<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"><a href="https://blog.mozilla.org/netpolicy/2020/01/22/what-could-an-open-id-system-look-like-recommendations-and-guardrails-for-national-biometric-id-projects/">https://blog.mozilla.org/netpolicy/2020/01/22/what-could-an-open-id-system-look-like-recommendations-and-guardrails-for-national-biometric-id-projects/</a></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><h1 class="entry-title">
What could an “Open” ID system look like?: Recommendations and Guardrails for National Biometric ID Projects</h1>
<div class="entry-content">
<p>Digital ID systems are increasingly the battlefield where the
fight for privacy, security, competition, and social inclusion is
playing out. In our ever more connected world, some form of identity is
almost always mediating our interactions online and offline. From the
corporate giants that dominate our online lives using services like
Apple ID and Facebook and Google’s login systems to government IDs which
are increasingly required to vote, get access to welfare benefits,
loans, pay taxes, get on transportation or access medical care.</p>
<p>Part of the push to adopt digital ID comes from the international development community who argue that this is necessary in order to expand access to <i>legal</i> ID. The UN Sustainable Development Goals (SDGs) call for <i>“providing legal identity for all, including birth registration”</i>
by 2030. Possessing legal identity is increasingly a precondition to accessing basic services and entitlements from both state and private services. For the most marginalised communities, using digital ID
systems to access essential services and entitlements from both state and private services are often one of their first interactions with digital technologies. Without these commonly recognized forms of official identification, individuals are at risk of exclusion and denial of services. However, the conflation of digital identity as the same as
(or an extension of) “legal identity”, especially by the international
development community, has led to an often uncritical embrace of digital
ID projects.</p>
<p>In this <a href="https://blog.mozilla.org/netpolicy/files/2020/01/Mozilla-Digital-ID-White-Paper.pdf">white paper</a>,
we survey the landscape around government digital ID projects and
biometric systems in particular. We recommend several policy
prescriptions and guardrails for these systems, drawing heavily from our
experiences in India and Kenya.</p>
<p>In designing, implementing, and operating digital ID systems,
governments must make a series of technical and policy choices. It is
these choices that largely determine if an ID system will be empowering or exploitative and exclusionary. While several organizations have published principles around digital identity, too often they don’t act as a meaningful constraint on the relentless push to expand digital identity around the world. In this paper, we propose that openness provides a useful framework to guide and critique these choices and to ensure that identity systems put people first. Specifically, we examine and make recommendations around five elements of openness: multiplicity
of choices, decentralization, accountability, inclusion, and participation.</p>
<ul><li><b>Openness as in multiplicity of choices</b>: There should be a
multiplicity of choices with which to identify aspects of one’s identity, rather than the imposition of a single and rigid ID system across purposes. The consequences of insisting on a single ID can be dire. As the experiences in India and Peru demonstrate, not having a
particular ID or failure of authentication via that ID can lead to denial of essential services or welfare for the most vulnerable.</li><li><b>Openness as in decentralisation</b>: Centralisation of sensitive
biometric data presents a single point of failure for malicious attacks.
Centralisation of authentication records can also amplify the
surveillance capability of those entities that have visibility into the
records. Digital IDs should, therefore, be designed to prevent their use
as a tool to amplify government and private surveillance When national
IDs are mandatory for accessing a range of services; the resulting
authentication record can be a powerful tool to profile and track
individuals.</li><li><b>Openness as in accountability:</b> Legal and technical accountability mechanisms must bind national ID projects. Data
protection laws should be in force and with a strong regulator in place
before the rollout of any national biometric ID project. National ID
systems should also be technically auditable by independent actors to
ensure trust and security.</li><li><b>Openness as in inclusion:</b> Governments must place equal
emphasis on ensuring individuals are not denied essential services
simply because they lack that particular ID or because the system didn’t
work, as well as ensuring individuals have the ability to opt-out of
certain uses of their ID. This is particularly vital for those
marginalised in society who might feel the most at risk of profiling and
will value the ability to restrict the sharing of information across
contexts.</li><li><b>Openness as in participation: </b>Governments must conduct wide-ranging consultation on the technical, legal, and policy choices involved in the ID systems right from the design stage of the project.
Consultation with external experts and affected communities will allow
for critical debate over which models are appropriate if any. This
should include transparency in vendor procurement, given the sensitivity of personal data involved.</li></ul>
<p>Read the white paper here:<a href="https://blog.mozilla.org/netpolicy/files/2020/01/Mozilla-Digital-ID-White-Paper.pdf"> Mozilla Digital ID White Paper</a></p>
</div></div>
</div></blockquote></body></html>