Tag Archives: digital ID

The Crucial Link Between Accessibility and Digital Identity

Author: Marie Jordan from VISA. Additional contributions made by members of DIACC’s Adoption Expert Committee.

In the rapidly evolving landscape of the digital age, the concept of identity has transcended the physical realm and taken root in the digital world. This shift towards digital identities brings about numerous conveniences and efficiencies, but it also presents challenges: ensuring accessibility and equity for all. From online banking to social media profiles, our digital identity is an intricate tapestry that weaves together various facets of our lives. It’s crucial to note that when discussing inclusion, equity, and accessibility in this context, the focus is primarily on individuals who experience physical or cognitive disabilities that may impair their use of technology from the outset.

The importance of accessibility in creating digital identity solutions cannot be overstated. To achieve true inclusivity for this specific group, both the public and private sectors must prioritize accessibility and consider specific principles to safeguard the rights and privacy of individuals with disabilities. In this article, we’ll delve into the significance of accessibility for digital identity and the protection of marginalized communities, outlining key principles for both public and private sectors to consider.

Part 1: The Significance of Accessibility in Developing Digital Identity

Digital identity solutions are central to our modern lives, facilitating everything from accessing healthcare records to participating in online communities. However, these advantages are only fully realized when these systems are accessible to everyone, regardless of their physical or cognitive abilities, including accounting for aging populations. An initial product release that lacks accessibility and proves difficult to use, even if it functions as intended, can erode trust and create negative perceptions.

  • Universal design: A foundational principle for digital identity solutions is creating systems usable by all individuals, regardless of disability. A universally designed digital identity solution should accommodate a wide range of abilities, modalities of interaction, and preferences, ensuring that everyone can participate in the digital world on equal terms.
  • Inclusivity in development: Involving individuals with disabilities in the design and testing phases ensures that the final product is genuinely accessible. By including diverse perspectives, developers can identify and rectify accessibility issues early in the development cycle.
  • Adherence to standards: To ensure accessibility, digital identity solutions must adhere to globally recognized accessibility standards, such as W3C’s Web Content Accessibility Guidelines. These provide a clear set of guidelines for making digital content and applications accessible. Compliance with these standards is crucial for ensuring that digital identities are available and usable for all.
  • User-centric approach: Developers must seek to understand how individuals with disabilities interact with their application or technology, offering customization options that empower users to adapt the system to their unique needs and requirements. This might include adjustable font sizes, alternative input methods, and compatibility with assistive technologies. They should also be adaptive in their design.
  • Privacy and security: Paramount in digital identity solutions, individuals with disabilities may be particularly vulnerable to privacy breaches and identity theft. Implementing robust security measures while maintaining respect for user privacy is essential. This can be achieved through encryption, robust authentication methods, and clear privacy policies. Regular audits and assessments can address the security and privacy practices of digital identity solutions as technology shifts, including vulnerability testing and compliance checks to ensure the highest standards of privacy and security are maintained.

Part 2: Safeguarding the Privacy and Trust of Individuals with Disabilities

To ensure that the privacy and trust of all citizens are safeguarded appropriately, accessible solutions must be designed and delivered with intent. To ensure that accessibility is realized, a high level of understanding and education is necessary for individuals to utilize their identity in digital channels without the apprehension of misuse or fear of being exploited.

  • Informed consent: Individuals with disabilities should have access to clear and understandable information about how their digital identity data will be used. Obtaining informed consent ensures that users are aware of the risks and benefits of participating in digital identity systems.
  • Minimal data collection: Users should understand that only the data that is absolutely necessary for the functioning of the digital identity system is being collected. Minimizing data collection reduces the risk of privacy breaches and limits the potential for misuse of personal information.
  • Transparency in data practices: Transparency should be maintained in data practices. All users must have access to their data and understand how it is being used and processed. Transparency, particularly to historically marginalized communities, builds trust and empowers individuals to make informed decisions about the use of their digital identities.
  • Accessible privacy settings and controls: Accessible privacy settings and controls that are easy for individuals with disabilities to use must be available. These controls must allow users to manage their data and privacy preferences effectively.

In conclusion, it’s important to recognize that accessibility, inclusion, and equity are multifaceted challenges. While this article focuses on individuals experiencing physical or cognitive disabilities, it’s crucial to acknowledge that there are various barriers to equitable access, including socio-economic factors, digital literacy, and language barriers. By addressing these challenges collectively, we can work towards creating a more inclusive digital world for everyone.

