High-Level Session 2: Transforming Health: Integrating Innovation and Digital Solutions for Global Well-being

Summary

This panel discussion at the 19th IGF 2024 focused on extending digital identity verification to protect internet transactions. The panelists, representing government, technology, and international organizations, explored the concept of a trusted digital identity framework and its key elements. They emphasized that digital identity is a fundamental infrastructure for digital transformation, not just a service.

The discussion highlighted the need to balance enhanced security with user privacy protection. Panelists suggested that clear core principles and values, along with independent oversight, could help manage this balance. They also explored the potential of emerging technologies like blockchain, biometrics, and AI in shaping the future of digital identity verification, while cautioning against over-reliance on new technologies without proper evaluation.

Barriers to international cooperation in developing standardized digital identity systems were addressed, including the digital divide, lack of basic infrastructure in some regions, and the complexity of the digital identity ecosystem. The importance of understanding regional contexts and needs when deploying solutions was stressed.

Panelists called for global collaboration in creating a high-level framework for digital identity, building on existing success stories in areas like international travel and telecommunications. They advocated for a phased approach to implementation, allowing countries to progress at their own pace while encouraging experimentation among those ready to advance.

Key takeaways included the potential of digital identity to accelerate inclusion, the need to protect user privacy, and the importance of investing in digital identity as infrastructure. The discussion concluded by emphasizing that while countries may face different challenges, they share a common goal in developing effective and trusted digital identity systems.

Keypoints

Major discussion points:

– Defining trusted digital identity frameworks and their key elements

– Balancing enhanced security with user privacy protection

– The role of emerging technologies like blockchain and biometrics in digital identity

– Barriers to international cooperation on standardized digital identity systems

– Navigating differing national priorities while advancing collaborative solutions

The overall purpose of the discussion was to explore the challenges and opportunities in developing trusted digital identity systems on a global scale. The panelists aimed to share insights on creating effective frameworks, leveraging new technologies, and fostering international cooperation.

The tone of the discussion was largely optimistic and forward-looking. Panelists acknowledged challenges but focused on potential solutions and opportunities for progress. There was a sense of urgency about the importance of digital identity systems, balanced with calls for careful, principled approaches. The tone became slightly more pragmatic towards the end when discussing practical barriers to implementation, but remained generally positive about future possibilities.

Speakers

– Shivani Thapa: Moderator

– Prince Bandar bin Abdullah al-Mishari: Assistant Minister of Interior for Technology Affairs, Kingdom of Saudi Arabia

– Emma Theofelus: Minister of Information Communications and Technology, Namibia

– Siim Sikkut: Managing Partner of Digital Nations

– Sangbo Kim: Vice President for Digital Transformation, World Bank

– Kurt Lindqvist: CEO, ICANN

Additional speakers:

– Fatma: Mentioned briefly, no role specified

Expanded Summary of IGF 2024 Panel Discussion on Digital Identity Verification

The Internet Governance Forum (IGF) 2024 hosted a panel discussion focused on extending digital identity verification to protect internet transactions. The panel, moderated by Shivani Thapa, brought together experts from government, technology, and international organisations to explore the concept of a trusted digital identity framework and its key elements.

1. Defining Trusted Digital Identity Frameworks

A central theme of the discussion was the definition and importance of trusted digital identity frameworks. Bandar Al-Mishari, Assistant Minister of Interior for Technology Affairs from Saudi Arabia, emphasised that digital identity is not merely a service but fundamental infrastructure for digital transformation. He highlighted Saudi Arabia’s initiatives in this area, including a national digital ID system used for various services.

Emma Theofelus, Minister of Information Communications and Technology from Namibia, stressed the need for frameworks to clearly define roles, responsibilities, and limitations. Kurt Lindqvist, CEO of ICANN, added that trust in digital identity systems involves both technical and human elements, highlighting the complexity of building truly trusted systems. He also noted ICANN’s role in providing infrastructure that could support digital identity systems.

Siim Sikkut, Managing Partner of Digital Nations, emphasised that user adoption and ease of use are key for building trust. Sangbo Kim, Vice President for Digital Transformation at the World Bank, noted that digital identity enables access to essential services, further underlining its importance as infrastructure and a starting point for various services.

2. Balancing Security and Privacy

A significant portion of the discussion focused on the challenge of balancing enhanced security with user privacy protection in digital identity systems. Siim Sikkut proposed that privacy and security can be advanced simultaneously, rather than being balanced against each other.

Emma Theofelus suggested that an independent oversight body could help manage privacy and security concerns, providing a governance-based approach to this challenge. Kurt Lindqvist offered a perspective on how existing technologies like the Domain Name System (DNS) can provide security and stability in identity management.

3. Emerging Technologies in Digital Identity

The panel discussed the role of emerging technologies in digital identity systems. Blockchain technology was mentioned as a potential tool for enhancing user control and privacy options. Biometrics and artificial intelligence were also discussed as technologies that could play significant roles in future digital identity systems.

However, Kurt Lindqvist cautioned that existing technologies like DNS might be sufficient for many identity management needs, sparking a debate on the role of emerging versus established technologies in digital identity systems.

4. Barriers to International Cooperation

The panel identified several barriers to international cooperation on standardised digital identity systems. Sangbo Kim highlighted the lack of connectivity and basic digital ID solutions in many countries, noting that 2.6 billion people still lack internet access and about 1 billion lack any form of legal identification.

Emma Theofelus emphasised the need to understand different regional contexts and needs when developing digital identity solutions. This point was echoed by Siim Sikkut, who noted the differing levels of readiness and priorities across countries.

Bandar Al-Mishari pointed out the lack of a global framework or standards for digital identity, suggesting that international organisations could play a role in developing such standards. He proposed a high-level framework that could be adapted to different national contexts.

5. Key Considerations for the Future

Looking towards the future of digital identity, the panellists offered several key considerations. Siim Sikkut stressed the importance of experimentation and learning by doing, advocating for a practical, phased approach to implementation. He also emphasised the critical importance of usability in digital identity systems.

Emma Theofelus highlighted the potential for digital identity to accelerate inclusion of underserved populations, particularly in regions like Africa. She stressed the importance of understanding regional differences in digital identity implementation.

