For all the reading and conversations I’ve had regarding decentralising identities, it appears we still come back to needing something centralised. And fundamentally we need trust.
We can decentralise the issuance of credentials (things that identify one aspect about our lives) and decentralise verification and acceptance of the credentials. We can even decentralise an aspect of trust. Can I trust that the DVLA issued the drivers’ licence being shown to me?
The challenge that it appears when we decentralise we can’t ‘prove’ uniqueness across a population group. We can not ensure that I have not registered twice. This is important for humanitarian operations when we want to deduplicate a population set across multiple organisations. There appears to need a some sort of centralisation ability for this. However, this does not mean we need to centralise huge datasets. Ideally we need one identifier that is unique and constant. And one that can be meaningless by itself.
According to the NASPO IDPV Project, the combination of first name, last name, and date of birth can distinguish uniqueness of around 96% of any population group. However, many of the population groups we work in humanitarian contexts don’t have a known fixed date of birth or just know it was January 1984. So this is unlikely to help us.
As much as I tend to be very skeptical of biometrics, perhaps this is where they could come into their own (I feel nervous even writing that sentence). If we have a common biometric which is hashed and store securely in a database. Not globally, a central database for a response. Then we might be able to prove uniqueness. And, keeping the biometric completely separate from any other data, as good practice states, we could reduce harms. And perhaps, this is also where data trusts could come into their own as they could ‘manage’ the biometric database if they can answer a few questions.
With this, we can decentralise the rest of the data management and enable data portability. Trust will come into question as we will need to ‘trust’ the ‘trustees’ of the ‘data trust’. (Too many trusts in that sentence, but what can you do.) This is one of the big areas to work on so we can forward. The technology is mostly there, focus on the trust.
The choice is up to us.
Photo by Omar Flores
Your article makes a number of implicit assumptions regarding humanitarian operations, such as:
* aid ought to be delivered to individuals rather than groups/households
* recipients are not in possession of any identity token
* the combination of names (first/last name is a western concept that doesn’t apply universally), date of birth, location of origin, and picture, is not sufficient to identify a person and to issue a reasonably valid credential
* aid is reocurring rather than an exceptional (if not one time) event
Big agencies use biometrics as a “one size fits all solution” in their operations. There is need for biometric deconstruction, a kind of “disarmament” that looks at the local situation, case by case, and considers various options that might include or exclude biometrics, with or without data bases.
Thanks for the comment Karl – I agree I have made assumptions. I was thinking of cash projects where we do deliver to individuals rather than households. However, I wasn’t assuming recipients did not have any identity tokens, but rather no common one which is the case in many of the contexts in which I work, as is aid reoccurring and having multiple interactions with the same people.
I completely agree with your comment about biometrics. I have long been a skeptic and still am. I think they have a very limited application in aid work and that we as the aid community have had very little debate and discussion about it, which is a shame. I’d love to talk more with you about it and your experiences, if you’d be open to it?