electronically through its eGovernance agenda since the early 2000s. Initially, the private sector was involved only in manufacturing smartcards, and online authentication was based on a PKI-enabled smartcard and a physical card reader with a USB hub. In 2007, a mobile operator began offering mobile authentication to facilitate e-banking transactions and other private-sector service exchanges. In 2011, the Government of Estonia reached an agreement with mobile operators to integrate this form of authentication into e-government services as well. Today, mobile ID can be used on most wireless devices for the entire range of government services, from tax returns to public transportation and voting in national elections. Who is involved? The primary government body involved with m-ID is the Estonian Certification Authority, Sertifitseerimiskeskus, which manages the population registry. Other government agencies are responsible for the content and execution of electronic services. Private-sector partners include mobile operators EMT, Elisa, and Tele2. How does it work? Users wishing to participate in the mobile ID scheme need to request special PKI-enabled SIM cards from their mobile operator. The user’s identity is verified and a private key stored on the SIM card facilitates digital authentication through the mobile operator and a trusted service provider. These SIM cards are issued by the certification authority, but sold to customers by the respective operators as part of their existing mobile phone contract. To access an electronic service offered by the government through a mobile phone or a tablet, mobile ID offers secure digital two-factor identification without requiring additional hardware or documentation, such as a card reader. Who collects and stores data? End user data is stored in the country's population registry, against which mobile operators will check their customer data in order to provide the authentication service. The mobile operator has no direct access to the registry or other citizen data; it merely sends a request to the government server and receives a positive or negative response. How are investments and revenue divided? The technical infrastructure needed for a successful mobile ID environment was provided by the mobile operators. To some extent, the infrastructure was already in place by the time the Estonian government sought to introduce the m-ID project, as mobile identification was already established practice in the Estonian banking sector. The government provided no significant investment in mobile infrastructure. Mobile operators hope to recuperate the costs of investment through growing market shares by offering mobile ID to potential customers as well as end user charges for using the m-ID service. Pricing structures for mobile ID services vary depending on specific contract and bundling models, much like air time, data usage, or text messaging. Annex: Case Studies | 37 Finland – Mobile eID What is the project? In Finland, multiple forms of electronic ID have existed since 2001. The banking sector had been demanding two-factor authentication involving a unique ID number, a PIN code, and a one-time password since the late 1980s. In terms of government-issued ID, Finland was the first country to roll out a national eID card in 1999. In 2008, in response to challenges of impracticality and underuse the existing systems were facing, a consortium of government agencies, mobile operators, and the Finnish Federation for Communications and Teleinformatics (FiCom) agreed to launch a mobile identification system that would combine the benefits of the existing systems and be more accessible to the public. Who is involved? A number of public service and government agencies were involved in designing the terms for the mobile ID scheme, while the Finnish Population Register Centre (VRK) continues to be involved as the ultimate holder of population data. The system in itself was designed by three major mobile operators—DNA, Elisa, and TeliaSonera—and the PKI infrastructure had already been developed by the time that the mobile ID project was launched. How does it work? The system is a two-way authentication system based on PKI SIM-cards and the operators' user database. When wishing to access an electronic service through a mobile phone, the user's phone number acts as a trigger for the mobile ID transaction – the user will only have to provide a PIN code to verify the correct use of his mobile device. User IDs are pre-identified, and a private key stored on the specialized SIM card facilitates the digital authentication through the mobile operator and a trusted service provider. What is distinctive about the Finnish mobile ID system is its inter-operability among mobile operators. Despite each provider operating its own mobile ID application, a so-called “circle of trust” agreement ensures that users will be able to access services through the application of a mobile operator other than their own. Who collects and stores data? The VRK is the state Certificate Authority in the country. Prior to a change in legislation in 2009, it was the only entity able to issue unique identifiers to individuals. The authority still holds centralized population data for the country, which forms the basis for