Sangbo Kim emphasised the need to protect user privacy through decentralisation, while Bandar Al-Mashari reiterated that digital identity, as critical infrastructure, requires significant investment.

Kurt Lindqvist called for an inclusive, phased approach to implementation, allowing countries to progress at their own pace while encouraging experimentation among those ready to advance.

6. Conclusion and Future Directions

The discussion concluded with several key takeaways. Bandar Al-Mishari emphasised the need for a global framework and increased investment in digital identity infrastructure. Emma Theofelus stressed the importance of understanding regional contexts and needs. Siim Sikkut highlighted the need for experimentation and user-centric design. Sangbo Kim underlined the importance of addressing the digital divide and protecting user privacy. Kurt Lindqvist advocated for leveraging existing technologies and adopting a phased approach to implementation.

The panellists agreed that digital identity is crucial infrastructure enabling various services and transactions, including travel and banking. They emphasised the need for trusted frameworks that balance security, privacy, and user adoption. The importance of experimentation and phased implementation was highlighted, along with the critical need to protect user privacy and give users control over their data.

However, several challenges remain, including creating global standards while respecting national sovereignty, bridging the digital divide, and balancing centralised identity management with calls for decentralised, user-controlled systems. The discussion highlighted the complex nature of implementing global digital identity systems and the need to consider various national and regional contexts, providing a foundation for future work in this critical area of digital governance.

Shivani Thapa: The 19th IGF 2024 it is and it is a matter of great great privilege ladies and gentlemen for me to come in front of you, get on the stage and to get the ambience set for this very very important panel here at the IGF 2024. Thanks to Miss Fatma for this great privilege that I have just been entrusted with. I can see my fellow panelists coming in. I request them to kindly grace us on stage and yes as I turn to my esteemed members in the audience, ladies and gentlemen, yes yes your highness, if you could kindly be seated here. Please join me ladies and gentlemen as I introduce my very distinguished panelist, his highness Prince Bandar bin Abdullah al-Mishari, the Assistant Minister of Interior for Technology Affairs, the Kingdom of Saudi Arabia. A warm welcome to you. We have joining us here at the panel Her Excellency Miss Emma Theofelis, the Minister of Information Communications and Technology Namibia, joined in by Mr. Sangbu Kim, the Vice President for Digital Transformation, the World Bank and we also have joining us in our panel Mr. Curtis Lindquist, CEO ICANN and Mr. Sim Sikud, the Managing Partner of Digital Nations. Thank you so much for gracing us at this very very important occasion. Ladies and gentlemen, today we focus on a very very important topic, a topic of central importance that’s extending digital identity verification to protect internet transactions. Now yes, we all live in an era of online transactions wherein these online transactions certainly underpin everything, everything from global economy, commerce to public services. Therefore, digital identity verification has become the cornerstone of trust in our digital ecosystem. Now, why is this topic even here amidst us here at the IGF? Because this is not merely a technical issue. It is a multidimensional issue that intersects with innovation, governance, human rights, and inclusion, and the list is pretty long. So our session here today is carefully curated for us to reap an overall understanding as to why we need to strengthen the digital identity verification, give us an outline on the global standards and frameworks for identity protection, of course, talk about some best practices that we would certainly be focusing on, and also quickly run through the central element that is the role of international cooperation and multisectoral collaboration, which again is of central importance, as I said. So we are fortunate to have amidst us an esteemed and illustrious members in the panel, and I know that you bring in a very unique set of ideas and expertise from the niches that you come from, and what I would certainly be looking forward to is exploring the synergies between the insights and the perspective that you bring to this forum. Thank you one more time for gracing us. So without further ado, let’s dive in directly to the conversation for which we are here. We will begin with a deceptively very simple question, so to say, yet a very complex one. How do you define our trusted digital identity framework, and what are the key elements that make it effective? Now, this is a blanket question for all our esteemed panelists, but as I pose this question to each one of you, I certainly encourage you to reflect on how your unique role and perspective shape your answer. So, said that, let me begin with Her Excellency, Ms. Emma Theophilus, the Minister of Information, Communications, and Technology from Namibia, whose work connects governance and technology in remarkable ways. So, what does it mean, Your Excellency, to have a trusted digital identity framework, and what are the indispensable elements that make such a framework effective?

Emma Theofelus: Thank you, thank you very much, and I’m very happy to be here at the IGF and discussing this very important topic around digital identity systems and how they relate to a broader digital economy. And I think trusted could have a very broad definition on a system that is dependable, that is trustworthy, and that a system that can carry the systems and processes that require or depend on digital identity. But I think the biggest one I could say is that a trusted digital identity system is one that would ensure it’s clear who does what and when they do it, and what their limitations are. Because I think it’s very important when dealing with frameworks of this nature that it’s very clear who does what, and very clear what the limitations are of that authority or that body. And especially when you go further, when you look into the administration and oversight, who performs the operational functions, such as incident management. change and release management and coordination, fraud prevention, it should be very clear on who does what and when and what their limitations are to ensure that there are no ambiguities in order to trust the particular system. But of course this is all underpinned by legislation that puts out clear guidelines and clear regulations around these systems and frameworks. So I think that’s very important. Thank you.

Shivani Thapa: Thank you, Your Excellency. May I now turn to Mr. Curtis Lindquist from ICANN. From ICANN’s vantage point, Mr. Curtis, where ensuring trust in the Internet is so, so fundamental. How does, I mean, how does the notion of a trusted digital identity align with the broader challenges of governance in a decentralized digital world?

