These newsletters are restarting properly now. By accident rather than design, this one’s very digital identity heavy, must be something in the water …
🇺🇸 Login.gov is getting a big investment.
🇦🇺 Australia’s federal government has released draft legislation on digital identity. (Full PDF version here). It proposes allowing use by the private sector, as well as state & territory gov, and for non government entities to be able to issue identities. There would be a new oversight authority reappointed every 5 years that cannot be ‘directed’, to give it some distance from ministerial control. It promises some recourse role for the authority in helping the public if their identity is misused, fines for misuse of the trust mark or moving identity data outside Australia, and an Estonian style ‘dashboard’ to allow visibility over the consents they have provided. The legislation also states that UX must be ’understandable and accessible’.
🇮🇳 India has announced a Health ID number for all, along with digital health records. There’s not much included in the announcement about the digital health records, but back in May the National Health Authority was hiring people with experience of FHIR and other health standards. The Health ID can be linked to Aadhaar, but doesn’t currently have to be, although it has just been mandated for some tax refunds, following on from mandation of some state welfare programs earlier in the year.
🇬🇧 The UK’s driving licence is going digital. There’s currently vagueness about the implementation. Will it be a siloed app, or part of a digital wallet? (Driving licences being far from the only license that government issues) Will it meet emerging open data standards around digital credentials, or go bespoke?
🇬🇧 The UK’s Ministry of Justice has released a video showing how its Form Creator platform works.
🇳🇿 The New Zealand government has published research findings from their digital identity programme. Main themes were: trust and confidence (includes Māori perspective); privacy and security; ease of use; data control and minimisation.
🇨🇦 Back in February, Canada’s GC Notify reached Beta, having sent nearly 9 million notifications.
🇦🇺… while in July, Australia’s DTA shut their instance down.
🌍 In February, the Nordic Institute for Interoperability Solutions started researching how to measure the carbon emissions of the X-Road platform.
The practice of platforms
Occasional links to blog posts where people talk about what’s different about the job of making platforms…
This is a great review, from the Project on Digital Era Government at the Harvard Kennedy School, on the range of choices that open-source platforms have when it comes to building a community of interest around a code-base.
Sharing, reuse and forking …
Estonia and the European Commission are collaborating on a javas library for digital signatures. It is used as part of Estonia’s digital identity card system, but it looks like it is being adopted more widely as a way to meet European standards.
Designing the bits in-between
Designing the public facing parts of shared platforms is designing the liminal. It’s about designing the seams.
The UK Government Digital Service have been sharing some early prototypes of how their sign-in and account platforms might slot into a user journey.
This video shows how credentials from India’s DigiLocker can get used as part of a loan application. It’s clunky, but shows some of the challenges of moving from the well known step-by-step transaction paradigm, to something new. From what I remember there were plenty of clunky transactions and sign-in forms in the early days of the web.
Software is politics
This report on public perceptions on health data sharing shows differences between attitudes to how data is used (the trust in government use of health data is markedly different). A reminder that conversations about data infrastructure and use of data demands socio-political context.
Back in December The Economist lent its voice to the assertion that there will be a rush for new identity platforms following the COVID response. Time will tell if the pandemic been an accelerant or a justification.
In July, the The China Law Translate project published a list of legal penalties under social credit. The associated Twitter thread is worth reading in full.
Professor and researcher Jonathan Albright compiled an amazing dataset of the technology used by different governments to create COVID contact tracing, exposure and information apps. It shows the power of Google & Apple’s platforms:
I simply do not remember a time when global public communication channels have been so codified and platformitized. By this, I mean that 2020 marks the stage—quite literally—when hundreds of public health agencies and government communication channels simultaneously collapsed their efforts into exactly two tightly controlled commercial marketplaces: Apple’s iOS and Google’s Play stores. Not to mention the code infrastructure (SDKs) for at least half of these iOS apps has been built by one of the companies (Google).
Albright’s analysis also includes the permissions that different apps require (location, camera, etc) and the SDKs they are built on (Google Firebase, Facebook Audience Network, etc). This is a manual process.
The permissions and SDKs for some apps simply could not be obtained through any method other than actually downloading and installing them on a device through a foreign iOS app store and local currency.
All this shows how the combination of platforms, digitisation of public services and the mutability of code breeds opacity. Systematically publishing information like Albright’s dataset should become the norm for governments. Monitoring it should become a standard activity of civil society organisations with an interest in accountability.
The Rockefeller Foundation have published a report on Digital Public Infrastructure and Digital Public Goods. The definitions of DPI/DPG can be a bit fuzzy, so it’s good that this focuses on the foundational platforms like payments, identity and data exchange.
By understanding digital identity, payments, and data exchanges as elements of DPI, we can build them more rapidly, maximize their benefits, and minimize the risks they create.
It also argues for a shared vision for DPI. If there’s something missing, I think it’s a vision, not just for the infrastructure, but for the types of services that should be built on top of them. What should it feel like to use public services in a digital state?