Trusted Digital Identity
for Everyone Everything Everyday
Last updated 20 May 2023
The past ten years have brought a sea-change in what citizens and governments expect national ID cards to deliver and identity to be.
This period has also been filled with incremental tech developments, serving as a foundation for a more innovative citizen ID future.
Five topics have moved to the main stage in the past few years:
Mobile ID – digital identity at work
- Biometrics,
- Electronic national cards,
- Mobile IDs,
- Virtual documents such as "mobile" driver's license
- The need to set up a national identity framework
Biometric IDs are here.
Fast forward to 2023, and digital identity technologies such as smart cards and biometrics have come of age.
An estimated 120 countries are deploying electronic passports incorporating these highly secure features, and over 70 are implementing eID cards.
National ID cards have undergone a considerable transformation; simple paper documents designed for single identification applications have given way to smarter documents in the form of credit cards.
These citizen ID cards or eIDs include a microprocessor for more robust document verification, online authentication, and signature.
As they contain the cardholder's portrait and often fingerprints, they can be used for biometric identification and biometric authentication when needed.
And guess what?
Passed on 20 June 2019, the 2019/1157 EU regulation gives its Member States two years to implement ID cards' security features aligned with those of passports.
The Member States and Iceland, Norway, and Liechtenstein will need to start to issue these new cards with a secure contactless chip, the holder's photo, and two fingerprints in the 2021-2022 timeframe as the directive comes into force 12 months after publication, and States have two years to comply.
France announced its new biometric eID card on 16 March 2021.
There's more.
This new generation of computerized national identity cards offers one of the best identity theft protection.
These eID cards also enable governments to implement online applications such as eGovernment solutions, giving citizens access to public services with the reassurance of robust security.
The development of these government-issued IDs means a single card can offer many applications – from acting as a driver's license, enabling the user to file their taxes, or giving them access to state benefits.
Learn more from Thales on secure document implementations around the world.
Government-issued ID examples
But while some nations have been reticent in adopting eIDs, others have been far more bullish.
We've seen implementations across Europe (except the UK), in Asia with China, Malaysia, Mongolia, Pakistan, the Philippines, and Indonesia, to name a few, or across Africa with countries like the Republic of South Africa, Nigeria, and more recently with Algeria and Cameroun.
Added to that are Government-issued ID deployments across large parts of Europe, the Gulf, and Latin America.
All provide inspiring examples of the potential of eIDs to affect millions of ordinary lives throughout developed and emerging economies.
In early 2017, 82% of all countries issuing National ID cards implemented eID programs.
Electronic IDs' rapidly evolving dominance reflects the global drive towards eGovernment and eCommerce services enabled by electronic identities.
This move will provide substantial opportunities as national, regional, and global transaction infrastructures secured by a trusted digital identity scheme emerge over the next five years.
PhilSys, the Philippine Identification System (Republic Act 11055 of 6 August 2018), includes biographical information (name, sex, date, and place of birth, blood type, address, and nationality) and biometric data (fingerprints, facial photos, and iris scans).
The Government aims to create a single national identification system for all citizens and resident aliens of the Republic of the Philippines (population 113 million in 2023).
The new centralized system will grant a unique ID number for each person, and ID cards will be issued.
Replacing 33 identification cards, the Philippine national ID can be used as proof of identification for all transactions, whether by a government agency or a private organization. It's an effective tool for social and financial inclusion.
National Identity and Economic Empowerment
The case for eID cards and ePassports is relatively straightforward for most people in the eID industry.
In business, they enable financial services and telecom companies to fulfil Know Your Customer (KYC) requirements and carry out Know Your Employee checks. They allow government departments to interact with their citizens more effectively around the clock.
In the border control environment, combined with facial recognition and biometric authentication systems, they boost security and improve passenger throughput, giving authorities the confidence that the person standing before them is who they claim to be.
And the best part?
Emerging economies see the value of digital ID credentials because they promote economic empowerment, drive democracy, and aid economic development, as highlighted by the World Bank Group initiative named ID4D.
They show the rest of the world they are modern, secure, and trustworthy states, implementing new technologies and standards and open for business.
Furthermore, secure ID technology that can be used cross-border is essential as it promotes regional integration and stability and makes economic development more likely.
