Monthly Archives: October 2022

DIACC’s Written Submission for the 2023 Pre-Budget Consultations

List of recommendations

  • Recommendation 1: That the government drive economic growth by prioritizing and investing in the government’s digital identity mandate.
  • Recommendation 2: That the government strengthen alignment with provinces and territories on digital identity initiatives. 
  • Recommendation 3: That the government make strategic investments to combat misinformation and disinformation that is impeding the acceleration of Canada’s digital economy.

Introduction

On behalf of our members, we would like to thank the House of Commons Finance Committee (FINA) for the opportunity to submit this pre-budget submission. As the federal government continues to build a digital government and embrace a digital-first mindset, the Digital ID & Authentication Council of Canada (DIACC) is eager to help ensure Canada is leading on digital identity, adapting to our new realities, and playing a leadership role among our global peers. 

DIACC was created following the federal government’s Task Force for the Payments System Review, with a goal to bring together public and private sector partners in developing a safe and secure digital identity ecosystem. Our work is guided by an overarching and deep commitment to trust and duty of care, evidenced by the development of the Pan-Canadian Trust Framework (PCTF) — a co-created framework that any jurisdiction and industry sector can work with to ensure business, legal and technical interoperability. Instead of a single solution, the PCTF promotes choice and offers a shared hub that distinct solutions can interoperate through. 

Our submission and recommendations reflect the deep experience and expertise of DIACC’s member organizations, and our collective commitment to the success of verifiable digital identity to secure Canada’s full and beneficial participation in the global digital economy.

Canada’s opportunity to lead on the global stage

DIACC and its members applaud the government for its commitments to date on digital transformation in general, and digital identification in particular. We were encouraged to see digital identity as a priority in Treasury Board President Mona Fortier’s mandate letter, and to see the government announced its Digital Ambition plan which recognizes the need for digital options among Canadians, as well as the need for transformation of public and private-sector organizations as they adopt digital technology solutions to better deliver programs and services.     

Yet despite the commitments made, Canada risks getting left behind as the global community embraces digital identity. At the recent 77th session of the United Nations General Assembly, a broad range of representatives discussed and agreed to scale up efforts to build safe, trusted and inclusive digital public infrastructure (DPI) for a more sustainable and equitable world. The commitments included an initial $295 million in funding to support the development and adoption of inclusive DPI, scaling technical assistance and deeper capacity building. The event — called ‘The Future of Digital Cooperation: Building resilience through safe, trusted, and inclusive digital public infrastructure’ — was the first significant gathering of countries to advance the development and use of DPI. This is a sign of the momentum and growing priority both the public and private sectors are placing on DPI and digital identity.

The time to lead is now, but to do so governments must make solving digital identity, with an overarching commitment to privacy and security, a stated priority now and establish public policy that puts people in control of their public and private sector data. That opportunity — and imperative — comes at a time when Canadians are clear about their expectations around digital identity and the desire for privacy and control over how and which personal information is shared. In a recent survey conducted by DIACC, 91 per cent of Canadian respondents indicated they want control over their personal data collected by provincial and federal governments, 86 per cent of respondents indicated they want control over personal data collected by private organizations, and 80 per cent said they want a secure and unified digital identity ecosystem.

It is within that context that DIACC offers three key recommendations in advance of Budget 2023.

Recommendation #1: Drive economic growth by prioritizing and investing in the government’s digital identity mandate.

While the benefits of privacy, choice, and trust in advancing digital identity are clear, the economic benefits — and related cost of inaction — are significant. More than just a part of driving Canada’s post-pandemic recovery strategy, digital identity has the potential to be a powerful economic driver for Canada. A white paper developed by DIACC member Hyperion found that the impact of digital identity used to improve processes could result in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy. Further, in a recent study, McKinsey found that extending full digital identity coverage could unlock economic value equivalent to 3 to 13 percent of GDP in 2030, with just over half of the potential economic value potentially accruing to individuals.

Yet the cost of inaction on digital identity goes beyond the loss of potential economic growth and failure to reach Canada’s economic potential. Other countries prioritizing identity solutions have begun looking for ways to expand beyond their borders by promoting their digital identity solutions and using their own experiences as a role model for new initiatives, bringing with it revenue potential by letting other countries leverage existing solutions, platforms or infrastructure.

The strength of Canada’s economic future depends on strategic digital investments making digital identity a priority, and ensuring Canadians can completely and securely participate in the global digital economy.

Recommendation #2: Strengthen alignment with provinces and territories on digital identity initiatives.

Multiple Canadian provinces have either launched or made investments in digital identity products and services, yet federal funding and cohesive leadership remains the missing piece. Alberta and British Columbia have launched digital identification, with BC including a mobile card and a Verify by Video option. Significant investments have been made in Ontario and Québec, where proof of vaccination credentials have been launched. Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island and New Brunswick are launching pilots, proof of concepts and digital identity components.

