DoR_IDcard_1_small1A lack of secure identification is hampering the development of e-commerce and the provision of public services online.

In day-to-day life, from banking to dating, if you don’t know who you are dealing with, you are vulnerable to fraud or deceit, or will have to submit to cumbersome procedures such as scanning and uploading documents to prove who you are.

Providing a digital ID that can be widely used and trusted is far harder. Businesses can check their employees rigorously, and issue credentials for gaining access to buildings, computers and the like. But what about outside the workplace? Facebook, Google and Twitter are all trying to make their accounts a form of ID. But these are issued without verification, so pseudonyms are rife and impersonation easy.

Private providers are offering their own schemes; Digital ID, for example can provide access control ID cards which can be programmed to determine how much access an individual has, But these fall short of the reliability of a state-backed identity, issued by a government official, checked against other databases, using biometric data (such as fingerprints and retinal scans) and backed by law—in effect an electronic passport.

In Estonia this is what they are working on, before a newborn even arrives home, the hospital will have issued a digital birth certificate and his health insurance will have been started automatically. All residents of the small Baltic state aged 15 or over have electronic ID cards, which are used in health care, electronic banking and shopping, to sign contracts and encrypt e-mail, as tram tickets, and much more besides—even to vote.

Estonia’s approach makes life efficient: taxes take less than an hour to file, and refunds are paid within 48 hours. By law, the state may not ask for any piece of information more than once, people have the right to know what data are held on them and all government databases must be compatible, a system known as the X-road. In all, the Estonian state offers 600 e-services to its citizens and 2,400 to businesses.

Estonia’s system uses suitably hefty encryption. Only a minimum of private data are kept on the ID card itself. Lost cards can simply be cancelled. And in over a decade, no security breaches have been reported. Also issued are two PIN codes, one for authentication (proving who the holder is) and one for authorisation (signing documents or making payments). Asked to authenticate a user, the service concerned queries a central database to check that the card and relevant code match. It also asks for only the minimum information needed: to check a customer’s age, for example, it does not ask, “How old is this person?” but merely, “Is this person over 18?”

Other governments have tried to issue electronic identity cards. But costs have been high and public resistance strong. Some have proved careless custodians of their citizens’ data. There are fears of snooping. Britain had spent £257m ($370m) of a planned £4.5 billion on a much-criticised ID card scheme by the time the current coalition government scrapped it after coming to office in 2010.

 If Estonia’s scheme takes off some other countries may well decide to follow its lead. Some may aim at volume; others, to target the top end, as with the market in non-resident investors’ passports. Soon, multiple satellite citizenship may even become the norm.

Credit: The Economist

Image: Brandiet