CARTES: Digital identity - a social and economic challenge!
October 2013 by CARTES
Today, digital identity exists for all, in all its forms and meets a variety of needs. But insecurity on the Internet and the risk of identity theft are major obstacles to the development and optimal use of digital identities. Yet, the economic potential of the use of these identities is huge. According to a report by the Boston Consulting Group, the value created through digital identities could reach 1 trillion euros in Europe by 2020. The main challenge of the economy of digital identity is the desire to provide individuals, businesses and government organizations, secure and framed management of digital identity and personal data. CARTES Secure Connexions Event, which will take place from 19 to 21 November 2013 in Paris, recently released the results of an IFOP study dedicated to the protection of personal data and provides an inventory of economic and security issues related to digital identity.
Digital Identity at stake
A digital identity is an online or networked identity adopted or claimed in cyberspace by an individual, an organization or an electronic device (Technopedia). This identity is made up of characteristics or data attributes such as a username, a password, the date of birth or the social security number. A digital identity is linked to one or more digital identifiers, like an email address, URL or domain name.
Professor Saxby from the School of Law of the University of Southampton articulated what is at stake in saying that "in today’s digital environment the concept of identity is an issue of much greater complexity than it was in the days of the offline world. Our digital identity can exist in many forms and for many different purposes. Its existence on the Web becomes a currency that can be unscrupulously traded and abused. It has never been more important to protect the concept of "who we are".
In terms of digital identity management, key areas of concern are security and privacy. Because identity loss and theft are rampant on the Web, digital identity authentication and validation measures are critical to ensuring Web and network infrastructure security in both the public and private sectors.
Two-thirds of digital identity’s total value potential stands to be lost if stakeholders fail to establish a trusted flow of personal data. Given proper privacy controls and sufficient benefits, most consumers are open to sharing their personal data. To ensure that the flow of personal information continues, organizations therefore need to make the benefits clear to consumers. They also need to embrace responsibility, transparency, and user control. Important privacy considerations relate to data collection, data usage and storage, data minimization, anonymity, pseudonymity (the use of a ’false name’, a state of disguised identity), and the extent to which individuals have control over how their personal data is used.
A social and economic challenge
Solid identity management and strong credentialing practices are critical for governments, organizations and enterprises that must verify the identities of a wide variety of individuals— employees, business partners, emergency response officials and citizens as a whole.
As a result governments around the world are putting in place the legal framework to leverage strong identity credentials for eGovernment, eHealth and eCommerce and the use of these credentials is growing fast. Initiatives are taken all over the world to build digital identity and trusted credentials frameworks in cyberspace. Among many others: in the US the NSTIC (National Strategy for Trusted Identities in Cyberspace), a White House initiative calling for the development of an ’Identity Ecosystem’; in Europe surveys about electronic Identity and Authentication Systems by the ENISA (European Network and Information Security Agency); in France Idenum, a company supported by the government for the establishment of a common framework and universal digital identity solutions…
Applications that leverage digital identity and personal data boost economic efficiency, help focus research and marketing efforts, and spur the creation of personalized products and services that, in turn, spur revenues. For consumers, the benefits are compelling too as products and services are better suited to their specific needs and requirements. Digital identity is therefore relevant to the economy as a whole. According to a recent BCG report, six major trends can be assessed in digital identity applications: process automation, user enablement, personalization, enhanced delivery, personal data-driven R&D, and secondary monetization. These applications are relevant to any type of industry, even if the public and health care sectors are expected to profit the most of it.
Huge business opportunities
How to assess the value of digital identity? It’s not that easy as it amounts to what value consumers place on their personal information and how they make decisions about whether or not to share it. The above-cited BCG report shows that the value created through digital identity can be massive: €1 trillion in Europe by 2020, or roughly 8 percent of the combined GDP of the EU. This figure can obviously be challenged but the possible uses of digital identity undoubtedly know almost no bounds. The most emblematic are public services and health, mobile and financial services, retail, e- commerce, Web communities…not to mention the digital format of classical identity and travel documents such as passports, drivers’ licenses or ID cards.
Faced with such business opportunities, activities and companies providing digital identity-related technologies and services are mushrooming everywhere in the world, from trusted devices suppliers to third party service providers. With regard to the technology which best matches digital identity requirements for security and privacy, smart cards/smart tokens clearly stand as the most able to protect and manage digital identity and personal data. Smart card technology is globally recognized as the most appropriate technology for identity applications which must meet certain critical security requirements, including: authenticating the bearer of an identity credential when used in conjunction with personal identification numbers (PINs) or biometric technologies; protecting privacy; increasing the security of an identity credential; implementing identity management controls.
Whatever the environment - a stagnant or dynamic economy, digital identity is a growth driver and a provider of tremendous business opportunities…if it is handled in a thoughtful and balanced way. Security and privacy will increasingly become an area of competitive differentiation as and when people show confidence in the way their personal data is managed. The ultimate word therefore is trust, a word – and a field of knowledge - that should pave the way to success for the smart security industry…
The management of the digital identity lifecycle consists in a range of key processes:
. Registration and/or enrolment: in order to be known by the system, the individual must first register with it and the conditions related to his/her identity or identity attributes must be checked so he/she can be provided with a set of credentials . Authorization: appropriate permissions and privileges to access the organization’s resources must be assigned to the individual . Authentication: to access resources, the individual makes an identity claim that can be verified: he/she logs into the system with the credentials provided during the registration process. This authentication process establishes confidence in the user’s identity . Revocation: when the individual is not associated anymore with the system, a revocation process must take place whereby his/her credentials are rescinded.
Did you know ?
German bank customers can now use their new ID
card to withdraw cash from an ATM
In the UK, 61% of consumers would trust the government to look after their digital identity data
Over 100 states and economies are issuing ePassports in 2013 and almost 500 units have been issued worldwide
Depending on the successful rollouts of electronic identities, the digital economies of European countries could account for up to 8% of GDP by 2020