Digital ID and “digital identity”


Digital Identity: An amorphous concept attempting the impossible job of capturing all that a human is in digital form, leading to many years of disappointing national projects and draft bills. 

Digital ID: A single attribute or fact about an entity, represented digitally, that is relevant in one or more specific contexts.

A big little shift in terminology 

The draft Australian federal Digital ID Bill no longer uses the phrase “digital identity”. The same shift in language has been made by the National Australia Bank (NAB) in its year-long multi-sector design collaboration

Both the NAB and the Australian government now refer to Digital ID

This change is much more than semantics. I hope it reflects a recognition by government that identification is different from identity, and there is no universal way of identifying people. 

NAB has highlighted that businesses and agencies are usually less interested in verifying “identity” than a particular attribute or eligibility. The bank’s roundtable report states “it is very rare that individuals need to prove who they are” and instead suggests a reframing of digital identity around “what do we need to know about an individual for a particular purpose”; that is, the process of identification in all its local variations.  

So what does Digital ID mean? Well, it’s just shorthand for a credential in a certain context. 

I reckon everyone knows what it means to be asked to “show some ID”.  We effortlessly interpret “ID” in context, whether it’s proof of age at a bar, a student card when sitting an exam, or an employee ID when entering the office. 

We’re also familiar with the formal identification process carried out when opening a bank account or starting a new job. In these cases, we are generally asked to provide a number of IDs, from a pretty universal set of options including driver licence, birth certificate, Medicare card, passport and so on. And there are alternative forms of ID for people who need them.  

Fresh thinking; new precision

None of these IDs constitute our identity. And that’s how we like it. 

As a rule, we should ask for and reveal as little personal information as possible, within the requirements of the transaction we’re doing. As the Canadian digital identity leader Tim Bouma once said, “I want my identity to be less than the real me”.

Digital ID is concrete, specific and familiar. But “digital identity” is abstract and open-ended. It means different things to different people. Invariably, digital identity is interpreted as a new universal means of proving who we are. But there is no such thing. 

So instead of imposing new identification standards and novel “digital identity” on Australians, the Digital ID Bill simply creates a governance regime to improve the quality and reliability of existing IDs when converted to digital form. 

The Australian Government Digital ID System (AGDIS) will conserve the meaning of existing IDs and leave businesses and agencies free to conduct identification as they see fit. The Digital ID regulator is being tasked to create rules and technology standards, with a view to fostering a marketplace of vastly improved digitised IDs. 

Best in class

I believe the AGDIS represents world’s best practice in digital identification. 

The AGDIS rules (to be developed after the Bill is enacted) will almost certainly embrace mobile phone digital wallets as carriers of Digital IDs. A large and fast-growing proportion of Australians are now familiar with using their payment cards in mobile wallets to “tap and pay” and “click to pay” (the Reserve Bank reports that 35% of card payments are now made via mobile wallets). 

The equivalent user experience of click-to-present any digital ID in context will be intuitive, widely available and vastly more secure than today’s plaintext handling of personal data. 

We will be able to prove relevant facts about ourselves with the same security, safety and privacy as we prove our credit card details. 

We’ve done this before

Smart payment cards (EMV chip cards) were introduced to replace magnetic stripe cards as they became vulnerable to skimming and counterfeiting. Chip-assisted presentation of cardholder IDs replaced the plaintext of a mag stripe and, as a result, essentially eradicated physical card fraud. 

Based on the speed with which smart credit card IDs cut payment fraud, we can expect mobile technology Digital IDs to dramatically reduce identity crime via stolen personal data and, as a result, neutralise the personal data black market.