As the year 2022 came to a close, VP Bharrat Jagdeo announced that Government would soon be issuing new digital ID Cards with the assistance of Dubai technology company G-42. According to reports, “the ID Cards will have a secure chip which can store data, including blood type, date of birth, driver’s licence and taxpayer’s identification number.” As such, it will be integrated into the data banks of a host of our Government institutions, including the GRA. Eventually, Guyana would be sourcing e-passports, which can be used at our airports for paperless entry into the country. The UAE would be providing 90% of the funding, while Guyana would fund the remainder.
Government is accelerating its drive to bring Guyana into the culture of the globalised world, which has moved from analog to digital, and in which ease of information-sharing and trust in its veracity would be key constraints in development. India, with its 1.4 billion people, has a national identity system, Aadhaar, in which every resident has their own 12-digit Aadhaar number. It has become a single universal digital identity number that any registered entity can use to authenticate an Indian resident.
Our Government would have to enact legislation to define the parameters of the data stored in the cards, and how to access it.
In the EU, the “Electronic IDentification, Authentication and Trust Services” (eIDAS) regulation is designed to facilitate the use of identities created in one jurisdiction to conduct business and sign legal documents in another. Launched in 2014, a proposed amendment in 2021 aims to boost its adoption. It will provide at least 80% of the EU’s 450 million citizens with digital identity solutions for accessing public services by 2030. This is the new world in which we will have to operate if we are to become successful.
Most of us already have digital IDs. As described by the partially French Govt-owned Thales Group, one of the leaders in this developing field, email addresses with selected passwords have been among the first digital IDs. But, it notes, “In this case, they are not verified, and therefore not trusted. It is critical that user identity is verified and trusted when it comes to sensitive services such as Government, financial services, mobile communications, and a whole host of others. A trusted digital identity provides the ability to prove that the person or device trying to access a service is the one for whom the service is provided, and is vital to the development of online services and seamless experiences when interacting in digital space.
“Governments, banks, mobile operators, retailers and corporate IT departments have been using technology to create trusted digital identities for citizens, customers, and employees that use strong encryption and certification linked to a smart card for some time now. Typically, these are used to authenticate a user by reading a digital certificate stored on the card and cross-referencing it with something else – either a simple photo on the front or a second factor, such as a fingerprint.”
Even with our limited experience with digitised data, we would know that the challenges of the digital experience would be the increased risk of online fraud, identity theft, and data breach. Estonia was one of the first European countries to introduce digital IDs in 2011, and their experience is a cautionary tale about what we have to look out for. For one, they distributed 120,000 cards that could be used by whoever was holding it without the need for a PIN code. Then the ID card’s private encryption key, used to authenticate digital signatures, was generated in a server operated by the card manufacturer and copied to the card over the internet. These opened up the cards to hackers. The digital signature authentication should have been generated inside the card chip, to ensure only that card knows it.
But being forewarned is being forearmed, and we expect the Government would leapfrog these issues and others, such as opacity issues with contractors.
Happy New Year in the brave new world!!