ID, Identity and Identification

The concepts of ID, identity and identification are not new. Throughout history various civilisations, and then more formalised government structures, have been counting and registering people. But the way they are now implemented have radically changed over time. Today, people's identity can be claimed by the individual, but it is also imposed and inferred by others. Whilst these have been traditionally managed through centralised systems which take the form massive databases, i.e. biometric identity systems, new forms of identity are derived from digital data trails and managed through unique identifiers to be used across platforms and services.

Industry is designing identity into their hardware and software to ensure that people can be identified across devices and services, even without their consent or awareness. The increased potential to generate and then exploit more data to track people across services and make determinations on their status and eligibility are inflating industry's ambitions and there are few able to curtail them.

Whilst motivated by aspirations for inclusivity and openness, the way digital identity systems are being designed and implemented have resulted in different forms of discrimination and exclusion. Discrimination in the physical world is replicated and even heightened when codified and managed in complex, inflexible structures, where the individual is merely a passive subject rather than an active participant.

Equipping people with a way to prove claims about themselves has become increasingly essential in society. Claiming who we are is not a neutral, risk-free action. An identity system should give people the ability to make and prove claims about themselves without divulging any unnecessary information to any party, free from concerns about being tracked, monitored, and having data exploited for commercial purposes.

We must reclaim how we claim our identities. Proponents of digital identity must consider the implications of deploying inadequate and poorly framed digital identity systems, and ensure they adopt a nuanced, informed and human-centred approach to digital identity. Adopters of digital identity must re-think their problem analysis and opt for the least intrusive mechanism for an individual to prove who they claim they are, and also ensure that this proof of claim but be used for the limited purposes and only when necessary; and suppliers of digital identity services need to be aware of the importance of selecting the most privacy-enhancing technology at every stage of the identity lifecycle, and the risks of not doing so.