Worldwide, there are one billion persons without a legal identity document, which is necessary for inclusion in society and the economy. In low-income nations, one in every two women lacks an ID, which restricts their access to essential services and participation in political and economic life. A global foundational ID system that will provide identity to millions of people.
These are the conclusions of a 2018 World Bank Identification for Development Initiative report that details the difficulties associated with identification around the world.
The identification system of a nation serves as the foundation for the efficient provision of both governmental and private services.
Governments all across the world are looking into ways to create a multipurpose fundamental ID system in which people are given a special identifier that they can use to assert and verify their identities.
The Modular Open Source Identity Platform (MOSIP) can help with this.
The International Institute of Information Technology-Bangalore (IIIT-B), a technology university in Bengaluru, was contacted by the World Bank for an open-source foundational identity system on which national IDs might be constructed. This is how the MOSIP narrative began.
On MOSIP-based systems around the world, more than 71.7 million persons have registered as of yet.
The Fundamentals
The global foundational ID system is meant to be used to gain access to several public and private services.
As countries consider how best to build foundational ID systems, they face several policy and technological choices.
After making these decisions, nations frequently struggle with some common implementation issues. These include attaining scale, avoiding vendor lock-in, retaining affordability, and assuring system uniqueness, interoperability, and privacy by design.
According to Professor Debabrata Das, IIIT-B’s director and the head of MOSIP’s executive committee, IIIT-B has been supporting the MOSIP initiative as a worldwide public benefit since 2018 in response to these difficulties.
The Bill & Melinda Gates Foundation (BMGF), Tata Trust, Omidyar Network, Pratiksha Trust, and Norwegian Agency for Development Cooperation (Norad), who have collectively contributed Rs 150 crore, are funding this initiative.
The success of Aadhaar, which gained worldwide recognition since it was the foundation for numerous citizen-centric services, was a major factor in the project’s beginning. Since Aadhaar was a proprietary technology, it could not be shared when the World Bank requested it from the government. Then it approached IIIT-B to create an Aadhaar-equivalent, according to Das.
To provide all Indian citizens with Unique Identification Numbers (UIDs), also known as Aadhaars, the Unique Identification Authority of India (UIDAI) was established.
According to Kanwaljit Singh, senior programme officer for financial services for the poor at BMGF, MOSIP was developed because of its adaptability, configurability, and modularity.
BMGF has contributed $10 million to MOSIP so far.
“The problem was that Aadhaar was made specifically for the Indian market. According to Singh, Aadhaar was designed to serve a billion people.
India was the focus of every design decision made for Aadhaar.
He continued, “When developing a global foundational ID system that should operate for a country with a population of one million to a country whose population is one hundred million, the design choices must be substantially different.”
As diverse populations as Sri Lanka, Togo, Guinea, Ethiopia, Morocco, the Philippines, and Sierra Leone are currently using MOSIP.
“Because it doesn’t need to work for a billion people, or it just needs to work at a small scale, allowing for quick, scalable, and effective deployment. And it needs to be scalable, ” Singh added.
Samoa has 300,000 people, the Maldives has 550,000, and Bermuda has 72,000 people. For these populations, IIIT-B is working to develop various ID systems like MOSIP Lite since they don’t require sizable data centres and can lower the cost per person.
50 million of the 71 million Filipino residents who have been registered through MOSIP so far have received identity cards. Out of the 36 million people who live in Morocco, only 150,000 have received personal identification numbers.
Custom-built
Only MOSIP allows for local context customization of the system.
For instance, because Arabic is widely spoken in Morocco, the entire system has to be tailored to meet local requirements.
Additionally, ID systems need to abide by regional laws.
Since there are 7,000 islands in the Philippines, ensuring constant internet connectivity was difficult. Morocco also had isolated mountainous regions where cell networks were difficult to access.
Therefore, IIIT-B developed offline authentication, which allows users to download their ID as a QR code onto low-end Android phones and present it to merchants or financial institutions.
Without a mobile network, they may authenticate locally instead of going to a server.
