International Identity Day: an opportunity to pause and reflect
This blog is different from the ones you typically see from WatchGuard. It is because we are joining in the conversation about International Identity Day, which takes place on September 16, 2023. International ID Day is a movement to raise awareness and address the lack of identity, specifically the growing need for digital identities, as a fundamental right of people worldwide.
The coalition and campaign around ID Day focuses on three fundamentals of identity: inclusion, protection, and utility for an estimated 850 million people worldwide, particularly in Africa, who lack proof of identity. Proof of identity can be as essential as a birth certificate or as sophisticated as a digital driver’s license.
There has been growing industry recognition and progress towards inclusion, which I prefer to describe as equitable digital identity. Beyond the commercial benefits and emerging economies, identity ecosystems are needed for equitable access by populations impacted by political instability, homelessness (or housing insecurity), displaced by war and climate events, vulnerable youth in foster care without legal guardianship, and survivors of domestic violence accessing social services.
Emerging technologies such as verifiable credentials and identity wallets pave the way to equitable digital identity, identity protection, and, ultimately, the highest forms of utility. For example, an individual can leverage an in-person proofing ceremony to apply for or renew a physical driver’s license card and simultaneously acquire a digital driver’s license credential, which is cryptographically protected, digitally signed, and stored securely in a digital ID wallet. Digital ID wallets are like payment wallets used for credit card and payment information to store high-value identity-related documents and verifiable credentials.
Verifiable credentials can contain many identity-related attributes and zero-knowledge proofs about the holder beyond the eligibility to drive (in this case) or purchase alcohol (another typical example). Verifiable credentials can enable the holder, via user consent and authorization methods, to provide proof of education level, provide proof of employment, and use various government-related services without the need to establish a new account, register (or reuse) a username (email address) and password, or to repeatedly appear in-person to verify the validity and authenticity of the individual to be a trustworthy, honest person and citizen.
One of the core tenets of verifiable credentials is minimal or selective disclosure and responsible collection for privacy preservation, data protection, and compliance. Instead of providing vast amounts of personally identifiable information to every government service, commercial website, or mobile application as we do today, verifiable credentials expressly eliminate centralization (and therefore can reduce data breaches related to this information) using ledgers and places the holder (individuals, people) rather than systems in control of their digital identity information.
Identity-related threats, fraud, scams, misuse, and abuse are the leading financial crime attack vectors. There is an unprecedented surge in activities such as opening fake accounts, applying for loans and credit, and history takeovers. Governments are not the only entities whose future rests on identity; financial services and healthcare providers are equally important in participating in an ecosystem that protects consumers and patients.
As I mentioned above, identity ecosystems are crucial to solving global identity challenges equitably. I am very proud to highlight the industry progress in standards by the OpenID Foundation, who last month announced a new Digital Credentials Protocols Working Group, which will work with the Open Wallet Foundation to foster the adoption and utilization of many formats of issuance and presentation of digital credentials.