Leader de l’identité numérique de confiance au Canada, le CCIAN salue le budget de 2023

Leader de l’identité numérique de confiance au Canada, le CCIAN salue le budget de 2023, et félicite le gouvernement pour ses investissements dans la transformation numérique et le virage du Canada vers une économie numérique

TORONTO, LE 29 MARS 2023 — Joni Brennan, présidente du Conseil canadien de l’identification et de l’authentification numériques (CCIAN), a publié une déclaration à la suite du budget fédéral qui a été déposé hier :

Le CCIAN est ravi des investissements, annoncés dans le budget d’hier, que fait le gouvernement fédéral dans la transformation numérique et l’innovation canadienne afin de favoriser une économie numérique prospère.

Le Canada a une occasion d’être un leader mondial de l’identité numérique et d’offrir des possibilités aux Canadiens; de réduire les coûts pour les gouvernements, les consommateurs et les entreprises; d’améliorer la prestation des services; et de favoriser la croissance du PIB.

L’identité numérique est une composante hautement personnelle mais essentielle pour servir et protéger les Canadiens. Qu’il s’agisse d’augmenter la protection et la confidentialité des données dans le secteur public ou de renforcer la sécurité nationale, la sécurité publique et la protection des enfants grâce à une authentification et une autorisation efficaces, l’identité numérique tient une place importante dans notre transition vers un monde et une économie numériques. Nous savons par ailleurs qu’un écosystème de l’identité numérique efficace, sécuritaire et sûr permettra d’abaisser les coûts des opérations manuelles et de réduire la fraude, une économie de l’ordre de 482 millions de dollars pour les gouvernements provinciaux et fédéral et de 4,5 milliards de dollars pour les organisations du secteur privé.

Les annonces contenues dans le budget renforcent l’engagement du gouvernement à l’égard de la transformation numérique du Canada alors qu’il cherche des façons de participer pleinement à l’économie numérique mondiale et au virage vers un état d’esprit avant tout numérique. Le gouvernement a fait des progrès encourageants en adoptant des solutions technologiques numériques pour mieux fournir des programmes et des services, et les Canadiens bénéficient de ces progrès.

Nous nous réjouissons de constater que le budget d’hier comportait les engagements suivants :

  • Engagement à apporter des modifications législatives au Code criminel et à la Loi sur le recyclage des produits de la criminalité (blanchiment d’argent) et le financement des activités terroristes (LRPCBAFAT) afin de renforcer les outils d’enquête, d’application de la loi et d’échange d’information du Régime canadien de lutte contre le recyclage des produits de la criminalité et le financement des activités terroristes (LRPC-FAT).
  • Engagement à améliorer les opérations aéroportuaires et le contrôle des voyageurs, notamment en accordant un financement de 1,8 milliard de dollars sur cinq ans à l’Administration canadienne de la sûreté du transport aérien (ACSTA) pour maintenir et rehausser son niveau de service, raccourcir le temps d’attente au contrôle de sécurité et renforcer les mesures de sécurité dans les aéroports.
  • Engagements à améliorer la prestation des services aux Canadiens, notamment en accordant un financement de 156,7 millions de dollars sur cinq ans afin de réduire les arriérés de demandes à Anciens combattants Canada et de 123,9 millions de dollars sur sept ans afin d’achever la modernisation du système de TI de la Sécurité de la vieillesse; et engagement à modifier la Loi sur la citoyenneté afin de permettre l’administration électronique du programme de citoyenneté, le traitement automatisé et assisté par ordinateur, ainsi que la collecte et l’utilisation de données biométriques.

Le budget d’hier donne l’occasion  d’implanter davantage l’identité numérique au Canada, et le CCIAN reste déterminé à collaborer avec le gouvernement et l’industrie pour continuer à bâtir un écosystème de l’identité numérique qui inspire confiance, et à apprendre aux Canadiens à lutter contre la désinformation et l’information trompeuse au sujet de l’identité numérique.

À propos du Conseil canadien de l’identification et de l’authentification numériques (CCIAN)

Le Conseil canadien de l’identification et de l’authentification numériques (CCIAN) est une coalition d’organisations des secteurs public et privé déterminées à développer des études et des outils pour offrir des solutions et des services sûrs, robustes et évolutifs en ce qui concerne l’identité numérique canadienne. Nous visons à permettre à tous les Canadiens de participer d’une manière sécuritaire et confidentielle à l’économie numérique mondiale en mettant le respect de la vie privée, la sécurité et le choix à l’avant-plan de toutes les initiatives du CCIAN.

