Convergence of Digital Identity Policies Will Enable Next Generation Services
Marta Ienco, Head of the Government & Regulatory affairs, Personal Data
That the future of public services is digital is becoming increasingly apparent in Europe and internationally. Italy, for example, has launched its nationwide Public System for Digital Identity Management, or SPID, which facilitates faccess to e-government and public services by citizens and companies alike and will be available across multiple computing platforms. SPID has already been adopted by many of the nation’s universities and 3,300 municipalities, while all of Italy’s public administrations are due to offer SPID-based services by the end of the year. Finland’s government is acting in concert with mobile operators to encourage wholesale migration of services online, driving uptake in a country where more than 90% of the population have both a mobile device and internet access. In the UK, the government’s GOV.UK Verify initiative verifies identity through certified companies, enabling citizens to access a variety of public services such as welfare applications, tax returns and reporting medical conditions. Perhaps the most striking example at present is Estonia which, by issuing every citizen with an eID at birth, has been able to offer fully 99% of its public services online. Consequently, hospital queues have dropped by a third, and police work has become a staggering fifty times more efficient.
These are just a few of the national identity initiatives that have sprung in Europe over recent years. But there are also a number of pan-European regulations designed to accelerate the uptake of digital identity services amongst Member States. One such milestone is the EU eIdentification and Trust Services (eIDAS) Regulation which enables citizens and businesses to use national digital identity solutions to access public services in other EU countries. The revised Payment Services Directive (PSD2) also opens up multiple opportunities for third parties – such as Mobile Network Operators – to provide identity attributes and authentication in the payments space. Importantly, PSD2 aims to mandate for secure strong customer authentication, which will improve consumers’ protection for online payments and that mobile operators are in a good position to deliver seamless and without frictions.
There remains, however, much to be done to bring this digital future into being across Europe. For public sector services, in October, the European Commission published the e-Government Report for 2016, its benchmarking survey on the state of digital services across the EU. It finds that while 81% of services in EU countries are now available online, growth across member states is highly uneven, with a significant number lagging behind in adoption and quality. Crucially, a lack of mobile-readiness in e-government services has proved a barrier to accessibility. The report finds that, while the use of mobile devices to access the internet has taken off in earnest over the last five years, “still only 1 in 3 public websites is ‘mobile-friendly’.”
The implications for efficiency are discouraging. For instance, the number of e-government services using simple authentication services as databases to pre-fill online forms has grown by only 2%, bringing the total to still less than half, at 49%. Cross-border services were shown to inhibit business mobility, with 25% of those required by foreign entrepreneurs being wholly offline, requiring a physical encounter for completion. The number of automated services was found to be wholly static, remaining stable at 3% of all services since the first measurement. The authors therefore urge “an acceleration in order to keep up with private sector, and citizens’ expectations”. As was made clear in the report’s findings, digital identity is a key enabler for both public and private sector services but is not yet being used to its full potential.
The need for harmonisation of standards in digital identity is recognised beyond Europe. National eID initiatives have been brought forward in Canada, India, Australia and New Zealand; the direction of travel is clear, but for the journey to be completed, users’ expectations must be met in a coherent way both within and between national contexts.
In early November, the 54th session of the United Nations Commission on International Trade Law (UNCITRAL) Working group IV on Electronic Commerce in Vienna, building on the preparatory work of the its first colloquium, reached broad consensus on the fundamental importance of addressing the legal issues for identity management and trust services for electronic transactions, with the aim of improving international trade and commerce by removing legal obstacles and enabling international cross-border interoperability
The National Institute of Standards and Technology (NIST) in the US is also reviewing two important public consultations. One on Developing Trust Frameworks to Support Identity Federations, and a more extensive special publication guiding the industry on Digital Authentication. This resource aims to facilitate agreements between communities in the development of federated identity frameworks – and thereby accelerate the pace of digitisation in services through enhanced public trust in their security – through four guiding principles concerning privacy, security, interoperability and accessibility. Indeed, these criteria seem to be the bedrock for many national ID schemes, and are providing the basis for which the private sector can develop solutions that can work on a global scale.
One such solution developed by the private sector, Mobile Connect, is well-placed to aid this growing move towards harmonisation on a global scale. Its design, for example, is in accordance with the relevant guiding principles set out by NIST, eIDAS and PSD2. Last year, Mobile Connect was successfully trialled in cross-border authentication for public sector services. The trial was the first of its kind to be fully compatible and in line with eIDAS Regulation and was applauded for its successful results.
Because Mobile Connect gives the user control of who they share their data with, it maintains the maximum level of privacy that can be afforded to the user. And as an operator-led solution, it places data in the hands of those best-able to monitor and identify potentially fraudulent activity. The GSMA report ‘Mobile Connect: Mobile High-Security Authentication’, explains how Mobile Connect can deliver improved security and privacy for consumers authenticating themselves online and authorising digital transactions, and how the solution will evolve in future.
As the demand for digital services grows, private sector service providers and governments will increasingly feel the need for an interoperable identity solution that can be used securely and conveniently anywhere on the globe. Mobile Connect’s utilisation of a mobile, the piece of technology the vast majority carry on them as a matter of course, offers as much convenience and accessibility as can be hoped for.