- Chapter
- First Online: 30 June 2021
- 1244 Accesses
- 2 Citations
Abstract
Many smart contract applications—or more precisely blockchain-based digital ledger technologies (DLTs) proliferate. And yet, without accounting for the identity dimension and the different authentication regimes, there is little chance that these technologies will gain widespread use, and their disruptive innovation potential will not be realized. A growing number of digital interactions in which we engage online require more trust and more security; choosing the right identity technologies and data policy safeguards is an important policy choice. Digital wallets are part of our proposed solution: based on disposable identities tied to events and timelines. We explain why identity technologies matter. We describe the communication network architectures and functionalities. We show how EU Treaty legislation safeguards the important elements of this identity framework. We give examples of self-sovereign identity, and other solutions adopted by EU Member States. We conclude that successful deployment requires an EU legislative and regulatory framework fit for the digital society. The digital identity problem starts from the perspective of serving half a billion individual citizens, and inclusion requires public policy that strongly supports it.
Personal views hereby presented are the authors’ only, and should not in any way be construed as to represent an official position of the European Commission.
This is a preview of subscription content, log in via an institution.
Notes
- 1.For the purpose of this chapter’s discussion, unless further specified, any reference to “Digital identity” refers to the generic definition of a computerized record of who a person is, stored in a registry.
- 2.Consolidated version of the Treaty on European Union, TITLE I—COMMON PROVISIONS, Article 3 (ex Article 2 TEU) OJ C 202, 7 June 2016, pp. 17–17.
- 3.McKinsey. “PSD2: Taking Advantage of Open-Banking Disruption,” January 2018. https://www.mckinsey.com/industries/financial-services/our-insights/psd2-taking-advantage-of-open-banking-disruption.
- 4.Initially due to be implemented on October 1st 2020, the enforcement of the RealID requirement is delayed by a year following a decision of President Trump made in the context of the Covid-19 crisis. Transportation Security Administration. “REAL ID.” Accessed April 16, 2020. https://www.tsa.gov/real-id.
- 5.Signal. “What Is Customer Identity?” Accessed February 20, 2020. https://www.signal.co/resources/what-is-customer-identity/.
- 6.”Why Google Poses a Serious Threat to Democracy, and How to End That Threat” Testimony by Robert Epstein, Ph.D. (re@aibrt.org) Senior Research Psychologist, American Institute for Behavioral Research and Technology Before the United States Senate Judiciary Subcommittee on the Constitution Tuesday, June 16, 2019.
- 7.See for example: PricewaterhouseCoopers. Digital identity: Changing the way financial institutions connect with consumers [Internet]. PWC India. 2018, Available from: https://www.pwc.in/consulting/financial-services/fintech/fintech-insights/digital-identity-changing-the-way-financial-institutions-connect-with-consumers.html—an overview of the benefits of Digital Identity for the financial sector, where the word “consumers” in the title is the only reference to human individuals behind the Digital Identity.
- 8.Renieris EM. An Identity Layer for the Web Would Identify Us Everywhere [Internet]. CoinDesk. 2019 [cited 2020 Jan 12]. Available from: https://www.coindesk.com/an-identity-layer-for-the-web-would-identify-us-everywhere.
- 9.“5 Symptoms of Engine Immobilizer Problems.” CarTreatments.Com (blog), March 13, 2019. https://cartreatments.com/car-immobilizer-systems-function-and-bad-symptoms/.
- 10.Independent.i.e. “This Man Was Locked out of Home When His Smart Doorbell Thought He Was Batman,” September 18, 2018. https://www.independent.ie/world-news/and-finally/this-man-was-locked-out-of-home-when-his-smart-doorbell-thought-he-was-batman-37329890.html.
- 11.Ratcliffe, Rebecca. “How a Glitch in India’s Biometric Welfare System Can Be Lethal.” The Guardian, October 16, 2019, sec. Technology. https://www.theguardian.com/technology/2019/oct/16/glitch-india-biometric-welfare-system-starvation.