Kurt Lindqvist: Thank you for your question. Let me start with observation. When we talk about trust, or especially trust in identity, it isn’t just a technical concept of trust, it’s also the human element of trust. And the trust in the system, trust that the system works, that it’s safeguarding, that it’s delivering on the promise, why we turn to the identities. And this is irregardless of if this is an individual trying to use this, going about their daily roles or jobs, or whether it’s in a business context. And so when we talk about trusted digital identity frameworks, we need to encompass all this and we need to make sure that the system provides this comfort or the trust element. And ICANN, we have this conversation very much alive, it’s very much ongoing. We, as part of the ICANN ecosystem, with domain names and registration data, a lot of this data is no longer available to the general public. We have GDPR and other requirements. And this is great from a privacy point of view and safeguarding privacy, but it creates an obvious challenge when there are legitimate requests for access, for example from law enforcement. And the question then becomes, when we get these requests, how do we validate or safeguard these requests? The requester is who they say they are. And this isn’t just a theoretical question, we have these discussions with Interpol, Europol and similar organizations. And they have tools that are useful for their purposes and in their context, but they’re not necessarily systems or models that scale to a global level or a global challenge in identity verification. And so that’s one challenge you have to do to create and prove this trust, of course. And on top of that, there’s the operational issues of building these systems. How do you do this at scale but retain the confidence in the system or the trust to the model without driving up costs or complexities that would hinder access or create uneven adaptation or uneven access to a identity system? Because that would be, again, eroding trust in the system. And then we have readiness of technologies and authentication and credential systems are emerging, but it’s still very immature and very early days. So for this to work, and it also can’t work most of the time, digital identity systems It has to work all the time for everyone, otherwise you can erode trust in the system. ICANN’s role in this is that we don’t build identity systems, especially not global ones. That role is for governments or institutions that they designate. Our focus and our role is to safeguard the Internet’s infrastructure, so domain names, IP addresses, that underlines the function of the Internet and provides, as you said, the trust in the Internet and the Internet model. You can think about this as that we provide a smooth road surface for the cars to drive on top of it, to oversimplify perhaps a little bit, but that’s very much our role. But the ICANN community has a unique role they can play in this. It’s a space where stakeholders from across all of these spectrums, civil society, business, the technical sector, technical community and civil society can all come together, form policies and discuss them, and create globally applicable standards. So this is something that we work very much on. ICANN has developed something called the Registration Data Request Service, which is a way to handle this registration data I talked about, and how you can provide this in a safe and secure manner. So that’s something that we see as our foundational role, ensuring the Internet is stable, secure, and without that you can’t build any trust in the higher layer systems. So that’s what we are very much focused on working on.

Shivani Thapa: Right. Thank you. Thank you, Mr. Curtis. Yeah. We’re here talking about technological reliability and then the user confidence, and when there’s a blend of both of these, this becomes very, very tricky. And we understand the problems are not the same everywhere. There are large communities that are still transitioning into the digital age, and we all really need to instill that trust again. That’s again another part of the entire scenario. Of course, I’m sure we certainly will venture on this later in the conversation. Allow me now to turn to His Highness Prince Bandar bin Abdullah Al-Mashari. Your Highness, the Kingdom of Saudi Arabia has been at the forefront of technological innovation. The world certainly is at awe and keeping a watch at the advancement and how you embrace into the digital world. Right. So what is your take on the trust that we’re talking about?

Bandar Al-Mashari : First of all, let me thank the forum for inviting me to participate in this important panel. Let me start with saying that digital identity is not a service, it’s an infrastructure. It’s an infrastructure for digital transformation, digital transactions between individuals, between entities, business and governments. Therefore, it’s as important as any other infrastructure. It has to be secure, it has to be regulated, it has to be trusted. In Saudi Arabia, we started a long time ago with building the ID or identity in the physical world. We issued the digital cards with SIM cards which stores the biometrics and the numbers and the name and the birth date. Long time ago, 45 years ago, we established what we call the unified national number where each citizen or resident has a unique number where we tie all the information for identity with that number. This managed us to expand to the next level which is the digital identity. Back to your question, trust is a broad word. It means a lot of angles. It has to be trusted in terms of the identity itself since the creation of the identity has to reflect the identity of the person himself with a high trust from the users. Trust means from the user itself, from the identity holder, he has to trust that his identity, his digital identity is going to help him to access all information. everywhere, anytime, across the border, etc. So the trust doesn’t mean only secure and private. It doesn’t mean that it’s protected from invasion or impersonation. It means more than this. It means more business. It enables that the identity holder to use it for digital transactions. Framework. Framework means ecosystem which covers legal, governance, infrastructure, technical options, etc. Of course in different countries there are different frameworks. In Saudi Arabia, thanks to God, we started a long time ago with the identity itself, the physical identity, and when we came to the digital identity we just upgraded the framework. So we are not creating a new framework. It’s an extension to the framework of the physical or card-based identity. As far as identity, we consider identity to be the identity of individual, the identity of entities, business, government entities, NGOs entities. So we have to cover all types of objects, persons, identities, and nowadays we are talking about Internet of Things, digital identity. So trusted digital identity framework is a combination of four words that means a lot. It means trusted infrastructure for digital transformation.

Shivani Thapa: That is so beautifully put and I believe certainly it’s not a service, it’s an infrastructure. I think that adds a lot of value and meaning to how you’re going to sketch or carve the way forward. And certainly in this very essence I’m sure there will be a lot of lessons from the initiatives that are underway here in Saudi Arabia, in Riyadh for the IGF participants. to see as well and for to help guide us the creations that they would want to embrace In the near future. Thank you. Thank you your highness. We are now move on to mr. Sim sick with what is your take on this? well

Siim Sikkut : Going back to my own background from Estonia I had the privilege of serving the government and now we advise other governments that we clearly see one thing Digital identity is just a key So you talk about trust in digital entities and so forth We have to talk about two things one is to trust in the key does that work and secondly? But how is the usage of that key? And how is that secure and trusted? So from from my perspective and we really had to build a lot and we now see the current countries have to build a lot The whole rest of the components around it just like his highness said I mean the framework is actually much wider than that For example elements like personal data management Or how can users have control and consent start to matter so much more for that to be trust in digital identity? even the key itself and and with that in mind What I see is an element that we really have to think about when we talk about Trust in digital identity things is are the users using it? Ultimately, it’s trusted if users are using it and there’s two elements in that Yes, we have to build obviously the frameworks that you know make sure that this reliable etc But at the same time we cannot forget the usability side of things So how to make it work how to make sure that you know people will be using it We have to build this trust safeguards in a way that actually it’s easy to use them That’s no extra effort for example that I have to go through to make sure that now my transaction can be trusted. That’s easy If it’s easy people will use it then trust is really there and then identity and all the impacts are there

Shivani Thapa: Coming to mr. Kim mr. Kim the World Bank operates at the intersection of global development and technology How do you define this trusted digital identity framework, and how do you distil the elements that make them effective?

