Being able to prove one’s identity is a prerequisite for administrative, social and economic inclusion in the modern world. Citizens lacking a recognised form of identification cannot access basic government services, nor participate in the modern economy, and are at an increased risk of human trafficking. Governments are implementing civil registers in order to maintain accurate population data, to provide well-coordinated social services and increase security on a global scale. But how do they link the citizens to their data in the register in a secure and convenient way?

In most states worldwide, citizens are requested to register births, marriages and deaths and their place of residence with the relevant government authorities. Government bodies use this information for the administration of their country, for the planning and delivery of government services and as a means of contacting their citizens. Furthermore, government authorities are responsible for the issuance of identity documents, driving licences, voter registration docu­ments, health cards and passports for international travel, for which they need proof of a citizen’s identity. This requires a solid system of registration, without which data policy makers lack reliable evidence to design policies, and are hence ‘flying blind’. If this is the case, governments often develop policies for political considerations or on the basis of ideology or anecdotes, rather than on evidence.

Identity is at the core of a citizen’s everyday actions. Each time an individual interacts with the government or private institutions solid proof of identity is crucial. Civil registration is the important first step in the recognition of someone’s existence. The right to be recognised as a person before the law is an inalienable and basic human right, as laid down in the Universal Declaration of Human Rights.

Legal identity
The registration of vital events (births, marriages and deaths) provides individuals with the documentary evidence often required to secure recognition of their legal identity, their family relationships, their nationality and their ensuing rights, such as to inheritance. A legal identity in turn enables access to essential services, such as health, education and social welfare. Thanks to his or her legal identity, proven by the presentation of official documents issued by their government, a person can be provided protection by the legal system and can request state institutions to protect his or her rights.

The inability to prove their identity has profoundly harmful implications for individuals and for international development. A verifiable identity answers not just the question of: “Who are you?” but also: “Which rights are you entitled to?” Without a legal identity, children risk being denied enrollment in school or receiving vaccination. Later, that same person will struggle to open a bank account or buy a mobile phone – both essential to participate in the modern economy. If they try to exercise their right to vote and are turned away at the polling place, they will have no recourse. Further­more, this ‘invisibility’ increases the risk of human trafficking and other forms of extreme exploitation. In fact, a regular practice of traffickers is to confiscate the identification documents of their victims, making those victims invisible before the law and unable to assert any rights.

Registering life events
A number of important international agreements, such as the Convention on the Rights of the Child, obligate governments to register every child immediately after birth and issue it with a birth certificate. In almost all societies a birth certificate is a basic legal document that gives identity to a child, and automatically bestows a number of rights upon it, such as the right to health care, nationality, schooling, property ownership, voting, formal employment, access to banking services, and obtaining forms of identification such as ID cards and passports.
It is also essential that authorities register the deaths of their citizens. A death certificate ensures the right of the family of the deceased to inherit property, to access business and financial entitlements, and to claim any available insurance benefits. Additionally, the cause-of-death data from civil registration systems are vital for pinpointing the diseases and injuries that are cutting lives short and for planning any preventive services to avoid premature mortality. Cause-of-death data are also useful to inform governments about outbreaks of fatal diseases. Take for example the recent Ebola outbreak in West Africa. Once the outbreak was spotted, it was important to look back in time to see which recent deaths might have had the same cause but weren’t diagnosed as such, not least to trace those who had contact with the victims.

Key figures
In highly developed countries, births and deaths are routinely and actively documented, and their citizens take birth certificates and other indicia of identity for granted. But over 100 countries lack a functional civil registration system, meaning that every year the births of almost 35 per cent of the children under the age of five worldwide – around 229 million children – go unregistered; effectively they do not exist.[1] This problem does not just affect children. Experts estimate that 1.5 billion people lack any form of officially recog­nised identification: that is one-fifth of the planet going unidentified. The situation is even worse for death registrations: globally, two-thirds of the 57 million deaths a year are not registered. In addition, the World Health Organization receives reliable cause-of-death statistics from only 31 of its 193 Member States.[1]

Importance of breeder documents
Birth certificates, marriage certificates, citizenship certificates and death certificates are so-called breeder documents: documents that can serve as a basis to obtain travel, identity and residence documents within the issuing country. These breeder documents also play an important role beyond the borders of the issuing country. As people are becoming increasingly mobile and move abroad much more often than they did in the past, the civil status document plays an important role during the official registration with the authorities in the new country.
Breeder documents are considered the weakest link in the identity chain, and the threat of someone presenting a genuine passport that was issued on the basis of false breeder documents is very real. To limit the chances of identity fraud occurring during the application process for travel, residence and identity documents as much as possible, it is essential to determine an international minimum security standard for breeder documents, especially for birth certificates. Secure breeder documents containing a watermark, a security design background, UV printing and a unique serial number are a huge step towards a secure identity chain.

