In the last few years, the importance of digital identity has grown exponentially, from being an instrument employed primarily to secure closed systems (such as corporate networks) to being a platform for governments to deliver eGovernment public services.
This report looks at Transborder use of digital identity in the context of international transfer, control, and access to private/personal data between Canada and the European Union. In particular, it looks at such data transfer considering the obligation to inform individuals during data processing and investigate into the adequacy of transparency and notice for international data transfer.
Contents of this report have been submitted by the DIACC International Pilots Special Interest Group.
DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
What has your career journey looked like?
My educational background is in Gender Studies, so it was never my aim or expectation to have a career in the tech industry. In my first few jobs, before I had any knowledge of terms like ‘agile’ or ‘scrum’, I was naturally inclined to bring together colleagues from different functions, divide up our work into milestones, and deliver collaboratively as a team. In those early roles, because I was ‘good with computers’, I often found myself with tasks related to process digitization, website updates, and running digital marketing initiatives, in addition to team leadership and project management.
Several years into my career when I was working at ELLE.com, a mentor told me to look up product management, and I had a major lightbulb moment — I discovered there was a name for what I thought I did, professionally. Since that time, I’ve built a rich career in product, both as an individual contributor and as a people manager, and I’ve found my passion in strategic research and bringing new products to life.
When you were 20 years old, what was your dream job and why?
This is such a tough question — at 20, I don’t think I was mature enough to have had a dream job. I had always been inclined to want to help people, and during my teen years I spent most of my free time volunteering with nonprofits. At 20, I’m sure I expected that I would pursue a career in an area that would better the world, with a particular focus on women and the environment.
As a female leader, what has been the most significant barrier in your career?
As I’ve taken on more senior roles, it’s been a challenge to find my leadership style and voice and to develop the resilience needed to continue to lead despite unfounded criticisms or biased feedback. Sometimes it can feel lose-lose for women in leadership, meaning that we are often penalized for demonstrating too many classically ‘male’ behaviours, while also penalized for being too classically ‘female’. There will always be critics, so I like to shift my focus inwards and frequently ask myself if I’m being true to my principles.
How do you balance work and life responsibilities?
Perhaps it’s the New Yorker in me, but I wasn’t naturally good at creating boundaries between work and life. It wasn’t until I moved from NYC to Sydney that I finally understood what balance could look like. I still work more than your typical 9-5, but my mindset is different. I leave my work at work, and I don’t check emails or Slack after I’ve closed my laptop for the day. And most importantly, I now take my annual leave on time and don’t check in with work while I’m away. I’ve finally learned how important it is to ‘switch off’ and leave space in my mind and my day for things that bring me personal fulfillment.
How can more women be encouraged to pursue careers in the digital ID/tech space?
Women working in digital ID/tech need to be more visible, inside our orgs and externally in the industry. I think this is the #1 way we can encourage more women to pursue the same path. We have a responsibility to the generations coming up to create a presence, which we can do by asking to be part of hiring committees, volunteering to be mentors, and submitting to be speakers at industry events.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
Early in my career I learned that the best way to make myself known to decision-makers was to put my hand up and ask for the work I wanted to be doing. This created opportunities for learning, development, and recognition. As I began to grow my reputation, when it came time to assign new projects or grant promotions, I was already visible and ‘proven’ to the management.
What will be the biggest challenge for the generation of women behind you?
I think we’re only just starting to see the widespread negative effects of product decisions made by my generation. Things like always-on culture, social media, endless scroll, filters, and nudges may feel like an essential part of digital life, but we’re already seeing the negative effects. As we get more distance from these so-called popular advances, more examples of ethically questionable decisions and results will emerge. Unfortunately, it will be the next generation’s responsibility to ‘clean up’ 20 years of tech-driven behaviors and culture, and I see this as a great challenge for the generation coming up now.
What advice would you give to young women entering the field?
Find a mentor. Find a work friend. Find someone who champions you. Being a woman in tech can be difficult, but it can also be fun, engaging, and inspiring. It’s worth the challenge.
