A couple of weeks ago, I had the pleasure of joining many colleagues and collaborators at RightsCon, where digital identification systems were a popular topic. We hosted a Landmark session, sharing some early findings from our ongoing digital ID work and conversing with others who have been thinking about digital ID for a long time.
Beyond our existing work on the topic (which you can read about here and here), many of the conversations I had at and around the event highlighted a few key areas of interest for civil society who might be thinking about digital ID systems in different ways. In this post, I wanted to share some thoughts on how civil society could advance our collective advocacy on the topic.
Thoughtful advocacy strategies
There are a variety of ways in which digital ID systems could work in favour of social justice and positive social change. One, brought up by Kaliya (@IdentityWoman) at a session I attended, was that of using systems to identify entities and companies, instead of individuals. She highlighted the work being done in British Columbia to issue digital credentials to businesses with their Verifiable Organizations Network.
Pushes for tax justice would be vastly helped by having accessible and clear registries of entities, in a way that could increase transparency and accountability of said companies (and ideally their financial flows, too). Within the transparency and accountability space, there has already been related work on this, for example, Open Corporates work on developing unique identifiers for companies. Who is to say that digital ID systems need to be focused on individuals instead of entities?
Around the world, digital ID systems are at different stages of development, but they often share similarities in the way they are introduced. One way civil society organisations could share knowledge in a constructive way on this topic is by pinpointing key moments at which advocacy is particularly helpful in influencing the design and roll-out of said systems – i.e., knowing what questions to ask and whom to ask. For example, choosing vendors of a digital ID system seems to be a particular ‘moment’ during which advocacy could be influential in ensuring that a responsible vendor is chosen after due diligence processes.
Beyond identifying those moments, strategic litigation may well be a viable option for many systems. Some systems seem to be operating outside of the law in terms of privacy and data protection, but personally, I have not seen many examples of strategic litigation specifically on digital ID systems (India being a notable exception, despite the result not being as hoped for). In cases of strategic litigation, the absence of data protection legislation removes one viable tactic, but there may be other opportunities to challenge the systems on a legal basis.
If biometrics are involved, how?
In recent years, I’ve often noticed a worrying trend: mentions of digital ID systems repeatedly converge with those about biometric-based digital ID systems in a way that does not discern between the vastly different uses of biometrics and the associated difference in risks.
In our responses and approaches to digital ID systems, we need to be clear about what we’re talking about:
- What role do biometrics play in this system, if any?
- Is it, for example, using biometrics for authentication for access to vital services?
- Or, is it collecting biometrics solely for the initial purpose of de-duplication, with that data not directly used after uniqueness has been established? (i.e. some passport photos)
- How is the biometric data stored and shared – for example, on a user-controlled local device, or in a centralised database shared with third parties?
Given the sensitivity of biometric data, the risks that arise with their various uses can differ greatly depending on their purpose within a system. I’d suggest that advocacy strategies about digital ID could be greatly strengthened with a more nuanced approach to understanding those complexities.
As with many technological systems, understanding ID systems and their consequences comes down to a question of power. Who has the power to issue an identity, an entry in an ID system, or an ID card? Who recognises that card as valid, and who has the power to remove that card? Who has the power to access that database, to make changes, to share it with others? And why is this system being built: whose interests are being represented?
For me, this brings up a particularly thorny issue: at some point, the interests of civil society and government may well diverge when it comes to digital ID systems. Take the (hypothetical, but not so far-fetched) example of an increasingly xenophobic government, trying to restrict movement into their country and control movement out of the country. Their reasoning behind building a digital ID system may well be primarily that of surveillance and control – two objectives that are contrary to the goals of a human rights or social justice based advocacy (especially those rooted within feminist approaches). At the same time, a legitimate reason for the existence of a digital ID system might be to ensure that migrant workers in the same country have access to justice, financial systems and travel in a way that respects their needs.
Understanding what the stated objectives are (and what the actual objectives are), as well as what those use cases are (and whose interests are behind them) will be crucial to designing appropriate and responsive advocacy strategies.
Digging into the nuance
At the present stage, I strongly believe that for civil society to contribute meaningfully, we need to move beyond simple questions of ‘yes’ or ‘no’ to digital ID systems. Digital ID is – and has been – happening for many years: passports, national ID cards and insurance or pension systems are just a few examples of existing systems that many of us rely on. There’s an immense amount of privilege in thinking that the ‘answer’ to digital ID would be “no” (Especially given the context in which we all found ourselves at RightsCon, where a majority of us travelled to Tunis using passports and visas).
Instead, I’d suggest we need to ask: for what? Identification systems, as a concept, are not necessarily ‘bad’ – nor are they inherently ‘good’. They’re an infrastructure that can be used and misused for various purposes. As I’ve highlighted above, we need to get better at identifying and understanding use cases, and suggesting what we want and what we don’t.
Through our research, the importance of nuance when it comes to context keeps coming up over and over. As we’ll share in more detail soon, some ‘best practices’ that have been highlighted in certain cases have been shown to be wholly unsuitable in other cases. For that reason, I believe we should move away from approaches that depend upon set best practices, and instead begin with the context and use case and work upwards. That’s not to say that there aren’t any strategies or questions that could be shared across contexts, but I believe the answers to those questions will differ greatly depending on when, with whom and where the ID system is being established.
Pushing for what we want (as well as what we don’t)
It’s far easier to critique than it is to construct. In my mind, this is one of the biggest challenges facing civil society advocacy on many topics related to technology today. While we might be accurate in our critiques, pushing for social justice-respecting systems means we have to take it further than just that. If we want to solve these problems in an equitable and justice-oriented way, we need to use our skills to suggest viable alternatives alongside our critiques. In practice, that’s often far harder than imagined, given real-world constraints.
When it comes to digital ID systems, I’m excited for our forthcoming work, which will share more about what the unintended consequences of certain systems are, and I’m particularly interested in using the contextual research that we’ve been gathering to envision and reimagine what these systems could look like.