Governments attempting to stand up digital identities are aiming at a moving target, between the evolving expectations of citizens, maturing technologies and emerging interoperability requirements. But as Gartner Director Analyst Arthur Mickoleit said during a webinar on “Government’s Role in Getting Digital Identity Right,” to hit that target they must avoid falling for a few persistent myths.
Mickoleit began by speaking in general terms about civic digital ID, stating that it tends to be siloed, with low adoption rates hindered by a lack of utility and connected services. It also tends to be centralized and prone to breaches, he says, leaving negative perceptions and weak public trust.
He described a common architecture based on the delivery of a specific identity for a single public service. This is being supplanted by what he calls “identity 2.0,” which consists of digital identities, single sign-on (SSO) services, bring-your-own-identity (BYOI) and federated approaches.
Fragmentation often results, he says.
Some governments have begun attempting to connect these siloes. He gives Brazil’s gov.br and FranceConnect as examples. In other places, like Europe’s Nordic countries, the same digital identity is used for access to banking and government services.
Mickoleit addresses the perception that “digital identity won’t work in big countries and complex governance systems,” which he describes as “a very sticky myth.” Countries like Estonia and Singapore provide ready examples of effective digital ID for access to government services, and sometimes private services. By contrast, around 20 percent of Germans use that country’s digital ID, even though it was launched a decade ago. Recent successes in Brazil, France and Philippines have joined India as counter-examples to the narrative that digital identity works best in small nations.
Governments have found that the approach that works for them may be different from that of a neighbor, whether it is the decision to base the system on a physical ID card with an electronic chip, or on identity federation.
FranceConnect “is actually not a single digital identity by a single digital identity provider. No: France Connect is like an umbrella scheme” with different identity service providers, Mickoleit explains.
All government services, requests and forms in France are now available through FranceConnect. The Connexion explains in an article this week how FranceConnect interacts with its digital identity provider partners, including France Identité, Identité Numérique La Poste, YRIS (from IDnow) and TrustMe, which joined this year.
This brings up private-sector digital identity initiatives, either coordinated with governments or accredited by them.
Mickoleit talked about the usability, service availability and trust factors behind adoption. Italy is a good example, he says, with 40 million app downloads for government service access leading to 39 million digital IDs registered, supporting millions of online payments in 2023. “Synergies between experience, identity and payments” represent a major opportunity for governments to drive adoption, he says.
The emergence of decentralization
While “identity 2.0” is about piercing through siloes, Mickoleit says “identity 2.5” represents a move from siloes to ecosystems.
This goes beyond online logins and authentication, extends to businesses and other legal identities, involves the private sector more heavily, and also gives users more control over their own data, he says.
Digital identity wallets are an enabling technology for this new version of ID, and can provide support for use cases like enterprise workforce mobility, which combine the private sector, legal entity, and attribute capabilities of the system. The UK’s NHS is trialing this kind of application for healthcare workers who transfer between Trusts.
Through verifiable credentials, those digital identity wallets should become interoperable, eventually.
Another myth addressed by Mickoleit is that digital wallets, which store credentials, and mobile driver’s licenses (mDLs), which are credentials, are the same thing.
Super-apps, by combining identity with payments and other services on a single, convenient platform, are being successfully used by some governments to provide the synergies that Mickoleit says lead to high adoption.
Whatever form digital identity is used in, it is often regulated through a trust framework, based on international standards, he points out.
The final myth addressed by Mickoleit is that a persistent unique identifier is necessary to make digital ID work. “Whether or not, in the back end, government information systems store all the information regarding ‘Arthur’ with a unique identifier, an alphanumeric string, whether or not they do that is not directly related to the use of digital identity.”
Persistent unique identifiers may make things easier, and many countries use exactly that kind of system, but others do not, and they would even be considered unconstitutional in France and Germany.
For the next couple of years, Mickoleit says, governments and businesses will need to be prepared for the coexistence of centralized and decentralized digital IDs.
Article Topics
consumer adoption | decentralized ID | digital ID | digital identity | Gartner | government services | regulation | verifiable credentials