Sangbo Kim: As other panelists already provided a lot of good insights for the digital identity, I would like to add some more point that digital identity, as many people said, it is fundamental infrastructure. But at the same time, it is just how we encourage our people to use the digital service more frequently, more comfortably, and in a safe way. So it is a matter, if we can just keep, you know, secure the data protections through the digital ID and, you know, save some space so that people can trust the system, maybe we can encourage the people to use more the digital services. So that’s one point. On the other hand, actually, it is very beginning, starting point for the every services. If you see another commercial services in many, provided by many, you know, global company and some tech company, you know, sign-up process is the starting point to, you know, register your identity or account, username and password is the starting point. Actually, digital identity is beyond that, much complicated system, but anyhow, know your customer and know your people from the government services is the starting point. That can, you know, provide through the identity, we can provide the social protection services, you know, financial services, so many government services, much easily through. this ID system, I think.

Shivani Thapa: Thank you, thank you. What a rich start to our discussion already, and thank you all. Now, while we understand what constitutes our trust framework, let us head on to address the tightrope walk that every nation is having to face, that’s balancing enhanced security with the protection of user privacy. My second question would be in this regard, and I would want to begin with Mr. Simsekud. How can we balance the need for enhanced security with protecting user privacy and avoiding over-surveillance?

Siim Sikkut : Well, to me, and not just theoretically, but in practice, it really starts from that I would move away from talking about balancing. They both can be advanced at the same time, as a lot of experience and practice has shown. So it’s not a question of one or the other, how do we advance both? And the beginning point, as with any transformation, is to say that, but let’s really define a certain core principles we will always adhere to. For example, I would be willing to make an argument that if we really want to have trust there for digital identity, people ultimately, for example, want to have control and assurance of privacy. Perhaps, based on the values, if we define those principles that should always be held, then we have a chance of actually thinking, okay, how can now we do security within those confines based on these values and so forth? So it’s not a balancing act, it’s defining what are the things we will always observe and then figuring out how do we do the rest around it. For example, security in a way that privacy is kept. Going beyond that into practical stuff, there’s several things that have worked. I mean, things you can look technologically. I mean, that is, for example, one of the really strong arguments for distributed systems, for data sharing, et cetera. But practically speaking, really going through this exercise of, yeah, principle-based approach is really… really what helps to solve this. And lastly, why this principle space matters is the devil is always in the details, as they say, right? So which means that the dilemma often occurs at the operational and technical level. So on the down the line, techies like system administrations have to make this call, right? Again, for them, it’s so much easier if there’s a clear base of what are the principles we will not steer away from, clearly set from the start.

Shivani Thapa: Let me come to Minister Theofilus. What would be your take on this, especially in the light that privacy concerns can be particularly acute in regions, successfully with limited data protections?

Emma Theofelus: Definitely, and I think I’m leaning towards what Sim has said. I think with clear core principles of values on what the data is to be used for, for each individual user, becomes easier on what parameters to keep within the administration of a digital identity system. But there’s also a school of thought around perhaps an oversight, independent body or authority, to be able to manage the system, to ensure that the data of the users is used particularly for what it was meant to do, and that there’s no trespassing or going beyond and above the authority of the data processor. So I think perhaps around having an oversight authority would be perhaps one of the practical ways to ensure that the system is officially managed and administered, and that there would be no need to have competing interests. I think the balancing act can be carried forward by both keeping the privacy of the user and ensuring that there’s no trespassing around the rights of those users and their data on the system.

Shivani Thapa: Well, thank you. security and privacy certainly are two sides of the same coin and yet constantly in conflict so this can be tricky but that’s been pretty optimistic from your side. Now let’s shift our gears from today to look into the future. Emerging technologies such as blockchain and biometrics that’s what is the food for our I mean like third discourse. These as you all know is redefining the digital identity space at the moment but how can we leverage these advancement without falling prey to their hype and risks. I think this has been a very very burning question or rather concern at all tiers and among all these stakeholders. Now let’s hear from our panelists you’ll have some three minutes each to answer this question beginning with his highness Prince Bandar bin Abdullah Al Misari. With emerging technologies like blockchain and biometrics what do you see as the future of a digital identity verification?

Bandar Al-Mashari : Of course as the wave of technologies comes around it brings with it with itself the challenges and the opportunities. For biometrics it’s available since long time ago and we are using biometrics maybe more than 15 years ago to identify persons and individuals, face, fingerprint, DNA for in special cases, voice in special cases, iris, all are these full biometrics are utilized since we started the digital ID initiative or the ID initiative in fact. For blockchain it’s also around since the web 3 motion or wave which started maybe more than eight years ago And it came after Web 2.0 wave, and then the necessity for more trusted internet brought what we call blockchain. And it started with the Bitcoin, and then it generalized itself by the blockchain. Blockchain, in a nutshell, it’s an option to replace the database or the central database with distributed ledger, or in a simple word, with distributed identity that controlled mainly by the identity holder himself. It cannot be changed, it cannot be forged, he can allow any other user to use the credentials of his identity. But at the end, it needs identity issuer, identity holder, identity user. So it’s going to solve a problem in some societies who are sensitive to the concept of central database for identity. Of course, it provides more secure, more privacy, more control by the identity holder. What is the future or what opportunities? Of course, it will add more options for any country or society or an individual who weigh the privacy more than any other thing else. Of course, security is part of that. However, it should be evaluated in terms of accessibility, in terms of ease of use, in terms of cost. All these aspects has to be assessed in order to weigh the value of using blockchain in identity. Specifically, blockchain can be utilized efficiently in identity management, not identity issuing or identity, I’m sorry, for identity access management, not for identity issuing or identity management. What I mean by that is that blockchain can be used in a variety of ways. need by identity issuing is to create the identity itself. You have to create it outside the blockchain. Then you put it in the blockchain. You have to manage the identity in terms of updating the identity, stopping the identity, re-initiating the identity, et cetera. These are the surfaces around the identity. This has to be done maybe within the blockchain or outside the blockchain. So biometrics, blockchain, I may add AI also. AI is going to add more opportunities to protect the identity or create new models of identity. So as technology progress and the business models progress, we will have more options. And hopefully, this will give more options to other countries, societies, individuals to start the digital identity as a basic right for each individual in the world. As you know, in the UN, there is sustainability goals. And one of them is to provide access to the digital services. Without these options that offer itself as a cure for some concerns in some society, we will not be able to achieve this goal. So hopefully, these technologies, biometric and blockchain, AI, BKI, all of them will add more options to the digital identity infrastructure. And we’ll see one day more than 90% of the planet people here in the planet are having the digital identity, are enabled to access health care, education, opening bank accounts, et cetera. And this will add a lot of value to the economy of each world, each society, each individual.