the national ID, but mobile operators are now able to issue Finnish unique identifiers to customers directly at the store, which will later be transmitted to the VRK database. How are investments and revenue divided? The mobile ID project as a whole is largely built and owned by the private sector. As one of the most advanced mobile markets in the world, Finland benefited from high levels of network coverage, existing PKI infrastructure, and the large number of PKI-ready SIM cards already in circulation. No large investments in technology or infrastructure were required. Revenue is collected by the mobile operators on the basis of different pricing models agreed upon with service providers. Usage for consumers is initially free. Service providers who use mobile signature service are charged a set fee per transaction. 38 | Annex: Case Studies Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation India – Aadhaar Unique ID What is the project? In 2009, the Indian government embarked on an ambitious project to enroll its 1.2 billion people in a digital identity system that would provide each person with a unique identity number (Aadhaar) to serve as a foundation for proof of identity and public service delivery. The Unique Identification Authority of India (UIDAI) was created to design and manage this process. Rather than hiring thousands of staff and creating public-sector infrastructure to undertake this enrollment itself, UIDAI decided to rely on third parties to collect resident’s data with the goal of increasing efficiency and value for money. To date, over 1 billion people have been registered (around two- thirds of these by private firms), and Aadhaar numbers have been linked to the delivery of Liquefied Petroleum Gas (LPG) subsidies, Public Distribution System rations, and other social protection programs. In the future, the goal is to connect Aadhaar to myriad other public and private services through a variety of partnerships. Who is involved? The UIDAI is the main authority in charge of the Aadhaar program, while the “Registrars”— including state governments, public service agencies, banks, telecom companies, insurance agencies, etc.—sub- contract a variety of local agents to complete the registration process. Any public or private entity can then use the Aadhaar number to authenticate a user against the UIDAI database. The Standardization Testing and Quality Certification (STQC) Directorate is charged with ensuring that the technology meets UIDAI standards. How does it work? UIDAI signs Memoranda of Understanding (MOUs) with Registrars in each state, and these Registrars may then contract with public entities or private companies to carry out the actual enrollment of residents according to UIDAI’s strict technical specifications and regulations. The data captured by enrolling agencies—including biographical information such as name, gender, date of birth, and address, along with 10 fingerprints, two iris scans and a photo—are then securely sent to UIDAI for verification and de-duplication. Once the digital identity is verified, a unique identification number (the Aadhaar number) is issued to the enrollee, who receives a printed letter with the number in the mail. Public and private service providers can then authenticate identity online using the Aadhaar number and a fingerprint (e.g., via a point-of-sale or POS device). Vodafone, for example, has partnered with the Indian Telecom Authority to begin Aadhaar-based e-KYC verification of new customers in Kolkata. Who collects and stores data? The enrolling agents collect the data, which is then encrypted and sent to UIDAI for validation against its central database. When Aadhaar is used for authentication, service providers simply send a request to UIDAI for verification of an identity (“is this person who she claims to be?”) and receive a yes/no response in return---data remain with UIDAI and are not shared or accessible by other public or private entities. How are investments and revenue divided? All costs for establishing registration infrastructure are borne by the enrolling agents; the UIDAI only provides the technical standards that they must meet. Enrollment in Aadhaar is free, and no revenue is generated by user-fees (although certain agents may charge user fees for add-on services). The government pays enrolling agents based on the number of people enrolled, at a standard rate of INR 31 (USD 0.467) per person—to date, this amounts to approximately USD 311 million in profit for these firms. Annex: Case Studies | 39 Moldova – Mobile eID What is the project? The Moldova Mobile e-ID Solution (Me-ID) was developed in 2011 by the Government of Moldova as part of an e-Governance program aimed at facilitating and digitalizing public service delivery. After a cost-benefit review examining various models and scenarios, the government decided in 2011 to launch a client-side mobile ID system based on PKI-enabled SIM cards that would allow for digital authentication of citizens accessing public services electronically. Although certain government agencies had already built a PKI- infrastructure, the project team decided to partner with the private sector in order to improve accessibility for citizens and foster long-term innovation and investment in electronic