Today, a small number of citizens around the world are lucky enough to use digital IDs thanks to a handful of governments that have put these programs in place. For many others, digital ID is just around the corner. Nevertheless, the decision to go for a digital ID program implicates many decisions that a government must make during the process. An example of one such vital decision is where the data of the citizens will be stored.
For example, a fraudster with access to another person’s digital ID might use it to purchase certain goods, receive certain services or perform a financial transaction. So, if this hacker manages to get access to an even larger set of citizens’ data, a huge amount of damage can be done in a very short amount of time.
Therefore, every government has to think about how to create the most secure operating environment for digital IDs. It has economic consequences, but it can also determine a country’s international reputation (think of the Aadhaar data breach scandal in India) or have an impact on the relationship citizens have with their government. It should be in every country’s best interest to store their citizens’ data in the safest place possible according to its purpose and legal framework.
In general, there are two storage options that a government should consider when making its decision. Let me introduce briefly each option and provide a risk evaluation:
Scenario 1. Everything in one place – the central database
In this first scenario, all citizens’ data is stored in one single place—typically in an internet-facing database. Any system where information is verified over the internet, and where the verification system already has the information to match against, is considered an internet-facing database. For the verification, the digital ID is retrieved from the database through the internet and checked with the information of the ID holder. For countries with a national register, and therefore a central database in place, such a scenario might appear attractive.
Running all verifications through a constantly high-performing system can be quite expensive. And, there is the topic of data privacy to consider—as one single government entity manages this database, it will be able to see all incoming requests. This will also be the case when verification capabilities will be given to the private sector. Therefore, every time a person purchases alcohol or accesses an age-restricted service with his or her digital ID, the ID will be verified and will become visible to the government entity. Even if the identity of the person remains unknown, some aspects will be revealed, such as the IP address or the number of verifications.
A central database with constant access to the internet would be an excellent target for hackers, and it is not a question of “if,” but “when” they would succeed in accessing the data. In that case, the private sector would also suffer the consequences, as they would not be able to continue verification.
Scenario 2. Each citizen owns his or her data – the citizen’s phone as data storage
In the second scenario, the smartphone becomes the only place of storage for the digital ID. In this case, the data on the phone can be updated from time-to-time, over the air. The frequency can be defined by the government itself.
The digital ID does not require any internet connection to be verified, which makes it less of a risk for hackers. Hackers would need to access an individual’s phone to retrieve the data. The damage that could be done is limited to an individual person, rather than millions of citizens. Furthermore, as verification can be done purely offline or peer-to-peer, operation costs can be better controlled.
The phone itself can remain a target for hackers, as it is managed and used in an uncontrolled environment. In cases where the phone gets stolen or lost, the digital ID needs to be retrievable from the phone and the digital ID re-issued on a new phone. The fact that the mobile app is remotely provisioned through the internet can also be considered a minor security risk. Fortunately, there are solutions to overcome that risk.
Multi-factor authentication is the key to better security
In addition to considering the safest place to store data, there is another side to the security story—the amount of information that is being verified in order to ensure that the digital ID holder is the legitimate ID holder. This can be done through various methods: a fingerprint and an iris scan, a fingerprint and a palm print, a fingerprint and the digital ID holder’s name, or a fingerprint and a password. This is what the industry calls multi-factor authentication.
But while more authentication means more security, this may impact other things. If extensive verification for identity, age, and multiple other factors is conducted every time a person wants to buy a bottle of beer from a kiosk, this could seriously influence the business of the kiosk and the citizen’s user experience. Multi-factor authentication only makes sense in highly sensitive environments.
The verification needs of the private sector vary depending on economic and social responsibilities
The location of data storage is not only a concern for governments that want to take great care of citizens’ data, but it is also an important issue when governments think about expanding digital identity solutions to the private sector by equipping it with verification capabilities. In this case, governments need to consider the different verification needs of the private sector.