Policy Paper:
Participant Work

The identity management landscape is complex and its challenges are high-stakes. Numerous national governments use or are developing digital identification systems. International organizations such as the World Bank support the adoption of these systems as well as the development of technical standards and norms. Digital identification is an increasingly indispensable role in the modern economy - enabling the operation of online banking and financial services, e-commerce, travel, mobile networks and telecom operations, and countless other services - and the private sector is highly involved in the development of identification technology and policy. NGOs, global foundations, and other civil society organizations are also influential. Finally, the general public is increasingly engaged with issues related to privacy, whether through consumer choices or political activity. All of these constituencies have different priorities and there are competing perspectives on various aspects of digital ID.


Participants in the policy output track produced a resource for leaders in either government, the private sector, civil society, or another category that is actively working on issues related to digital identity. 

Nick Gates, Janaina Laurent Costa, Anh Le, and Pavel Nabutovsky

As governments work to establish national digital identity systems, there are many risks related to their issuance and implementation. For this reason, there is a distinct need to understand how those risks pose threats to discrete organizational personas, and to create more rigorous, actionable, and practical guidance for technologists and civil society to understand and evaluate threats associated with national, government-issued digital identity systems, in order to help reach and educate others on the threats they face. Our project aims to provide policymakers with an analytical wiki that introduces the concept of “threat modeling” as a process for capturing and organizing a system’s security information. The resulting threat model, which can be updated and expanded over time, will enable Service Providers, Policymakers, and Advocates to consider and mitigate potential threats at various different stages of the identity lifecycle. We hope the tool can prompt a conversation in the sector on threat modeling and has the scope to grow and expand over time

Mariana Rozo-Paz, Jack Smye, and Sourav Panda

Systems of digital identity are emerging in nearly every part of the world as a means of transitioning societies more and more into a digital future – there is an ere of inevitability to it and it seems almost certain that these systems will impact nearly every person on the planet. While there is without question significant benefits that can be had by these developments, it should be stated very clearly that these benefits are far from a certainty for everyone. Indeed, one of the most important questions we must continuously ask is with the way these systems are being developed, who will truly benefit and who will be excluded; though it should also be explicitly stated that the process of exclusion inevitably exacerbates discrimination and the exploitation of vulnerable populations. Our team wanted to address this question directly by developing a framework of recommendations for good practices that ensure systems of digital identity are developed with an inclusive mindset with the benefits of digital identity being accessible by all. But rather than creating our own set of recommendations, we chose to explore and synthesize what has already been created by a variety of individuals and organizations (some of whom are doing incredible work).

Sophie Bennani-Taylor, Elena Casale, Vanessa Gathecha, Cristina Timón López, and Charlie Smith

This short booklet, aimed at policymakers and industry professionals, seeks to provide an accessible introduction to the concept of discretion as applied to digital identity systems. Discretion is currently under-researched in the identity debate, and with this booklet we hope to illustrate why the concept is deserving of greater attention. We first unpack the concept of 'discretion' as it relates to digital identity, before illustrating the implications of technological systems on identity through the case study of an automated welfare system in Michigan. Next, we consider some of the benefits and harms of discretion in digital identity, before analysing current and emerging regulatory frameworks across three geographic contexts: the EU, Kenya, and the UK. We conclude with some recommendations about how to better account for discretion and individual freedoms in the design of digital identification systems.
Digital ID Systems are all too often designed and implemented without a recognition of local realities and without the consultation of key stakeholders including minoritized communities. The project output is an interactive tool in the form of a secure informative online quiz that allows minoritized communities to determine their risks in relation to Digital IDs and find solutions to mitigate the identified risks. This output provides a more engaging method to designing policy that captivates the audience while discussing Digital IDs in a simplistic manner. This tool provides individuals with both resources to help them understand and mitigate risks as well as any local organisations that may be able to support them. Additionally, it provides organisations with policy and advocacy oriented recommendations and potential solutions to addressing the risks and harms of digital IDs.