Creating a good ID system presents risks and challenges, but there are common success factors

Building an ID system that meets developmental goals is a multifaceted challenge in any context, including mitigating potential risks to privacy and inclusivity, as well as system sustainability. In addition, developing countries face a unique set of challenges to implementing ID systems, particularly when digital. However, while no system is perfect, global experiences have also shown that there are common success factors that can help overcome these risks and challenges.

Risks of ID systems

The experiences of a broad range of countries at varying levels of development highlight four main risks to implementing new or upgraded ID systems:

  • Exclusion. In contexts where people were previously able to prove their identities through alternate or informal means, the formalization of a new ID system and the tightening of identification requirements—e.g., making access to social programs or voting conditional on a particular ID—risks further marginalizing vulnerable people who may not be covered by the system. Likewise, the failure of—or biases in—ID systems (e.g., failure of biometric authentication mechanisms, collecting data that is difficult for some people to provide, poor data quality, etc.) can lead to the exclusion of people from the ID system or accessing related services. Establishing a pro-developmental ID system therefore requires an exclusion risk assessment and explicit strategies to ensure access to identification for all, with particular attention to groups that are at higher risk of exclusion, such as remote and rural residents, the forcibly displaced, ethnic and linguistic minorities, people with disabilities, marginalized women and girls, and those with low connectivity or technical literacy. As part of the planning process, decision makers should also carefully consider the exclusion risks of formalizing or increasing identification/authentication requirements for different transactions.

  • Privacy and security violations. Inherent in the capture, storage, and use of sensitive personal data are risks associated with privacy violations, data theft and misuse, identity fraud, and discrimination. The emergence of new technologies and the increased collection and use of personal data by state and non-state actors compounds these concerns and brings new threats from cybercrime and cyberattacks. ID systems therefore require strong legal and regulatory frameworks and a privacy-and-security-by-design approach to mitigate these risks and ensure data protection and user control. Cybersecurity of the system within a secure environment should be part of the a priori design. Furthermore, an assessment of risks to privacy and security should be incorporated into the planning process (e.g. a Data Protection Impact Assessment, cybersecurity penetration tests and audits) and continuously through the implementation of an ID system.

  • Vendor or technology lock-in. Dependency on a specific technology or vendor can result in “lock-in” and/or dependency, increasing costs and reducing flexibility of the system to meet a country’s needs as they develop. This can occur, for example, through the adoption of a technology for which a limited number of suppliers are available, or contractual provisions in supply contracts or licensing agreements (e.g., for software) that restrict changes in technologies or vendors over time or may limit data ownership and access. Another cause of vendor dependency is when a vendor does not transfer knowledge or capacity to the government, which is a higher risk in poorly-designs public-private partnership and build-operate-transfer models. The risk of vendor and technology lock-in can be partially mitigated by the adoption of open, international standards and strong procurement practices that minimize unnecessary constraints in the choice of technology or supplier over unnecessarily long periods of time.

  • Unsuitable or unsustainable technology and design choices. In many cases, countries have adopted high-cost systems that have failed to achieve development goals because they were unsuitable for the context or unsustainable in the medium or long term. For example, many countries have rolled out expensive multi-purpose smartcards for their national ID systems without relevant use cases or institutional structures to leverage this technology. Ensuring that systems provide a good return on investment and are sustainable over time requires a detailed appraisal of local context and capacity and robust procurement guidelines. Policymakers can also explore various models through which ID systems may produce cost savings for governments, as well as partnerships with the private sector that may reduce upfront costs. For example, linking an ID system with a strong CR system reduces the need for expensive, ad-hoc mass registration drives to update data. To anticipate and control costs, a cost-benefit analysis of the system design should be completed during the planning process.

