There are significant, real-world benefits to having an accepted and recognized identity. That’s why the concept of a digital identity is being pursued around the world, from Australia to India. From airports to health records systems, technologists and policy makers with good intentions are digitizing our identities, making modern life more efficient and streamlined.
Governments seek to digitize their citizens in an effort to universalize government services, while the banking, travel, and insurance industries aim to create more seamless processes for their products and services. But this isn’t just about efficiency and market share. In places like Syria and Jordan, refugees are often displaced without an identity. Giving them proof of who they are can improve their settlement, financial security, and job prospects in foreign lands.
Brett Solomon (Brett Solomon is the executive director of Access Now, an NGO that defends and extends the digital rights of users at risk around the world. He is the founder of RightsCon, an annual global conference that addresses human rights in the digital age.
But as someone who has tracked the advantages and perils of technology for human rights over the past ten years, I am nevertheless convinced that digital ID, writ large, poses one of the gravest risks to human rights of any technology that we have encountered. Worse, we are rushing headlong into a future where new technologies will converge to make this risk much more severe.
For starters, we are building near-perfect facial recognition technology and other identifiers, from the human gait to breath to iris. Biometric databases are being set up in such a way that these individual identifiers are centralized, insecure, and opaque. Then there is the capacity for geo-location of identifiers—that is, the tracking of digital “you”—in real time. A constant feed of insecure data from the Internet of Things may well connect you (and your identity) to other identities and nodes on the network without your consent.
In addition, systems using artificial intelligence and machine learning are used to make decisions based on our identities. Those systems are often built on data that can reinforce bias and discrimination, and are wielded without sufficient transparency or human review. Ultimately, social credit systems, such as those that are currently being developed in China, will be based on digital ID, thereby enabling or disabling our full and free participation in society.
By developing these technologies in parallel with systems for a digital ID, we are not simply establishing an identity to access basic social services. Digital IDs will become necessary to function in a connected digital world. This has not escaped the attention of authoritarian regimes. Already, they are working to splinter the internet, collect and localize data, and impose regimes of surveillance and control. Digital ID systems, as they are being developed today, are ripe for exploitation and abuse, to the detriment of our freedoms and democracies.
We can make another choice. In the design and deployment of Digital ID systems, we must advocate for the principles of data minimization, decentralization, consent, and limited access that reinforce our fundamental rights.
First, that means the use of a digital ID should not be mandated. We should have the option to say no to any demand that we have a digital ID, without prejudice or negative repercussions.
Our cybersecurity needs to be defended. The Aadhaar program, India’s national digital ID framework—the world’s largest—was recently shown to be compromised. For a digital ID system to work without becoming an easy target for hacking, it should be decentralized and otherwise adhere to recognized principles for good digital security. One single digital identity used for authentication of multiple contexts creates the potential for pervasive profiling. Likewise, our capacity for anonymity must be preserved.
Our data needs to be protected. Governments are data fiduciaries, and data protection authorities, non-governmental legal experts, and civil society should therefore be consulted in the administrative, legislative, and technical design of digital ID systems. In the case of Aadhaar, a recent ruling by the Supreme Court of India recognized the need for a robust data protection framework.
Transparency is essential. Without transparency, there is no accountability, and few pathways for remedy of human rights abuse.
Finally, access to our data by state authorities must be governed by relevant international legal standards, particularly the “Necessary and Proportionate” principles. Personal information provided for one purpose should not be made available for identification for law enforcement purposes, without being subject to these vital legal standards.
We cannot continue on the current path without stopping to build in necessary human rights protections to mitigate harm. Our civil liberties should be the foundation upon which digital ID technologies, platforms, and systems are being constructed. Otherwise, in the quest to create a digital identity for the benefit of many, our fundamental rights can and will crumble.