Renseignements :

communications@diacc.ca

Identité essentielle : Rétablir la chaîne de confiance pour l’identité

En 2021 et au début de 2022, le CCIAN a collaboré avec un GIP pour examiner la façon dont l’intégration des identités essentielles dans l’écosystème d’identité numérique pourrait améliorer la résolution de l’identité entre les silos, introduire de nouvelles efficacités dans la prestation des services et réduire la fraude. Il y avait, parmi les membres du GIP, des représentants des bureaux de l’état civil et des initiatives en matière d’identité numérique au niveau provincial, d’Immigration, Réfugiés et Citoyenneté Canada (IRCC), et des secteurs de la finance et de l’assurance au Canada, ainsi que d’autres participants des secteurs privé et public. Les membres du GIP ont pris part à 14 séances de travail pour examiner des volets dans divers sujets, notamment les dossiers de naissance, les répercussions sur la prestation des services et la fraude, et l’établissement de feuilles de route.

Ce rapport présente des observations, des conclusions et des recommandations, notamment une liste de 12 initiatives proposées pour aborder et résoudre certains des enjeux ardus auxquels notre communauté est confrontée aujourd’hui.

Téléchargez le rapport ici.

DIACC-Foundational-ID-SIG-Final-Report_FRN

Agri-Food Product Identity Verification & Governance – DIACC Special Interest Group Insights

This report was created by the Identity Verification and Food Traceability DIACC Special Interest Group and was a collaborative effort between the University of Guelph, DIACC, and other subject matter experts. This report discusses what the identity verification related requirements for the creation and management of agri-food products (or items) unique identifiers to enable provenance tracking, ensure traceability, facilitate agri-food data integration, enhance governance, protect privacy and confidentiality, inform policies, and improve communications. 

Download the report here.

Agri-Food-Product-Identity-Verification-and-Governance-DIACC-Special-Interest-Group-Insights

Digital ID & Trust

By Julianne Trotman formerly Growth Marketing Lead at Vaultie with additional contributions by members of DIACC’s Outreach Expert Committee.

For those of us new to the Digital Identity scene, separating fact from fiction and deciphering the benefits from the vast array of information written on the topic is not an easy task. Over the past 24 months, the use cases for Digital Identity have become more prevalent and the news surrounding the myriad of solutions and their applications in the marketplace continues to be front and centre. It has left the Digital Identity novice trying to understand the technology and asking three questions:

  1. Why should they care about digital Identity?
  2. How will it benefit them?
  3. Whose responsibility is it to safeguard their personal data in a Digital Identity ecosystem and why they should care?

Having a Digital Identity is an important component for those wanting to interact in the digital economy. But what really is a Digital Identity and what is it used for? One way to think of a Digital Identity is as the equivalent of your identity in the physical world, such as having your physical driver’s license or health card digitized. It helps us to prove we are who we say we are, in an online context. Your identity can be used to replace physical identification such as a digital driver’s license, job credentials, or vaccine passport. Or it can also be used as a credential to access online services such as banking, apps on a mobile phone, or educational diplomas and certificates. Without trust in these relationships; between customers and organizations, citizens and government adoption and continued development of Digital Identity will be a challenge. Getting people to participate in the digital ecosystem is reliant on how much they trust that their information will be kept safe and not subject to unauthorized access by those in authority or with nefarious intent. For some, the trade-off between the ease of use and convenience of a Digital Identity, and the potential danger of having information compromised is not a great concern. They see the advancement of the technology that facilitates secure Digital Identity as progress and the trade-off as being a reasonable one. However, for many, the risk is not worth the adoption of a Digital Identity and their lack of confidence in the powers that be to keep their data, especially financial details, secure.

So, what’s missing? What is needed to instill trust into the equation? It seems as though almost every week there’s a story in the news about the latest organization that has been affected by a data breach. These breaches have been directed at private sector organizations, public institutions, and government targets. The hackers are indiscriminate about which institutions they attack, so the general public’s faith and trust in these institutions continue to be eroded every time another one of these attacks comes to light. The uncertainty that comes with not knowing whether data you have shared with an organization is secure or not, or what you can do to avoid this type of thing happening again in the future, is very unnerving. For people to have more faith in the current systems they need to understand how and why an organization is collecting their data and how it will be used, shared, and stored. This issue has been the source of much debate when it comes to trusting that some areas of government will not collect and use their citizen’s data for purposes that have not been fully disclosed. For example, with law enforcement, many people are hesitant to open pandora’s box of police-citizen data collection with a historical lack of transparency around its use and to what extent this data is collected in the name of public safety.

