Implementing a 21st century approach to digital identity in the UK

Unlike many other countries, the UK is fortunate, there is not the baggage of state-issued ID cards rooted in the intrusive mindset of “papers please” officials and central surveillance registers.

This leaves the UK well-placed to take the lead on implementing a 21st century approach to identity. One that places the individual at the centre, meeting citizens’ needs in an increasingly digital, internet of things (IoT) world. An approach that sends a confident message about an outward-looking, innovative, post-Brexit modern democracy that embraces identity as a means of personal empowerment rather than state or corporate control.

Let’s face it. For all the endless debates, articles and international events about identity, we don’t need to prove our identity very often. On the rare occasions when opening a bank account or applying for a job, for example, individuals rely on trusted documents such as passports and driving licences issued by the government.

A well-designed secure ID could work much like this familiar payment authorisation process, providing an easier-to-use and more secure way of proving something about ourselves.

We keep our credit and debit cards secure and only use them when we need to authorise payment. In the same way, we would only use our secure ID on the rare occasions when we need to prove something about ourselves – such as being over 18 when buying alcohol or knives from an online retailer.

If Digital Identity would be trusted, it should work in much the same way as a passport. When a passport is used to prove our identity (rather than to travel across a national border), no one other than the passport holder and the organisation or person we share it with knows we have used it for this purpose. The Passport Office does not require us to notify where, when and with whom we have used it.

Good digital ID should work in the same way, letting us decide when, whether and with whom we share information about ourselves. The characteristics of a good approach to identity include:

It should not be forced, Users should be able to choose whether to use it or not. It should provide support for those who do not currently have “standard” identity documentation, such as passports or driving licences.

Also, there must be no monitoring by the government or other organisations of where, when and with whom it is used. Identity should be about precisely that proof of identity of individuals, not surveillance by companies or governments.

Individuals should have control of their data and be assured of strong security and privacy. This should include the ability for us to delegate authority to others to act on our behalf (such as a relative with Power of Attorney). And It should not share information with another person or organisation unless they can also prove they are who they claim to be – proof of identity should be reciprocal. This will help reduce scams where we get fooled by fraudsters impersonating somebody else, such as our bank.

It will provide the ability to work both online and offline. A smartphone digital ID app is one obvious way of doing this, although non-digital alternatives should also be available for those who want them.

Only the minimum amount of information will be released. Rather than revealing a user’s full name, date of birth, place of birth and so on, for necessities, it should simply show “Over 18” alongside our photo. This will help reduce the amount of personal data taken and potentially lost or misused by organisations when interacted with.

Not only would a good digital ID allow everything to be done, as with with a passport, but it would be an improvement, better protecting privacy and personal data. It would also be more convenient. If, for example, identity-related information can be stored on a smartphone, it could also be used both online and offline when individuals need to prove something about themselves.