Potential Criteria for a Digital and Legal Identification Prize Competition

Prize Designs Empowered Children
#1

We’ve begun evaluating the prize criteria for the Lost Children Prize Design.

The goal is for the competing teams to create an identification system that is:

  • Digital: Mobile, but also accessible offline for areas lacking connectivity.
  • Legally Recognized: A birth registration record or national ID, recognized by state.
  • Accessible: Must be easy to access, and difficult to lose.
  • Secure: Must ensure the security of ID and personal data.

We are also exploring these other additional criteria for the identification system:

  • Biometric-based: May be applicable for national IDs, but difficult to implement for birth registration due to the young age.
  • Interoperable/Integrated: Ability for other systems to add data to the digital ID. For example: proving vaccination records or education attainment.
  • Decentralized: Helps with security aspect.

What are your initial thoughts?

How can we measure or benchmark these criteria? What is missing?

Please share any thoughts, examples, links or ideas you may have!

#2

We believe that having this digital ID system would help overcome the key challenges of accessing birth registration/ID by:

  1. improving the process and capacity barriers of civil registration systems,
  2. improving the accessibility of the registration process (location, time, cost), and
  3. improving the accessibility of the ID by the person since paper-based IDs can be easily lost or destroyed.
#3

@BryanNamba

Ok, let’s break it down, item by item (I have left a comment beneath each bold highlighted item):

Digital: Mobile, but also accessible offline for areas lacking connectivity.

> Good (includes the possibility of loss of or lack of network connectivity).

Legally Recognized: A birth registration record or national ID, recognized by state.

> Good (this would seem to be the fundamental criterium/requirement for an ID, but note that the type of said ‘legally recognized’ ID may change from State to State, as refugees are moved, sometimes to other countries.

Accessible: Must be easy to access, and difficult to lose.

> Good (more than one ‘access path’ would be preferable, in my opinion, including one that is not ‘high tech’ but ‘prior tech’, like access via fax machines or a video phone line; even ‘low tech’ like use of official couriers).

Secure: Must ensure the security of ID and personal data.

> Good (but see my final notes, below, under ‘Decentralized’. This may prove to be a key/determining factor in any qualifying solution).

Other additional criteria for the identification system:

Biometric-based: May be applicable for national IDs, but difficult to implement for birth registration due to the young age.

> Note that in the US, birth certificates and some baptismal certificates (the forms) have a blocked out area for a baby’s (bare) foot prints (even knowing that the infant will grow fairly rapidly; it serves to ID the infant up to a certain age (and there are key patterns/markers that do not change much over time). On that note, there could be an ‘auto update’ function through a mobile app (or via existing platforms like instagram or dropbox) that works through the phone’s camera (e.g., the app scans/captures an image of the (now older) child’s ear (one’s ear shape being a unique biometric) which then updates the child’s ID via a cloud-based repository of refugee biometric data.

Interoperable/Integrated: Ability for other systems to add data to the digital ID. For example: proving vaccination records or education attainment.

> This follows from my previous note (about updating biometrics). Also: the first example above (vaccination records) is quite valuable, the second example (education level), though useful, could be problematic (e.g. it could lead to work/labor assignments that are not suitable, or, cause a older child to miss out on other work options for which a child has aptitude but no formal schooling, etc. We must avoid the ‘Scarlet Letter Effect’)

Decentralized: Helps with security aspect.

> Certainly, the more decentralized the ID system is – in terms of a contributing network of registration platforms/sources – the more it can be verified and authenticated by diverse (and independent) groups or orgs. This arrangement, in theory, keeps everyone honest and can be a means of preventing, or intervening in, human trafficking. However, the are at least two issues of concern:

1] Decentralizing can also mean less security (more ‘weak links’, or entry points, in the system)

2] It also follows that the more decentralizing the ID system, the less it (a given child’s ID) can be controlled by a single authority. This ‘freedom’ could cause a problem with getting the host nation to ‘sign on’ to the ID system (i.e., recognize and legally permit its use) due to bureaucratic ‘territoriality’ or even governmental corruption (or collusion with traffickers).

#4

There are good points in the proposed design. @marz62 has done a good analysis, and I share his concerns over security and potential abuse of such a system.

We have to always remember that some biometric data identifies an individual for life, and that means there is great value associated with an ID - we’re probably all aware of the criminal activity known as identity theft, which can involve criminal activity spanning a number of countries.