services. Who is involved? The e-Government office within the State Chancellery acts as the national certification authority for digital identity and as a coordinating body for the shift towards e-Governance. On the private-sector side, the firms involved are the country's leading mobile operators, MoldCell/TeliaSonera and Orange. How does it work? As the Moldovan Me-ID project was closely modeled on the Estonian system, the technical application is very similar in its details. Users wishing to participate in the mobile ID scheme request special PKI SIM cards from their mobile operator. These SIM cards are issued by the certification authority, but sold to customers by the respective operators as part of their existing mobile phone contract. When accessing electronic services offered by the government through a mobile phone or a tablet, mobile ID offers secure digital two-factor identification without requiring additional hardware or documentation. The users ID will have been pre-identified, and a private key stored on the specialized SIM card facilitates the digital authentication through the mobile operator and a trusted service provider. Who collects and stores data? End user data is stored in the country's population registry, against which mobile operators will check their customer data in order to provide the authentication service. The mobile operator has no direct access to the registry or other citizen data; it merely sends a request to the government server and receives a positive or negative response. Mobile operators will have records of customers' use of mobile signatures, but no information regarding the exact nature of services for which the mobile signatures were used. How are investments and revenue divided? The technical infrastructure needed for a successful mobile ID environment was provided by the mobile operators. While mobile phone penetration was already high in Moldova by the time the Me-ID project was rolled out, the specific nature of the PKI authentication system required additional investments in hardware and network strength. The cost for these investments (around EUR 400-500k) was borne almost entirely by the mobile operators; the government spent approximately 30k to connect the infrastructure. Mobile operators charge end-users a fee for the use of mobile signatures and pass on part of the income to the government as part of a revenue-sharing agreement. Pricing structures for mobile ID services vary depending on specific contract and bundling models, much like air time, data usage, or text messaging. 40 | Annex: Case Studies Digital Identity: Towards Shared Principles for Public and Private Sector Cooperation Nigeria – National eID What is the project? In 2007, the Nigerian Identity Management Commission (NIMC) was tasked with creating a new National Identity Database built around the issuance of unique National Identity Numbers (NINs) and a multi- purpose smartcard. The goal of the new system is to streamline Nigeria’s existing ecosystem of multiple identity systems in the country. In order to stimulate use of the ID card, the NIMC has begun offering networked financial services as one application on its smartcard. Since 2013, it has been partnering with MasterCard, Visa, and Verve, a local payment network. In separate agreements with local banks, these cards can be linked to pre-paid bank accounts and can be used to pay for goods and services. Eventually, a variety of databases and services may be linked to a single-platform eID, including the including driver’s licenses, voter registration, health insurance, taxes, SIM card registration, and pensions. Who is involved? The NIMC is responsible for enrollment, verification, and issuance of the smartcards. MasterCard, Visa, and Verve are the payments technology providers, Unified Payment Services Limited is the payments processor, and a number of banks (including Access Bank Plc, United Bank for Africa, Union Bank, etc.) are providing the pre-paid accounts. The Central Bank of Nigeria and other agencies are involved in an effort to offer bank verification numbers (BVNs), extend connectivity and the number of payment terminals around the country. How does it work? Once a person is registered in the National Identity Database by the NIMC, they collect their card at an NIMC enrollment center and chose a PIN number to access their pre-paid account (card-holders should also be able to link existing bank accounts to their card). They can then use the cards to deposit or withdraw cash and make payments to any entity or merchant that accepts the cards in Nigeria or abroad. The goal is also to include online and offline authentication services using biometrics and the embedded chip via a POS device. Future rounds of ID cards may include service agreements with other companies following a similar design. Who collects and stores data? The NIMC collects, validates, and stores all personal and biometric data for the National Identity Database. The private firms cannot access this data. How are investments and revenue divided? The NIMC contracted suppliers to provide smartcards under a normal public procurement process. As such, the funding for the eID system infrastructure is provided by the government. However, the influx of millions of new smartcard