Yes, you're right.
There are similarities with the European Regulation put in place in September 2018.
This interoperability is what the European eIDAS Regulation on digital identification and trust services for digital transactions is trying to achieve.
A digital trust framework will allow European citizens of 31 countries to free themselves from uncoordinated and separate infrastructures.
One of the most innovative aspects of the Regulation is the possibility of accessing many services throughout Europe using the same national digital identity, whether public or private, provided that it has been officially validated by the country's authorities where it is currently in use.
Mobile ID – digital identity at work
Over recent years, mobile identity (mID) has proved an increasingly popular choice with citizens, thanks to its convenience, ergonomics, and high-security level.
The rapid adoption of m-Government services in countries that have chosen to focus on mobile communication devices has demonstrated the appeal of this secure and trusted identification method.
Some visionary countries have leaped mobile ID or mID by creating a mechanism using an eID component for accessing online services via mobile devices.
Pioneers include countries with a strong market penetration of cell phones and new technology, such as Austria, Estonia, Finland, Norway, and Turkey.
Mobile ID projects are sometimes driven by the need for a universal form of identification (Austria 2003) or Estonia in 2007 to supplement a national card program and accelerate electronic identity and digital signature development.
In 2014, Oman was the first country in the Middle East to complement its national electronic ID card with a mobile ID scheme.
As a highly trusted channel between citizens and service providers, mobile ID extends its use from egovernment into other online areas such as banking and payment.
"1984" did not happen.
Contrary to the vision of novelist George Orwell in "1984", national eID schemes have shown that managing citizen IDs can protect civil liberties, identity, and social interactions in a state of law.
Electronic records on individual citizens are available upon their owner's request in many European countries with a national eID scheme.
As former President of Estonia Toomas Hendrik Ilves puts it: "You own your data, so you have the right to access it any time."
When introducing its national eID in Belgium, the government offered citizens an application to know who has accessed their data.
And, of course, the key to accessing this online app is the national eID card. Each citizen can consult their file in the national data register to see a record of when government officials have accessed their data and for what reason.
It's an excellent example of how transparency and traceability in every transaction between governments and citizens can help protect privacy and strengthen trust.
Read more on transparency and traceability in the following Thales white paper on eGov 2.0.
There's more.
We’re seeing the emergence of a global consensus on privacy protection, explicitly incorporating biometric data, as illustrated in particular by the regulations known as the General Data Protection Regulation put in place in Europe and the UK in May 2018.
The California Consumer Privacy Act (CCPA), implemented as of 1 January 2020, is also a significant step toward privacy rights and consumer protection. It may serve as a guide for several other US states. It's been further enhanced with the CPRA (California Privacy Rights Act). It will take effect on 1 January 2023.
New York State, Colorado, and Virginia now stand beside California. Utah may follow soon.
However, the United States does not have a single framework covering the privacy of all data types.
On the road to the virtual driver's license
So when will we have a digital driver's license on our mobile phones?
Well, sooner than you may think. Here is why.
Today you can already do a lot with a smartphone. And the trend for on-phone payment, loyalty, or travel applications may bring the driver's license to your mobile.
While a driver's license primarily confirms the identity and driving rights, a virtual driver's license, also called a mobile driver's license or digital driver's license, potentially brings many more benefits and opportunities for issuers, regulatory authorities, and drivers.
The traditional driver's license is an essential proof of ID (identity and age) checked by enforcement agencies, retailers, and financial institutions. A mobile driver's license would provide an on-screen version of the traditional photo, driver information, and more.
A highly secure mobile application has more robust counterfeiting characteristics, enables driver data to be updated instantly, and facilitates real-time communication, opening the way to new business models using a trusted and secure channel.
Though the mobile driver's license still has some distance to travel before becoming a complement or replacement to the plastic license we are used to, there's an interest in other countries like Australia, Brazil, and the UK also looking into this option.
To learn more about digital driver's license initiatives, visit our dedicated web dossier.
Several US states have launched pilots to explore the user convenience, privacy, security, and interoperability of mobile driver licenses.
In July-August 2017, Colorado and Maryland initiated digital driver's license live pilots. Feedback collected like this one is highly motivating.
Florida plans to issue its mobile driver's license soon. (October 2020.)
