Would a Uniform Digital ID Work in the US?
Some countries have invested in uniform digital identity with success. Their experiences can provide a roadmap for governments navigating the earlier stages of the journey.
William D. Eggers is the director for public sector research at Deloitte and the author of nine books. This article is adapted from his new book, “Delivering on Digital: The Innovators and Technologies that are Transforming Government” (New York: Rosetta Books/Deloitte University Press), June 2016. This excerpt has been edited for style.
Imagine you were browsing Amazon.com for a few items: a book, a pair of shoes and a new case for your iPhone. You log in and the experience is relatively smooth, but as soon as you find the book and move on to shoes, Amazon asks for your password again.
Mildly annoyed, you re-enter it and carry on—until the same thing happens when you search for iPhone cases. And then again when it comes time to check out.
By the time you’ve paid, you’ve had to authenticate yourself four times. And, weirdly, each time the process is just a little bit different. You find that you like the company just a little bit less.
Of course, that wouldn’t happen on Amazon. But it’s pretty familiar to anyone who uses online government services.
Governments rely on a sprawling patchwork of systems to identify and manage people, using everything from passwords to smart cards to biometrics. At the same time, the data must be tagged so that only the right users have access.
Unfortunately, these elements rarely come together in a way that seems convenient or even logical to the end user, whether it’s a citizen, a business, or even a government worker. Citizens can’t file their taxes without re-entering information several times; agency employees are locked out of buildings they should be able to enter because their radio-frequency identification card is part of the West Coast system, while the East Coast offices use a different vendor. These disconnects can be frustrating at best and crippling at worst.
In the private sector, such hurdles are increasingly relics of the past, and their stubborn remnants in the public sector are sharply at odds with the idea of digital government. Whether you’re working in or with government, you shouldn’t have to authenticate your ID many times over, or re-enter data the government already has. Instead, the “customer experience” should be seamless, like Amazon’s.
The problems stem from the way government manages identity: databases that can’t talk with one another, limited information sharing, and overly complex rules and protocols. To make digital government work and deliver great customer experiences, we need something simpler: a unique, uniform digital ID that grants agencies access to all of the appropriate data and services, from anywhere and any device.
Of course, this is far easier said than done. For a start, it raises enormous privacy issues; today’s citizens often fight proposals for uniform digital IDs. In 2006, the British Parliament passed an act calling for national identity cards and a personal identification document. It was scrapped before implementation because of fierce public opposition.
Government digital IDs involve many other challenges as well, from technical and cultural silos to legacy systems and complex legal restrictions. And yet, some countries have invested in uniform digital identity with success. Their experiences can provide a roadmap for governments navigating the earlier stages of the journey.
X-Road: Estonia’s Uniform Digital Identifier
We start our tour of digital identity systems in Estonia, which as noted in the introduction probably has the world’s most advanced digital government. How did that small country get there? After all, it emerged from 50 years of Soviet occupation only in 1991, with an infrastructure laid down in the 1930s.
But it turned out the timing was perfect: Estonia reclaimed its sovereignty at the dawn of the internet age. Because the new nation was building many of its IT systems for the first time, the internet played an outsized role. Nearly every aspect of Estonian government and business—taxes, banking, health care, you name it—was tailored for the online world. It’s all linked by a data-exchange system called X-Road, which provides a highly robust model for digital identity.
The cornerstone of X-Road is the Estonian ID card, widely considered the most sophisticated of its kind. Estonian IDs serve both as physical documents, incorporating a photo and biometric data, and as digital identifiers.
The card features an onboard chip containing two certificates, one for verifying identity and the other for digital signatures, each protected by a four-digit personal identification number. Every man, woman and child in Estonia can provide strong identity authentication in person or at a distance. And because they can easily prove who they are, they can conduct business with the government or the private sector much more efficiently.
Transactions that in other countries require a trip to the bank or tax office and a briefcase bulging with documents can be conducted securely online. Using only their ID cards and PINs as credentials, Estonians can register a corporation, vote in national elections, and sign legally binding documents from their computers. It’s seamless and efficient, and citizens are never asked for the same information twice. (In fact, Estonian law prohibits the government from making duplicative requests.)
This identity system serves as the foundation for nearly all of Estonia’s systems, public and private; citizens can connect to almost every digital service via X-Road. When Estonians fill out tax returns, for example, the government collates their data to help them.
Charities already report donations, and banks already report mortgages—why should taxpayers have to resubmit that information? In Estonia, X-Road links and updates such information continuously throughout the year. For most Estonians, filing taxes amounts to clicking Next, Next, Next, Done.