DNA is an obvious bio-metric but the consequences of that falling into the wrong hands are huge!

Nation states have varying levels of integrity (corruption, war, crime, etc.) and for some their status is dynamic (merging with other countries, or breaking apart into independent nations). This means changing governments, rules and levels of integrity. Therefore, for that reason I would strongly suggest that ownership of the ID system must rest with an organisation that is expected to be stable for decades and can be trusted with such a system. I can think of only one organisation that meets those criteria: the United Nations. It’s not perfect, but I can’t think of any other global organisation that is better placed.

Having said that, all organisations are vulnerable to corrupt employees. So any system should be extremely secure. This means the system does not hold raw biometric data. Instead it might hold a one way cryptographic encryption based on an individual’s biometric data. So the system can only confirm (or deny) that the person is who they claim to be; but the system cannot reveal biometric data to any user because such information is not stored.

Note: an encryption algorithm should not be vulnerable to future quantum computers. The algorithm might be an innovative part of the solution.

There’s one more area susceptible to corruption, and that’s the point at which the original ID is created out in the “field”. When a child is presented to an operator of the system how will its parents or guardians know the operator is an authorised person (and a person of integrity)? This is an open question, and depending on the nature of the final solution its importance might, or might not, be significant. In short, is there potential value to criminals in spoofing this information. [I can think of one potential scenario, there may be others.]

The UN based system tends to suggest an online system (with the option for offline modes). However, offline devices present extra challenges.

If a smartphone solution was adopted, then using the GPS location (and date/time) would be useful information to add to the record: place and time of registration.

#5

@akb - Also many good points there…and, I avoided specifically addressing the security of the ID process (e.g., your mention of a ‘one way cryptographic encryption’) because (in agreement with you) I felt that this should be a component of the challenge (i.e., a challenge criterium)…and, in ruminating on this, I came up with a ‘solution’ for ensuring the authenticity of the ID (which included a form of encryption that, theoretically, cannot be de-encrypted, and, prevents alteration the original data) in the context of a decentralized system, but I will save it for some other time.

That said, security of data is an on-going issue and quantum computational (QC) methods might be brought to bear on encrypted data…although I wonder why any non-state or state actor would want to break the encrypted data of refugees (except for nefarious purposes) but perhaps there my arise a special case contingency in the future in which de-encrypting a refugee’s data is of vital importance (terrorist plot?).

Your point about a trustworthy entity that will remain stable over time (UN) is valid; perhaps the UN can be the over-seer of such a system without being the ‘controller’ of said system (?)…or, do we do away with the de-centralization idea all together? I think this idea (decentralization) is good/useful but needs to be more deeply discussed (in the context of a ‘trustworthy’ refugee data-keeper).

I agree the DNA would be the obvious (biometric) way to go in terms of authenticating an individual’s ID, but even current genomic anonymizing methods can be vulnerable to re-identification (as demonstrated in 2014 by Yaniv Erlich); new encryption techniques (e.g., homomorphic encryption, and other variants of lattice-based encryption schemes, see: Kristin Lauter, et al) are fairly secure – allowing geneticists to conduct genetic analysis research while protecting patient identity – but are still being improved (e.g., faster speed versus computational flexibility). Also, portable and cheap gene sequencing technology (like the MinION) makes in situ genetic data mining/stealing highly possible.

As for a authenticating an ‘operator of the ID system’, all such operators/agents must be known individuals (listed on an official registry) so that refugee advocates can verify their status. After all, why should any such operator work under a secret or confidential identity (that could make them vulnerable to corruption of manipulation)? TRANSPARENCY has a vital role in all this…as much as security and privacy (re: data protection).

#6

@marz62 good points.

#7

@akb @marz62 Thank you for weighing in on these points. I’m glad you are both discussing security and privacy as that is essential to any registration system. Also, Marz I appreciate your comments about ‘prior tech’ because we are definitely seeing that countries where registration is lowest, online-only solutions might not be sustainable due to lack of infrastructure.

#8

In the areas where there’s no online system, a data card can be used. The card should be with the registered person while the whole data of the registered person documented remains with the officers. But an online system is quite necessary for sustainability and security of registration.

#9

The registration should be continuous. Or quarterly in order to capture all. Companies should be visited.

#10

Please if there is no legally recognized record can’t one be registered. Because some people may not have any legally recognized record. All should be given opportunity to get registered since all were borned.