Feels like the market-based approach will need some guiding standards if it is to avoid being a parking app-style mess, or just end up with Apple, Google, Meta, or Microsoft running it as a minimal effort monopoly.
Then there is the matter of trust: what confidence can I have in some startup I know zero about with maybe 6 months funding to look after all of my personal information? Yoti are going to be a hack magnet if they get a modicum of success, but will they have the resources to defend themselves?
I am cautiously optimistic that this is the better approach, but there are many hurdles. And there is no opportunity to wave the magic AI wand here, though doubtless someone will take the chance to push blockchain as the panacea for all troubles…
Way back when Blair was planning his ID card thing I wrote a short story that showed up other potential issues with the government ID thing, specifically how to deal with false entries
The story was set in what is now the past (2016) but was the future then.
I'm a strong believer in a market based solution that is messy and is not a one stop shop because the one stop shop solution has a terrible failure mode of "you can't do anything", If you have multiple providers providing part of the answer then you may be able to rent a flat but not buy a knife (or vice versa) but that's better than not being able to rent a flat, buy a knife, buy booze, get a job...
Not sure how I feel about this. Architecturally it sounds a lot like GOV.UK Verify, which even the fearsomely competent Government Digital Service were unable to get to work. Outsourcing verification to private providers does reduce the scope for mission creep and authoritarianism, but I don't trust private providers to be much more clued-up about infosec than I trusted the Home Office back in the day - and even a smaller identity provider would be a very tempting target for hackers, possibly including state-level adversaries. Perhaps you're right and we'll just end up with Google and Apple (and maybe Stripe?) taking over most of the market, which wouldn't be the worst outcome: at least they're competent, and their end-goal is to sell stuff to us rather than lock us up.
This is also something the airline industry is working hard on. A trusted digital identity that includes information that is on your passport and soon electronic transit authorisations is being developed by IATA and others that use biometrics so that when you engage with areas that require passport details you aren't required to show or supply them to buy the tickets, confirm a visa, check in at the airport, travel through security and eventually board the plane.
I didn't support NO2ID as it always seemed to me that having a single authenticated point of entry to government, for tax, healthcare, licensing etc would be beneficial to me as a citizen and make government more efficient. I dread the UI misery of forcing everyone to choose their identity provider (how do I explain that to elderly relatives?), so unless Apple and Google step in as the two main providers I struggle to see how it will succeed.
It will be interesting to see how this affects government services. One of the major stumbling blocks for Verify was that government departments didn’t want to pay for verification. So will GDS / departments have their own agreements with the identity providers or will the still persist with OneLogin to keep the costs low for government
Feels like the market-based approach will need some guiding standards if it is to avoid being a parking app-style mess, or just end up with Apple, Google, Meta, or Microsoft running it as a minimal effort monopoly.
Then there is the matter of trust: what confidence can I have in some startup I know zero about with maybe 6 months funding to look after all of my personal information? Yoti are going to be a hack magnet if they get a modicum of success, but will they have the resources to defend themselves?
I am cautiously optimistic that this is the better approach, but there are many hurdles. And there is no opportunity to wave the magic AI wand here, though doubtless someone will take the chance to push blockchain as the panacea for all troubles…
Digital ID should help with the EU's Entry-Exit System as it provides pretty-much all the information needed and could speed up processing of arrivals
Way back when Blair was planning his ID card thing I wrote a short story that showed up other potential issues with the government ID thing, specifically how to deal with false entries
http://www.di2.nu/files/zombie.html
The story was set in what is now the past (2016) but was the future then.
I'm a strong believer in a market based solution that is messy and is not a one stop shop because the one stop shop solution has a terrible failure mode of "you can't do anything", If you have multiple providers providing part of the answer then you may be able to rent a flat but not buy a knife (or vice versa) but that's better than not being able to rent a flat, buy a knife, buy booze, get a job...
Some countries are far ahead down this route. I have my Brazilian car truck and bus licence on my ipad and Android phone.
'So you can imagine an age check being just a FaceID scan to check that you’re actually using your own phone."
I can't, because Apple do not want the associated liability, A more likely scenario is that you use an identity provided by your bank.
Not sure how I feel about this. Architecturally it sounds a lot like GOV.UK Verify, which even the fearsomely competent Government Digital Service were unable to get to work. Outsourcing verification to private providers does reduce the scope for mission creep and authoritarianism, but I don't trust private providers to be much more clued-up about infosec than I trusted the Home Office back in the day - and even a smaller identity provider would be a very tempting target for hackers, possibly including state-level adversaries. Perhaps you're right and we'll just end up with Google and Apple (and maybe Stripe?) taking over most of the market, which wouldn't be the worst outcome: at least they're competent, and their end-goal is to sell stuff to us rather than lock us up.
This is also something the airline industry is working hard on. A trusted digital identity that includes information that is on your passport and soon electronic transit authorisations is being developed by IATA and others that use biometrics so that when you engage with areas that require passport details you aren't required to show or supply them to buy the tickets, confirm a visa, check in at the airport, travel through security and eventually board the plane.
I didn't support NO2ID as it always seemed to me that having a single authenticated point of entry to government, for tax, healthcare, licensing etc would be beneficial to me as a citizen and make government more efficient. I dread the UI misery of forcing everyone to choose their identity provider (how do I explain that to elderly relatives?), so unless Apple and Google step in as the two main providers I struggle to see how it will succeed.
It will be interesting to see how this affects government services. One of the major stumbling blocks for Verify was that government departments didn’t want to pay for verification. So will GDS / departments have their own agreements with the identity providers or will the still persist with OneLogin to keep the costs low for government
Thanks for the clarification! I feel like this is even worse than ID cards.