An introduction to the essay series 'The Road to Digital Self-Sovereignty'. The purpose of this series is to explore the broader systemic impacts of digital self-sovereign identity. Following essays will cover themes such as the limitations of language, the global impact of interoperability, the possible futures for big tech, and where digital identity sits in the emerging technical landscape.
Today, every transaction, interaction and verification is simply a tap away. Daily activities are creating an ever-growing digital trail of our identities. Even wallets have evolved from well-worn physical receipt stuffers to uniform digital twins, with 3.4 billion people opting to use a digital wallet like Apple Pay in 2022. At the same time, identity theft is rising fast. The UK alone recorded a 23% rise in identity fraud cases from 2021 to 2022; and with the acceleration of AI set to escalate the ease of virtual mimicry, we’re all going to need better armour in this digital arena.
Thankfully, in a rare case of regulation leading a technical transformation, the European Parliament approved the proposal for a new European digital identity framework under the eIDAS v2.0 regulation on February 29th. The framework includes an EU Digital Identity (EUDI) Wallet which will allow any European citizen to access public and private digital services simply using identity credentials on their phone. The EUDI wallet will securely store and manage all types of digital identity credentials, from driving licences, to health cards, to educational accreditations. In the words of the Commissioner for Internal Market, “It will empower citizens, give them control over their data and strengthen our technological sovereignty”. A strong statement, but in fact one that aptly describes the underlying purpose of the technology.
The EUDI wallet architecture employs a self-sovereign identity (SSI) approach. This goes beyond user-centric design to user-ownership, where we individually own and manage the distribution of our personal data. A method called ‘selective disclosure’ enables us, as the user, to control the information we share online, whether that’s with websites, digital services or applications. It is an approach to individual privacy that will allow us all to use the internet as we do today but without all the unconsented 3rd-party data-sharing. A common example of selective disclosure is the ability to prove your age without disclosing all of the personal information in your driving licence or passport. You share a verifiable proof that you’re over 18 without giving away your home address, nationality or even exact birth date. This process significantly reduces the risks from uploading an image with your licence or passport to a website.
eIDAS v2.0 dictates that every EU citizen will be able to receive unique, verifiable credentials that are stored and accessed digitally in their EUDI-certified wallet. Verifiable credentials contain claims made by an issuer (e.g. government) about a credential holder (e.g. you) that can be cryptographically verified. The relying party (e.g. retailer) can then trust the data proof (e.g. 18+) that the individual presents, provided that they trust the ‘issuer’ of the credential used (i.e. gov ID yes, fake ID no).
The term “self-sovereign” can sometimes elicit a perception of ungoverned chaos because of its relation to “decentralisation”, but the approach of the EU Digital Identity Framework sits on the controlled end of this spectrum. The EUDI wallet will be underpinned by a government-issued PID (Personal Identification Data) which is conceptually similar to a national ID card. The most commonly used and accepted credentials will be issued by centralised bodies such as governments, universities, banks and medical institutions just as they are today. The key differences simply lie in your ability to own and control access to your data, and your ability to use your data more easily across borders.
The Estonian government introduced electronic IDs (eIDs) 22 years ago and approximately 1.4 million citizens use them today. Not only are the eIDs integrated into critical infrastructure like the Estonian health system for electronic health records and e-prescriptions, but the country saves 1 working week a year, ~2% of their GDP, by using the digital signatures enabled by this system. They remain outliers however, with only 14% of key public service providers across all Member States allowing cross-border authentication with an e-Identity system. The EUDI wallet aims to change this by indexing on the interoperability of the system and setting standards at the EU level.This means that data-heavy processes like opening a bank account or applying to university will not only be easier and more secure in your own country, but they will also be as easy and secure in other member states. Seamless cross border identification will become a reality; and in a world where the physical borders seem to keep getting higher, there’s at least hope in the digital ones coming down.
Global consistency in the use of open standards has a significant impact on the adoption and accessibility of digital identity systems and there are positive signs that Canada, Singapore and other countries are adopting similar standards to the EU. That being said, open standards mean open to all. This includes the mighty powers that be. Apple and Google wallets are already the most adopted globally and as history has shown us, we’re often all too happy to give them our data in return for convenience. Today, the single-sign-on behemoths like Google and Facebook have the majority control over your digital identity and the data trail associated with it. Regulations like eIDAS v2.0 intend to loosen this grip and give control back to the individual, but with the potential that big tech’s digital payment wallets will also become our identity wallets, the FAANG’s could be sinking deeper.
The road to digital self-sovereignty is a winding one. There will be roadblocks, conflicting signposts and some potential U turns, but overall the outlook is positive. If we can find the right balance of speed and safety then digital self-sovereign identity systems might play a significant part in the digital shield we’ve been looking for.
- Loading comments...