Challenges specific to low- and middle-income countries

In addition to these universal risks, many low- and middle-income countries face an additional set of challenges when implementing ID systems:

  • Weak civil registration systems. Both CR and ID systems are crucial to ensuring legal identity for all (SDG 16.9) throughout a person’s lifetime. In much of the developed world, ID systems are based on strong CR systems that have provided universal or near-universal coverage of life events, including births, marriages, and deaths (with certified medical causes) for generations. In many developing countries, however, CR systems have historically been weak. For example, approximately 60 percent of children under five-years old living in the least developed countries have never had their births registered (UNICEF 2017), while death registration rates are even lower. This can complicate the identity proofing process for ID systems—i.e., people may have no or only low-quality documentation of who they are, especially when a birth certificate is a requirement—and makes it difficult to automatically retire identities after a person has died.

  • Limited connectivity and other infrastructure. In many countries, rural and remote areas lack reliable mobile and internet connectivity. This can create difficulties when implementing digital ID systems that require power and connectivity during enrollment (e.g., for data transfer or duplicate biometric enrollment check) and for authentication. Furthermore, core ICT infrastructure, such as secure data centers, may not exist. In addition, the general lack of infrastructure such as reliable roads in rural areas and regions with difficult terrain make certain households difficult to reach and can increase the time and cost of enrollment. If these issues are not addressed through technology choices and outreach, ID systems are likely to be exclusionary in low connectivity areas.

  • Lower literacy levels. In low and middle-income countries, significant portions of the population may have lower literacy levels, both in terms of reading ability and the use of digital technology. This may translate into difficulties with enrollment, as well as the use of these systems for segments of the population who are likely to be among the most vulnerable. It also has implications for people’s ability to provide informed consent to the collection and use of their data. As with low connectivity, illiteracy rates should be reflected in system design and implementation to minimize the potential for exclusion.

  • Lower government capacity and/or trust. In certain countries, governments may have limited fiscal, technological, and administrative capacity to implement and/or regulate ID systems. Political instability and violent conflict may create or compound these difficulties in certain geographic areas or country-wide. In addition, past negative experiences may reduce people’s confidence in the government and its ability to responsibly use and/or protect their personal data. While identity documents have been highly politicized in many countries—e.g., because of their link to certain rights such as voting—this may be exacerbated in contexts where the distribution of IDs can be more easily manipulated for political gain.

  • Poor procurement. Low- and middle-income countries may have weak capacity and institutions to handle procurement and vendor contract management for an ID system, which is complex because of the wide-range of technologies available and different types of procurement that need to be completed. Further exacerbating this challenge are the tight deadlines that governments often impose for the introduction of an ID system, which puts pressure on agencies to reduce their planning time. The consequences of poor procurement processes and vendor contract management include failed procurements, delays (e.g. because of appeals), and vendor and technology lock-in.

  • Insufficient national cybersecurity capacity. Low- and middle-income countries often have capacity gaps in their central cybersecurity agencies, which are needed to build a secure enabling environment for digital ID systems. Gaps can take the form of insufficient threat intelligence, breach monitoring and emergency response, sub-optimal hardware or software platforms, too few or insufficiently skilled cybersecurity analysts, weak cybercrime and cybersecurity legislation and weak cyber prosecution. The capacity of the central cybersecurity agency needs to be assessed for its ability to adequately support digital ID projects.

Success factors

Addressing these risks and challenges requires thoughtful design and thorough planning, along with sufficient technical, political, and financial resources. In addition, it requires the following factors, which are critical for successful ID systems:

  • Outcome and context-based design. Key decisions regarding the design, rollout, and use of ID systems should be driven by the context, national goals, and people-centered perspectives, rather than by the technology itself. Technology choices should be based on a thorough analysis of the country’s constraints and a clear understanding of how the system—including databases, credentials, etc.—will be used what its primary applications will be (e.g. improve targeting of social protection programs, improving financial inclusion, etc.). Practitioners must look beyond mass registration—which is only an input into an ID system—when they are designing an ID system and pay sufficient attention to its authentication functions and other uses, as this is what will drive the impact of an ID system. Section II of this Guide is designed to help practitioners walk through this design process.

