Digital identity service could be used from birth to create lifetime records for every Scot

A proposed digital identity service could be used from birth to create a lifetime record of data for every citizen, according to a new report.

Electronic copies of every record about a citizen – including their birth certificates and exam results – could be pegged to a set of ‘verified attributes’ that follow them from cradle to grave.

The potentially transformative project would involve a whole public sector approach to data – and a previously unparalleled effort and willingness to share information – that could unlock vast benefits to Scotland’s aims of inclusive economic growth.

The details were revealed in a series of reports produced by Mydex, a Scottish community interest company that specialises in building digital passports that help individuals move seamlessly between websites and online services without having to log on with new passwords and inputs each time.

The Scottish Government ran a prototype of a ‘verified attributes’ personal data store – which enables individuals to securely access and build a set of their own credentials – on the Mydex platform earlier this year. It has revealed details of that work in a blog post with links to the prototype work and also a proposed ‘smart entitlements’ strategy that aims to build a case for the public sector in Scotland to adopt such a radial new approach. The prototype work involved Mydex building an attribute store for the YoungScot National Entitlement Card, to aid the application for a bank account, and speeding up the application process for the Independent Living Fund. A third party, Okta, was used to create a multi-factor authentication (MFA) process in order to protect the security and privacy of the users.

In the blog post the prototype, the author explains, “gave us confidence that users broadly understood that the concept of a credential that was reusable across services. Users were also familiar with 2-factor authentication e.g. via SMS; and there was support for creating and using an attribute store.“

In the attached smart entitlements report, the benefits of using such “infrastructure and processes proposed in this report could have significance for Scotland’s digital economy as far-reaching as those that the introduction of the mass production moving assembly had for the industrial age“. It adds: “The ‘Smart Entitlement’ Concept tackles these structural and processes issues at source. Under the proposed system service providers a) mint secure electronic tokens 1 that verify facts about citizens (such as proofs of address, age, disability or educational qualification), b) provide these tokens to citizens to be held safely in the citizen’s own attribute/personal data store, so that c) citizens can share these tokens with other service providers, under their control, as and when they are needed. Our key finding is that this is doable, at low cost and risk, now, by Scottish Government, using what already exists, without having to ask permission from or being dependent on anyone else.”

It describes the way that systems public and third sectors currently rely on as “cumbersome, costly and inefficient, often resulting in poor experiences for service users including delayed access to the services they need.”

Under the proposals contained in both documents, the proposed strategy is described as being “doable now in Scotland at very low cost, using systems and assets that have already been built, in ways that do not require large scale and risky changes for existing systems.”

Although termed Digital Identity Scotland, the documents make clear that proof of identity is just one part of the process of creating something of value to citizens and service providers across the public sector; by creating verified attributes for citizens, which can be added to by service providers, it builds up a far broader set of information about people, which can then be used as the basis for the ‘smart entitlements’ which can eliminate the bureaucratic process of having to fill in forms time and time again. Such an advance would avoid people going through current processes which were described as “frustrating, stressful and humiliating, often breeding a sense of helplessness”.

The report said: “Having the information they need at their fingertips and being able to use this information without having to jump through multiple hoops will provide them with a sense of agency and empowerment, building personal confidence and wellbeing while reassuring them that their needs are being understood and met, thus increasing their satisfaction with public services.”

The report acknowledged several hurdles that need to be overcome such as communication with users, who may not be aware of the benefits of such a service, and government reticence around potentially enormous ICT projects, adding: “Big change-everything all-at-once system-wide initiatives have a strong tendency to eat up huge amounts of time, money and energy and fail anyway. The recommended strategy is to build the generation and use of verified attributes into the way existing systems already work, in ways that generate close to zero risk and require minimal changes to current ways of working – but which increasingly embed the new approach into how the system as a whole works, building momentum incrementally over time until it becomes the ‘new normal’. A simple example is that idea of minting digital copies of birth certificates during the certificate creation process, and placing them into the child’s attribute store at this point so that from now on, new attributes can be easily added as the child grows up.”

The Digital Identity Scotland programme is taking the learnings from the prototype and the Mydex contribution towards the next Beta phase of project development; an industry engagement was hosted this week towards that goal.