From eID to national identity schemes
Digital identity management is at the heart of the Internet economy as a critical enabler for trust and innovation. Many countries are now putting in place the framework of their national identity scheme.
This architecture helps define the state's roles, such as a regulator or issuer of digital identities (or neither), responsibilities in organizing data, applications, infrastructure, and the underlying principles and operating methods of the digital identity ecosystem as a federated identity management infrastructure.
This can cover everything from how digital identities authenticate users or verify data linked to the services and detail the scheme's identity types and trust levels.
Currently, different approaches are being pursued:
- from a state-led role in issuing digital identities and structuring services, as seen in Estonia or the United Arab Emirates,
- to the more decentralized system with the German ID card project,
- As in Sweden, an identity ecosystem developed through a partnership between the public and private sectors.
Certain nations largely delegate the provision of identity solutions to the market and, therefore, the private sector: this is the case in the United Kingdom which said no to a UK ID card in 2010 by yes to a national identification scheme known as UK Verify launched in 2016.
UK ID card scheme scrapped
The UK has so far remained opposed to the concept of compulsory identification credentials for citizens.
Although the UK does not have a national identity system, the Kingdom is home to a large amount of activity in digital ID development.
In 2006, an attempt -known as the Identity Cards Act 2006- by the then Labour government was to be introduced. It soon floundered in the face of wide-ranging criticism and protest.
When a new Conservative-led coalition took over power in 2010, scrapping the plan was high on its list of priorities.
In 2006, the government encountered criticism because it included privacy, human rights, and security concerns.
But the failure of the 2006 project also needs to be seen in the context of a government that had been in power for several years.
Popularity was waning, and it was vulnerable to well-organized opposition from other parties and hostile media.
Let's be clear.
Much of the protest was focused on the idea of a National Identity Register (holding up to 50 different pieces of information on each citizen) rather than the card itself.
Some public resentment was also down to the simple fact that people faced paying up to £60 to acquire one.
Some of the fundamentals around which UK Verify has been built go a long way to addressing these issues.
Let's see.
UK Verify is born into a different world.
In the space of ten years, the environment has changed dramatically. In 2006, the government cited the need to combat illegal immigration, terrorism, and welfare and identity fraud as compelling reasons to introduce an ID scheme.
A decade later, all these issues have moved higher up the public agenda.
For example, in 2014, 41% of all fraud was identity fraud.
And 84% of all identity fraud was committed online.
In 2019, identity fraud cases in the UK reached 223,163.
As a result, there is far greater acceptance of the need for tighter security in general and identity protection in particular.
The frequency with which citizens resort to a driving license or passport to prove their identity increases, perhaps reinforcing the case for something designed specifically for that purpose.
Just as significantly, with the rapid adoption of a host of mobile and online services, secure authentication of one form or another has become part and parcel of everyday life.
The result is Verify: a single legally recognized means of online authentication that is designed to unlock the door to a new era of eGovernment in the UK.
Dodging the "Big Brother" label – Verify's federated ecosystem (2013-2023)
The GDS has created a federated ecosystem to avoid accusations of a 'Big Brother approach.
The government regulates the online ID scheme, but a range of private sector certifying companies adequately powers it.
End users enrolling with the Verify scheme choose one of these companies to certify their identity and are asked to provide documentation to confirm who they are. Typically this might include a passport or driving license and bank details.
The certifying company then makes the necessary checks, and if successful, a Verify account is created.
This account can then be used as a sole means of access to all digital government services – anywhere; the Gov.UK Verify logo is shown. The whole process is entirely free of charge for end-users.
According to former PM Theresa May, in April 2019, the system has saved UK taxpayers more than £300m, but she admitted UK Verify is a challenging project.
In April 2020, the Treasury gave Gov.UK Verify additional 18-month funding.
Why?
The universal credit applications (financial support) brought a surge of hundreds of thousands of new users.
The UK "One Login for Government" scheme
In 2022-2023, The government will start implementing a new digital identity assurance system for all Gov.UK services. The so-called "One Login for Government" program will allow users to create a government account to access services online or through a mobile app that is being developed with Deloitte.
This new initiative represents a shift in the government’s approach.
In essence, the UK Government’s 'Transforming for a digital future' policy paper, released in 2022, lays out an ambitious plan to revolutionize digital public services, upgrade digital technology, attract digital talent, and improve public services.
