Jan 15, 2015 in Papers & Projects by DIACC
DIACC Brief for Minister of Finance Advisory Board November 2014 Regarding Proposed Regulatory Changes to Allow for Recognition of Digital Identity
Canada’s economic future depends on developing a secure and convenient system for digitally validating an individual’s identity using reliable sources, while placing the individual in control of what personal and/or private information is shared.
Canadians are enthusiastically adopting digital technologies and services to improve the way they work and enhance their lifestyle. The rapid adoption of mobile devices, mobile apps and cloud-based services have the unprecedented capability of transforming entire industry sectors.
With the shift to digital services, many of the traditional methods of how we prove who we are now being viewed as obsolete, as irritants, or as barriers to innovation. As our society transitions to the digital world, in-person and paper-based processes, once the preferred method of service delivery, are now being replaced by digital alternatives.
This trend toward digital alternatives, is transforming how we present ourselves in-person and online. Canadian documents used for the purposes of identification and eligibility are being modernized: from the Canadian e-passport to provincially-issued smart services cards, such as the BC Services Card. These modernized documents, while preserving the traditional in-person and document-based presentation methods, represent the next step toward digital alternatives. Through embedded electronic capabilities, these documents provide secure ways to electronically authenticate documents that can be used to identify customers subject to PCMLTFA regulations. In conjunction, electronic methods enabled through the use of these documents as well as broader transformation to digital identification sources can provide electronic alternatives that enable a fully digital service delivery capability that is equally secure, trustworthy, and legally binding.
The significant advantages these modernized documents and capabilities have over traditional identity documents (e.g. driver’s licence, birth certificate, etc.) include:
Application of digital identity across Canada can enhance accuracy of information, improve operational efficiencies across the public and private sectors and increase convenience and access for Canadians, including:
Regulatory Analysis
Modernized identity documents and capabilities can be used to enhance and ultimately replace existing procedures where an individual is required to be physically present:
Regulatory Recommendations
To build a Digital Identification and Authentication (DIA) regime to underpin a modernized payments system, enable fully digital transactions, and protect Canadians’ privacy, Government must lead the charge. We propose that an additional method be added to the Schedule 7 of the regulations that will allow for the option of a fully electronic (i.e., digital) method to ascertain identity that is sufficient in strength to meet the non-face-to-face identification requirements. We propose that this additional method be called “Electronic Confirmation of Identity”, as described below.
Electronic Confirmation of Identity
This method of ascertaining a person’s identity consists of two parts: i) electronically confirming the accuracy of person’s identity information using an accredited authoritative source, and, ii) ensuring the identity information being confirmed relates to the person making the claim (i.e. not to another person).
These two parts, as described in the proposed method above relate to two key objectives that must be met when ascertaining identity:
Together, when these objectives are met, they can provide a level of assurance that an individual is actually who they say they are.
Identity Validation is the confirmation of the accuracy of identity information as established by an authoritative source. Identity validation ensures that identity information regarding an individual is accurate. Identity Verification is confirmation that identity information relates to the individual making the claim. Identity verification may employ a variety of techniques to ensure that an individual is claiming his/her own identity information (and not that of another individual). Techniques include asking for shared secrets that only the individual knows, requesting the presentation of trusted credential (electronic or physical) that has been (or will be) authenticated, etc. AN INDIVIDUAL, OR AN AUTHORIZED AGENT ON BEHALF OF THE INDIVIDUAL, SHOULD BE DIRECTLY INVOLVED IN AN IDENTITY VERIFICATION TRANSACTION
The flow diagram illustrates the simplest identity validation scenario involving an individual as a client, a relying party as a service provider to the client, and an authoritative party providing the identity validation service.
To maintain simplicity, this flow diagram assumes the following:
About the DIACC
The Digital Identification and Authentication Council of Canada (DIACC) is the non-profit coalition of public and private sector leaders who are developing Canada’s system for digital identification and authentication to enable Canadians’ full and secure participation the global digital economy.
DIACC’s members and advisors include leaders from both the federal and provincial levels of government as well as representatives from small and large businesses, charities, and privacy commissioners.
We are committed to unlocking economic opportunities for Canadian consumers, and businesses by providing the framework to develop a robust, secure, scalable and privacy-enhancing digital identification and authentication ecosystem that will decrease costs for everyone while improving service delivery and driving GDP growth.
We operate transparently and participation is open to all Canadians. Our current membership includes:
2Keys | Interac | Scotiabank |
BlackBerry | Notarius | SecureKey Technologies |
BMO Bank of Montreal | Online Business Systems | Sierra Systems |
Canada Post | PlaceSpeak | TD Bank |
Capco | Province of British Columbia | TELUS |
Central 1 Credit Union | Province of New Brunswick | Thirdstream |
CIBC | Province of Ontario | Thoughtwire |
Desjardins Group | PwC | Ticoon |
Equifax | Rogers | TransUnion |
Equitable Bank | Royal Bank of Canada | Trulioo |
Government of Canada, Public Works and Government Services Canada |