A Canadian Perspective on Digital Identity
Like many countries around the world rapidly embracing the digital frontier, Canada is ready to actualize a digital identity solution on a national scale. Since early 2016, questions around implementing a digital ID framework have been pondered, as key stakeholders seek to uncover an approach that is ideally holistic, market-based, and addresses the full scope and scale of the challenge.
The goal is to determine the feasibility and characteristics of a national and global interoperable verification platform that independently verifies digital credentials issued by a dynamic set of trusted issuers and utilized by a broad and diverse population of users. The Digital Identification and Authentication Council of Canada (DIACC) and other government agencies have been seeking to develop a standardized method to issue and rapidly verify portable digital credentials. Specifically, the Pan-Canadian Trust Framework (PCTF) provides auditable conditions for different capabilities in a digital identity ecosystem, such as those for the issuers of digital credentials, the people who use them, and the organizations who rely on identity assertions linked to credentials.
The concept of a centralized digital wallet is over due as paper documents remain the predominant way to prove key attributes about an individual, such as their name, date of birth, academic and professional qualifications, or security clearance. While these attributes might be presented in digital form, there are not currently any widely adopted or standardized methods in Canada to issue or rapidly verify digital credentials across many different contexts without dependencies on centralized or low-latency network platforms, or both.
In his year-end report for 2021, Canada’s Privacy Commissioner, Daniel Therrien, stated the Canadian Federal Government must not only make privacy reform a high priority but “enable responsible innovation…done within a rights-based framework that recognizes the fundamental right to privacy.” Commissioner Therrien’s report recommendations, of which there were over 60, could very well be fuelled by Bill C-11.
At its core, the bill aims to repeal parts of the Personal Information Protection and Electronic Documents Act and replace them with a new legislative regime governing the collection, use, and disclosure of personal information for commercial activity in Canada. While Bill C-11 would have ultimately given more power to the Office of the Commissioner (OPC), Therrien finds himself among the growing number of critics of the proposed legislation, stating he was “deeply concerned” the legislation would be “a step backwards” from the current Personal Information Protection and Electronic Documents Act (PIPEDA).
Such a step backwards would spell bad news for everyday Canadians as the prevalence of digital identity theft increases. During the most recent reporting period, the OPC received 782 privacy breach reports, affecting at least 25% of Canadians, a 15% increase over the previous year and a 600% increase since mandatory reporting obligations began in 2018.Almost weekly, serious privacy breaches make headlines worldwide, undoubtedly eroding public trust in system security.
Therefore, it’s for good reason that Canada’s Privacy Commissioner recommended adjustments to our privacy laws – today’s digital identity thieves are some of most advanced technology innovators. Without genuine trust between customers, organizations and governments agencies, the widespread adoption of digital identity solutions will remain a challenge. The Commissioner’s recommendations for an enhanced “rights-based” approach to digital identification may seem altruistic. However, Canada is now among those jurisdictions currently studying how open banking systems and third-party access to customer data would work. Before doing so, a citizen-wide digital ID framework must be defined to mitigate fraud threats and financial losses.
Beyond the national discussion around digital identity, there is progress being made on the provincial level. Ontario, Canada’s most heavily populated province of almost 15 million residents, has been attempting to launch a form of digital ID for its citizens for some time. With the lofty goal of making Ontario one of the world’s most digitally advanced jurisdictions, the roll-out was originally set for release in 2021 but has since been delayed until later this year. Beyond simply expediting the access to online government services, Ontarians have been promised that they will be able to use their digital ID in a wide range of uses, including banking, insurance, mortgage, and health related scenarios, giving users a simple, frictionless experience across multiple real-life applications.
The Province of Saskatchewan, with just over 1 million residents, is also considering a completely optional digital identification solution for its citizens, with the direct goal of making government programs more accessible as the desired result. Other provinces will surely follow.
At Credivera, we’re encouraged to see the significant advancements at both the legislative and technology level to create a universal solution that ultimately protects the digital identity of Canadians. However, among the many unanswered questions around what that framework would look like, either nationally or provincially, the critical question of how to earn the trust of those new to the concept of digital identity remains an urgent one for all stakeholders. New technology can be intimidating for many. Digital identity solutions, especially the concept of an all-encompassing digital wallet filled with an individual’s personal and professional credentials, can feel even more invasive. This earned trust is the third piece of the digital identity puzzle and it cannot be overlooked. To do so successfully, will be critical in driving adoption and usage rates, in turn, accelerating issuer participation.