The World Bank and its partners claim that “investing in digital ID systems is paving the road to an equitable digital future.” But instead “they may well be paving a digital road to hell.”
Governments around the world are quickly but quietly designing, assembling and piloting digital identity systems, often with biometric components. They include the European Union, which itself comprises 27 member countries, the UK, Australia, Canada and dozens of countries in Africa, Asia and Latin America. The spread of these systems across the Global South is being spurred by a new development consensus that asserts that digital identification can foster inclusive and sustainable development and is a prerequisite for the realization of human rights.
As the World Bank noted in 2017, over 1.1 billion people in the world are unable to prove their identity and therefore lack access to vital services including healthcare, social protection, education and finance. Most live in Africa and Asia and more than a third of them are children. In an ostensible bid to address this problem, the World Bank launched the Identification for Development (ID4D) program in 2014 with “catalytic contributions” from the Bill & Melinda Gates Foundation as well as the governments of the UK, France, Norway and the Omidyar Network.
A Dangerous New Road
The program provides loans to help countries in the Global South “realize the transformational potential of digital identity,” and has been rolled out in dozens of countries, mainly in Africa but also in Asia and Latin America. The program is wrapped up in cosy buzz words such as “digital development” and “financial inclusion”, but it has led to the promotion of a dangerous new approach to digital identity systems. That’s the damning conclusion of a new 100-page study by the NYU School of Law’s Center for Human Rights and Global Justice (CHRGJ), titled Paving the Digital Road to Hell: A Primer on the Role of the World Bank and Global Networks in Promoting Digital ID:
Through the embrace of digital technologies, the World Bank and a broader global
network of actors has been promoting a new paradigm for ID systems that prioritizes what
we refer to as ‘economic identity.’ These systems focus on fueling digital transactions and
transforming individuals into traceable data. They often ignore the ability of identification
systems to recognize not only that an individual is unique, but that they have a legal status
with associated rights.
Still, proponents have cloaked this new paradigm in the language of human rights and inclusion, arguing that such systems will help to achieve multiple Sustainable Development Goals. Like physical roads, national digital identification systems with biometric components (digital ID systems) are presented as the public infrastructure
of the digital future…
The problem, notes the paper, is that this emerging infrastructure has “been linked to severe and large-scale human rights violations in a range of countries around the world, affecting social, civil, and political rights.” What’s more, the benefits remain “ill-defined and poorly documented”:
Those who stand to benefit the most may not be those “left behind,” but a small group of companies and security-minded governments. The World Bank and the network argue that investing in digital ID systems is paving the road to an equitable digital future. But, despite undoubted good intentions on the part of some, they may well be paving a digital road to hell.
Three Core Functions of Digital ID
The report identifies three core functions of digital identity: identification (“the process of establishing the identity of an individual”); authentication (“the process of asserting an identity previously established during identification”) and lastly, authorization (“the process of determining which actions may be performed or services accessed on the basis of asserted and authenticated identity”).
The report’s authors are well positioned to comment on digital identity programs having participated in global policy discussions around digital ID, including in public consultations and events with the World Bank and its ID4D Initiative as well as with other international organizations, governments, foundations, and private technology vendors. The project team members have jointly organized workshops with civil society organizations (CSOs) to discuss the impact of digital ID systems on human rights across the African continent. They have also taught on the subject in law school courses as well as partnered with national human rights organizations to research specific digital ID systems.
Digital identity programs have the potential to impact a cross-section of basic human rights including the right to food, the right to health, the right to privacy and data protection, the right to equal treatment and protection from discrimination, the right to dignity, the right to free expression and association, the right to education, the right to freedom of movement and the right to housing. Based on their research, the CHRGJ’s project team lists a litany of ways in which digital ID systems can infringe on basic human rights:
One thing is clear about digital ID systems: they can lead to serious human rights
problems and are prone to implementation failure. Even those promoting the identification for development agenda acknowledge these significant risks. However, the gathering of evidence and monitoring of human rights impacts remains sorely lacking. Documenting these impacts has often fallen to activists, journalists, and researchers—including our own project.
In India, the significant impacts of Aadhaar on people living in poverty only became
known through the efforts of scholars, journalists, and civil society organizations. This
patchwork of evidence has shown that digital ID systems can lead to a wide range of urgent human rights issues, including but not limited to: the violation of the right to nationality; limiting access to health care, food, and social security; a multitude of concerns about privacy and data protection, surveillance, and cybersecurity; and fundamental changes to models of democracy, participation, and citizen-state relationships. The human rights consequences can be severe and irreversible. In India, for instance, exclusion from the Aadhaar system has resulted in numerous starvation deaths and countless other examples of deprivation, exclusion, and harm.