Shivani Thapa: Thank you. May I now turn to Mr. Curtis? Please feel free. free to add on to what has just been said, while answering that, you know, how we’ve been hailing the revolutionary technology for digital trust, blockchain, which we’ve been hailing for its revolutionary power. Now, is it the panacea often made out to be, or are there any blind spots that needs to be addressed?

Kurt Lindqvist: I’m trying to pick up, I don’t want to follow on to what His Highness just said about blockchain. I think it’s one thing that’s worth reiterating, is that blockchain has some fantastic characteristics, but one of them is that you can’t revoke what’s in there. And if you lose a key, you might not be able to access this, you lose the access to the identity again. And having this recovery of identity is quite an important part of any identity system, right? And I think there might be many systems in this that you can build on. I think, from the organization I represent, talking slightly in my own interest, that there are also existing technologies, right, that will provide very similar, or maybe even better characteristics. The main name system, the DNS, has a hierarchical structure. We are seeing how this is being used for identity management in, for example, social media platforms like BlueSky, who uses this as a way to verify the identity of the users. The Internet Engineering Task Force, that defines all the standards and the technologies that have been in the internet, are working to add the new fields and parameters to this structure to actually use it for identity verification and management. So I think that we like to talk about, actually, going back to your question, we like to talk about future technologies as that they have to be. something brand new and shiny but sometimes the new technologies can also be built inside the context of what we have or built on what we have to deliver maybe perhaps a more stable and Expanded Functionality where we are today, but without going through a lot of unknowns as we have today And I think that’s worth keeping in mind when we talk about the future technologies to enable building secure inclusive access and stability

Shivani Thapa: Mr.. Stickwood eager to know what would you like to add to this conversation? well

Siim Sikkut : Well first of all obviously it’s important to experiment right constantly keep trying things out in a way, and and if you look at emerging Technologies side of things I’m very much with his highness in a sense that AI is probably the biggest impact Especially given our topic here. How do you ensure trust in these frameworks? so from defense point of view as well as of novel ways to really live doing that but if you talk about the goal of having an entity for everyone globally I Think even some ways trying to think too much about emerging technologies like at this service So much proven technology already out there just need to get that out scale that on board people and That does the trick and then we talk about next stages of evolution with next technology and so forth

Shivani Thapa: Mm-hmm Okay, so we’ve explored the what and how in trying to understand the landscape and then the experts point of view How we are looking at the future of the internet that we want as now let us now address the where? Question where the barriers lie and where the international cooperation can make a big difference May I turn to mr. Sun Kim with the plethora of experience that you and the entity that you represent I think you would be the right person to begin as to what are the key barriers to international cooperation in developing standardized digital identity systems? And how do you think these barriers can be addressed?

Sangbo Kim: Two barriers I would like to say today. One is still we are struggling with lack of connectivity and lack of basic digital ID solutions. From the internet connectivity point of view, we are still struggling with 2.6 billion people so no access to the internet. That’s huge. On the other hand, 3.3 billion people in the world are living in a country where there are no ID solutions and data sharing mechanisms. And even 850 million people are not recognized by the government. So they have no physical identity at all. So this is a very fundamental issue. So still we are really struggling with a digital divide across the developing country and the developed country. So that’s a huge challenge. So we need to invest more in the fundamental infrastructure. At the same time, it is really a complicated ecosystem. Not only government, but also many private sector, big tech, and some identity dedicated in a special technology. The startups and many companies should follow the trend. And people need to understand how to use this and needs to get trained. And some participation by the academia and also from the NGO are very crucial for the success of this, building the ecosystem. It is very complicated. complicated ecosystems too. So the leadership is the key to bring the all the, you know, digital ID solution across many stakeholders. So and also international collaboration are another key to, you know, enhance the regional, you know, interoperable services across the cross-border. So many collaboration and leadership are the key solutions for the big challenge of the complication of a digital ID.

Shivani Thapa: Of course cooperation is key and central, but then even after having realized what the scenario is and what needs to be done, things are very very difficult in the ground and in practical life. So how do you go to this scenario, Your Excellency Minister Theodosius? Yes, thank you.

Emma Theofelus: Yeah, I fully agree that cooperation and collaboration definitely would go a long way. Notwithstanding the barriers as indicated earlier, I think there also needs to be a better understanding of the various contexts of the different regions and the solutions to address some of those barriers and challenges. So if we don’t understand the existing barriers of a particular region or area, the solutions around digital identity might necessarily not work for that particular region. So for example, the African region would have a completely different context to the MENA region or to the North American region or to the European region. And if we want to then try to deploy solutions that would necessarily work for Europe, it doesn’t mean necessarily that it will work for the context of the needs of the African region. So better understanding the needs of every region around digital identity. and access, I think, is quite important, and then we can take it up from there. Because with collaboration and cooperation, you must understand the context, and the solutions must then be able to be applied on the various needs of a particular region or area. And I think thereafter, we can better cooperate, and we can better deal with the barriers, if possible, one by one, to ensure that we reach a particular standardized digital identity system or framework that takes care of the entire context, and that ensures that we are able to deploy the solutions needed. Thank you.

Shivani Thapa: Thank you, Your Excellency. May I turn to His Highness one more time? What would be your perspective on these cooperation barriers? At the same time, Saudi Arabia’s initiatives have been deeply rooted in collaboration. Could you also share with us some lessons that can be drawn to inspire global partnerships in the context that we are deliberating now?

