Estonia is identity heaven.
In 2003, Estonia rolled out an ambitious e-government program designed around the use of secure identities. The government started by creating a secure identity exchange, “X-Road”, which was tied to national ID credentials. With the use of a digital certificate contained in every national ID card (and vetted through biometric checks at the time of registration), Estonians were empowered to do most of their business with the government online.
Now there are thousands of services which Estonians can take care of online through the government portal built on the foundation of X-Road. From filing taxes to requesting a burial allowance, from voting to registering for military service, Estonians enjoy efficient services which are as convenient as a mouse click. In 2014, Estonia even extended its “e-residency” program to overseas residents, giving its citizens access to services when they live abroad.
The success of Estonia’s program is undeniable. From just 600,000 queries of X-Road in 2004, Estonians used the program over 529 million times in 2015. It is wildly popular.
Israel presents a counter-example.
In July 2013, Israel started a pilot project in which citizens applying for new ID cards could opt to enroll in a digital identity program. The idea was modest, at least to start: prevent identity theft through biometric enrollment as part of the national ID program. In the long term, however, the Israeli government pointed to Estonia as the ultimate goal – a secure online identity management system which would provide clear efficiency benefits to its citizens.
The public didn’t buy it. Part of the problem was the legislative angle. Rather than taking the plunge all at once, the Israeli government took a gradual approach. The pilot project was authorized for two years, after which several extensions have been issued. As a result, people got confused about the longevity and seriousness of the program. They wondered what would happen to their data if the project was cancelled.
Privacy and data security became another serious public relations issue. Unlike Estonia’s identity program, which was lauded from the start for its innovative and robust approach to security, Israel’s data security practices were heavily criticized.
As a result, only one quarter of Israeli citizens opted to enroll in the biometric identity program last year. Legislators are pondering the idea of making it mandatory, but public queasiness from the botched launch period has made the program a political football.
Data Security Builds Trust for National ID Programs
People in the identity management industry tend to believe that if everyone just got on board with Estonia’s approach, utopia wouldn’t be far away. However, the case of Israel (and the UK and many others) offers a cautionary note to anyone too flush with optimism about biometrically enabled national identity programs.
Data security is a hazy concept, but one which is increasingly important as a political issue. Nobody can truly say that their data is 100% protected, and the boundaries of “adequate” protection are constantly changing. Yet one thing’s for sure: everyone wants their data to be secure, however security may be defined.
As the reaction to Israel’s program has shown, inadequate data security can quickly translate into political consequences. When politics stand in the way, the real benefits of identity management systems can quickly fade into the background of hype and bluster.
As an early adopter, Estonia had the advantage of blazing its own path without the failures of others clouding the political landscape. Yet at the same time, Estonia started with data security, building identity management around that central core. Most other countries do the opposite: they start by announcing the end goal of an integrated identity system and leave data security as a footnote or vague assurance to be fulfilled at an unspecified future date.
The lesson for policymakers (and for those of us in the identity management industry) is that data security may be a vague concept, but it becomes consequential very quickly in the political arena. We all want the efficiency and convenience of strong digital identities, yet for many citizens, those benefits will only be valid if strong data security makes them possible.
Ben Ball is the Government Market Director at Crossmatch, where he oversees market intelligence and strategic outreach to government customers around the world. A ten year veteran of the Federal government, Ben was a Foreign Service Officer and worked in the Department of Homeland Security.