There is demand for and interest in enabling capability across the country — but unequal funding and approaches developed in silos pose a risk. Without cohesive federal leadership, these systems will be disjointed and miss the opportunity to be truly interoperable, efficient and useful for all Canadians. Unlocking these opportunities in a synchronized and equitable manner will ensure Canadians can all access economic opportunities, public services and the chance to manage their own personal information in a safe and controlled way in our digital economy.

Recommendation #3: Make strategic investments to combat misinformation and disinformation that is impeding the acceleration of Canada’s digital economy.

According to Statistics Canada, during the pandemic a full 96 per cent of Canadians who searched for and found COVID-19 information online said they suspected the information was misleading, false or inaccurate. Among these, one-quarter saw misinformation multiple times a day. Only four per cent said they never saw misinformation, and 40 per cent of Canadians said they saw information they believed to be true, then later realized it was not.

Trust in online information, media and government organizations, and the perceived lack of privacy, can be seen on the decline over the years. So it is no surprise that there is so much confusion and mistrust around the benefits and privacy protections gained by implementing digital identity solutions and services.

Canadians need to feel safe and in control of their information when they engage online. Core to that safety is privacy, security and choice in how they share personal information online. In order to increase trust and maximize the economic benefits of digital identity, we need government-led public education campaigns and initiatives that speak to the facts around digital identity including privacy, security and benefits to Canadians as the world shifts to a digital economy.

Conclusion

While Canada has made significant strides in prioritizing digital identity and the shift to a digital economy, there is still work to do on the path to an inclusive, privacy-enhancing digital identity strategy that works for all Canadians.

As a creation of the federal government’s Task Force for the Payments System Review, DIACC wants to support the government in empowering individuals, increasing government efficiency, strengthening companies, and uniting communities across the country with secure access to resources, economic development, trust and support. Our organization and its members are committed to helping the government continue to unlock opportunities for Canadians, decrease costs for governments, consumers and business, improve service delivery, and drive GDP growth. We believe these three recommendations will get us there.

Thank you once again for the opportunity to provide our input in advance of Budget 2023 and as we collectively move forward on the path to a digitally and economically prosperous Canada. 

Foundational ID: Restoring the Chain of Trust for Identity

Over the course of 2021 and early 2022, the DIACC worked with a Special Interest Group (SIG) to explore how the integration of Foundational IDs into the digital identity ecosystem could improve identity resolution between silos, introduce new efficiencies in service delivery, and reduce fraud. Members of the SIG included representatives from provincial Vital Statistics agencies and digital identity initiatives, Immigration, Refugees and Citizenship Canada (IRCC), representatives from the Canadian financial and insurance sectors, as well as additional participants from the private and public sectors. The SIG members took part in 14 working sessions to explore work streams across various topics including birth records, impacts on service delivery and fraud, and roadmapping.

This report outlines observations, conclusions, and recommendations including a list of 12 proposed initiatives that may be considered as a method to address and resolve some of these challenging issues facing our community today.

Download the report here.

DIACC-Foundational-ID-POC-Final-Report_ENG

Voilà Verified Trustmark Program is Live – ‘duty of care’ a top priority

The Digital ID and Authentication Council of Canada Launches Voilà Verified Program to Spotlight World-Class Vetted Digital Identity Solutions.

Toronto, October 18, 2022 – The Digital ID and Authentication Council of Canada (DIACC) has officially launched the Voilà Verified Trustmark Program – the first and only certification program to determine digital identity service compliance with the Pan-Canadian Trust FrameworkTM (PCTF).

A non-profit coalition of over 115 public and private members, the DIACC develops research and opportunities to enable Canada’s confident, safe, and full participation in a global digital economy.  

“One size does not fit all when it comes to identity solutions – but ensuring a solution delivers upon a defined duty of care is critical,” says Joni Brennan, president of the DIACC. “With the PCTF, and now with Voilà Verified, there is an opportunity to adopt a framework rooted in trust – and to earn compliance recognition. Voilà Verified identifies those who are ‘walking the walk’ –  those who are delivering safe and secure access to the global digital economy.” 

The DIACC’s PCTF is a publicly available framework for identity solutions that defines client, customer, and individual duty of care. The Voilà Verified program provides a vetting and assessment opportunity where PCTF-compliant solution vendors can earn a public-facing Trustmark. The result? Spotlight visibility of trustworthy, safe, reliable, and efficient solutions.

“The PCTF being leveraged on a global scale marks a significant opportunity across industries,” says Franklin Garrigues, VP External Ecosystems at TD Bank Group, DIACC Board Vice-Chair. “Voilà Verified is rooted in safety, protection, and reliability. This program enables safe access to the global digital economy with certainty.” 

