Photo: Rodrigo Abd/AP/Shutterstock

‘Design Your System Knowing it's Going to Fail’

As recent events in Chile, Hong Kong, and Barcelona show, the constructs of democratic society are fragile and require constant, proactive effort by digital identity practitioners if they are to uphold principles of privacy and inclusion. Tom Fisher of Privacy International talks to Marisol Grandon and gives notes to those on the frontlines of the industry

Recent protests around the world in Chile, Hong Kong, Barcelona and beyond belie a deep-seated rage with the status quo. Jack Shenker of the Guardian claims the wave of protests is being led by children of the financial crash, although there are plenty of signs of a cross-generational effort. “I’m not afraid of dying. I’m afraid of retiring,” read one man’s placard. In Santiago last fall, almost 5% of the population took to the streets, and the ongoing, violent response from the state has left many in shock. Chile holds vivid memories of military coup and dictatorship, and it remains bitterly divided. Now, economic inequality has driven many protesters to the point of no return.

Events in Chile have moved very quickly, and state actions are under investigation from human rights observers such as Amnesty International and the United Nations. But unlike conflicts of the pre-digital age, technology is now playing a major role in the power dynamic. As with the Arab Spring, social media in these protests provides rapid, citizen-focused, documentary evidence of incidents. And many states have access to new and powerful digital identity systems which are replacing paper-based systems. In Chile, this centers around the all-powerful RUT (Rol Único Tributario), the unique tax number shown on Chilean ID cards. In Hong Kong, protesters cover their faces with masks to evade facial recognition surveillance.

Meanwhile, the far-right government of Brazil blithely advertises for a data governance director. According to Angelica Mari of Brazil Tech: “Working in the digital government unit, which operates under the Ministry of Economy, the scope for the new head will include data governance, systems interoperability, as well as themes related to data security and privacy.”

Tom Fisher is a research officer at Privacy International. Fisher works with a network of partners in Latin America, Africa, and Asia to build evidence bases, run investigations, and hear concerns from citizens. From Pakistan to Morocco, in Privacy International’s words, these investigations “set out to understand what data-intensive systems can bring to societies as well as identify the risks and challenges so as to enable them to effectively promote and inform relevant debates”.

Privacy International works with organizations around the world, in Latin America, Africa, Asia, many of whom are working on these issues. At any given time, they are investigating, litigating or advocating with governments on topics surrounding identity and how it's used.

“[Our] international network at Privacy International gives us the view from partners on what kind of issues they are facing. For instance, our partners in Indonesia are concerned about private sector having access to different state databases.”

Fisher conducted a research project in Chile last year, and has since worked with partners such as Datos Protegidos on the widespread use of the single ID number across all of society, and has been running campaigns in the country on the issues they raise.

“In Chile, [the single ID number] is such a ubiquitous part of everyday life,” he says in an interview before the recent protests. “In the research project, I looked at people who didn’t have an ID, such as migrants and people in those kinds of situations. The sheer issue of not having an ID - it puts you out of getting bank accounts, employment. You’re constantly reminded of that fact, in every shop.”

“It wasn’t necessarily a deliberate policy of the state to exclude, but it was also part of the bureaucratic issues, because there were such a large number of migrants from other countries in South America.”

“The bureaucracy was really struggling to cope with that. So a process, which was to take a day or two, was now taking six months or longer. That’s another fact to bear in mind with private sector schemes. Situations change. Political situations change.”

Photo: Shutterstock / 1000 Words

However you build a system, it’s unlikely to be able to cope with all conditions at all times

In the Privacy International article Exclusion and identity: life without ID, they expand on the pressures of immigration in Latin America: “The region faces an unprecedented challenge; including the at least 2.3 million Venezuelans who have emigrated since 2014. This has put pressure on the migration systems of many countries in Latin America, including Chile. There are reports that things like getting ID cards are taking a lot longer. Challenges like this can affect the ID system – for example, by overburdening the immigration bureaucracy, preventing people from getting the documentation to which they are entitled. In Chile, this – combined with the ubiquity of the RUT – places immigrants in a devastating position.”

