More and more we find that it’s not just technology that gets us where we need to be, but how we use that technology and the enabling factors surrounding it.
Cars are a perfect example. If we go back to the seventeen and eighteen hundreds to when the very first cars were built and we popped a Tesla in the mix and tried to drive from Manchester to London (a little over 200miles/320km), it’d be fairly useless, and we certainly wouldn’t be coming home. We’d be missing major infrastructure like suitable roads and charging stations, and there’d be humans walking in the street, and other obstacles that make it dangerous for everyone involved. It’s the same for so many other things we take for granted in life, like making phone calls, paying with a bank card, or reading this post. Each one of the devices we use for these activities, in itself, is an incredible piece of technology, but without laws, processes, and many, many partnerships, they’d each be utterly useless on their own.
It’s the same for mobile national digital identity. We often look to the method of authentication or digital signing as the main piece and the rest will fall into place. Maybe we even see it as “build it, and they will come”. Yes, many will understand there’s the secure app surrounding the cryptographic libraries, and there’s the servers and HSMs to store the core components, data, and keys. Others may shout “don’t forget integration with local PKI (public key infrastructure)”, pointing out integration with the Certificate Authority, Registration Authority, the CRL/OCSP, etc. (assuming they’re in place). But we can’t stop there.
Besides the infrastructure we must setup or integrate with, there’s also the need for laws and regulations that dictate things like, who can offer the service? Are the signatures legally binding? What data is stored, by who, and what can they do with it? There’s far more to consider on the legal side, but even once all that is decided, we have to offer a solution that is appealing to both the service providers and the citizens, so much so that they want to spend the time and money to get set up, this alone being one of the most difficult challenges to overcome.
Creating a service that everyone finds value in can’t be done in isolation. Back to the car analogy; we could be offered the most wonderful car on earth, that only cost €10 and lasts forever, but the roads are so poor that driving on them is unpleasant, uncomfortable, and bad for our back, or maybe there’s only one road, and it only goes to the shop I buy my Christmas decorations at. I won’t bother with the car. I’ll walk to the train station instead, and that one time each year I need a new decoration, I’ll cycle. It’s the same for digital identity solutions. If there aren’t good services to use it on, or if it only works for a few services I only use once or twice a year, I’ll save my time now, and continue doing things the way I’m used to doing them.
All of this is to say that creating a digital identity offering is not just down to the authentication and signing solution you put in the hands of the end-user. Much more needs to be considered to make your new service a success. While it might seem like I’m trying to talk you out of creating such a system, you’ll see from my other posts that once you have a successful offering up and running, the benefits are massive and endless, it just takes some good decisions and steering clear of underestimating the challenge.
Written by Maximiliaan van de Poll