Open Questions on Good ID: Can it be Measured?
We aspire for all digital ID to be Good ID, but we also know that journey includes obstacles and requires more learning, given the nascent sector. We are committed to collaboration with other Good ID champions as well as constructive critics who want to help answer the difficult questions and find innovative solutions. In this new series, we will tackle open questions, one at a time, to share our perspective and invite others to offer theirs — all with the goal of adding more clarity on Good ID and finding the ideas that will move Good ID into practice.
Can Good ID be Measured?
Our short answer is not yet, but we need to be able to do so. The approach, however, has to be nuanced. We are interested in exploring several ways to measure the increase in benefits and decrease in consequences that result from Good ID practices and features, and we will need other digital identity experts to participate and contribute to these explorations.
The purpose of introducing a concept like Good ID was not to put systems into absolute categories: good or bad, pass or fail. It was to set an intentionally aspirational standard and to start a conversation and a process that helps ensure new and existing examples of issued ID, defacto ID or data trails, and self-asserted ID become more empowering and safer for individuals.
That said, Good ID is not perfect ID. Every system has strengths and weaknesses. And how well a system is serving the interests of individuals, adjusting to tomorrow’s needs, reflecting local contexts, and anticipating future threats will constantly evolve.
At this stage, providing digital ID issuers, policymakers, and users with a mechanism for constant improvement and a progressive roadmap for offering best-in-class digital identity is more constructive than labeling a system or individual product as Good ID or not.
A Starting Place: Measuring Good ID by People’s Experiences
Because Good ID is not a specific product nor defined by a fixed, universal set of criteria, it is difficult to measure. But not impossible. We believe Good ID will be ultimately defined by people’s positive experiences with the identity system, not by checking boxes or claiming specific attributes.
In the absence of a flawless model for measuring Good ID, trust and user participation can be important proxies for good digital identity policies, technologies, and practices, but not a complete set. Omidyar Network believes the presence of privacy, security, and user control in digital identity systems increases people’s satisfaction and results in more participation and trust. Measurement of this change can point to the presence of more Good ID systems. Conversely, the reduction in recorded violations and harms is another way to demonstrate progress in reducing the risks associated with digital identity.
A Complement: Measuring Good ID by Government and Company Efforts
We are optimists and we believe in improving today’s imperfect systems. We invest in organizations that are helping businesses and governments put in place the proper design principles and safeguards as well as fix policies that may exclude individuals from public benefits and private services. We also invest in bringing new technologies and evidence to market and in creating an ecosystem where both privacy and innovation can thrive. And we support institutions that can hold issuers to account.
In measuring Good ID, clear progress indicators and regular audits will be important.
Several countries and companies are making big and small choices toward Good ID right now. They are improving existing systems, designing new ones, and tracking toward our aspiration toward people’s needs.
More decision makers are listening to stakeholders’ feedback; identifying and addressing unintended harms; and passing stronger data protection bills. They are thinking through the long-term implications of near-term decisions, and they are including citizens and customers in the process.
More technologists are building safer, more ethical products as well as improving consent practices. And several startups are even helping individuals lessen their dependence on ID issuers by giving them control over their own data.
It will be critical for the Good ID movement to identify what are the highest quality and most important indicators, who is best placed to assess digital identity systems, how often these assessments need to take place, how to preserve the integrity of such measurements, and what decision makers (including ordinary people) want to know about the systems.
Future Scenarios: Measuring Good ID by Potential Risk
Some systems will fall short of the Good ID aspiration. Whether by accident or design, some will exclude individuals or discriminate against certain ethnic, religious, or other groups of people.
Omidyar Network does not support digital ID systems that exclude, discriminate, or are designed for surveillance purposes. Nor do we endorse ID systems that put identity data at risk of abuse. We believe these choices erode people’s trust and sacrifice the most empowering benefits of digital identity and of individual liberty.
Using tools like Ethical OS to forecast the potential future uses of an identity-related service or product and the impact it could have on individuals and society is another way to measure the delta between today’s policies, technologies, and practices and the aspirational Good ID.
Other Routes Toward Measuring Good ID
Consumer Reports, Disconnect, The Cyber International Testing Lab, and ID2020 are all experimenting with technical requirements and certification marks to help decision makers identify trust-worthy, privacy-enhancing, and secure technologies. We look forward to learning from The Digital Standard and other programs.
We also would love to build on the work of Ranking Digital Rights that looks into the ways companies are addressing privacy, security, expression, and governance. Our partnership with the World Bank Group’s ID4D program has also produced key insights for the sector, such as information on each country’s digital identity system, the cost of providing digital identity, and data on the world’s progress toward providing “identity for all” — all of which can be incorporated into a future measurement mechanism. And our three-year collaboration with the World Economic Forum and its members also aim to provide more multi-sector conversations on this open question.
Alongside these active collaborations, we invite others to help think through the best measurement approach, incentives, and governance ecosystem to help ensure all digital ID is Good ID. How would you propose to measure Good ID?
Admittedly, Good ID is still difficult to find today. Embedding privacy, inclusion, user value, user control, and security into every digital identity system is an ambitious task. Keeping them safe from surveillance is an even bigger one. We know that Good ID won’t become the norm overnight. Tensions and trade-offs are deeply embedded in achieving the vision. And yet, we know we can make progress, and that we must.
As we grow our involvement and learn more about digital identity, we will continue to invest in companies that empower individuals with privacy-enhancing technologies. We will also build knowledge on how to increase the prevalence of Good ID. And we will call for better standards as well as more transparency, accountability, and debate. We think it’s realistic to achieve Good ID — if we are collectively ambitious and work together.
Please help unlock the full potential of Good ID by sharing your learning, viewpoints, projects, events, and other resources on the Good ID online platform — www.good-id.org and @GoodID.