- 12.An early version of this “backroom” surveillance scoring already exists between the largest retailers in the US as was revealed through a petition by a consumer watchdog org. To the FTC and letter to the NY Attorney General in 2019 “As the enclosed petition explains, at least 11 tech companies—none of them known to Americans, much less household names—are applying secret algorithms to tens of thousands of pieces of private information about each American to create a variety of scores that enable corporations to overcharge, mistreat or even refuse to do business with those with poor scores” representconsumers.org. “Secret Surveillance Scoring: Request for Investigation and Enforcement Action,” September 11, 2019. https://www.representconsumers.org/surveillance-scoring/.
- 13.Georgetown Journal of International Affairs. “It’s Now Aadhaar with Caveats,” February 15, 2019. https://www.georgetownjournalofinternationalaffairs.org/online-edition/2019/2/15/its-now-aadhaar-with-caveats.
- 14.See Engelmann, Severin, Mo Chen, Felix Fischer, Ching-yu Kao, and Jens Grossklags. “Clear Sanctions, Vague Rewards: How China’s Social Credit System Currently Defines ‘Good’ and ‘Bad’ Behavior.” In Proceedings of the Conference on Fairness, Accountability, and Transparency, 69–78. FAT* ’19. Atlanta, GA, USA: Association for Computing Machinery, 2019. https://doi.org/10.1145/3287560.3287585.
- 15.Sukumar, Arun Mohan. “Governance by Technical Standards: Do Digital Id Platforms Re- Order or Reinforce International Relations?” ORF, November 6, 2019. https://www.orfonline.org/expert-speak/governance-by-technical-standards-do-digital-id-platforms-re-order-or-reinforce-international-relations-57367/.
- 16.Including The UNHCR, World Bank, World Food Programme, Consumers International, Omidyar Network, the Linux Foundation, FIDO Alliance, GSMA, Hyperledger, ID2020, Open Identity Exchange, Sovrin Foundation, World Identity Network, Accenture, Barclays, Deutsche Bank, Mastercard, Microsoft, Sedicii and Visa.
- 17.World Bank. “UFA2020 Overview: Universal Financial Access by 2020,” October 1, 2018. https://www.worldbank.org/en/topic/financialinclusion/brief/achieving-universal-financial-access-by-2020.
- 18.https://www.worldbank.org/en/topic/financialinclusion/brief/achieving-universal-financial-access-by-2020.
- 19.https://blogs.worldbank.org/digital-development/joining-forces-make-ids-accessible-all.
- 20.See for example Soederberg, Susanne. “Universalising Financial Inclusion and the Securitisation of Development.” Third World Quarterly 34, no. 4 (May 1, 2013): 593–612. https://doi.org/10.1080/01436597.2013.786285.
- 21.Under SDG 16 The World Bank leads and coordinates activities aimed at Target 16.9—by 2030 provide legal identity for all.
- 22.World Wide Web Foundation. “Digital ID Tech Must Be Transparent If It Is to Work for Citizens,” August 28, 2019. https://webfoundation.org/2019/08/digital-id-tech-must-be-transparent-if-it-is-to-work-for-citizens/.
- 23.“Digital IDs Make Systemic Bias Worse.” Wired, February 5, 2020. https://www.wired.com/story/opinion-digital-ids-make-systemic-bias-worse/.
- 24.Burt, Chris. “Digital Identity Gets Mediocre Marks in Annual Progress Report.” Biometric Update, February 8, 2019. https://www.biometricupdate.com/201902/digital-identity-gets-mediocre-marks-in-annual-progress-report.
- 25.Such as the https://fidoalliance.org/ which Apple joined in 2020 or ID2020 which includes Microsoft, Open Identity Exchange, or Kantara.
- 26.De Nederlandsche Bank. “DNBulletin: BigTech Companies Increasingly Active in European Payment Markets,” June 4, 2019. https://www.dnb.nl/en/news/news-and-archive/DNBulletin2019/dnb384278.jsp.
- 27.Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance).
- 28.Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Pub. L. No. 32014R0910, 257 OJ L (2014). http://data.europa.eu/eli/reg/2014/910/oj/eng.