The plan outlines six missions, including:
- transformed public services,
- one login for the government,
- better data for decision-making,
- efficient and secure technology,
- digital skills at scale,
- and a system that unlocks digital transformation.
However, one year on, significant challenges persist, including slow and expensive services, multiple competing digital identity solutions, legacy IT issues, poor data quality, and limited data sharing.
Despite some progress, such as the growth of the Digital, Data, and Technology (DDaT) profession by 12% and the creation of the Digital Functional Standard, there is still a large talent shortage and skills gap to be addressed to meet the government's 2025 objectives.
Stay tuned.
The case of the US national ID
The case of the US citizen ID is somewhat similar.There is no national ID card in the USA stricto sensu.
- Today, the Social Security Card can be used to verify identity on certain occasions: employment, obtaining a passport, a driver's license, or at the bank to get credit.
- The driver's license in the United States is also a de facto ID document and can be used in many states to buy firearms, open a bank account, or travel on domestic flights.
- Citizens not having a driver's license can get a State ID issued at the state level and used for identification purposes such as banking, etc.
- Of course, the US government passport and passport card are official IDs, as is the military CAC card.
Real ID Act ( May 2023 update)
A federal initiative known as the REAL ID Act, passed by Congress in 2005 and modernized recently, established minimum security standards for state-issued driver's licenses and identification cards and prohibits Federal agencies from accepting official purposes licenses and identification cards from states that do not meet these standards.
There's more.
Identification needed for air travel in 2025
Yes, you read that right. It's been delayed again.
The US Department of Homeland Security (DHS) had initially been requested that starting 22 January 2018, passengers with a driver's license issued by a state still not compliant with the REAL ID Act would need to show an alternative form of identification (such as a passport) for domestic air travel.
The real ID deadline has been, however, delayed several times.
On 28 December 2020, Congress passed the REAL ID Modernization Act. It modernizes the 2005 REAL ID requirements.
According to CNBC, Real ID will be the required form of state identification needed to board a plane or enter a federal facility.
The USA and the NSTIC federal initiative
The (US) National Strategy for Trusted Identities in Cyberspace had explored a more global system of interoperable identity service providers (public and private), giving individuals the choice of secure credential/s using various mobile phone options to smart cards and computers.
The NIST Digital Identity Guidelines are formerly known as NIST SP 800-63-3. NIST published the official edition in June 2017. In particular, these recommendations could help improve national identity, credentials, and access management.
The bad news?
The initiative launched by the Obama administration never gained momentum as no service providers adopted the framework.
The country clearly lacks a comprehensive digital ID strategy, as CSO online stated (17 September 2020.)
According to US Congressman Bill Foster's website, the Digital Identity Act of 2021 was urgently needed.
He explains that the country's old identity systems have not transitioned well to the new digital ecosystems – generating friction in commerce, boosting fraud and theft, degrading privacy, and crippling many services online.
Although the bill was near to passing in the previous Congress and has undergone several iterations since its initial introduction in 2020, it was ultimately held up due to objections from a single member.
For 2023, he plans to reintroduce a digital identity verification bill in Congress to enable federal agencies to provide opt-in identity validation services and form a task force to offer recommendations on digital identity.
The case of the Swiss National Identity scheme: no to a private operator
On 7 March 2021, voters in Switzerland said «no» to a planned law governing a potential electronic identity system.
According to SWI (swissinfo.ch), voters clearly wanted an eID only provided by the government and under democratic supervision.
The state should take full responsibility, and eID is not contested.
A solution will be found with a new proposal.
Australia and New Zealand initiatives
- New Zealand's Digital Identity Trust Framework legislation will be drafted this year. It was introduced to parliament on 29 September 2021. Identity providers will then be accredited.
- Australia decided to delay launching an enhanced version of myGovID and include facial verification capabilities in 2020. The scheme is now available. 4 million digital identities have been created as of October 2021—82,000 use facial recognition. My GovID and myGov (online government services) are now linked up.
Related topics:
- Learn from our webinar: Mobile ID in the 21st Century ( 6 October 2020)
- EU to develop a robust electronic ID scheme
- What's next? EU's plan for a digital ID wallet