This document is produced by a three region alliance - supported by Omidyar Network, and comprised of the Centre for Internet and Society (CIS) India, the Institute for Technology & Society (ITS) Brazil, and the Centre for Intellectual Property and Information Technology Law, Kenya - dedicated to researching the appropriate use of digital identity.
The resulting document proposes a series of best practice principles against which digital identity systems can be evaluated, providing a draft evaluation framework, usage guide and a relevant case study.
The principles, which were presented at RightsCon 2019 in Tunis, act as a guide for policymakers, researchers and other key identity stakeholders involved in developing or evaluating digital ID projects.
The document opens with an essay from CIS, in which the authors propose a framework for evaluation metrics, alongside three fundamental tests against which to measure digital ID systems. The first set of tests relate to the legal frameworks surrounding the digital ID system. Evaluators should, CIS suggests, consider factors such as the legislative mandate for an ID system, the legislative aims, mechanisms for redress, and judicial oversight in place.
The second set of tests relate to user rights. Given that criticisms of digital ID systems have often centred around privacy violations, CIS recommends identity systems ensure any privacy infringements are necessary and proportionate, and that protections are put in place to limit access to user information.
Finally, CIS suggests risk-based tests be used to assess the potential costs and benefits of implementing a digital ID system. The document recommends that the level of risk be taken into account when designing systems, ensuring proportional governance where necessary, as well as mechanisms to prohibit or restrict the use of high-risk digital ID.
In the second essay, ITS Brazil build on the evaluation metrics above, by exploring circumstances in which digital ID should and should not be used. The authors recommend that ID systems are assessed based on how they add value – be it economic, market-driven, security-related or social. The guide also suggests that ID coverage should be inclusive, taking into account levels of digital literacy and trust in the system.
The final essay of the guide - written by CIPT, Kenya - poses the question: when should ID be used? By exploring the ongoing implementation of NIIMS in Kenya, the authors explore the importance of ensuring transparency and trust before introducing a digital ID system, given that these factors are key determinants of a system’s success. The authors conclude that: “transparency at each stage in the process of designing and implementing an ID system is critical, and that government should not pursue a system unless it is willing and able to do so openly.”