It may smack of Big Brother, but a bedrock principle of the Estonian system is privacy. In fact, as the Atlantic has noted: “without question, it is always the [Estonian] citizen who owns his or her data and retains the right to control access to that data.” That’s because X-Road isn’t a centralized database but, rather, a highway, connecting a multitude of public and private databases—and citizens control the onramps.
Take Estonia’s health system, for example. The platform is 100 percent digital: Everything from medical records to prescriptions is handled through the Internet. In many countries, you have no idea who has your medical data; in Estonia, you have complete control. A simple website lets you control access rights at a granular level, down to specific doctors of your choosing. And because medical professionals can only see the data, not store it, you can be sure that when you revoke a doctor’s permission, he or she no longer has access to your records.
But what if you can’t legally block someone from seeing your data, as with law enforcement? The system is still designed to protect privacy. Estonian officials have digital IDs, just like their constituents, and every time they access someone’s data, X-Road logs it. This means that Estonians can visit a website and see which authorities have viewed their information and when. Notes the Atlantic, “If an honest citizen learns that an official has been snooping on them without a valid reason, the person can file an inquiry and get the official fired.”
With its identity platform, Estonia has managed to have the best of both worlds. The system can know everything about you when you want it to—and very little when you don’t. And when the government needs full access, you have powerful tools to hold it accountable.
If it all seems a bit utopian, well, that’s because it is. While the Estonian model is surely something to admire, the country owes much of its success to its unique history and demographics. Nearly everyone in government IT will tell you that one of their toughest challenges is dealing with legacy systems. Estonia didn’t have to: Its IT teams could start from scratch with the most current technology. In addition, the country is small—only about 1.3 million people—making it significantly easier to design and implement digital government.
That said, Estonia’s story highlights several challenges facing governments as they build uniform digital ID programs. Let’s explore a number of these challenges and some ideas for overcoming them.
Four Obstacles to Uniform Digital ID
Digital identity management is a technological and political minefield. At some point, you may find yourself at odds with constituents, colleagues, or both. Inevitably, spies, hackers and criminals will come raiding. Navigating the danger involves four key issues: data sharing, privacy, security and public adoption.
1. Data sharing
Estonia’s digital government program demonstrates the power of linking data to uniform identities throughout the enterprise. But for most countries, persuading different agencies—or even divisions within those agencies—to share a platform can be incredibly difficult.
Once again, the stumbling block is legacy infrastructure: all the hardware that’s decades old, or software built before the internet. Identity systems must be able to integrate with these ancient systems as well as future platforms as yet unbuilt.
Meanwhile, security needs vary greatly among organizations, even those headquartered in the same building. So individual agencies and departments build their own identity solutions to fit their particular needs, adding to the pileup of legacy systems. Getting these disparate platforms and applications to communicate is an enormously complex task.
The U.S. Customs and Border Protection Agency is a good example. At a 2015 conference, CBP Chief Technology Officer Wolf Tombe held up the personal identity verification card he uses to identify himself on his agency’s systems and explained that while the cards have been deployed throughout the federal government, agencies use them in vastly different and largely incompatible ways:
Some agencies take a biometric, such as a fingerprint. Other agencies may take a retinal scan, if they’re being very progressive. And some agencies don’t take anything. So while the PIV cards themselves as a physical piece of infrastructure have standards, the implementation… can vary greatly between agencies.
Such inconsistencies create inconvenience for citizens and a constant headache for public servants who find, for instance, that they can enter a departmental office in one city but are locked out of facilities in another. At best, hassles such as this slow people down. But if they work in a national security context, where time is often of the essence, the potential consequences could be dire.
In search of an ID solution, the U.S. federal government has invested heavily in its Connect.gov platform, an identity management hub originally launched in 2011. Just as the Federalist platform works around siloed web design requirements, Connect.gov works around siloed identity management protocols.
Individuals verify their identities with private, third-party partners, and with a single login, a citizen can access services from the Veterans Affairs Department, U.S. Postal Service and numerous other agencies. Program Director Jennifer Kerber says she hopes “to have government agencies organize around one sign-in platform and move away from the siloed identity-proofing they’ve relied on so far.”
Yet, even if governments manage to solve the technical problems of digital identity, many of them still face an even greater challenge: convincing citizens to use them.
Privacy is undoubtedly one of the biggest hurdles to modern identity management. Public opposition can be ferocious, and legislators respond to each new outcry with laws that limit or complicate agency options. Often, these laws reinforce the silos that hamper efficiency.
