About the Author
Mazhar Zoaib is the General Manager, Customer Success of Microsoft Malaysia. In this role, Mazhar plays a key role in supporting customers on their digital transformation journey and ensuring that they realize the full value of their investments in Microsoft products and services.
Identity is an ambiguous construct that answers the question of who we are. To governing bodies, our identities are a matter of demographic segmentation considering details such as gender, income, age, etc. But aren’t we more than the societal classifications that put us in marked boxes? The disregard for other personal identity factors is due to the systematisation of identity allowing for the cataloguing of humans. As a product of this systematisation, we are given proof of identification in our ID cards, driver’s licence, and other formal documents provided by authorised parties. These forms of identification are then used for nations to keep track of their dependants and prevent identity theft and fraud cases.
While these tangible identification methods have proven useful, living in an age where technology has integrated into most parts of our lives, the conversations surrounding the subject has shifted to focus on digital identity. Digital identity, like the name entails, is the data that uniquely identifies a person or a machine. Unlike in the physical world, we can’t hand over a passport for an official to verify who we are. Consequently, it opens avenues for criminals to impersonate individuals as the system has no way to determine the truth without a person being physically there. But that’s about to change. Through its many evolutions, digital identity has reached a stage where the plausibility of our physical and digital identities merging isn’t far off.
The idea of digital identity ranges from its uses on social media accounts to our actual identification, such as ID cards and passports that exist on your phone and can be used in both online and offline verifications. Currently, there is a way that people can access multiple sites using their existing social media accounts as their identification. Although convenient and widely used, there is a reason why entities such as banks do not accept such credentials.
Digital identities are the solution to this problem of trust. Your digital identity can be the digital version of an authorised document or a credential that allows you to access online services such as banking stored in your smartphones. You would then need to use biometrics or a pin to verify these credentials.
National Efforts for a Digital Identity
In recent years, we have observed an uptick in digital identity adoption by governments worldwide, and Malaysia has been no exception. Listed in the Malaysia Digital Economy blueprint (MyDIGITAL), under the 1st thrust of driving digital transformation in the public sector, the Ministry of Home Affairs (KDN) has been tasked to lead the acceleration of the National Digital Identity (NDI). This initiative aims to create an NDI that complements the physical MyKad and promotes inclusivity.
With the NDI, public and private sectors are able to electronically authenticate and verify the identities of individuals who utilise electronic services and perform online transactions in a secure and reliable manner. Some of the proposed use cases for the NDID include electronic health records sharing, government assistance programmes, financial institutions' e-Know Your Customer ('e-KYC') and verification, e-commerce verification, telecommunications verification during customer onboarding, and government online services.
The timeline for this initiative has been set to end in the year 2025. In October of 2021, Home Minister Datuk Seri Hamzah Zainudin came out to say that the NDI would beat its target by a year and be fully implemented in 2024. For Malaysians, this means secure online transactions, reduction of identity fraud and improvement of user experience.Although the adoption of digital identities by nations is a good indicator of their digital progression, some implementations of the centralised digital identity have raised red flags due to the abuse of power.
Decentralised Digital Identity (DDID) & Self Sovereign Identity (SSI)
A solution to the possible abuse of citizen data is the decentralised approach. DDID is a trust framework where usernames are replaced by IDs and can enable data exchange through blockchain technology to ensure that your transactions stay secure and private. The Decentralised Digital Identity approach also encompasses Self Sovereign Identity (SSI), in which individuals are in control of their own data, meaning you get to control what goes in and out of your digital wallet without interference from outside parties.
This means a higher level of security all around, not just for individuals but also for organisations alike. Using blockchain technology and distributed ledger technology, organisations can be assured of the safety of the transactions. Whether employees gain access to certain parts of the company’s system depends on their authorisation. As digital wallets are located on personnel smartphones and accessed through commonly biometric means, criminals will have a more challenging time infiltrating an organisation through impersonation.
DDID and SSI are not only beneficial in terms of security and governance. They can also aid in the refugee crisis by providing the forcibly displaced with an identity they can carry across countries, allowing them access to services and socio-economic participation.
The conversations around DDID and SSI are vast, covering sociological and technological issues that will take a whole book to discuss. At Microsoft, we are currently working with the Decentralised Identity Foundation (DIF) to further the progress of the DDID. We have invested in incubating a set of ideas for using blockchain and other distributed ledger technologies to create new types of digital identities – identities that are designed from the ground up to enhance personal privacy, security, and control. We aspire to make DIDs a first-class citizen of the Microsoft identity stack.
For now, I leave you with the basics of digital identity and an affirmation that it does matter in the digital age.