· 5 min read

The Debate Between Physical and Digital Identity Continues

Lic Mónica Peralta – Forensic Document Expert
The Debate Between Physical and Digital Identity Continues

In my opinion, the meaning of ‘trust’ lies in the expectation that something will happen or work in a certain way. This is at the root of the arguments laid out in this article. Do users ‘trust’ digital identity, or to paraphrase – is digital identity working for citizens in the way that they expect compared to the physical equivalent?

The case for digital identity

Currently, most people have a large part of their life hidden on a mobile device, sometimes unaware that this digital data represents their virtual identity.

The move toward the digitisation of identity began with the need to use an app or receive a service immediately. Users do not want to suffer delays or waste time carrying out a procedure of any kind. They can process the delivery of a birth certificate through the web, carry out banking transactions using sensitive data such as credit card security codes, and download a boarding pass almost instantaneously. They can buy products from anywhere in the world. And even though the pandemic put us in a state of near house arrest, the digital transformation increased exponentially, and continues today.

Consumers demand simplicity in transactional processes, but at the same time do not want to be victims of crime. Counterfeit, altered, falsified and stolen documents are central to the way that criminal organizations cross borders, carrying out banking transactions, trafficking people, drugs, weapons, merchandise and cultural artefacts.

That is why the integrity of government issued documents is essential to combat organized crime. In fact, the integrity and secure issuance of government documents have consequences for the security of a country as well as national and international trade.

All of that data

Identity and travel documents are made up of variable and fixed information that is printed using security techniques and digital components which store large amounts of data. Identity credentials are made up of personal data that contains information about the characteristics of the person; sensitive data that might put a person’s security at risk (such as religion, politics, ethnicity) and biometric data containing unique and individual traits such as fingerprints and iris scans. All of these combine to automate and identify an individual. Because of this, identity credentials can be considered very sensitive because there is a risk that they could reveal data that might cause discrimination.

The wide universe of data that is collected and recorded at the time of obtaining government issued documentation shows that identity should be a fundamental right for a person as it allows them to circulate safely through internal and external borders, whether in transit or to a specific destination.

In this regard, physical travel documents, intended to cross borders, are analysed at the moment they are presented to confirm the authenticity of the document and the veracity of the ID data.

Depending on the support available, the analysis can include inspection of the substrate, its fluorescence, examination of security fibres and threads. Optically variable diffractive components, inks, transparent or metallic windows are also examined to protect the biographical data of the document holder.

The analysis might also include the expiry date, place of issue, the validity of the visas, any renewals or extensions that, in some passports, are handwritten on the internal pages of the document.

Undoubtedly these examinations take time.

To expedite the process, countries have turned to the digitisation of documents, which can be interrogated by eGates in a fraction of the time that it would take a human. Although the initiative is good, the automation of identity inspection has led to its own set of challenges.

On a recent international trip, I was able to experience first-hand machine automation from the check-in of bags, passing through security and then boarding the aircraft. While some passengers showed their boarding passes from their mobile devices, others had network coverage problems and others had run out of battery charge – which all caused delays.

Are we protected or watched?

As a part of the discussions surrounding the issue of trust it is reasonable to ask, does the state only use the information collected for the purpose of making a citizen’s life more convenient and safer?

But there is an underlying paradox contained in the question. Users do not ask the same question of private corporations when they gather personally identifiable information (PII). They are unaware that when they provide PII to a private entity there is implied consent that the corporation can use the data not only for the immediate purpose intended but also for other uses that the corporation considers reasonable.

Users feed social networks with all kinds of data that can be exploited by cybercriminals. For example, travellers publish photos of their boarding passes which have information regarding personal data (full legal name, ticket number, and passenger name record). With this sensitive information, hackers can access phone numbers, emails, addresses and emergency contact details.

Consumers are generally unaware that hacking by cybercriminals knows no borders, they have no regulations, and they are not identifiable when they act. With a small amount of investment, they carry out dynamic and disruptive actions at a time and place of their choosing.

There is a further threat that should a mobile phone be lost or stolen it still contains photos, images, bank account numbers, and even passwords that can be used to access other apps.

Final thoughts

For the foreseeable future, physical documents will continue to be a link to virtual identification. As an example, in Argentina it is not possible to leave the country with the digital identity card, it is only allowed to do so with the physical format.

There is also a significant minority of people that are excluded from modern IT and communications, either by age or poverty. For these people, physical identity is not an option, it is a necessity.

When nuclear physicists created the atomic bomb very few countries had access to the technology and knowledge. Currently the situation with the proliferation of technology is different. Artificial Intelligence (AI) is available to everyone, both people and governments. We still don’t know how far this technology will go, but several leading technologists are warning of the potential dangers of unrestricted research into its applications.

As a final thought on the debate between digital and physical identity, which would I trust more controlling the use and verification of my identity: a human or a machine?

Subscriber content

Read the full article

Full access to ID & Secure Document News articles, newsletters and archives.

Sign Up to ID & Secure Document News Weekly

Receive regular updates on the latest news and articles posted on our website.

Verity

Verity

AI search assistant

Ask me anything from the ID & Secure Document News archives.

free questions remaining