  • Coordinated governance and sustained political commitment. ID projects and systems are ambitious and involve and extremely high number of actors and stakeholders, including ministries, levels of government, private companies, and international organizations, civil society organizations, and more. Few projects touch every single person in a country like the introduction of a foundational ID system. For ID projects to succeed, they therefore require a high level of political commitment, a “whole of government approach,” and coordination to ensure a shared vision and a system that is useful to a variety of stakeholders. In addition, ID providing agencies require clear institutional and operational mandates and governance structures that provide enough capacity and resources to manage identification in the long-run.

  • Strong legal, regulatory, and operational frameworks. ID systems require an enabling environment that adequately protects individual data and rights, minimizes security risks, provides clear operational mandates and accountability, and ensures equality of access to identity documents and services. This includes primary and secondary legislation as well as internal operational guidelines, which should be updated to provide a holistic view of the collection, use, and management of personal data throughout the identity lifecycle, and is fit-for-purpose for the digital age.

  • A “privacy-and-security-by-design” approach. Privacy and security should be built into the enabling environment and the functional and technical design of ID systems from the beginning—rather than as an afterthought. This includes adopting state-of-the-art legal, management, operational, and technical controls to ensure the protection of personal data from misuse, unauthorized disclosure, security breaches including cyberthreats and cyberattacks, and function creep. In addition, it includes building mechanisms to ensure user consent, control, and oversight of personal data.

  • Specific strategies and efforts to reduce the risk of exclusion during enrollment and authentication. To ensure universal access to ID systems, practitioners must adopt a deliberate, ongoing strategy to ensure that no one is left behind. This may include updating laws and procedures to remove discriminatory measures, outreach efforts to specific groups that face higher barriers to obtaining ID or have concerns, exception-handling policies and procedures for those without ID that prevent exclusion to basic rights and services, and minimizing data collection and documentation requirements for registration.

  • Public engagement and consultation. People are the subject and primary end-users of ID systems, yet these projects are often designed with little input from those they are designed to serve. Consultation during the planning phase and throughout implementation is crucial for understanding and mitigating barriers to access and designing ID systems that are user friendly and solve real problems. Conducting qualitative end-user research can help improve the design of ID systems from the perspectives of people (i.e. a bottom up rather than top down approach). Furthermore, intensive information campaigns are necessary to educate the public about registration, and—along with easily-accessible grievance redress mechanisms—are vital for reducing exclusion and improving trust in the system.

  • A holistic approach to CR and ID. In order to (1) provide legal identity for all (SDG 16.9), (2) fulfill obligations for the continuous, permanent, compulsory and universal recording of vital events, and (3) ensure the accuracy and integrity of identity data overtime, countries should adopt a coordinated approach to simultaneously strengthen CR and ID systems and the linkages between these systems. In addition to independently investing in strengthening both systems, this could include interoperability and interfaces that allow for data exchange and/or queries, the assignment of a unique identity at birth from the ID system and through the CR system, and/or shared infrastructure and/or administration. Like any data exchanges between information systems, the linkages between CR and ID systems should be governed by relevant data protection laws and regulations. For example, a CR system collects more data for its statistical functions than are needed for identification, and thus only a limited amount of data needs to be shared.

  • Use of international standards. Standards establish universally understood and consistent interchange protocols, testing regimes, quality measures, and good practices with regard to the capture, storage, transmission, and use of identity data, as well as the format and features of identity credentials and authentication protocols. They are therefore crucial at each stage of the identity lifecycle, and help ensure that the building blocks of identity systems are interoperable and can meet desired performance targets. Furthermore, the use of international standards can help prevent vendor and technology lock-in by enabling the system to change its technology (e.g. ensuring data can be migrated and is compatible with different software), which is a key ingredient for operational and financial sustainability.

The ultimate purpose of this Guide is to help countries capitalize on these success factors and design successful ID systems that avoid the pitfalls described above.

Box 3. Additional ID4D publications

For more background on the potential developmental impact of ID, see the following publications (available under Research on the ID4D website and described in Section IV of this Guide):