Fisher alludes to the fact that however you build a system, it’s unlikely to be able to cope with all conditions at all times. In the pursuit of Good ID, Fisher therefore advises those on the frontlines of policy, technology, and practice around digital identity to design for failure.

“When thinking about what Good ID looks like, you have to think and design your system knowing it’s going to fail; knowing that there are going to be people who won’t be able to access systems for various reasons, that there will be security breaches, or technical failures. There are going to be political failings. There is going to be a time when the person in charge of the system is someone looking to use it for abuse.”

Practitioners, therefore, need to be on the front foot with design and iteration, with listening and learning, in perpetuity, he argues.

“The perspective should be ‘OK, how do we reduce the impact of it not working? What other routes could be in place to do this? Are they active and actually ready and in place to help people now?’”

“It’s often the most vulnerable who are most affected and excluded by these systems.”

So if fail-fast is the culture we should be aiming for, does Fisher see any pockets of excellence or cause for optimism in the pursuit of Good ID? Even since the interview, we have seen a major deterioration of the political situation in Chile for instance. People working in this industry are often so aware of how close to dystopia we are.

“What’s been really exciting for me is seeing the work done by civil society working on digital identity schemes,” says Fisher.

“Recently in Kenya, we have a case brought by the Nubian Rights Forum against the system. Civil society is rapidly developing the skills and knowledge surrounding ID systems. The sophistication of knowledge has developed really quickly. They understand the system and the context, and how it links with communities. It's been amazing.

“There has been a deep level of debating. I think that's the optimistic part of this picture.”

Fisher’s optimism comes particularly from grassroots organizations, often people who are affected most by new schemes. Despite the challenges, he is resoundingly optimistic and inspired by how fast rights organizations are learning about the industry.

“It is often the case that identity systems are sprung on human rights or digital rights organizations. They have to get up to speed very, very quickly, especially on the technical knowledge. I just wish more governments and humanitarian organizations would listen and engage with these kinds of groups, but sadly that is often a limited engagement.”

Engaging the public and more civil society groups is fundamental to the democratic process surrounding digital identity systems

Photo: Mark Schiefelbein/AP/Shutterstock

Beyond civil society, what other developments does Fisher think practitioners should look at for inspiration on Good ID?

“There's a reliance in a lot of systems on a single identifier, by a single number that identifies everyone in the population,” he says, “which was an excellent way of linking together multiple databases where it's stored and where it's held, both in government and increasingly in the private sector as well.”

“But we see places where this is prohibited, in Germany and in Portugal, I believe. When they emerged from dictatorship from totalitarianism, they understood the dangers of these kinds of schemes linking everything to a single number. So it's prohibited to have that one number across the board that sticks together all aspects of an individual.”

“Now also, we see some of the kind of technical solutions introduced into Aadhaar (in India), still a very imperfect system, but things like tokenization, where you don't have the same ID number across different databases, different organizations - it’s a kind of protection.”

Fisher believes regulation still has a long way to go to protect citizens and there is huge potential.

“Regulation can play a role, if you've got a strong data protection regulator. In Singapore, there was a prohibition on private companies using ID numbers without a legal basis. So, in the context of a place which has a strong data protection regulator, they can put in place things, which can mitigate some of the risks.”

“If you're in a context where biometrics is appropriate, [it might be useful to move] towards having the biometrics stored on a smart card. For instance, UK passports have a chip for the biometric photograph, but that's stored within the passport, instead of having a centralized biometric database that leaves it open to many forms of abuse. We have to recognize that these aren't solutions to every scrap of problem with biometrics, but there are all kinds of technical solutions that are in place.”

However, in order to see substantial movement toward Good ID, Fisher believes public engagement on a massive scale is required. “The challenge is that what we've seen around the world, is the lack of any kind of policy debate and the democratic process when introducing ID systems has been often limited. The level of public engagement can be extraordinarily limited. It has to be pushed through parliament, [and that can quite often be] a system that’s introduced with no legal basis and no law to start with.”

Fisher believes that the challenge of engaging the public and more civil society groups is fundamental to the democratic process surrounding digital identity systems. As the industry evolves, so does the world. One thing is certain: breaking out of industry silos isn’t simply a nice to have, it is totally necessary for functioning democracy in the 21st century.