Purpose of a civil registration system
Governments today must do more than simply issue secure and reliable ID documents. They must be able to effectively manage, verify and secure the entire value chain from registration and verification, to issuing and managing an identity. This is achieved by implementing a civil registration system: a system to create and maintain one or more data sources that will provide legal documents and notifications for establishing and protecting the civil rights of data subjects. A data subject in this context refers to a natural person (an individual) whose personal information is processed for the purposes of the civil registration system.

A centralised civil registration system creates and maintains all the institutional, legal, and technical prerequisites required to carry out population registration in a technically sound, coordinated and standardised manner, taking into account the cultural, social and administrative circumstances of the country. The primary goal of such a centralised system is to combine the different databases and data sources in a country, and to ensure the data are stored and made accessible. Typical databases to be homogenised in one database for electronically capturing, maintaining and querying data are those containing the records of births, citizens, marriages and deaths. There should only be one central civil registration system in the country, and access should be managed by user rights assigned only to authorised personnel of concerned authorities.

Identity management for government administration
Once a state has implemented a civil register, the government has to grant their citizens the right to access their data and to prove their identity. This is typically done by identity cards showing the photo and personal data of an individual, as well as information included for the purpose, for example an insurance policy number for a health card, or the ministry and department where a civil servant is employed. Such ID cards have a life cycle of 5 to 10 years before they need to be renewed. Many of these cards carry a contact-based or contactless chip, which contains the same data in an electronic format, although a small survey conducted in different countries has shown that the chip is hardly ever read, and the card as such is typically enough to prove one’s identity.

Card disadvantages
Cards are widely circulated, but better, more convenient and more accurate technology is on the horizon, as cards have a number of disadvantages:

  • The issuance of cards is a costly business. If a price of EUR 2 per card is assumed, in a country with a population of 10 million this would mean a cost of 20 million, recurring every five years when cards need to be renewed. Additionally, personalisation equipment needs to be procured and maintained, staff needs to be trained and readers distributed throughout the country.
  • An ID card has to have high-end security features in order to withstand falsification, wear and tear, manipulation and forgery. Such features add to the price.
  • ID cards are typically a national means of identifi­cation, and only valid within the country. There are exceptions, such as ID cards for EU citizens, which are valid throughout the EU, and a similar system for all ECOWAS countries (soon to come into force).
  • Although many ID cards contain a chip, the additional value and usage is marginal.
  • Although some ID cards have a PKI function, this is even less widely used than the chip.
  • Data on the card cannot be updated. The data on the card show the status of the person on the day of issuance, which can be 5 or even 10 years ago. A photo, name, marital status, and address are all liable to change, which is not reflected on the card unless a new card is issued.

If you build it, they will come…
To speed up the progress in the field of civil registra­tion, new ways of registering are required, as many registration systems are still paper-based. By using information technology authorities can improve the accessibility, collection and storage of birth and death registration data, as well as cause-of-death information. Indeed, birth registration is already benefitting from new technologies. In several countries ‘geo-mapping’ technologies have facilitated the collection and visualisation of birth registration data, and also in many of the poorest countries the widespread deployment of mobile phones with substantial cell coverage has considerable potential.

Digital identities as the key to a secure national identification system
The integration of civil registration and digital identities into an electronic civil registration system brings authentication features, portability and security to the identity management environment. According to the World Bank, “e-ID provides technology-based solutions for identification in order to uniquely establish a person’s identity and to credential it, so that the identity can be securely and unambiguously asserted and verified through electronic means for delivery of services across sectors, including healthcare, safety nets, financial services and transport.”[2]

An example of such a solution for identification is the smartphone. Smartphones came onto the consumer market in the late 90s, but only gained mainstream popularity with the introduction of Apple’s iPhone in 2007, and the first Android phones in late 2008. The smartphone industry has been steadily developing and growing since then, both in market size and in models and suppliers. By 2018, over a third of the world’s population is projected to own a smartphone, an estimated total of almost 2.53 billion smartphone users in the world.[3]

Identity check with new smartphone applications
The digital identity check, which is now being offered on the market by a few forerunners in the industry, integrates traditional printed identity documents and electronic identities (e-IDs) into a platform-independent smartphone app embedded in an ID ecosystem. The digital identity aims for transparent identification and authentication in the physical and digital world addressing security, privacy, data protection, usability and user trust equally.
One example of such a smartphone-based digital ID solution is ‘My Identity App’ or MIA, an app developed by an in-house start-up within the Austrian State Printing House. This app allows users to leave their physical identity document at home and identify themselves with their smartphone. It also provides an e-ID solution facilitating government services.

Figure 1: Four layers of security within a digital identity checking system.

