For digital societies to function, personal identifiers are useful, if not unavoidable. Quite an array of public services rests on the premise of identitfication and authentication of the citizens – the quality of that process determines the quality of the services, in many cases. According to the World Atlas, there are currently 195 countries in the World. According to the data we have collected from the official sources and related Wikipedia articles, half of the countries have already implemented a kind of unique identifier for their citizens, residents, visitors or (why not the) e-residents. The names for the identifiers vary – depending on the country this attribute can be called Personal Identification Number or Citizen Number or Resident Registration Number or just Taxation ID. What will follow, is a short overview of the essence of personal identifiers and also the history of introducing these.
The whole history of introducing the personal identifiers can be divided into three waves. An important player during the first wave was Denmark that started the business as early as 1924. Initially the catalogues were kept on paper cards but during 1968-1972 Danish registry got computerised and became "complete" – every inhabitant was included since then. Sweden started issuing unique identifiers to the population in 1947.
A second wave of numbering started around 1980. SFR Yugoslavia introduced its JMBG in 1977 and many Eastern Bloc countries did follow the trend in 1980s. Estonia introduced unique personal identifiers in 1989. Currently we are observing a third wave and this is largely happening outside of Europe.
The key question of the third wave is - should the personal identifiers be private or not. Throughout the second wave they mostly were not - birthdays and genders were often encoded right into the identifier, and that is obviously not on par with today's privacy standards. Some countries have started to issue more private (e.g. random) identifiers (like LV from 2017). However, there is still no indication that the old revealing identifiers will be substituted fast ... that would violate the principle of uniqueness. We have even met a hypothesis that for small countries (like Estonia) privacy can have its natural limits, due to the simple fact that some identifiers can be naturally assumed by connecting with other people in real life and discerning their appearence.
Countries use different formats for their personal identifiers. An average length seems to be around 8-14 digits in most countries, San Marino has a five-digit SSN while China, Iraq and Mexico use 18 symbols for the purpose. Mexico has a clever mechanism to derive the identifier from a couple of first letters of the bearer's names. To avoid inappropriate words appearing through the abbreviation, Mexico uses a special catalogue to substitute these. There is a single country (UA) known to have a provision to opt out from the identification for religious grounds. Certain countries ( CH, UA have encoded their ISO 3166-1country code into the identifier to be better prepared for the internationalisation.
The most crucial aspect of any personal identifier is the question about it, what are the associated risks. The Constitutional Court of HU in 1991 decided that "general, uniform personal identification code [..] is unconstitutional.". The reason to such an assumption was the idea that people have no protection from crooked clerks enjoying to revel with peoples’ data.
While the data asymmetry between the State and citizen likely existed in nineties, the technology has matured since then. Estonian Personal Data Usage Monitor is a solution attached to the X-Road and offering citizens a comprehensive overview of how their personal data has been used by the government.
The perceived risk can differ depending on the culture, traditions and history of the country. There are countries with legal limitations towards the „general, uniform personal identification codes” - such as DE, UK, US, PT, HU, AU and SG .
Modern life is quite hard to imagine without some sort of digital identifiers, as so many services rely solely on the digital. Some privacy-sensitive countries (DE, AT have invented clever cryptographic schemes to further anonymise the persons. Still most of the sensitive countries have found a generic legal bypass to meet the challenges of a digital society. They use identifiers which are neither „generic” nor „public” - like Taxation ID.
That will lead us to an important topic about it, whether a personal identifier is to be public or secret or somewhat inbetween .
People can be instinctively afraid of public identifiers for the same reasons as regarding the passwords - these can be intercepted online to commit identity thefts. In fact, this is a situation where our intuition fools us . Because once the identifiers become public, they are not anymore usable for authentication. Public identifiers are safe for a reason - properly built systems offer no advantage for just knowing somebody’s identifier – we assume that modern systems require authentication, preferably by 2FA. Thus the problem will disappear as soon as identifiers become public and cease to be used for authentication.
The important decision – be the identifiers public or secret - must be regretfully made long before the IS design. Reversing the choice later will challenge the architecture of the data exchange systems. It is, again, the question of building a good foundation, as with any complex system.
Written by Anto Veldre