[Read more session reports and live updates from the 13th Internet Governance Forum]
The event addressed the question of what is digital identity, which are the best forms of digital identity, and what are the frameworks that allow an individual to be empowered through digital identity rather than merely identified by governments or the private sector.
Mr Raman Jit Singh Chima,Access Now, addressed the question by explaining that there are different forms of identity online according to the services used. Particularly in the last years, the discussion has been on when the identity should become sensitive for the services you use. He explained that identity means that there is not necessarily one source of truth or one identity store: there is a recognition and a series of rules at the technical level. Indeed, even at the legal level there are the different forms of identity that a government service, a department, a private sector business, or an Internet commerce site will accept. The question, then, is fundamentally about choice and about giving individuals the choice to state whether they want to provide a particular piece of information to an entity, and whether there may be legal limitations sometimes. Looking ahead at the future of digital identity, the approach to tackle the issue should be focused on the answer to why personal information is collected and what are the final purposes? Furthermore, empowering people through digital identity needs to be done in an inclusive way leaving no one behind.
Mr Brett Solomon, Access Now, talked about the contextualisation of digital identity into human rights. Digital identity, as a building block of the digital economy and digital society, often does not fit into the framework of human rights. Nonetheless, there are billions of people who cannot access such an identity and therefore the related services. Digital identity poses one of the greatest threats to human rights. If you connect digital identity to the internet of things, the algorithms and metadata identification, you have a building block of a totalitarian state. Moreover, many of the digital identity programs have been designed outside the frameworks of privacy and data protection. In general this suggests negative consequences. Thus, how is it possible to make sure that this building block is robust and secure? The question of consent represents a central point, together with clear limitation and definition of access, and withdrawal or removal of consent in cases of changes of identity. While it is possible to change your passport, this does not apply to biometric data: with this regard, cybersecurity represents an essential consideration. Furthermore, Solomon introduced the concept of incident of identities. Finally, with regard to the future of digital identity, he argued that better frameworks for data protection and its implementation are needed to promote and respect the right to privacy even where there is no constitutional right to it.
Ms Amba Kak, Mozilla Tech Policy Fellow, argued that the focus of the attention should be on the best forms of digital identity rather than on a single definition. The state of the art is that we need more research about the security and privacy implications of technical choices; in addition to that, the policy choices should be considered in depth. Furthermore, a question should be asked as to the extent it is acceptable for the state to require a digital ID for identification online. To this extent, it is important to understand whether the use of a digital identity empowers the individual or it represents just a mean for identification. In this regard, she re-stressed cybersecurity concerns related to the use of biometrics and the question of consent. Finally, with regard to the future of digital identity, there is a need for substantial dialogue between policy makers, lawyers and technical experts in evaluating the systems in place and the technical claims made for them.
By Stefania Grottola