The coronavirus crisis brings the need for effective digital identity into sharp relief, as social distancing measures are imposed worldwide: remote access to systems and services is more in demand than ever, and calls are growing on governments to forge a path out of lockdown.
It emerged earlier this month that countries across the world have deployed mobile digital identity mechanisms in their responses to the pandemic, with state governments in India for instance using time-stamped selfies from smartphones to monitor quarantine compliance, and operators in South Korea working together to enable online verifications using mobile phone numbers. Then last week Microsoft’s co-founder Bill Gates called for the use of digital identity to support lockdown exit strategies, via digital certificates to indicate who has been tested, recovered, or been administered with any eventual vaccine. Approaches of this kind are being actively considered by the US Government, according to Dr Anthony Fauci, head of the National Institute of Allergy and Infectious Diseases.
“The initial COVID-19 vaccine supply will be limited, so it will be essential to verify that each dose reaches a real patient. Corruption, leakage, and even accidental duplication waste precious supply and are deadly,” explains Prashant Yadav, a senior fellow at the US-based Center for Global Development. “Biometric digital IDs can be a gamechanger. They can help governments target population segments, verify people who have received vaccination, and have a clear record.” As hundreds of millions of of people grow increasingly restless to see loved ones and get back to work, such ‘immunity passports’ are in growing demand. “Within a matter of weeks, healthcare facilities and COVID-19 testing services could start issuing digitally-signed credentials about a patient’s COVID-19 status directly to their smartphones,” writes one participant in the COVID-19 Credentials Initiative, a collaboration of more than 60 organisations working to deploy digital identity solutions to help stop the spread of COVID-19.
With more than a billion people worldwide still without any way at all of proving their identity, however, this will prove a challenge. Indeed, even among developed economies, questions abound over how such schemes may be implemented. There is a simple yet mission-critical risk here: as ever, our ability to derive the full benefit available from such innovations will depend largely on the willingness of ordinary people to adopt them – and concerns are already emerging over privacy and reliability.
An open letter this week signed by nearly 300 experts from 26 countries warned that digital contact tracing, a method used in South Korea and now being widely mooted elsewhere, is likely to fail unless the technology used can assure users of their privacy. “Such apps can otherwise be repurposed to enable unwarranted discrimination and surveillance,” the letter states. “It is crucial that citizens trust the applications in order to produce sufficient uptake to make a difference in tackling the crisis.” This view is backed up by researchers from the University of Oxford, which found this month that more than half the total population would need to use any contact tracing app (alongside other interventions such as ‘shielding’ of over 70s) to achieve an appreciable effect on transmission rates and avoidance of further lockdowns.
Then there are questions over how sure we can be that the bearer of any digital certificate is indeed who it was meant for, and not for instance a namesake – and how records as complex and sensitive as those in healthcare can best be linked to any mass-usage platform for access to basic everyday services such as transport and leisure. As one commentator in the Korea Times puts it, “it’s time to start thinking about digital identity as a critical public infrastructure that we can leverage to bounce back from this challenge and ensure that we are more prepared for the next one… (but) an immunity passport system has to be designed in such a way that it conveys absolute confidence that the holders are who they say they are and are entitled to this ‘all clear’ status.”
The mobile industry has a central role to play in finding answers to these questions, which are among the most important facing humanity today. Operators have long prioritised user privacy, having a natural interest in rewarding the trust placed in them by their subscribers over personal data. That trust in turn allows them to ‘know’ their customers better than almost any other industry on earth, arming them with some of the key tools needed to spot fraudulent or otherwise misallocated certificates – and the global networks of established partnerships with governments, healthcare organisations, transport providers and more to ensure such certificates are put to best use. While it is unfortunately clear that there are more questions than answers at present on the role digital identity should play in navigating this crisis, there is simply no time to lose in tackling them – and the GSMA awaits any and all in the mobile ecosystem with contributions to make in this vital work.
If you’d like to get in touch with your ideas on how digital identity can help slow the spread of COVID-19, please email us at firstname.lastname@example.org