users incentivizes the companies to extend their network within the country. Annex: Case Studies | 41 References Asian Development Bank (ADB), Inter-American Development Bank (IDB), World Bank Group. (2014). “Public-Private Partnerships Reference Guide: Version 2.0. Retrieved from http://api.ning.com/files/ Iumatxx0jz3owSB05xZDkmWIE7GTVYA3cXwt4K4s3Uy0NtPPRgPWYO1lLrWaTUqybQeTXIeuSYUxbPFWlysuyNI5rL6b2Ms/ PPPReferenceGuidev02Web.pdf.” Banerjee, S. 2015. "From Cash to Digital Transfers in India: The Story So Far.” CGAP Brief, February 2015, Consultative Group to Assist the Poor (CGAP) Washington, DC. http://www.cgap.org/sites/default/files/Brief-From-Cash-to-Digital-Transfers-in-India-Feb-2015_0.pdf. Barnwal, P. 2015. "Curbing Leakage in Public Programs with Biometric Identification Systems: Evidence from India’s Fuel Subsidies. Job Market Paper, School of International and Public Affairs, Columbia University, New York. http://www.columbia.edu/~pb2442/ subsidyLeakageUID.pdf". Boston Consulting Group, 2013. “The Value of Our Digital Identity” study, 2013. Retrieved from http://www.libertyglobal.com/pdf/public- policy/the-value-of-our-digital-identity.pdf. Dahan M., A. Gelb. 2015. "Role of Identification in the Post-2015 Development Agenda, Working Paper, World Bank and Center for Global Development, Washington, DC.". Dahan M., L Hanmer. 2015. The Identification for Development (ID4D) Agenda: Its Potential for Empowering Women and Girls. World Bank, Washington, DC. Dahan M., R. Sudan. 2015. "Digital ID for Development, Working Paper, Connections Note #18, World Bank, Washington, DC.". Dunning, C., A. Gelb, and S. Raghavan. 2014. "Birth Registration, Legal Identity, and the Post-2015 Agenda. Policy Paper 46, Center for Global Development, Washington, DC.". Gelb, A., J. Clark. 2013. "Identification for Development: The Biometrics Revolution." Center for Global Development Working Paper no. 315. Gelb, A. and Diofasi, A. 2015. “Scoping Paper on Identification and Development. Center for Global Development”. Gelb, A., and Diofasi, A. 2016. “Using Identification for Development: Some Guiding Principles”. CGD Notes. Global Findex database: http://www.worldbank.org/en/programs/globalfindex. GSMA, 2015. “Mobile Identity Regulatory Overview (second edition)”, Report, 2015. Retrieved from http://www.gsma.com/personaldata/ wp-content/uploads/2015/01/Personal-Data-Regulatory-Overview-2014.pdf GSMA and SIA joint publication, 2014. “Mobile Identity – Unlocking the Value of Digital Economy”, White Paper, 2014. Retrieved from http://www.gsma.com/personaldata/wp-content/uploads/2014/10/14-10-10-GSMA-SIA-Joint-Paper-Mobile-Identity_October-2014.pdf GSMA case studies: Finnish Mobile ID: A Lesson in Interoperability; Estonia’s Mobile-ID: Driving Today’s e-Services Economy; Norwegian Mobile Bank ID: Reaching Scale through Collaboration; Swisscom Mobile ID: Enabling an Ecosystem for Secure Mobile Authentication; Mobile Signature in Turkey – A Case Study of Turkcell: MobilImza; Mobile Birth Registration in Sub-Saharan Africa: A case study of Orange Senegal and Uganda Telecom solutions; Retrieved from http://www.gsma.com/newsroom/gsmadocuments/ Harbitz, M. and Kentala, K., 2015. “Dictionary for Civil Registration and Identification”. IDB Working Paper, 2015. World Bank. 2009. Public-Private Partnerships in E-Government: Knowledge Map. Prepared by the Institute for Public-Private Partnerships. Washington, DC. Retrieved from http://www.infodev.org/infodev-files/resource/InfodevDocuments_821.pdf Malik, T. 2014. “Technology in the Service of Development: The NADRA Story.” Retrieved from http://www.cgdev.org/publication/ technology-servicedevelopment-nadra-story SIA, 2013. “eGov study”, 2013. Retrieved from https://www.secureidentityalliance.org/index.php/news-events/news/168-trusted-identity- egovernment SIA, 2015. “Civil Registry Consolidation through Digital Identity Management” report. Retrieved from https://www.secureidentityalliance. org/index.php/news-events/news/325-new-civil-registry-and-identity-guidance-for-governments The Economist. 2014.“Digital Identity Cards: Estonia takes the plunge.” Retrieved from The Economist http://www.economist.com/news/ international/21605923-national-identity-scheme-goes-global-estoniatakes-plunge (June 28) World Bank, 2014a. “Digital Identity Toolkit”, Working Paper, Washington DC. Retrieved from http://documents.worldbank.org/curated/ en/2014/06/20272197/digital-identity-toolkit-guide-stakeholders-africa World Bank. 2014b. Public-Private Partnerships Reference Guide, Version 2.0. Washington DC. Retrieved from https://library. pppknowledgelab.org/Knowledge%20Lab/documents/2480 World Bank, 2015a. “ID4D Integration Approach Study”, Working Paper, Washington DC. Retrieved from http://imagebank.worldbank.org/ servlet/WDSContentServer/IW3P/IB/2015/09/21/090224b0830efe0f/2_0/Rendered/PDF/Identification0ation0approach0study.pdf World Bank, 2015b. “Analysis of Existing eGovernment and Trade Facilitation Public Private Partnerships (PPPs) Worldwide”, Internal World Bank Group Working Paper, Washington DC. World Bank, 2016. “Identification for Development Strategic Framework”, Working Paper, Washington DC. 42 | References www.gsma.com/digitalidentity www.worldbank.org/en/programs/id4d www.secureidentityalliance.org