Bandar Al-Mashari : What will stimulate the international cooperation and make it stronger than what we have right now is to have an honor for the global digital identity framework. Maybe UN, maybe ITU, maybe someone else, maybe a combination of all these entities has to come forward in a clear responsibility to bring all bodies, all countries, at least the advanced countries, to build such a framework, not as a detailed one, but a high-level one. Since the framework has to come to fill the gaps, not to interfere with specific countries’ laws inside the laws or the culture or the definition of privacy in each society. It has to focus on the gaps in the global level. As far as the challenges, we have a challenge to extend the current success story. We have right now success stories in the travel business. As everyone knows, you travel from a country to a country with a passport, and this passport is a standardized document. There is an international body which is called the International Civil Aviation Organization, and all passports between all countries are used in a standard way. They have standard information. Right now, we are most of the countries moving to the digital passport. So we are very close from global digital identity. We have to focus on the digital passport, the international standard of the digital passport, and extend it to be an option for global digital identity. On the other hand, we have such a story in the roaming services, in the telecommunication, with the GSM. Everyone, when he travels from a country to a country, he can use his mobile in the other country. So by the same token, we can generalize our digital identity to when you travel from a country to a country, you can just activate certain credentials. And the digital identity that you have in your country might be extended as a trusted digital identity in another country. So we have such stories in other fields that we should also focus on and extend it a little bit without interfering with the detailed culture of each country. In Saudi Arabia, we have mature digital identity, thanks to God. We are approaching by way soon the 28 million, which is more than 85% of the population. The left, maybe, from the population are the children and the young people, or those who don’t have any services. So going to the success story in each country, and building on each success story to extend it to another country, is going to expand, also overcome the obstacles. So we have a lot of ingredients. To me, we are not far from the global digital identity. We are very close to that achievement, inshallah.

Shivani Thapa: May I now turn to Mr. Simsekud. We’ve talked about global standards. in practice, that’s quite an optimistic view to build up on, but global standards often face resistance due to local nuances. How can nations strike a balance between alignment and sovereignty for the very concern that His Highness just raised.

Siim Sikkut : Well, I’m not really going to answer you, for good reason. What we have seen, and I come from European context, mind you. In European context, we used to work, and even a small Estonia, we tried steering exactly these things on a European Union level, bringing identities to be mutually usable, exchanging data across the borders and so forth. All the other aspects, including the ones that have been voiced here, can be summed up to basically the challenge is alignment of readiness. Alignment of readiness. You have different priorities of different maturity, you have different sort of, you know, cultural context, you have different connectivity, the readiness is different. And we have to be practical about it and pragmatic about that, even all the way to the point that where I would still say, for example, today, I would be even willing to argue that it’s still too early to have, let’s say, a global standardization or framework effort. Most countries are not ready for this. Look, most of these countries also have teams that are tiny. If you make these people now work on global stuff, they don’t have time to work on domestic things. Really building up, implementing, adopting, scaling identities in the countries, we should come first. But, again, going back to learning from, for example, how did we get things going in Europe? We had the same alignment issue. It’s okay if there are different tracks and sort of a two-tracked approach. Those who are still not ready, let’s give them time and support and everything to get ready. Those who are ready, and there’s more and more of those countries, starting from Saudi Arabia, for example, right? Let’s really allow them to start experimenting, start trying, playing, figuring out these frameworks. Also, for the… reasons that then does practice to then look at in terms of what could work on a international, global or whatever level. And I really want to say this that again very much my own and the Stonian approach has been to say that let’s not debate before we try it out. In standardization effort there’s so much talk about trying to regulate and debate and standardize ahead of time. People don’t know what they’re talking about, they’ve never seen the elephant, they’re talking about elephant. Let’s start trying, experimenting with those who are ready and then we can scale when others are ready more as well.

Shivani Thapa: All right, coming to Mr. Curtis, just building on this very statement that Mr. Sim just built on, ICAN operates as a global steward on internet governance. How do you navigate differing national priorities while advancing collaborative solutions?

Kurt Lindqvist: I think as was said by the panelists before is that, actually just what we just said is that the national priorities are what they are, right? You know, I think you’re gonna have to have respect for them and they have to move forward in the pace they can do. You can of course incentivize those priorities and I think I’m gonna come back to something that Rikson said is that when we define these frameworks and we define the solutions, I think it’s important that they become actually universally implementable if you want, so that we don’t come up with very complicated technological solutions or frameworks, become so expensive or burdensome to implement that you start leaving regions or communities or users out of them. And as we come back to this is that the priorities has to be that you have to adopt this readiness and it can be a phased approach and this can be on a nation level, on a regional level, user application level, what it may be, but it has to be some sort of phased approach that becomes inclusive and enables everyone to follow in this and I think that should be the priority, to have this enablement and as you said, you know, we have to be… a phased approach to it, not wait for everyone to join at the same time because they will never get there.

Shivani Thapa: Well, I believe it’s been quite an enriching and incredible discussion from this very esteemed panel. Before we conclude, let me turn back to our panellists, if you could share a thought on the key takeaways or something maybe we’ve missed to make a statement on this very important topic. I think we would be running out of time, but I could extend at least a minute to each of the panellists. May we begin from Mr. Sekut?

Siim Sikkut : Well, to be really short, I would really want to emphasise perhaps two things here. As we started talking about what is the sort of how to build trust and what is a trusted framework and my whole point was it’s more than just the key, it’s the whole thing around it, the policies, and fundamentally, technology is the easy part in any sort of digital transformation. How we transform ourselves, we have to do proper change management for that. And that takes me to the key point, what is the biggest challenge is build up the leadership and the capability and the governance for that. That’s what I really believe we all should be investing more into all the way from within countries to donors and internationally. Secondly, just going to the last point, even if yes, everyone’s not ready, let’s experiment more, let’s try more, let’s start thinking about how to really build something like a global framework at some point. Even if not everyone’s ready, experimentation is the way to start.

Shivani Thapa: All right, Mr. Curtis?

Kurt Lindqvist: Well, to build on the same thing, I think, you know, let’s remember that digital identity is as much about people as it is about systems and tools and technologies. Make sure that they become inclusive on all layers and in all intersections so that it actually becomes usable. And I very much agree with this, let’s experiment and try so that we get some experience and we can actually build around those pitfalls.

Shivani Thapa: Yeah, Mr. Kim?

Sangbo Kim: I would like to highlight the decentralization feature of the digital ID, so many advanced the privacy of the users. And many countries are now giving back the right of control of the user privacy and private data. So it is really important to protect the privacy. It’s very important. At the same time, I would like to highlight that we don’t need always just every full spec of ID in the central country. We need to protect the privacy of the users. So in order to secure the authentication process or verification process, only just a small piece of the information will be more than enough.

