Over the last few years, I have approached digital identity(ies) from a particular perspective, concentrating on the different types of digital identities that we have (none of us has a single identity, when you think about it), and the usefulness of these identities for various purposes, including purposes in which the identity of the person must be well established.
I have also noted the wide list of organizations that have expressed an interest in digital identity. Because of pressing digital identity needs, many of these organizations have moved forward with their own digital identity proposals, although now they are devoting more effort to ensure that their individual proposals play well with the proposals of other organizations.
Enter the United Nations (or part of it)
Well, let’s add one more organization to the list of those concerned about digital identity: the United Nations.
Although actually “the United Nations” is in reality a whole bunch of separate organizations that kinda sorta work together under the UN umbrella. But each of these organizations can get some oomph (an international relations diplomatic turn) from trumpeting a UN affiliation.
So let’s look at the Better Than Cash Alliance.
Based at the United Nations, the Better Than Cash Alliance is a partnership of governments, companies, and international organizations that accelerates the transition from cash to responsible digital payments to help achieve the Sustainable Development Goals
Note right off the bat that the Better Than Cash Alliance is not focused on digital identity per se, but digital payments. (Chris Burt of Biometric Update notes this focus.) Of course, digital payments and digital identity are necessarily intertwined, as we will see in a minute.
Enter the Sustainable Development Goals
But more importantly, digital payments themselves are not the ultimate goal of the Better Than Cash Alliance. Digital payments are only a means to an end to realize the United Nations Sustainable Development Goals, issued by a different UN organization.
Because of its primary focus, the Better Than Cash Alliance concentrates on issues that I myself have only studied in passing. For example, I have concentrated on the issues faced by people with no verifiable identity, but have not specifically looked at this from the lens of Sustainable Development Goal number 5, Gender Equality.
Principle 2 of the UN Principles for Responsible Digital Payments (October 2021 revision)
For this post, however, I’m going to focus on the digital identity aspects of the Better Than Cash Alliance and its report, UN Principles for Responsible Digital Payments (PDF), which was just updated this month (October 2021).
One of the key factors outlined in the report is “trust.” Now trust can have a variety of meanings (including trust that the information about my identity will not be used to throw me into a terrorist concentration camp), but for my purposes I want to concentrate on the trust that I, as a digital payments recipient, will receive the payments to which I am entitled.
To that end, the revised principles include items such as “ensure funds are protected and accessible” (principle 2), “champion value chain accountability” (principle 9), and other principles that impact on digital identity.
The introduction to the discussion on principle 2 highlights the problem:
A prerequisite of digital payments is that they match or surpass the
qualities of cash. All users rightly expect their funds to be safe and readily available, but this is not always the case. The causal factors behind this are multiplex.
(“Multiplex”? Yes, this document was written by government committees. Or movie theater owners.)
To avoid the multiplexity of these issues, one offered response is to “proactively track and protect against unauthorized transactions, including fraud and mistakes.” This can be done by several methods near and dear to us in identity-land:
Advocate for appropriate security controls to mitigate transaction risks (e.g., biometric security,34 two factor authentication,35 limits on logins or transaction amounts,36 creating “need-to-know” administrative privileges for interacting with client data).
Now most people who read this report aren’t interested in the footnotes. But I am. Here are footnotes 34, 35, and 36 from the document.
34 Examples include the use of biometrics in India’s Aadhaar identification system, and UNHCR’s use of iris technology to distribute cash to refugees in Jordan
35 See EU PSD2 Articles 97–98, Ghana’s Payments Systems and Service Act, 2019 (section 65(1)), and Malawi’s 2019 e-Money regulations (section 17)
36 India Master Direction on Prepaid Payment Instruments, Section 15.3
Of course the report could have cited other examples, such as the use of fingerprints for benefits payments in the United States in the 1990s and 2000s, but I’m sure that falls afoul of some Sustainable Development Goal.
Although it’s harder to criticize a UN entity, such as the aforementioned UNHCR, when it uses biometrics.
Or maybe it isn’t that hard, when you think about Access Now’s criticisms of the UNHCR program.
Refugees should not be required to hand over personal biometric data in exchange for basic needs such as purchasing food, or accessing money. However, iris scan technology supplied by UK-registered company, IrisGuard, is reportedly being used by the World Food Programme (WFP) and the United Nations High Commissioner for Refugees (UNHCR) in refugee camps and urban centers in Jordan.
Based on reports suggesting the absence of meaningful consent, and an opaque privacy policy, Access Now has serious objections to the lack of transparency and privacy safeguards around this precarious tech rollout.
Wow. Jordan is as bad as Illinois. Maybe Jordan needs a BIPA! Hope their doorbell cameras aren’t a problem…
So while the Better Than Cash Alliance is focusing on other things, it’s at least paying lip service to some of the stronger identity controls that many in the identity industry advocate.
Of course, it’s outside of the scope of the Better Than Cash Alliance to dictate HOW to implement “appropriate security controls.”
But anything that saves the whales AND the plankton (and complies with BIPA) will be met with approval.
Bredemarket 