Merissa Silk is the Staff Product Manager at Onfido
As a nonprofit organization, CIRA’s mission is to build a trusted internet for all Canadians. Leveraging more than 30 years of experience managing .CA domains, CIRA offers one of the world’s most advanced back-end registry solutions and operate one of the fastest-growing country code top-level domains (ccTLD) in the world. CIRA researches and develops new technologies and solutions that help increase the security and resilience of the internet; mitigate and respond to cyber-attacks; and support new network, data, and security standards around the world. We also participate in global internet governance and advocate for a variety of internet issues in Canada such as access to broadband internet, privacy and security. Their Community Investment Program provides more than $1 million in grants every year to projects that help create a better internet.
2. Why is trustworthy digital identity critical for existing and emerging markets?
We are going digital in all aspects of our lives and it’s important to have trust in our own ecosystem. CIRA believes that to build a competitive, safe, inclusive society for all Canadians; governments, organizations, businesses and the public need to trust that credentials created in a decentralized identity model are indeed from an authentic source.
Citizens who access services by authenticating with digital identity credentials have an expectation that the intermediary organizations responsible for performing the authentication will keep their personal information secure. Organizations involved in this chain of trust must adhere to a strict governance framework with clear rules for the collection, storage, and usage of personal information. Such a governance structure must be replete with accountabilities, checks and balances, and an audit function to ensure strict adherence. Ultimately, public trust in any system hinges upon user buy-in to the governance structure.
3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?
We have seen incredible changes and significant economic advantages over the last two decades with the move to online service delivery. Critical issues have risen, from trust to privacy and security. CIRA believes that the evolution of privacy-enhancing, security-respecting, models for the delivery of digital identity is a key foundational requirement for the next stage of evolution. They believe that the approach to establishing trust anchors for decentralized digital identity may benefit from CIRA’s expertise in running one of the largest digital registries in the country and our experience in managing Canada’s DNS infrastructure.
CIRA believes that some important parallels can be drawn between the governance and international alignment in the management of the internet and maybe applicable to some of the issues we see with emerging decentralized identity models. W may be able to draw on our experience to help contribute to the next evolution of digital identity
4. What role does Canada have to play as a leader in this space?
Canada is an advanced digital society and has contributed to the development of standards, policy and governance in all aspects of technology. Trust is very important not just nationally but internationally as various aspects of business and personal rely on digital identity. Trust is one of the core values in which Canada implements its innovative projects around the world and our capacity to be thought leaders is driving forward the creation, development and adoption of digital identity.
CIRA believes that community initiatives such as DIACC and other public and private sector collaborative forums in Canada, along with the presence of thought leaders and very significant contributors to the evolution of digital identity make Canada uniquely positioned to be a significant contributor to the continued evolution of digital identity.
5. Why did your organization join the DIACC?
CIRA believes that the significant issues we are seeing with trust in digital Identity and the important principles in the philosophy embedded in decentralized identity are critical to the continued evolution of a healthy digital economy. Further, the CIRA’s decades of experience in managing the .CA domain registry on behalf of Canadians—which is at its core a form of digital identity—will positively contribute to community efforts to advance the state of digital identity and the digital economy as a whole.
6. What else should we know about your organization?
CIRA also has an innovation hub called CIRA Labs with a focus on leveraging our DNS expertise and managing their large network footprint, data centers and servers globally. They have been managing Canada’s original digital identity registry, the .CA domain name registry, on behalf of Canadians for more than 30 years. CIRA believes that the internet is an overwhelming force for good in the world, and with the right vision and collaborations, Canada can be a leader in its continued success.
By Julianne Trotman formerly Growth Marketing Lead at Vaultiewith additional contributions by members of DIACC’s Outreach Expert Committee.
For those of us new to the Digital Identity scene, separating fact from fiction and deciphering the benefits from the vast array of information written on the topic is not an easy task. Over the past 24 months, the use cases for Digital Identity have become more prevalent and the news surrounding the myriad of solutions and their applications in the marketplace continues to be front and centre. It has left the Digital Identity novice trying to understand the technology and asking three questions:
Why should they care about digital Identity?
How will it benefit them?
Whose responsibility is it to safeguard their personal data in a Digital Identity ecosystem and why they should care?