Some of these negative impacts are not necessarily linked to the digital aspects of
such systems, but instead are manifestations of underlying dynamics of social exclusion,
economic inequality, and marginalization. Any form of identification system has the
potential to be used in beneficial and harmful ways. Digitalized identification systems may
alter or augment these effects and can also reverse hard-won progress on human rights.
Still other negative impacts appear to result directly from the introduction of new digital
technologies and new forms of ID system design and implementation. This includes the use of digitized biometrics, as well as the concentration or centralization of data to be used in platforms for public and private use. At the most basic level, for instance, the widespread use of biometrics creates new dependencies on Information and Communications Technology (ICT) and electrical infrastructures, which may often be lacking.
Many new or upgraded digital systems are also designed in ways that encourage function creep, as they are intended to be used for multiple purposes that are unforeseen when the system is first designed. This means that harm can quickly spread and intensify, as digital ID systems become insurmountable barriers to a wide range of services and rights.
We saw a perfect example of this in action a couple of weeks ago when local authorities in Central China used the country’s COVID-19 health app to prevent account holders from seeking access to funds that had been frozen by their banks. According to Asia Times, more than 400,000 depositors of six rural banks in Henan Province have been unable to withdraw their money since April. Yet when some of those depositors tried to travel to the banks’ headquarters on Monday 12 to take part in protests, they suddenly found that the health code on their app had turned red, making them ineligible for travel.
As I warn in my book, Scanned: Why Vaccine Passports and Digital Identity Will Mean the End of Privacy and Personal Freedom, once vaccine passport and digital identity systems are established, mission creep is all but guaranteed:
One of the companies involved in the development of the UK’s COVID-19 vaccine passport, the US IT firm Entrust, said that the vaccine passport could also be “redeployed” as a nation ID card. This is despite the fact that a previous digital ID card scheme was scrapped in 2011 following a public outcry against the intrusion and potential for human rights violations it would entail.
In a blog written shortly before Entrust was awarded a £250,000 contract in May 2021 to provide the cloud software for the UK’s vaccine certification, the company’s product marketing manager Jenn Markey noted that:
Vaccine credentials can become part of the infrastructure of the new normal… Why not redeploy this effort into a national citizen ID program that can be used for multiple purposes, including the secure delivery of government services, secure cross-border travel and documentation of vaccination?
Since the publication of Scanned, in mid-March, the UK government has unveiled a plan for a national digital identity scheme, which will include some of the features proposed by Entrust.
The Global ID Network
The World Bank is, of course, just one of many organizations promoting digital identity as a development tool. But it has played a crucial role by “manufacturing consensus in the newly framed field of ‘identification for development” as well as serving as a conduit for financing the projects. As the report points out, it has carved out a niche for itself as a central node in what CHRGI describes as an emerging “network” of global actors promoting a new paradigm for digital ID systems.
The network includes donor governments such as the United Kingdom, the United States, Germany, Australia, Israel and France; global foundations like the Bill & Melinda Gates Foundation (BMGF) and Omidyar Network; governments whose digital ID systems have been promoted as success stories, such as Estonia, India, Peru, and Pakistan; UN agencies; regional development banks, including the Asian Development Bank and the Inter-American Development Bank; private biometrics corporations such as Idemia, Thales, and Gemalto; card companies like MasterCard; new networks such as the Global System for Mobile Communications Association (GSMA) and ID4Africa; and other global organizations.
All of these actors are guided by different interests and hold different perspectives on how best to implement digital ID systems. For example, new digital initiatives have served as “lucrative sites for international firms’ profits, and also, notoriously, for the extraction of rents by local decision-makers.” Local governments on the receiving end of ID4D funds also get to build and reap the benefits of a much more efficient system of population control. The report notes that a key guiding motivation is often national security and counter-terrorism, “as embodied by 2017 UN Security Council Resolution 2396, which called on Member States to collect biometric data to identify terrorists.”
For donor governments in the North such as France, Germany and the UK, foundational digital identity programs in Africa offer the possibility of more effectively curbing and controling inward migration and bolstering security efforts while also opening new markets for corporate constituents, including biometrics companies. Indeed, as the report notes, “national embassies have played a role in helping to secure contracts for biometrics companies.”