Layered security
The security of a digital identity checking system consists of four layers (see Figure 1):

  • The first layer provides secure authentication mechanisms in order to enable a secure login to the government services. Some services are only protected using the card identification number and the date of birth.
  • The second layer enables additional services by providing the possibility for electronic signatures/electronically signed documents.
  • The third layer acts as a certificate authority (CA) in order to be able to provide a trust anchor for government services but also create new business opportunities.
  •  The fourth layer contains secure breeder documents.

Such an ID application can be integrated into a system for publicly issued IDs on a smartphone that can be used securely in the physical world and online in the same way. It combines digital representations of both classic offline documents and e-IDs for transparent use in the physical and digital world, thus providing security and data protection in the right balance with usability and user trust. The security must lie in its processes rather than in hardware (which changes too rapidly).

Figure 2: Architecture for digital identity check.

Secure architecture
The architecture for a digital identity check is based on microservices, and enables high flexibility. It incorpo­rates all the necessary components including interfaces to the civil register, and in case there is no such central register, it connects to the various national databases, services providers (such as e-Government services banks) and law enforcement agencies. Its core focus is to provide all information required in a special situation to prove the identity, be it for a police road check or for opening a bank account. The architecture provides for hierarchical storage management (HSM) and signature creation devices (see Figure 2).
The security of the digital identity check is not based on specific hardware solutions but is ensured by a secure process and uses several layers of security. The user’s identity is authenticated by the back end via client certificates, which are stored on the users’ smartphone. The certificate is stored securely by using state-of-the-art security technologies offered by mobile operating systems such as the keychain (iOS) or the keystore (Android). The certificate is generated on the smartphone, and the data channel between client (app) and server is encrypted using the latest technology.

Protection against cyberattacks
The digital identity check is effectively protected against cyberattacks in the following ways:

  • the implementation of preventive controls, detective controls and corrective security controls;
  • the implementation of state-of-the-art and well-proven security techniques;
  • the use and promotion of the FIDO standard (‘Fast IDentity Online‘), which reduces the risk of phishing attacks on login credentials;
  • authorities can easily revoke an application or inactivate a single document, such as a driving license.

All data transfers between the central back end and the application are secured using Transport Layer Security (TLS). Due to the fact that the app uses open and established standards, it is ensured that all security protocols are very well tested and can be verified by independent security experts (for example in the case of security audits).
No data shall be stored on the smartphone, as this would be a risk in case the owner lost their phone. This is an additional advantage in comparison to cards. If an ID card is lost, it cannot be ‘retrieved’. The finder of the card can misuse it and as long as no online connection with the police is established (where the card might be reported as lost or stolen), the fraudster can assume the new identity of the card found.

Figure 3: The security of the digital identity check.

Personal data are never transmitted directly from the smartphone to another smartphone but are always queried from the connected data sources. Every data request and transmission must be actively approved by the person to whom the information belongs, and therefore personal ID data are under the citizen’s control. The app only transfers the user-approved, requested attributes, thus keeping the other attributes private. For example, for admission to a dance club, the app only presents a picture (for identification) and states that the person is older than the required minimum age – but does not give the age itself, for privacy reasons. In face-to-face identification scenarios, the back end will provide a facial image to enable the requesting party to identify the user in front of him.

Smartphone applications promote the use of biometrics instead of passwords. Existing sensors on smartphones (such as fingerprint sensors) facilitate this already. The FIDO protocol improves security by providing biometric identifiers. In online use cases the FIDO protocol is used whenever possible for user authen­tication, very often even with two-factor authentication (for example for opening bank accounts).

Conclusion
The way forward for governments is to establish a central civil register first, consolidating various electronic databases in different ministries and digitalising paper-based archives. If a central civil register is not feasible, a good connectivity between various registers is also a good way of accessing citizens’ data. A state should avoid having data silos in each ministry that only serve one purpose, as each silo bears different attributes for one data set, and not someone’s complete identity. This opens the way for criminals to obtain multiple identities, because of the lack of communication and connectivity between ministries.

The future of identity verification lies in the digital world. Via smartphones governments and their citizens can retrieve up-to-date and just-in-time information and still keep 100% control over the type of data that are being transmitted to the requesting party. All identity documents can be combined in one app and physical documents do not need to be carried around anymore. These apps are suitable for online face-to-face verifications, but also for internet transactions, which are the basis for the modern e‑Government platform that each state has on its roadmap.

References
1 UNICEF document: Every child’s birth right. Inequities and trends in birth registration; New York, December 2016;
2 The World Bank. (2016). Digital Identity Toolkit.
http://documents.worldbank.org/curated/en/147961468203357928/Digital-identity-toolkit-a-guide-for-stakeholders-in-Africa 
3 The Statistics Portal. Smartphones industry: Statistics & Facts. https://www.statista.com/topics/840/smartphones/