Having a Digital Identity is an important component for those wanting to interact in the digital economy. But what really is a Digital Identity and what is it used for? One way to think of a Digital Identity is as the equivalent of your identity in the physical world, such as having your physical driver’s license or health card digitized. It helps us to prove we are who we say we are, in an online context. Your identity can be used to replace physical identification such as a digital driver’s license, job credentials, or vaccine passport. Or it can also be used as a credential to access online services such as banking, apps on a mobile phone, or educational diplomas and certificates. Without trust in these relationships; between customers and organizations, citizens and government adoption and continued development of Digital Identity will be a challenge. Getting people to participate in the digital ecosystem is reliant on how much they trust that their information will be kept safe and not subject to unauthorized access by those in authority or with nefarious intent. For some, the trade-off between the ease of use and convenience of a Digital Identity, and the potential danger of having information compromised is not a great concern. They see the advancement of the technology that facilitates secure Digital Identity as progress and the trade-off as being a reasonable one. However, for many, the risk is not worth the adoption of a Digital Identity and their lack of confidence in the powers that be to keep their data, especially financial details, secure.
So, what’s missing? What is needed to instill trust into the equation? It seems as though almost every week there’s a story in the news about the latest organization that has been affected by a data breach. These breaches have been directed at private sector organizations, public institutions, and government targets. The hackers are indiscriminate about which institutions they attack, so the general public’s faith and trust in these institutions continue to be eroded every time another one of these attacks comes to light. The uncertainty that comes with not knowing whether data you have shared with an organization is secure or not, or what you can do to avoid this type of thing happening again in the future, is very unnerving. For people to have more faith in the current systems they need to understand how and why an organization is collecting their data and how it will be used, shared, and stored. This issue has been the source of much debate when it comes to trusting that some areas of government will not collect and use their citizen’s data for purposes that have not been fully disclosed. For example, with law enforcement, many people are hesitant to open pandora’s box of police-citizen data collection with a historical lack of transparency around its use and to what extent this data is collected in the name of public safety.
To deal with the issue of trust, governments and industries have looked to put what are known as trust frameworks in place, such as the Pan-Canadian Trust Framework (PCTF). These frameworks provide auditable criteria for different capabilities in an identity ecosystem, such as those for issuers of digital credentials, the people who use them, and the organizations who rely on identity assertions linked to the credentials. Trust frameworks vary in scope as some seek to verify the trustworthiness of information, technology, and processes of a solution, such as the PCTF, while others seek to facilitate a clear understanding between the people using Digital Identity products, the organizations providing and using the services, and the data being used. A trust framework is a tool to facilitate information verification and compliance that help promote trust and technical interoperability while allowing for information assurance verification and technical implementation compliance. Trust Frameworks enable digital systems and technologies to be able to communicate with each other or together measure each system’s trustworthiness. However, having these frameworks in place does not in and of itself help guarantee trust in the system. In order for this to happen there needs to be education around what the frameworks are given that trust frameworks define outcome-based requirements trust frameworks themselves may not guarantee interoperability between systems. For this to be secured solutions would need to build on the same technologies and standards with additional technical compliance verification required.
The journey to a more ubiquitous world of Digital Identity is one that still has many hurdles to overcome before it becomes a more pervasive reality. As many of these challenges are met and the acceptance of the ecosystem becomes more the norm than the exception, ensuring that we do not lose sight of the human side of the discussion is paramount. Trust is earned not given, and we, those involved in the Digital Identity industry must continue to work towards building an ecosystem that encompasses systems and technologies that help to instill trust into the process.
The AIT (Austrian Institute of Technology) is a professional non-profit RTO enterprise focusing on the key infrastructure topics of the future. AIT provides research and technological development to realize basic innovations for the next generation of infrastructure-related technologies in the fields of digital safety and security, energy, health and bioresources, low-emission transport, vision, automation and control, technology experience, and innovation systems and policy.
Dedicated to serving governments, operators of all kinds of critical infrastructure and its industrial suppliers, AIT bridges the gap between research and technology commercialization, which is a key aspect of developing new technologies and enabling an economic boom.
2. Why is trustworthy digital identity critical for existing and emerging markets?
Full digitization of businesses is key to holding one’s ground in global competition. Customers will select those services that provide maximal efficiency and usability while ensuring full data security. Day-to-day news about data breaches makes customers feel insecure. The winners will be those companies that manage to establish and maintain a maximum level of trust for generally accepted applications.
Some emerging markets strongly rely on biometrics as the basic or even single way of personal identification. Trust in the corresponding identity management processes is key for the secure operation of access control to services in everyday life.