A selfie-based authentication system for pension eligibility for the elderly is currently being developed at Morocco’s request.
“While it is up to the individual nations to decide whether to collect biometric data or not, only biometrics can truly capture how unique each individual is. Other identifiers, such as name, date of birth, and address, can be provided by numerous people, according to ET’s interview with Professor S. Rajagopalan, president of MOSIP, IIIT-B.
Without biometrics, nations can also issue identifying numbers.
For instance, only the face and iris scans are taken in Morocco.
Only the police are authorized to take fingerprints in Morocco, according to the legislation.
In the Philippines, face, iris, and fingerprint scans are taken.
The Look
In around two years, voice biometrics—which is currently being tested—will be implemented.
“One billion individuals worldwide lack the means to authenticate their identities. And there is a pressing need for this. The difficulty of confirming one’s identity is one of the reasons that 1.7 billion individuals are excluded from the formal banking system, according to Singh of BMGF, who spoke to ET.
One of the original backers, Omidyar Network, has so far given MOSIP $4 million.
Omidyar Network is considering how to continue funding the initiative after the grant arrangement expires this year. The grant deal was for four years.
According to Govind Shivkumar, director of responsible technology at Omidyar Network, “there was a need for a large-scale digital identity technology architecture because many countries sought to follow the India example, notably in Africa.”
The Issue
Historically, private proprietary businesses made up the majority of technology vendors.
He stated that there was a need for an open-source digital identity platform because many African and other countries had problems with their data being locked in with a particular provider.
Inclusivity, accountability, privacy, and security are the guiding principles of a good ID system. In MOSIP, there are technological features that prevent the exploitation of these principles.
The virtual ID feature provided by MOSIP provides a revocable identity and avoids identity theft because the individual and the government retain ownership of the unique identification number. It is not disclosed to anyone else. Instead, a virtual ID can be canceled after a set amount of time is shared.
Omidyar Network has backed MOSIP in numerous instances where it has declined to collaborate with particular actors due to the absence of certain human rights, democracy, privacy, and security criteria, according to Shivkumar.
He stated that the MOSIP code had weaknesses that had been found and patched by the Alan Turing Institute, the UK’s national institute for data science and artificial intelligence.
The construction of global foundational ID systems has been extremely inefficient, according to Singh of BMGF. The lack of an ID system was among the main issues African nations faced.
Several nations have expressed interest in MOSIP, including Tunisia, Uganda, Nigeria, Samoa, and Samoa.
He claimed that the risk of vendor lock-in by the private sector was causing numerous inefficiencies and, ultimately, “wasting people’s money.”
From software developers to system integrators to manufacturers of biometric devices, MOSIP has more than 60 business partners. It is, therefore, truly an ecosystem approach. The private sector is tremendously important, Singh continued.
Zero knowledge architecture
Whether it’s a tax database or a health database, any system that handles personally identifiable information always raises concerns about security and privacy. An “architecture with zero knowledge” is MOSIP’s response to this.
It effectively means that the system has no memory, according to Prof. Rajagopalan.
A gadget must first be confirmed as being real. Every time a transaction occurs, the content or data should also be validated. This is followed by the authentication of the programme, which verifies that it is accurate.
To ensure that there is no chance of fraud or theft, this is known as the zero-knowledge architecture.
The “privacy and security through design” document by MOSIP examines a variety of difficult situations.
Finals
These include challenges with 360-degree profiling – privacy, challenges on non-tech savvy users, and challenges for multilingual users. They also include challenges with internal attacks, external threats, terrorists, internal civil war, offline registration, online/offline verification, the ability to revoke, the ability to quarantine and isolate upon attacks or compromise, and response to security attacks/threats.
“In a production environment, simply modifying the code does not allow access to the live system. We have put in place a number of security measures to prevent a breach, Rajagopalan continued.
A Hardware Security Manager (HSM) for MOSIP is based on a number of keys. Based on their individual positions, only a select few people have access to these keys. Therefore, even those who are authorized to use the system cannot use it in its entirety. Only a portion of the system is accessible to them.