An “Economic” or “Transactional” Approach to Identity
The ID4D network insists that digital identity is helping to improve lives in developing and emerging economies, but such claims seem to be based on flimsy evidence. They include a regularly cited assertion that the “Aadhaar unique identification system in India generated over $11 billion dollars in potential savings.” According to “knowledgeable observers” consulted by CHRGJ, serious problems exist not only with the “specific methodologies used by the Bank, but also the persistent lack of investment in quality impact evaluations, particularly for multisectoral work, and the lack of robust cost-benefit analyses.”
An even more serious problem is the World Bank and its partners’ dogged insistence on an “economic” or “transactional” approach to identity. The goal, according to CHRGJ, is to achieve a “collective paradigmatic shift” by pouring investments into new forms of systems at the expense of more traditional approaches such as civil registration and vital statistics (CRVS), which have been the preferred way of providing rights-based legal identity:
“Instead of providing a birth certificate, these new systems will help to create “digital public infrastructure” as part of a “digital stack” to “enable paperless, cashless, remote, and data-empowered transactions”…
These systems seem attractive because the question of who is granted citizenship and accompanying rights is made downstream from the identification system. This differs from birth registration, where according to human rights frameworks, nationality should be determined as close to birth as possible. The Bank, however, has a long and complicated relationship to politics and human rights, and seems more comfortable keeping such concerns at arms length. A model in which the government is perceived as
merely building the “digital public infrastructure” on top of which private enterprise can
flourish, also seems to align with long-held neoliberal preferences at the Bank about the
role of government vis-à-vis the private sector. Therefore, the focus on foundational ID
fits well within existing Bank policies.
Significant evidence has shown that there are many problems with this model. The economic approach to identity may lead to new forms of coercion and exploitation of
poor populations and their data by the public and private sector—as critics of the Aadhaar
system have pointed out…
Meanwhile, governments in the Global South are taking on large debts and spending millions in public funds on contracts with private vendors to build biometric systems that can all too easily become systems of exclusion, surveillance, and repression. The Bank takes great pains to state that biometrics are not required. But by emphasizing their benefits throughout its documentation, the ID4D Initiative has helped to normalize the extensive use of biometrics in digital ID systems.
“Paving a Digital Road to Hell” is a document not just intended as a primer on the risks posed by digital ID systems and their promotion by the World Bank and the network. It is meant as a “call to action” to the global human rights ecosystem — including human rights organizations and other civil society organizations, experts, and activists.
Digital ID systems will, in many ways, determine the shape and form of digital governments and societies of the future. These are not marginal issues that should only be discussed and contested by those with technical expertise on biometrics or database design, but fundamental concerns that should be on the agenda of any individual or institution working on human rights and development…
Given the severity of the actual and potential human rights violations arising from this model of digital ID, we are not merely sounding the alarm, but also reflecting on what can be done.
CHRGJ proposes a range of actions for tackling the threats and risks posed by digital ID programs, including slowing down processes so that more care is taken; making discussions around digital ID systems more public; and building a broad coalition of diverse actors who have an interest in a human-rights focused society — “which may mean not having a single national digital ID system at all.”
This is already affecting us in the US. I applied for unemployment last year after being laid off and my state required me to complete a detailed, invasive identification process with a private system called id.me that was shoddy and failure prone. Being digitally savvy I was able to finally navigate it. Very difficult for anyone who isn’t. The irony is I still had to contact my state assembly person to get an actual person to call me from the DOL and fully complete my application as the state website itself wouldn’t let me due to a consolidation among different state agencies that used to have their own logins, thus leaving me with two logins that confused the unified system. There are no longer offices available to file in person. This kafkaesque hell is in store for all of us if this garbage continues.
Having tech-ignorant govt apparatchiks implementing policy for our techno-utopian future is akin to dreaming of downloading our consciousness into a computer and robots saving us. The delusion is strong with these people. Biometrics themselves are a disaster waiting to happen. Imagine: a password you can never change no matter how many times its hacked. The nightmare of the future, today!
In the movie version of Minority Report featuring Tom Cruise, people can defeat the omnipresent biometric surveillance through the drastic method of somehow getting hold of a freshly harvested set of eyeballs and replacing one’s own irises via a back-alley transplant operation. In the movie people can soon enough expect 100% recovery of eyesight after this move. I hardly think that is even remotely possible in reality, but who knows?
