DIGITAL IDENTIFICATION : A KEY TO INCLUSIVE GROW
Digital identification, or “digital ID,” can be authenticated unambiguously through a digital channel, unlocking access to banking, government benefits, education, and many other critical services. The risks and potential for misuse of digital ID are real and deserve careful attention. When well designed, digital ID not only enables civic and social empowerment, but also makes possible real and inclusive economic gains a less well understood aspect of the technology. In this research, we develop a framework to understand the potential economic impact of digital ID, informed by an analysis of nearly 100 ways in which digital ID can be used in Brazil, China, Ethiopia, India, Nigeria, the United Kingdom, and the United States.
In our seven focus countries, extending full digital ID coverage could unlock economic value equivalent to 3 to 13 % of GDP in 2030, with just over half of the potential economic value potentially accruing to individuals. Realizing this value is by no means certain or automatic it necessitates multiple high-value use cases and high levels of usage and not all of these potential sources of economic value may translate into GDP. Yet, with careful system design and policies to promote uptake and mitigate risks, digital ID could be a powerful key to inclusive growth, offering quantifiable economic value to individuals, beyond significant noneconomic benefits.
What is digital ID?
Unlike a paper based ID such as most driver’s licenses and passports, a digital ID can be authenticated remotely over digital channels. We adopt this outcome based definition of digital ID, regardless of the ID-issuing entity. For example, a digital ID could be issued by a national or local government, by a consortium of private or nonprofit organizations, or by an individual entity. Our definition also applies regardless of the specific technology used to perform digital authentication, which could range from the use of biometric data to passwords, PINs, or smart devices and security tokens.
Furthermore, we specifically examine “good” digital ID, which we refer to throughout this report as “digital ID.” Good digital ID requires the following four attributes:
- Verified and authenticated to a high degree of assurance: High-assurance digital ID meets both government and private-sector institutions’ standards for initial registration and subsequent acceptance for a multitude of important civic and economic uses, such as gaining access to education, opening a bank account, and establishing credentials for a job. High-assurance authentication maintains these same standards each time the digital ID is authenticated. This attribute does not rely on any particular underlying technology. A range of credentials could be used to achieve unique high-assurance authentication and verification, including biometrics, passwords, QR codes, and smart devices with identity information embedded in them.
- Unique: With a unique digital ID, an individual has only one identity within a system, and every system identity corresponds to only one individual. This is not characteristic of most social media identities today, for example.
- Established with individual consent: Consent means that individuals knowingly register for and use the digital ID with knowledge of what personal data will be captured and how they will be used.
- Protects user privacy and ensures control over personal data: Built in safeguards to ensure privacy and security while also giving users access to their personal data, decision rights over who has access to that data, with transparency into who has accessed it.
Our understanding of good ID was informed by extensive consultations with our research collaboration partners Omidyar Network, the Open Society Foundations, and the Rockefeller Foundation. We also conducted in-depth discussions on the opportunities and challenges associated with digital ID with experts from the Bill & Melinda Gates Foundation, the Center for Global Development, iSPIRT, the United Nations Development Programme, the World Bank Group’s ID4D initiative, and the World Economic Forum.
What is the opportunity from digital ID?
According to estimates from the World Bank’s ID4D database, almost one billion people globally lack any form of legally recognized identification. An additional 3.4 billion who have some type of legally recognized identification have limited ability to use it in the digital world. The remaining 3.2 billion have a legally recognized identity and participate in the digital economy but may not be able to use that ID effectively and efficiently online. Digital ID holds the promise of enabling economic value creation for each of these three groups by fostering increased inclusion, which provides greater access to goods and services; by increasing formalization, which helps reduce fraud, protects rights, and increases transparency; and by promoting digitization, which drives efficiencies and ease of use.
Furthermore, the opportunity for value creation through digital ID is growing as technology improves, implementation costs decline, and access to smartphones and the internet increases daily. The foundational digital infrastructure that supports digital ID grows in reach and drops in cost every day. More than four billion people currently have access to the internet, and nearly a quarter-billion new users came online for the first time in 2017.The technology needed for digital ID is now ready and more affordable than ever, making it possible for emerging economies to leapfrog paper based approaches to identification.
Understanding the risks of digital ID
Digital ID, much like other technological innovations such as nuclear energy and even the ubiquitous GPS, can be used to create value or inflict harm. Without proper controls, digital ID system administrators with nefarious aims, whether they work for private sector firms or governments, would gain access to and control over data. History provides ugly examples of misuse of traditional identification programs, including tracking or persecuting ethnic and religious groups. Digital ID, if improperly designed, could be used in yet more targeted ways against the interests of individuals or groups by government or the private sector. Potential motivations could include financial profit from the collection and storage of personal data, political manipulation of an electorate, and social control of particular groups through surveillance and restriction of access to uses such as payments, travel, and social media.
Thoughtful system design with built-in privacy provisions like data minimization and proportionality, well controlled processes, and robust governance, together with established rule of law, are essential to guard against such risks. To help promote sustainable digital ID systems that minimize risks, the World Bank Group and the Center for Global Development facilitated the development of ten principles on identification for sustainable development, endorsed by many organizations, such as the Bill & Melinda Gates Foundation and Omidyar Network.
Yet even when digital ID is used expressly for creating value and promoting inclusive growth, risks of two major sorts must be addressed. First, digital ID is inherently exposed to risks already present in other digital technologies with large scale population level usage. Indeed, the connectivity and information sharing that create the value of digital ID also contribute to potential dangers. Whether data breaches at credit agencies or on social media, failure of technical systems, or concerns over the control and misuse of personal data, policy makers around the world today are grappling with a host of potential new dangers related to the digital ecosystem. Technological failure could include problems with the functionality of the hardware or software associated with a digital ID as well as infrastructure problems preventing uninterrupted and effective system use.
Cyber security threats also pose an increasing risk across the digital ecosystem, and digital ID programs are no exception. The number of accounts online and the amount of data created are rapidly increasing. The International Data Corporation forecasts that by 2025 the global data sphere will grow to 163 zettabytes (one zettabyte is a trillion gigabytes); ten times the level in 2016. In addition, shifting regulations and consumer preferences are placing increasing emphasis on data privacy and control for all digital systems. Examples of new privacy measures include the General Data Protection Regulation in the EU, the California Consumer Privacy Act in the United States, the Data Privacy Act of 2012 in the Philippines, and South Korea’s Personal Information Protection Act.
Second, some risks associated with conventional ID programs also pertain to digital ID. They include human execution error, unauthorized credential use, and the exclusion of individuals. Digital ID could meaningfully reduce those risks by minimizing opportunity for manual error or breaches of conduct. For example, for conventional ID programs, reconciliation of data between databases may be impossible or error prone while digital ID programs can more readily integrate data sources and implements data quality checks and controls. High assurance digital ID programs also reduce the risk of forgery and unauthorized use, which are relatively easier with conventional IDs, like driver’s licenses and passports. Furthermore, some risks associated with conventional IDs will manifest in new ways as individuals use digital interfaces. For example, individuals without sufficient technological access or savvy and those who do not trust a digital ID system could be completely excluded, unless alternative manual options also exist.