That said, no two countries share the same privacy context. America was founded on a healthy distrust of authority; Germans still remember the Stasi spies of the Soviet era. In these countries, opposition on privacy grounds is strong. In Asia, on the other hand, the concept of privacy is considerably different, and nations such as Singapore have had much less trouble in implementing identity management programs.
In Britain, where attitudes are similar to those in the United States, the government is trying a workaround that accommodates privacy concerns. State identity cards such as Estonia’s are off the table.
“This is a federated model of identity, not a centralized one,” says Janet Hughes, head of policy and engagement at the Government Digital Service Identity Assurance Program. “We want to make it easier for everyone to verify their identity online, without building new, single databases or reintroducing the illiberal ID card scheme.”
U.K. officials designed their Verify program in collaboration with privacy advocates. Rather than relying on a single authority to validate identity, British citizens can choose from a number of private sector “identity providers.” These companies use a variety of data to create strong identities, including credit reports, utility bills, driver’s licenses and mobile phone bills.
As with Connect.gov, whenever you want to register for a secure government service, you simply authenticate yourself with the identity provider, which sends the government a yes/no response. The government doesn’t retain your personal information or even know which provider is authenticating you, so the opportunity for abuse is limited.
“We have been driven by our customers to provide more services online,” says Don Behler, director of identity, credential and access management at the U.S. Social Security Administration. But “the more services we make available, the riskier those services become.”
Behler is describing one of the greatest challenges in digital identity: The more data the government has, the more profound the repercussions for both individuals and the government if it is misused.
SSA is hardly alone in this regard. Government agencies around the world are struggling to figure out how to secure information online—and identity is the critical piece of the puzzle. The problem is exacerbated by the private sector, which has made it easy to create “soft identities” that allow you to log in to and personalize websites almost effortlessly. Citizens increasingly expect the same level of convenience when interacting with government.
But the stakes for Facebook, Twitter, or Google are fairly low—none of them has to secure the person’s real identity. Not so for government: The public sector must develop “strong identities” that allow citizens to conduct highly sensitive transactions remotely. Getting this wrong has serious real-world consequences.
Despite the difficulties, identity management is critical to any progress on digital government. Cloud computing, a cornerstone of modern government IT, provides a window on the potential for breakthroughs if identity problems are solved. Wolf Tombe, the Customs and Border Protection CTO, puts it succinctly: “Guess what the No. 1 thing is that prevents us from going public in terms of the cloud? Security. And guess what the No. 1 thing is in terms of security? Identity.”
“How do you get people to buy what they don’t want?” asks James Lewis, director and senior fellow at the Center for Strategic and International Studies. “Schemes for strong authentication have come and gone over the last 20 years, from the ill-fated Clipper Chip to digital signatures, because there has been no consumer demand for them.”
One problem is simply that these systems aren’t mandatory.
“The public has generally resisted authentication technology more complex than usernames and passwords, except when it is required,” Lewis says. Privacy remains a major obstacle. In many countries, people are happy to put up with analog-era government if it means keeping their data out of Big Brother’s reach.
So how can governments achieve public support? By achieving trust. According to Gartner Research, “generating trust in the identity and access management initiatives… is vital to the success of a new digital relationship between the state and its citizens.” And if we look back at some of the examples in this section, that’s exactly what we see. Britain’s Verify system, designed with trust and privacy in mind, verified more than 140,000 identities while in its beta stage. About 100,000 people a day authenticated themselves during peak weeks of June 2015. More services are accepting Verify’s endorsements.
The widespread acceptance of identity management in Estonia can serve as a model. From day one, the Estonian government has gone to great lengths to engender trust in the system. It has demonstrated its commitment to accountability by giving citizens transparency and clear information about who can view their data.
Another strategy for encouraging adoption is to create value for citizens. Estonia’s system isn’t simply a tool for single sign-on—it makes everything from visiting the hospital to boarding a train infinitely easier. If other governments want to make uniform digital identity a reality, asking their citizens to integrate an entirely new technology into their lives, they need to make it worth their while.
It’s certainly worthwhile for government.
“When [government] can trust more people online through the use of digital identities, it will mean more services and transactions can move online, resulting in huge cost savings,” write Gary Simpson and Emma Lindley of the Open Identity Exchange. People won’t need to routinely call in or visit government offices. Processing times will fall as tasks start to move at the pace of computers instead of at the pace of office staff. Even corruption will decline, as you can’t bribe a machine.
The challenge now is to find ways past the obstacles so identity can be transformed from an Achilles heel to the strong foundation that digital governments need.