Emma Theofelus: So we should be cautious about that privacy factors. I think a key takeaway for me would be that with digital identity, we can accelerate the inclusion of many people who might have been left behind. So, for example, if you look at the number of people who have been left behind, it’s a huge difference for the government services or the ability to transact, and especially for a region where I come from, like Africa, which continues to have some of those gaps, and that, secondly, I think there is a lot of room to collaborate and to peer-learn from those that have gone before and experimented, like Mr. Sim said, and have done some few successes, so that we

Bandar Al-Mashari : can build on the success story in the digital identity, and also in the digital identity, and also in the digital identity, and also in the digital identity, first of all, build on the success story in travel, banking, telecommunication, global cooperation. Second, consider the digital identity as an infrastructure. Therefore, invest, and I can say invest less to get more. They have their jobs, their salaries, with these jobs, it can be very difficult. Looking in the future, their job area, their economy, their status, their education, their healthcare, the Covid-19 is the proof for that. Thank you.

Shivani Thapa: are forming the backbone of global commerce and connectivity already. So this is not something that we limited to our desires, but something that has become imperative and of paramount importance. So as I read from our esteemed panelists, certainly we might be in different boats dealing with our different realities, having a different degree of will. However, the direction that we’re headed and the destination certainly is the same. And then there are so many we already have achieved, which can be opportunities or doors of opportunities, which we’ve already worked on, and that can be built on to work for the future that we all mutually desire for. I think that was in essence what this forum had to give away to the IGF 2024. And I would want to take a moment on thanking on behalf of the IGF and the host of partners that have set up this very, very important coming together here in Riyadh, especially to our panelists for gracing us and extending your valuable time, thoughts, and experience to this panel. And said that, I also rest the microphone. That’s all from this panel. Thank you. Thank you. Thank you. Thank you.

Agreement Points

Digital identity as fundamental infrastructure

Bandar Al-Mashari

Sangbo Kim

Digital identity is fundamental infrastructure, not just a service

Digital identity enables access to essential services

Both speakers emphasize that digital identity is a crucial infrastructure enabling various services and transactions, rather than just a standalone service.

Importance of user privacy and control

Bandar Al-Mashari

Siim Sikkut

Sangbo Kim

Blockchain offers more user control and privacy options

User adoption and ease of use are key for trust

Need to protect user privacy through decentralization

The speakers agree on the importance of giving users control over their data and ensuring privacy in digital identity systems.

Need for clear frameworks and governance

Bandar Al-Mashari

Emma Theofelus

Framework should encompass legal, governance, and technical aspects

Framework must clearly define roles, responsibilities and limitations

Both speakers stress the importance of comprehensive frameworks that clearly define roles, responsibilities, and governance structures for digital identity systems.

Similar Viewpoints

Both speakers recognize that different countries and regions have varying levels of readiness and specific needs when it comes to implementing digital identity systems.

Emma Theofelus

Siim Sikkut

Need to understand different regional contexts and needs

Differing levels of readiness and priorities across countries

Both speakers advocate for a practical, phased approach to implementing digital identity systems, emphasizing the importance of experimentation and inclusivity.

Siim Sikkut

Kurt Lindqvist

Importance of experimentation and learning by doing

Need for inclusive, phased approach to implementation

Unexpected Consensus

Potential of existing technologies for digital identity

Bandar Al-Mashari

Kurt Lindqvist

Blockchain offers more user control and privacy options

Existing technologies like DNS can provide security and stability

While Bandar Al-Mashari emphasizes the potential of blockchain for digital identity, Kurt Lindqvist unexpectedly suggests that existing technologies like DNS can provide similar benefits. This consensus on the importance of leveraging both new and existing technologies for digital identity solutions is noteworthy.

Overall Assessment

Summary

The speakers generally agree on the importance of digital identity as fundamental infrastructure, the need for user privacy and control, clear governance frameworks, and understanding regional differences. There is also consensus on the need for practical implementation approaches.

Consensus level

The level of consensus among the speakers is relatively high, with agreement on core principles and challenges. This suggests a strong foundation for international cooperation on digital identity systems, but also highlights the complexity of implementation due to varying regional needs and technological considerations.

Different Viewpoints

Role of blockchain in digital identity systems

Bandar Al-Mashari

Kurt Lindqvist

Blockchain offers more user control and privacy options

Existing technologies like DNS can provide security and stability

While Prince Bandar sees blockchain as offering increased security and privacy options, Kurt Lindqvist suggests that existing technologies like DNS may provide similar or better characteristics for identity management.

Approach to global standardization of digital identity systems

Bandar Al-Mashari

Siim Sikkut

Lack of global framework or standards for digital identity

Differing levels of readiness and priorities across countries

Prince Bandar advocates for a global digital identity framework, possibly overseen by international organizations, while Siim Sikkut emphasizes the need to consider differing levels of readiness and priorities across countries before pursuing global standardization.

Unexpected Differences

Emphasis on experimentation vs. established frameworks

Siim Sikkut

Bandar Al-Mashari

Importance of experimentation and learning by doing

Lack of global framework or standards for digital identity

While most speakers focused on establishing frameworks and standards, Siim Sikkut unexpectedly emphasized the importance of experimentation and practical implementation over theoretical debates. This contrasts with Prince Bandar’s call for a global framework, highlighting a difference in approach to developing digital identity systems.

Overall Assessment

summary

The main areas of disagreement revolve around the role of emerging technologies like blockchain, the approach to global standardization, and the balance between privacy and security in digital identity systems.

difference_level

The level of disagreement among the speakers is moderate. While there is general consensus on the importance of digital identity systems and the need for trust and security, speakers differ on the specific approaches and technologies to achieve these goals. These differences reflect the complex nature of implementing global digital identity systems and the need to consider various national and regional contexts. The implications of these disagreements suggest that achieving a universally accepted approach to digital identity may be challenging and may require flexible frameworks that can accommodate different priorities and levels of technological readiness.

Partial Agreements

Both speakers agree on the importance of addressing privacy and security in digital identity systems, but they propose different approaches. Emma Theofelus suggests an independent oversight body, while Siim Sikkut argues for advancing both aspects simultaneously through core principles.

