Welcome back to the Digital Identity series. This week we continue the discussion of digital identity, with a focus on the politics of digital identification.
Let’s start with the recognition that a formal identity is often a starting point for inclusion—without it, a person may not be able to access services such as health care, banking, or education. In humanitarian emergencies, a digital identity may be required to receive vital provisions such as food, water, and medicine.
There is an assumption that if only we can get people to sign up for a Digital ID, then they can reap the benefits, whether this be social cash transfer, participation in a humanitarian program, or a formal government identity that leads to other benefits. In the first blog of the series we discussed informed consent—that people have the right to not only choose whether they want to have Digital ID, but to choose whether and how their data is collected, stored, and used.
While it is true that there are benefits to formalizing an identity (digitally or otherwise), historically a formal identity has just as often been used to persecute as to benefit: It can both give and take away. In this post we consider: Even if people give consent, how can we be sure that their digital identity will work for them in light of the political climate in which they live?
Risks of Digital Identity
The USAID Identity in a Digital Age report recognizes that Digital ID sits as the interface between the power and prerogatives of institutions and the rights and needs of individuals. A digital identity system—specifically a centralized system—poses risks in terms of a) data security and b) centralized control.
The WEF Digital Identity paper recognizes that centralized digital identity systems are attractive targets to hackers, due to the wide-ranging types of data and the sheer scale. In India, the Aadhaar ID system is used for a plethora of services, from welfare benefits to banking, and as such, the risk of profiling is increased and individuals are more vulnerable to identity theft. To date, there have been been hundreds of cases of identity theft related to the system.
However, the main fear with centralized digital identity systems—particularly in undemocratic or transitioning countries, or for populations that are at risk of persecution—is that they give owners power that, if unchecked, leaves the door open for abuses such as surveillance, tracking, and profiling. In other words, tools to exclude and discriminate.
Kenya provides an interesting case study. In January, the Kenyan Parliament passed an amendment to the National ID law, requiring all Kenyan nationals, immigrants, and refugees turn over their DNA, GPS coordinates of their residence, retina scans, iris pattern, voice waves, and earlobe geometry before being issued identity documents. As it is a centralized system, this data will be entirely held by the Government of Kenya and so—in the right (read: wrong) political climate, the opportunity and temptation to use this data to monitor the population by ethnicity (e.g. using DNA) or status as a refugee (based on GPS location) could be used as a tool for political repression. An extreme case where a significant amount of data has already been collected from individuals and used for surveillance is in China, where biometric data is being combined with artificial intelligence to monitor and persecute the Muslim Uighur population.
When the government has a central role in generating and managing formal identity, it also gives them a power over their citizens to give or take away identity. For instance, in Afghanistan the e-Tazkera biometric ID card caused controversy and fueled ethnic tension due to its sole recognition of certain ethnic groups. The ID card contained the ethnicity “Afghan,” which many believe is synonymous with Pashtun, one of the country’s several ethnic groups who make up around 40 percent of the population. It was rejected by many of the other ethnic groups in Afghanistan who did not want to identify as “Afghan.” Rollout has been stalled amid ethnic tensions—seemingly for good.
Amid risks of data insecurity and persecution, how can we ensure that digital identity systems are considerate of the political climate and not putting populations at risk?
1. Understand Political Ecosystem
As with any development program, having a deep understanding of the local context is vital. By understanding the political context, you can ensure your system—particularly if it will be a national ID—has wider political and citizen support. The new Malawi National ID was supported by different ministries, and so has been linked up to the revenue authority, national voting register, reserve bank, Ministry of Justice, and others. There is strong sense of what the identity is for, as well as what it can achieve: seen to be promoting good governance and reducing corruption, which is perceived to a problem in Malawi; as well as solving the widespread issue of ghost workers.
Understanding the ecosystem also extends to being cognizant of where digital identity may and may not help—for instance where making refugees, ethnicity, or health status identifiable by the state may hinder progress. Understanding national and local tensions and citizen perception, fears, or concerns can help us delineate the limits of data collection or access to the data.
2. Only Collect Info That is Absolutely Required
This links back to the topic of informed consent: Data should only be shared when consistent with the initial purpose or context under which the person consented to its use. This is also known as contextual integrity. For instance, information on someone’s HIV status shouldn’t be necessary when collecting election data. In the case of the e-Tazkera ID, ethnicity wasn’t a requirement for what the National ID was to be used for. In Kenya the change in rules allowing the government to collect a variety of biometric and identifying information is gaining backlash, as it is not clear what it will be used for and why such comprehensive data is necessary.
3. Provide Appropriate Layers of Protection
If sensitive information is being collected, there is a responsibility to protect this data. Of course, data privacy and protection are huge topics in themselves, but the point in terms of politics is that we should have a detailed understanding of the political ecosystem to help with the assessment of who should have access to the data. There should be independent bodies to provide controls on what data is collected, who can access it, for what reason, in what manner.
Digital identity can be both a tool of a centralized authorities political will and a tool of said authority to provide benefits to their citizens. Politics and identity are inextricably linked. We have talked about centralized control of digital identity systems and the risks involved. In an article by Coinmonks, it is argued that self-sovereign identity can offer an in-part solution to a lot of the negatives of the politics of digital identity. There isn’t time to go into this argument, but worth noting that blockchain identity systems and “self-sovereign” identity come with their own issues—see the controversy over the blockchain system for Rohingya populations and the part politics has to play.
Next up in this series, we look at other opportunities and challenges posed by the design or adoption of digital identity systems.