Noémi lives in France. She needs to file her income tax return and — since she’s already doing “admin stuff” — she also checks the status of her healthcare reimbursements and signs up on the local electoral list. FranceConnect allows Noémi to access the public services needed to complete these tasks using a single logon.
Noémie’s story is a clear example of how digital identities can make citizens’ lives and interactions with government agencies easier.
By 2023, at least 80% of government services that require authentication will support access through multiple digital ID providers
“Governments have long been investing in digital identity and authentication methods to make sure citizens can easily, securely and legitimately access public services,” says Arthur Mickoleit, Senior Principal Analyst at Gartner.
“But success has so far been very patchy,” says Mickoleit. “In some Nordic countries like Norway or Sweden, almost the entire population uses digital citizen IDs. Other countries, such as Australia, Germany or the U.S., have long tried to establish a system, but have not succeeded for reasons that often revolve around an overly bureaucratic culture, which leads to an underperforming customer experience.”
To create a working and successful digital citizen IDs, government CIOs must focus on three things: governance, technology and user experience.
Government CIOs whose agency provides a digital service have to choose between two models:
- Manage the entire identification and authentication process in-house
- Turn to a growing list of digital identity service providers (IDSPs).
It’s become clear that the better option, in most cases, is to use one or more third-party IDSPs. This allows government agencies to focus their limited capacities on their core business: providing citizen services. And it reduces the “clutter” citizens perceive when having to deal with multiple logins for different institutions.
“By 2023, at least 80% of government services that require authentication will support access through multiple digital ID providers,” Mickoleit says. “Citizens can then use the digital identity of their preference to interact with government agencies instead of having to manage single-purpose identities for each agency.”
As ID technologies become more widespread and affordable, they can accelerate social inclusion of the estimated 1 billion people worldwide that currently have no formal means of identification
However, governments must keep in mind that there are different options for outsourcing digital identity provisioning — from government-issued digital IDs over those issued by companies to combined approaches like FranceConnect. Each option has its pros and cons.
For example, when commercial IDSPs gain greater control over citizen identities and potential insights into their use, privacy concerns will arise. Government CIOs must find a balance between the benefits of faster takeup when partnering with the private sector and potential clashes between the interests of different stakeholders.
Government and citizen expectations around digital identity can be difficult to balance. Government CIOs prioritize a high level of security to ensure citizens are who they claim to be when they access a service. Citizens, on the other hand, mostly want easy and convenient access.
In the past, many governments favored caution over convenience, which often resulted in very secure systems that were difficult to use. Only the most tech-savvy citizens took on the challenge, while everyone else stuck with the traditional, analog points of access.
The three canonical authentication factors — knowledge, token, biometric trait — will continue to be a part of identification and authentication processes
To balance security and convenience, government CIOs should take a more flexible approach and ensure levels of security are specific to the service offered. For example, booking an appointment should require less rigid security measures than declaring your taxes, let alone casting an online vote in national elections, as you can do in Estonia.
Governments need to understand that secure design of identities is not only a technology matter. The recent incidents of digital ID misuse in Estonia were mostly a mix of phishing and social engineering, which needs to be anticipated. Government agencies should run campaigns that sensitize people to the fact that digital identities are becoming as valuable and important to protect as analog identities.
Technologies for digital identity are evolving at a rapid pace. This means that government CIOs must factor change into their technology choices, but also provide a form of continuity for their users.
“The three canonical authentication factors — knowledge, token, biometric trait — will continue to be a part of identification and authentication processes. They are established, secure and constantly evolve in their availability, as you can currently see with biometric sensors,” says Mickoleit.
Nonetheless, it’s critical that government CIOs stay on top of how security and user convenience profiles evolve over time. For example, the standard two-factor authentication methods with SMS-based transaction codes are now being replaced by dedicated code generator apps for more secure and convenient access.
In the future, blockchain approaches might provide even better privacy and user control over identity. And as ID technologies become more widespread and affordable, they can accelerate social inclusion of the estimated 1 billion people worldwide that currently have no formal means of identification.