- 29.Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC.
- 30.“ETSI TS 119 495 V1.4.1 (2019-11) Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under the Payment Services Directive (EU) 2015/2366.” Accessed March 8, 2020. https://www.etsi.org/deliver/etsi_ts/119400_119499/119495/01.04.01_60/ts_119495v010401p.pdf.
- 31.“FSB Reports Consider Financial Stability Implications of BigTech in Finance and Third Party Dependencies in Cloud Services,” December 9, 2019. https://www.fsb.org/2019/12/fsb-reports-consider-financial-stability-implications-of-bigtech-in-finance-and-third-party-dependencies-in-cloud-services-2/.
- 32.Directive of the European Parliament and of The Council amending Directive (EU)2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.
- 33.www.itsme.be.
- 34.https://ec.europa.eu/info/sites/info/files/economy-finance/digital_identity_once-only-principle_and_reducing_administrative_burden.pdf.
- 35.Communication from the Commission to the European Parliament, The Council, The European Economic and Social Committee and the Committee of the Regions EU eGovernment Action Plan 2016–2020 Accelerating the digital transformation of government.COM/2016/0179 final.
- 36.As stated by President von der Leyen in her speech to the European Parliament presenting the political priorities of her Commission.
- 37.https://www.ngi.eu/.
- 38.The program to realize this infrastructure has just started its design phase in January 2020. Feedback from, among others, the recent (December 2019) NGI FORWARD Thingscon workshop will be included. It will be a continuous learning cycle.
- 39.Makaay, E., T. Smedinghoff, and D. Thibeau. “OpenID Exchange: Trust Frameworks for Identity Systems,” 2017. https://www.openidentityexchange.org/wp-content/uploads/2017/06/OIX-White-Paper_Trust-Frameworks-for-Identity-Systems_Final.pdf.
- 40.disposable.id is registered on blockstack based on a subdomain id it is possible to generate disposable identities and credentials with the Zenroom tool that can be conversed in W3C compliant digital Ids and verifiable credentials.
- 41.https://atos.net/en/blog/the-next-identity-management-evolution-self-sovereign-identity.
- 42.In computing, a virtual machine (VM) is an emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination. “Virtual Machine.” In Wikipedia, March 29, 2020. https://en.wikipedia.org/w/index.php?title=Virtual_machine&oldid=947995885.
- 43.Including the Portenta H7 by Arduino.
- 44.Vincent Hoek, Rijksoverheid.nl.
- 45.A trust anchor is an authoritative entity represented by a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information or actions for which the trust anchor is authoritative. Housley, Russ, Sam Ashmore, and Carl Wallace. “Trust Anchor Format.” Internet Engineering Task Force, 2010. https://tools.ietf.org/html/rfc5914.
- 46.Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access. The term was coined by a security analyst at Forrester Research. Secret Double Octopus. “What Is Zero Trust? | Security Wiki.” Accessed April 12, 2020. https://doubleoctopus.com/security-wiki/network-architecture/zero-trust/.
- 47.A verifiable claim is a piece of information that is cryptographically trustworthy. Sovrin. “What Is a Verifiable Claim?” Accessed April 24, 2020. https://sovrin.org/faq/what-is-a-verifiable-claim/.
- 48.Dover Microsystems. “Learn More About CoreGuard®.” Accessed March 13, 2020. https://www.dovermicrosystems.com/solutions/coreguard/.
- 49.Simons, Alex. “Toward Scalable Decentralized Identifier Systems.” TECHCOMMUNITY.MICROSOFT.COM, May 13, 2019. https://techcommunity.microsoft.com/t5/azure-active-directory-identity/toward-scalable-decentralized-identifier-systems/ba-p/560168.
- 50.https://coelition.org/business/resources/visualising-life/.
- DOIhttps://doi.org/10.1007/978-3-030-65781-9_14
- Published30 June 2021
- Publisher NamePalgrave Macmillan, Cham
- Print ISBN978-3-030-65780-2
- Online ISBN978-3-030-65781-9
- eBook PackagesEconomics and FinanceEconomics and Finance (R0)