Never discard Hollywood’s role in priming “captured imaginations” into believing what would otherwise be unbelievable…a seemingly fully integrated propaganda system with an apparent purpose of eradicating critical thinking…not just “manufacturing consent” (of the governed) but misdirecting dissent as expressions of legitimate grievances…
Ignorance is not “bliss” and naiveté is not a virtue. In the phantasmagorical world of virtual “reality” the grass isn’t always greener or even green, if the esoterically initiated “wiz behind the curtain” can change it on a whim. Caveat emptor still relevant…
Yes, it’s being rolled out now in some states for drivers licenses or to access state benefits. It was sold to the states as modern, efficient, secure (right), labor saving (for the states), etc etc.
From Arizona (Mobile ID):
Slowly, slowly, one harmless seeming thing at a time…
To misquote Carl Sandburg:
‘The control grid comes on little cat feet. It sits looking over harbor and city on silent haunches and then moves on.’
Yes..we had issues with id.me as well…We tried multiple times and had different issues each time and were never able to get help. Luckily CA still allows you to file with paper forms ( 14 pages), but you have to search for a while to find it and print out the forms. It allowed usto have a check sent to us bi weekly. Each check you get included a simple 1 page form to certify the previous 2 weeks and return by mail. Once we did the paperwork, everything was smooth.
My dad often preached, “Keep good records, paper records.” I guess he was right.
I’m with your Dad. Paper records can be physically copied and attested to, ie. Notarized. Thus, multiple copies can insure the continuance of the information under even catastrophic conditions. Electronic anything is at the mercy of magnetic fields. I wonder, how does a fully electronic data system survive a Continental EMP, or a Neo Carrington Event?
Secondly, electronic ‘records’ are at the mercy of the custodians of said records. Paper is the servant of the posessor. The individual generally can obtain personal copies of all important records.
Yes, anything can be destroyed; but electronica can be erased so easily.
Authoritarian systems exhibit a control method called the ‘Non Person Status.’ Electronica just makes it so easy, it is begging to be abused.
Yep. Seeing how the Mortgage Electronic Registration System (MERS) enable so many fraudulent foreclosures on mortgages during the GFC, I am more that just a little dubious (understatement) of electronic digital “proofs” of anything.
ambrit – There’s also the problem of storage continuity, especially for individuals.
Seen any floppy disk drives lately?
I can’t imagine how much interesting stuff I’ve lost over the years because I didn’t transfer it before the storage technology was outdated and no longer available. Fortunately, due to my old school instincts, all of my important stuff is on paper, with copies on electronic media as needed.
Y’all stay healthy and safe.
Enthusiasts are keeping them alive, for now. You can still get a 3.5″ floppy drive with a USB connection. A 2.25″ is a bit more complicated though, and never mind those early 8″.
Another story is optical media. Thankfully a blu-ray drive can still read CD and DVD last i checked. But the problem is that he discs themselves can rot and delaminate.
EMP cages and overvoltage protection on the cables, i suspect.
Frankly digital records are more at risk from careless admins than freak “natural” events.
I find the juxtaposition of an article on a global digital id system with one citing an increase in solar activity, albeit primarily as it may affect satellites, in today’s links interesting.
I doubt there is much speculation within the digital peanut gallery of what the effects of a Carrington like event might mean for a digital world.
Agreed. I think there is a huge amount of ignorance out there. And for those who aren’t ignorant, it is an inconvenience which is swept under the carpet. I’ve rarely seen this issue discussed. As far as I can remember, I’ve only ever seen it raised by commenters here at NC.
You beat me to it. That and/or a nuke over the data farm in Utah.
Been pondering this more and more of late, as more and more services are moved online. In particular when recently the government pushed through a KYC law, and many had trouble find a bank office to visit in order to ID themselves.
Thanks very much for this post. Glad people are taking notice of this digital “iron curtain” being constructed – “for our own good”, of course. / …
Well, this cheerful news deserves a song. Cue up the AC/DC in 3,2,1!
Thanks Slim. I needed that. :) Before their time…
Yet another band that was the result of the post war economic mess that was “Great” Britain.
I can’t shake the feel that the current age is not providing anything similar to this. It seems to be mostly escapist/nihilist memes and nostalgia tripping via recreation of game/movie synth music.
