Why Should We Protect our Digital Identities?
The World Bank has defined Digital Identity as a collection of electronically captured and stored identity attributes that uniquely describe a person within a given context and are used for electronic transactions. Traditionally, a physical identity was assigned to an individual/entity in the form of ID-cards, ration cards, driver’s license, etc to facilitate movement of people, goods and services, funds and other resources. This ensured that an individual/ entity is who/what they claimed to be. With technological progressions, identity was digitised as interactions and transactions advanced to the digital medium through internet and computers. To adapt to this, attributes such as biometric details, phone numbers and social security numbers were electronically encoded to allow the identification of an individual or an entity in the world of internet.
Digital identity has had a significant effect on almost every sector and industry in the global economy. It has created transparency, traceability and coherence in the functioning of the economic order. Since it is easier to identify individuals within and across borders, governments can effectively provide welfare services, entities and individuals can promptly carry out financial transactions and people can undertake cross-border travels with lower risks.
Social inclusion is the effective outcome of having digitised identity systems. While infrastructure for digital identity are in place in most of the developed countries such as US, Canada and Europe, India launched the Aadhar card, in the largest identity program in 2016. The program aims to assign a vast majority of its population a unique nationally accepted identification and allow them easy access to certain essential services such as cooking gas, water connections, healthcare etc.
Digital identity has also evolved paperless transactions and streamlined business processes by simplifying identity authentication which earlier obstructed cross border trade and transfer of resources. Moreover, debit and credit cards, one click mobile payments has upped the performance of the financial sector.
Along the lines of verification, digital identity has ensured secured travel for legitimate travelers and further enhanced the travel industry. It has largely controlled travel threats which emerge from militant activities, civil wars, insurgencies and terrorism.
Another kind of digital identity was created when social media took over almost two generations under its wings with the advent of smartphones. With the ubiquitous nature of the cyberworld it has been impossible to stay aloof of Facebook, Twitter, Whatsapp, WeChat, Weibo, Renren and even LinkedIn to connect and interact worldwide. This identity is shaped by the online behaviour through interactions, clicks, games, purchases and searches.
In recent times, these activities have transformed as participants for e-commerce business serving us in return for advertisements based on our behaviour.
While we physically owned our ID-cards in the past and used it at our discretion for face-to-face authentication, the digitisation of identity managed to loosen this control. At every point of consent, we click “I agree” and place our private information in the hands of the service providers including the financial institutions, governments and private players such as social media companies, merchants, media application developers, various payment points etc. While a certain trust in the governments exists underlying the commitment to a social contract and their permanence, the use and store of our data encoded under a digitised identity remains ambiguous. Furthermore, we share private data across social media conversations, and believe that the information we provide at the time of signing up for these services is harmless — a fair trade for free use. However, virtual world activities have influenced more than just consumerist behaviour.
There are several instances which highlight that private information was leaked by compromising the security of digital identity systems. Snowden’s disclosures on NSA spying, Hillary Clinton’s use of private email servers, the alleged Russian hacking of the Democratic National Congress’s servers, the possible plundering of 500 million Yahoo accounts, the Aadhaar biometrics data breaches are developments that demonstrate that laws have unfortunately not kept pace with the technological developments. Another significant incident that stoked the data protection debate was the recent data breach at Facebook in the Cambridge Analytica incident, reportedly influenced the voting behaviour of hundreds of Americans in favour of the election of President Donald Trump in 2016. It is imperative to understand that digital identity entails majority of the risks that a physical identity card would.
The lack of legislation to protect digital identity systems and punish the violators renders us vulnerable to identity thefts, illegal transactions, cyber bullying, cyber-attacks, and even unlawful surveillance.
With the use of digital technologies across the world at an all-time high, and internet connectivity to reach over 200 billion devices to the internet by 2020, the vulnerabilities remain significant.
Amidst this, European Union recently implemented the “General Data Protection Regulation” to empower individuals with the rights to demand companies reveal or delete the personal data they hold. It has brought under its ambit almost every company that holds and processes consumer data and further inform the consumer what they are “blindly” consenting to.
Although this law extends itself over a vast area of jurisdiction, until other states implement the relevant legislations and build secured infrastructures, the risks to digital identity will persist. Individually, we can only secure ourselves by making informed choices about consenting to the varied services that the digital world offers.
Shivani Gayakwad is a Volunteer Researcher at One Future Collective and a researcher for Compliance, Forensics and Intelligence at Control Risks India. She has expertise in South Asian politics and interest in women’s menstrual health and financial independence.