3. How will digital identity transform the Canadian and global economy? How does your organization address challenges associated with this transformation?
Digital identity will introduce huge opportunities for new business processes and at the same time pose tremendous threats regarding security and privacy. Any new application must bring along the appropriate security level. New business models must come hand-in-hand with trusted security features. Again, being able to fulfill the requirements of a convenient application and a high level of trust will be key criteria for success or failure in business. Global competition will select the winners.
AIT addresses exactly these challenges by investigating and piloting innovative methods and tools for ensuring the required security of the biometric applications of tomorrow.
4. What role does Canada have to play as a leader in this space?
Any community aiming at leadership should act as a promoter and supporter of innovations in identity management processes and involve all market participants, from private customers to governmental administrations. In parallel, it should prioritize efforts for the broad implementation of efficient, convenient, and secure identity management processes in all forms of business.
5. Why did your organization join the DIACC?
DIACC’s goals and agenda fit perfectly to the AIT mission of realizing basic innovations for the next generation of infrastructure-related technologies in the fields of digital safety and security. AIT is interested and prepared to contribute to advancing Canada’s digital economy agenda with innovative biometric solutions and secure identity management processes.
6. What else should we know about your organization?
In the area of digital identity management, AIT experts investigate new technologies in the field of biometrics (high convenience, contactless, at a distance, multimodal approaches, privacy-preserving, highly secure, mobile), showcase those technologies to interested end-users as well as to companies working B2B, and are involved in or lead national and European applied research projects. The present focus is on contactless biometrics including fingerprints and 2D/3D face for person identification and identity verification and secure identity management processes. AIT seeks partners to a) incubate end-users and industry with novel identity management solutions, b) enable small and medium-sized prototypes and pilots, c) distribute and roll out its biometric technologies, and d) build new connections into North America’s scientific community.
DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
What has your career journey looked like?
I started out with an engineering degree and an MBA in Finance and Systems. Completed my Masters in Finance from London Business School on a British Council Chevening scholarship. Spent the time from 2002-2019 across 3 top-tier investment banks in London…then joined Onfido as a Machine Learning Research Intern!
It’s been a great journey so far – I had to unlearn and completely rewire my expertise. My current job is in Biometrics, I deal with documents, selfies and videos. Skills include computer vision, deep learning, Python and Tensorflow…everyday I come to work wide-eyed and eager to learn.
When you were 20 years old, what was your dream job and why?
I studied mechanical engineering in India. I was the only woman in a batch of 90, and there were no other women in the batch before or after mine! So you can say I trained for a career in STEM.
As a female leader, what has been the most significant barrier in your career?
When I started my career there was no concept of flexibility, work-from-home was a privilege, daily long commutes on packed London Underground trains was a given. I had to raise my daughter while doing an intense job… reliable, affordable and quality childcare definitely helps. As a woman of colour with an accent to match, and limited local knowledge, I of course faced unique issues early on in my career. I’ve also had the privilege of having some of the best bosses and managers one can ever have. So it kind of evens out.
How do you balance work and life responsibilities?
I don’t! As a working mom, some days are good, other days not so. Resilience and a long-term view go a long way. I’ve been blessed with a cracking set of colleagues in my current org and function (Onfido Research) – you may say they have my back.
How can more women be encouraged to pursue careers in the digital ID/tech space?
Get them to talk to me? We women tend to second guess ourselves a lot. Just having a go at things, without expectations, is key.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
It largely depends on the type of management and mentors on offer. There is no magic bullet. There is only so much “leaning in” women can do, if the organisation is not ready for it then those strategies can even backfire. The organisation needs to be ready to embrace women leaders, and mentor them to success.
What will be the biggest challenge for the generation of women behind you?
There is already a subtle backlash I feel, against Diversity and Inclusion initiatives. We don’t want a set of “token women and minorities”, we need solid professionals who are mentored, given challenges and more importantly given space to fail and grow as much as their straight male colleagues.
What advice would you give to young women entering the field?
Don’t overthink! Just do it. You have one life. When you are seventy years old you don’t want to think what could’ve been. Take that shot, learn that skill, get past the challenge and rise to your true potential. This is not empty advice – I gave myself this advice when I made a career change into Identity. Good luck!
Ananya Lahiri, Machine Learning Research – Applied Scientist at Onfido