Not to be snarky but I wonder about all these Human Rights. I see that Norway was involved in developing the list. Freedom of movement, freedom of expression, rights Norway has denied it’s own citizens. Examples:
1. Freedom of movement: when Covid hit in March. 2020, cabin owners wanted to move to them to escape the Pandemic. The cabin municipalities ( as in 3000 inhabitants, 5000 cabins) denied them for fear of their health services would be overwhelmed.
2. Freedom of expression: your fifteen year old son visits a suspected site ( always Right Wing) under surveillance and gets a visit from the police as a “preventative visit.”
3. Freedom of expression: a young mother goes out in the media advocating for liberalization of drug laws. Gets a visit from police and has to submit to urine test (negative) and then a visit from Child Protection. Another mother, same situation, is told by Child Protection to go to drug treatment even though she tests negative.
Digital ID- spent an hour on hold today waiting to reactivate my Mobil-ID, (got a new phone) which without I’m basically screwed.
Reading the phrase “global human rights ecosystem” makes my skin crawl almost as much as “global digital biometric ID”.
I’m as opposed to Orwellian techno-surveillance as anyone, but what really struck me was the last sentence of the article:
“CHRGJ proposes a range of actions for tackling the threats and risks posed by digital ID programs, including slowing down processes so that more care is taken; making discussions around digital ID systems more public; and building a broad coalition of diverse actors who have an interest in a human-rights focused society…”
Which means in essence more influence and money for human rights NGOs like them. Who’s going to take part in “discussions?” What is this coalition of “diverse actors?” And where is all this supposed to lead, actually? It’s accepted, I think, that such language is an entry mechanism for privileged middle-class dominated NGOs to attract publicity and funding.
Part of the problem, no doubt, is Anglo-Saxon resistance to the idea of identity documents, which are taken for granted in most of the world. In France, for example, every body has a national ID card, if they are a citizen, or a Carte de séjour if they are not. This card is accepted automatically everywhere as proof of identity, it acts as a passport between EU nations and enables you to write cheques in shops and access any government service. On the other hand, in spite of the myths, you aren’t asked for it by the Police in the street, and indeed many people don’t bother to carry it with them. Recently, the government has introduced a service called FranceConnect, which enables you to use a single login and password on any government site (there are thirty or forty, I think). You register one name and password (for the revenue services for example) and you can access any site. Now, there is a digital ID which enables French citizens to access many of these sites automatically.
So there’s the baby and there’s the bathwater.
The US has something which is domestically somewhat similar called the Social Security Number (SSN), required for employment (tax), drivers licenses, claims for state benefits, and credit card and credit issuance. The SSN is not, however, a digital id – something needed to roll out a central bank digital currency (cbdc) with all that entails. The seemingly harmless use of digital id (provided by global corporations) for mundane domestic purposes may well be the camel’s nose under the tent, as the saying goes.
The Social Security Number was never intended to be used for identification. Unfortunately, it has morphed into that with many unintended and negative consequences. Any kind of national identification regime is fraught with peril. That should be well understood by all.
The Norwegian Personal ID number was implemented in 1964 (I didn’t live here then. Lived in USA.)
Without a Personal ID number one is essentially shut out of all public and many private services. Wouldn’t surprise me that you need one to busk.
There is also s social security number in France. It accompanies your working history and your HC history. Different from the ID David mentioned.
Spain is very much the same as David said about France. It is very rare but the police can ask for it (and of course not illegal not to carry it) typically to check if a drinker is above 18th. I know of a single case of a duplicate ID number in Spain that brought trouble to one of the owners because the second owner was a dangerous ex-convict felon.
Here nobody complains with ID cards, except i guess one of the pair mentioned above.
adding: I do disagree with your anti-Anglo Saxon angle as a valid argument wrt CBDC’s many questionable issues. / ;)
Sounds like the 21st century replacement for making people wear a gold star on their clothes and tattooing numbers on their chests
Those tattoos were on people’s arms,I saw quite a few of them growing up.
And IBM, was the company who helped in:
creating the categories of prisoners each part of the code represented,
making the corresponding cards to log records of official captures /intake
making the equipment to process the cardstock
We should always remember that big business will always see us as property. They just vie for “whose” property.
Effectively corporations are the new aristocracy, with the managerial class governing the “estates” on behalf of the absentee lords.
The Center for Global Development may be of interest to NYU in this connection, please see Biometrics – the tiger the Center for Global Development has caught by the tail (updated).