Emma Theofelus

Siim Sikkut

Independent oversight body can help manage privacy and security

Privacy and security can be advanced simultaneously, not balanced against each other

Similar Viewpoints

Both speakers recognize that different countries and regions have varying levels of readiness and specific needs when it comes to implementing digital identity systems.

Emma Theofelus

Siim Sikkut

Need to understand different regional contexts and needs

Differing levels of readiness and priorities across countries

Both speakers advocate for a practical, phased approach to implementing digital identity systems, emphasizing the importance of experimentation and inclusivity.

Siim Sikkut

Kurt Lindqvist

Importance of experimentation and learning by doing

Need for inclusive, phased approach to implementation

Key Takeaways

Digital identity is fundamental infrastructure, not just a service, that enables access to essential services and economic participation

A trusted digital identity framework must balance security, privacy, and user adoption

There are significant barriers to international cooperation on digital identity, including varying levels of technological readiness and differing regional needs

Experimentation and phased implementation approaches are needed to advance global digital identity solutions

Protecting user privacy and giving users control over their data is crucial for building trust in digital identity systems

Resolutions and Action Items

Experiment more with digital identity solutions to gain practical experience

Invest in digital identity as critical infrastructure

Work towards developing a high-level global digital identity framework, potentially through international bodies like the UN or ITU

Focus on building leadership, capability and governance for digital identity within countries

Unresolved Issues

How to create truly global standards for digital identity while respecting national sovereignty and priorities

How to bridge the digital divide and bring digital identity solutions to the 3.3 billion people currently without access

How to balance the need for centralized identity management with calls for decentralized, user-controlled systems

How to ensure digital identity systems are inclusive and do not leave behind certain populations or regions

Suggested Compromises

Adopt a phased, multi-track approach where countries can implement digital identity at their own pace while still working towards interoperability

Build on existing successes in areas like international travel documents and mobile roaming to extend digital identity globally

Focus on high-level frameworks and principles rather than prescriptive technical standards to allow for local adaptation

Digital identity is not a service, it’s an infrastructure. It’s an infrastructure for digital transformation, digital transactions between individuals, between entities, business and governments.

speaker

Bandar Al-Mashari

reason

This reframes digital identity from a service to a fundamental infrastructure, emphasizing its critical importance.

impact

Set the tone for discussing digital identity as a foundational element rather than just an add-on service. Led to further exploration of the broad implications and requirements for digital identity systems.

Trust means from the user itself, from the identity holder, he has to trust that his identity, his digital identity is going to help him to access all information everywhere, anytime, across the border, etc. So the trust doesn’t mean only secure and private. It doesn’t mean that it’s protected from invasion or impersonation. It means more than this. It means more business.

speaker

Bandar Al-Mashari

reason

Expands the concept of trust beyond security to include utility and economic benefits.

impact

Broadened the discussion to consider user perspectives and practical benefits of digital identity systems, not just technical aspects.

We have to talk about two things one is to trust in the key does that work and secondly? But how is the usage of that key? And how is that secure and trusted?

speaker

Siim Sikkut

reason

Distinguishes between trust in the identity itself and trust in how it’s used, highlighting the complexity of trust in digital systems.

impact

Led to a more nuanced discussion of trust, considering both technical reliability and user experience/control.

I think with clear core principles of values on what the data is to be used for, for each individual user, becomes easier on what parameters to keep within the administration of a digital identity system.

speaker

Emma Theofelus

reason

Emphasizes the importance of clear principles and user consent in managing digital identities.

impact

Shifted the conversation towards the importance of governance and user rights in digital identity systems.

Blockchain, in a nutshell, it’s an option to replace the database or the central database with distributed ledger, or in a simple word, with distributed identity that controlled mainly by the identity holder himself.

speaker

Bandar Al-Mashari

reason

Provides a clear explanation of blockchain’s potential role in digital identity, highlighting user control.

impact

Sparked discussion on the pros and cons of blockchain for digital identity, leading to consideration of various technological approaches.

Two barriers I would like to say today. One is still we are struggling with lack of connectivity and lack of basic digital ID solutions. From the internet connectivity point of view, we are still struggling with 2.6 billion people so no access to the internet.

speaker

Sangbo Kim

reason

Highlights fundamental infrastructure challenges that often get overlooked in discussions of advanced digital identity systems.

impact

Refocused the discussion on the need to address basic connectivity and access issues alongside more advanced digital identity solutions.

Overall Assessment

These key comments shaped the discussion by broadening the concept of digital identity from a narrow technical focus to a more holistic view encompassing infrastructure, trust, user control, governance, and global accessibility challenges. The conversation evolved from defining digital identity to exploring its implications for privacy, security, economic development, and international cooperation. The comments highlighted the complexity of implementing digital identity systems that are both technologically advanced and inclusive, leading to a rich discussion of potential solutions and ongoing challenges.

How can we create globally applicable standards for digital identity verification while respecting local laws, cultures, and privacy definitions?

speaker

Bandar Al-Mashari

explanation

This is important to address the gaps at a global level without interfering with specific countries’ laws or cultural norms.

How can we extend the success of standardized digital passports to create a broader global digital identity framework?

speaker

Bandar Al-Mashari

explanation

Building on existing successful international standards could provide a pathway to more comprehensive global digital identity solutions.

What are the best approaches for experimenting with and implementing digital identity frameworks among countries that are ready, while allowing others time to develop?

speaker

Siim Sikkut

explanation

This is crucial for making progress on international cooperation without leaving behind countries at different stages of readiness.

How can we design digital identity solutions that are universally implementable and don’t exclude regions or communities due to complexity or cost?

speaker

Kurt Lindqvist

explanation

Ensuring inclusivity and accessibility in digital identity frameworks is essential for widespread adoption and effectiveness.

What are the most effective ways to build leadership, capability, and governance structures for digital identity initiatives within countries and internationally?

speaker

Siim Sikkut

explanation

Developing these capacities is fundamental to successfully implementing and managing digital identity systems.

How can we balance the need for centralized identity information with protecting user privacy through decentralization?

speaker

Sangbo Kim

explanation

Finding this balance is critical for creating trusted digital identity systems that respect user rights and privacy.

What strategies can be employed to accelerate digital inclusion in regions like Africa through digital identity initiatives?

speaker

Emma Theofelus

explanation

Addressing the digital divide and including underserved populations is a key potential benefit of digital identity systems.