by Justin Hughes
“…we still remain far less cynical about the motives of the private sector than we do our (usually) elected officials.”
I recently had the privilege of attending the National ID Conference at Harvard University. Over the course of a packed few days, we heard from an array of exceptional speakers, had many interesting discussions and were kept (mostly!) on schedule by an excellent set of moderators and chairs. While the memories are still fresh, I wanted to share some of my reflections and takeaways from this outstanding conference.
Identity management means many things to many people
Far from focusing on the technology or the documents we often associate with identity management, this conference identified the many different facets of identity in all its glory. From the US Social Security number to the Icelandic Kennitala to New Haven’s Elm City Resident Card, identity has many different purposes, formats and driving forces.
Furthermore, the value we place on identity can be encapsulated by the responses that, amongst others, Andrew Hopkins, chief of UNHCR’s Identity Management and Registration Section, has had from refugees receiving their first UN identity documents and being able to exercise such basic rights as freedom of movement, attending school, and food.
Identity can be used for many different things
A key discussion topic was the purpose behind identity. Whether used to explore the causes of ALS by using the Danish identity registry, an example from the work of Harvard epidemiologist Ryan Seals, or worryingly, using differently colored ID cards for HIV-positive citizens (a question posed by the audience), identification is always going to attract both positive and negative uses.
One of the areas that saw near unanimous agreement among participants was that the dangers of misusing identity are things that we all have to be alert to. As academics, industry experts, and practitioners, highlighting ulterior motives for managing identity and challenging “scope creep” are obligations on us all.
Identity has enormous potential for the good…
A hugely exciting facet of the conference was the potential good that identity management can bring. Identity is more than just a document or a status – it is very often a sense of identity and a sense of belonging. It can give people freedoms, privileges, access and entitlements in a way that very few things can. It can also create something that is far bigger than it first seems.
As one speaker so eloquently said, fractured societies like Ferguson, Missouri, come about in part because of societal failure to create a sense of shared identity. Communities that bind people together would help prevent the isolationism and disenfranchisement that leads to terrible consequences such as those we recently saw in Ferguson.
…and enormous risks as well
No reflection on this conference would be complete without mentioning the terrible stories shared over the use of identity in both semi-recent and recent history. Examples of identity abuse – for instance, to persecute the Roma population or to perpetrate the Jewish Holocaust – are all too common. Particularly in places where the rule of law is weak, there must always be a continual push for safeguards to stop the subversion of identity schemes for political, racial, or any other means.
Waste must be challenged…
As someone who supports the procurement and implementation of identity systems, among the most fascinating aspects of the conference for me were the discussions about identity systems that are wasted, duplicated, or inefficiently implemented. Participants spoke of a scheme in Nigeria that enrolled tens of millions, only to be scrapped a few years, and of the politicization and subsequent decline of Indonesia’s record-breaking e-KTP scheme. The epic waste of money, time, and public patience is shameful. More worrying is that while no country is immune, often this waste occurs in countries that can least afford it.
…but costs can be competitive
The fascinating keynote from Nandan Nilekani, former chairman of the Unique Identity Authority of India (“UIDAI”), highlighted that costs can be effectively managed by good design. With an average cost per enrollment of around one US dollar, UIDAI has demonstrated that a substantial difference to the lives of a population can be made at a cost that is truly manageable. An approach known as “layering” can be used to gradually build components of a system. Good design up front, coupled with effective and transparent procurement processes, can ensure that costs are kept transparent and fully understood.
Where there is value, there will be fraud
Designing identity systems in respect of the value of identity was also emphasized. As soon as identity gives you more than just “identity” – when it, for example, becomes a means to open bank accounts, cross borders, or receive healthcare – it becomes vulnerable to fraud. The design of Iceland’s Kennitala was one of the most revealing to me; it is one of the only identity schemes I have come across that is totally open (that is to say, everyone knows and freely shares their number). Knowing someone else’s Kennitala allows you nothing that you cannot get on your own, and thus has value to no one other than its recipient.
We trust companies more than governments
For reasons that I am still not clear on, many soci eties appear to consciously or subconsciously believe that sharing location data with Google, health data with Apple, or financial data with our banks is far more palatable than sharing fingerprints with our governments. Although governments aren’t known for being perfect (see the recent OPM hack as an example), companies aren’t either. However, whether it’s narrower scope or naked focus on profits over policies, we still remain far less cynical about the motives of the private sector than we do our (usually) elected officials.
My greatest plea coming out of this conference is that we do it all again next year! This topic is far too important to be a one-off discussion, and the insights I believe we all gained must be shared, built upon, and discussed further. Identity management is a hugely powerful tool that can transform our lives for the good or the bad but it is just that – a tool. And as the saying goes, a bad workman always blames his tools.
Justin Hughes is a biometrics and major programs expert at PA Consulting Group, based in New York. @justinhughes_PA