Why online authentication matters
In the run-up to Switzerland’s national elections in October, the federal chancellery rejected plans to use an e-voting system. It wasn’t so much a security problem as the fact that the system was not entirely guaranteed to keep the votes secret. Ironically, the possibility of verifying votes was meant to stop third parties tampering with the electronic votes.
Building trust online is key to taking full advantage of the economic development possibilities offered by the internet age. Lack of trust makes consumers, businesses and administrations hesitant to carry out transactions electronically and adopt new services. However, the increasing uncertainties over people’s true online identity is a growing issue for enterprises, large organizations and governments.
Traditionally, authentication is a means for people to prove that they are who they say they are and thus gain access to services. There are a number of conventional credentials that citizens provide to establish their identity. When we want to open a bank account, when we use our employee badge to enter the workplace, when we show an identity document to vote at national elections, or even when we want to buy alcohol, we are asked to show credentials to prove our identity.
There is often doubt as to whether a digital identity is indeed a physical person. Furthermore, in the age of the internet of things, devices such as machines, cars and the servers that provide digital services will need clear and unique authentication.
In the offline days, governments were generally the primary issuers of the most trustworthy credentials for individuals, confirming identity attributes such as name, citizenship, date of birth, civil status. From a public policy point of view, the development of effective and efficient digital identity management enables the migration of economic and social interactions online, and creates trust-based digital services. Consequently, it seems that is also a government’s duty to provide a basic infrastructure for identity management online, which is no longer tied to a specific service, but a fundamental infrastructure on today’s connected world.
But as more services become connected, it is clear that providing the necessary identity infrastructure will change the way we and our governments deal with our sensitive personal data as well. Presenting a passport physically in order to get a document declaring one’s civil status ensures that one’s unique identifier remains with that person. Casting a written ballot in an anonymous envelope ensures breaking the paper trail.
However, virtualizing such processes requires the storage of unique identifiers within a more centralized database, administered by a third party, maybe a government itself. Since those unique identifiers should also cover a broad range of services – from voting to health documents and tax issues – the information attached to these identifiers will also have been connected in one way or the other. While this might make one’s life easier, with this shift come three main questions:
- How can such a collection and combination of personal data be technically secured?
- Do you trust your government – or any third party, for that matter – to take on such responsibility in the field of privacy in the first place?
- How is such information used and applied within an international context? In a world that relies increasingly on automatic exchange of personal information between states (such as the automatic exchange on tax-relevant information), it is vital to guarantee that only the necessary data is exchanged and such data is handled by the recipient only within the agreed framework of use. But then again, even if you trust your national “data escrow actor”, do you trust the one of another country?
At the end of the day, identity online must be a public good. Similar identity issuing principles should apply in the physical world as well as online. But secure identity management and authentication is an area that is very much in need of a breakthrough, also because of the questions raised above. There is, however, a plethora of reasonable questions on a technical, but also political and societal level, which won’t make a quick, elegant solution likely.
The fundamental political questions will have to be posed and discussed nationally. Businesses and governments should design and implement strategies that guarantee a universal infrastructure that enables online authentication, signing and encryption. But in the end, it must be the people who buy in to such an infrastructure.
The Summit on the Global Agenda 2015 takes place in Abu Dhabi from 25-27 October.
Author: Marc Henauer is Head of Reporting and Analysis Centre for Information Assurance, Melani
Image: REUTERS/Andrea Comas
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
The Digital Economy
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.