Voilà Verified presents an opportunity to grow provincial-level investments in digital identity solutions. Provincial governments who have launched identity services can now earn a Trustmark of their own, and provinces that are on the cusp of entering the digital solution market can do so with confidence by seeking vendors with a Voilà Verified Trustmark.  

“Going digital is a big step for governments – and now, with Voilà Verified, provincial leaders are empowered to do so with confidence by engaging solution vendors that will protect end-users first and foremost,” says Colleen Boldon, Director, Digital Lab and Digital ID Programs, Public Services and Smart Government, Province of New Brunswick and DIACC Board member.  

Ruth Puente, Voilà Verified’s Trustmark Verification Program Manager, says a leading component of the program’s development was to ensure its procedures aligned with the International Organization of Standardization (ISO). 

“Voilà Verified is inclusive yet diligent in verifying PCTF-compliant solutions. The program was developed in alignment with ISO standards – and empowers informed decision making in a rapidly growing ecosystem of identity solutions.”

Puente, based in Madrid, Spain, brings international perspective and expertise to the Voilà Verified program with deep experience in internet governance policy and public affairs, trust and privacy innovation, and digital identity frameworks and certification.

“Delivering high-quality service is our priority. Customer protection is our priority. Increasing access to trustworthy solutions is our priority. We have formed teams of international experts to perform assessments and to oversee the process through an impartial lens,” says Puente. 

Entities who are responsible for assessing PCTF compliance within the Voilà Verified program are known as Accredited Assessors, Readiness Advisors, and Testing Laboratories.

The first official Accredited Assessor and Readiness Advisor is KUMA, a private sector DIACC member and global privacy, security, and identity consulting firm specializing in custom cybersecurity solutions – now the world’s first and only assessor to offer identity assessments in the US, Canada, and the UK. 

“KUMA is bringing the same expertise to the Voilà Verified program that we’ve been bringing to our clients for over a decade,” says Michael Magrath, KUMA’s Managing Director of Digital Identity. “We are dedicated, alongside the DIACC, to generate growth opportunities for identity solutions across Canada and the globe.” 

The Voilà Verified Trustmark Oversight Board (TOB) will make all final verification decisions based on reports from accredited entities. Made up of third-party volunteers with international expertise in identity management, auditing, compliance, cybersecurity, information security, and law, the TOB is the highest operating body of Voilà Verified. It is subject to impartiality, confidentiality and conflict of interest policies. 

Voilà Verified is a unique opportunity in which I am honoured to share my experience as an advisor and auditor within information security, compliance, and identity,” says Björn Sjöholm, Cybersecurity Entrepreneur of Seadot, and TOB Chair. 

Vendors are turning to the Voilà Verified program for several reasons, but the leading value proposition is market differentiation. Trustmark holders stand out from competitors by unlocking global business opportunities through international recognition and credibility. 

“Voilà Verified puts internationally reputable identity solutions on the map,” says Dave Nikolejsin, the DIACC’s Board Chair. “This is the way forward. With lateral growth of PCTF compliance across sectors – public and private – we establish a common value of trust. Launching Voilà Verified is a monumental stride for Canada to influence a safe and secure global digital economy.” 

Voilà Verified is ready to serve your entity today. To learn more and access your application package, visit the program overview on the DIACC website or contact voila@diacc.ca

– 30 –

ABOUT DIACC

DIACC is a growing coalition of public and private sector organizations that are making a significant and sustained effort to ensure Canada’s full, secure, and beneficial participation in the global digital economy. By solving challenges and leveraging opportunities, Canada has the chance to secure at least three percent of unrealized GDP or $100 billion of potential growth by 2030. Seizing this opportunity is a must in a digital society as we work through the COVID pandemic challenges. Learn more about the DIACC mandate

ABOUT KUMA

For almost a decade, Kuma has provided privacy, security and identity expertise to various local, state, and federal government agencies, non-profits, and businesses, often in highly regulated sectors. Trust is deeply ingrained in their ethos and is illustrated in the work they deliver in all engagements. Over the years, Kuma has gained and maintained customer confidence and built a reputation for customizing its cybersecurity services to meet the needs of small and large companies alike, while always grounded in national standards. Kuma rejects a “one-size fits all” approach, building long-standing working relationships with clients as they mature their security, privacy, and identity postures. For more information visit http://www.kuma.pro

ABOUT SEADOT

Seadot Cybersecurity is run by entrepreneurs with a strong focus on effective and efficient security. The founders have extensive experience in information security as well as IT-security. Seadot offers cybersecurity services to organizations with a high demand for regulatory compliance and security. Seadot clients have their main business within the Nordics and Northern Europe. Seadot services include: Information Security Management, Software Security, IT security Operations, and Cybersecurity Compliance. Seadot is a Kantara Initiative Accredited Assessor.