To deal with the issue of trust, governments and industries have looked to put what are known as trust frameworks in place, such as the Pan-Canadian Trust Framework (PCTF). These frameworks provide auditable criteria for different capabilities in an identity ecosystem, such as those for issuers of digital credentials, the people who use them, and the organizations who rely on identity assertions linked to the credentials. Trust frameworks vary in scope as some seek to verify the trustworthiness of information, technology, and processes of a solution, such as the PCTF, while others seek to facilitate a clear understanding between the people using Digital Identity products, the organizations providing and using the services, and the data being used. A trust framework is a tool to facilitate information verification and compliance that help promote trust and technical interoperability while allowing for information assurance verification and technical implementation compliance. Trust Frameworks enable digital systems and technologies to be able to communicate with each other or together measure each system’s trustworthiness. However, having these frameworks in place does not in and of itself help guarantee trust in the system. In order for this to happen there needs to be education around what the frameworks are given that trust frameworks define outcome-based requirements trust frameworks themselves may not guarantee interoperability between systems. For this to be secured solutions would need to build on the same technologies and standards with additional technical compliance verification required.

The journey to a more ubiquitous world of Digital Identity is one that still has many hurdles to overcome before it becomes a more pervasive reality. As many of these challenges are met and the acceptance of the ecosystem becomes more the norm than the exception, ensuring that we do not lose sight of the human side of the discussion is paramount. Trust is earned not given, and we, those involved in the Digital Identity industry must continue to work towards building an ecosystem that encompasses systems and technologies that help to instill trust into the process.

Trousse du gouvernement de la Colombie-Britannique pour les émetteurs de justificatifs vérifiables Rapport sur la validation de principe

Ce rapport vise à présenter les vecteurs du projet, ce que la validation de principe a démontré, l’expérience et l’apprentissage des participants, et la façon dont les gouvernements pourraient procéder pour instaurer l’identité numérique dans leurs propres programmes. Il utilise une approche narrative pour résumer les résultats de cette validation de principe. Ce rapport fournit des perspectives stratégiques et opérationnelles à propos des résultats de cette validation de principe pour d’autres entités gouvernementales désireuses de bâtir une validation de principe ou un système de production à l’aide de l’IAS. Le rapport a été rédigé à partir d’une série d’entrevues avec des personnes qui ont pris part à l’initiative. Les personnes interrogées comprenaient notamment des fonctionnaires, des fournisseurs ayant accepté de collaborer et des observateurs provenant de l’industrie de la gestion de l’identité.

Télécharger le papier.

CCIAN_Trousse-du-gouvernement-de-la-Colombie-Britannique-pour-les-émetteurs-de-justificatifs-vérifiables-Rapport-sur-la-validation-de-principe

2022 Pre-Budget Submission

DIACC’s Written Submission for the Pre-Budget Consultations in Advance of the 2022 Budget

Ahead of the 2022 federal budget, the House of Commons Standing Committee on Finance has asked Canadians to share their input. 
DIACC is pleased to have submitted a brief, calling on the Federal Government to implement the following recommendations: 

  1. That the government secure adoption of the Pan-Canadian Trust Framework by businesses and governments.
  2. That the government act on the Finance Committee’s 2021 Pre-Budget Consultation Recommendations 128, Implement a digital identity system that empowers Canadians to control their data that is held by the federal government, and 129, Create a national data strategy.
  3. That the government work with provincial and territorial partners and Immigration, Refugees and Citizenship Canada to ensure that all Canadians have access to an ISO-compliant government-issued digital ID credential with economy-wide utility by December 2022.
  4. That the government make digital identity-enabled services available to all Canadians by December 2022.
  5. That the government prioritizes funding and integration of digital ID as part of the Digital Technology Supercluster Initiative.

The Key to Unlocking an Inclusive Digital Economy: Investing in Digital ID

To re-start the economy and deliver inclusive services to all Canadians, governments must invest in unlocking digital. Digital ID empowers Canadians with the choice to safely share their existing credentials (eg: passports, driver’s licenses, health cards) for digital transactions.

Investing in digital ID offers economic benefits to citizens, businesses, and governments and also establishes digital tools to support societal trust, security, privacy, and fraud mitigation. This is a win for all.

Few budget items have the potential to impact every government initiative – digital ID is one such investment with broad impacts and encompassing benefits. Digital ID offers service improvements across all government services and priority areas. This initiative has the potential to empower individuals, increase government efficiency, strengthen companies, and unite communities across the country with secure access to resources, economic development, trust, and support. 

Canadians understand the potential. The pandemic has been an intense and polarizing experience, leading many Canadians to lose faith in institutions. The Edelman Trust Barometer reports that 46% believe that government leaders purposely misled them. At the same time, Canadians are relying more on technology, with the digital sector growing 3.5 percent in 2020, while the economy as a whole shrunk by 5 percent. With digital transformation happening across the country, Canadians are aware that online privacy is crucial. A recent poll from The Office of the Privacy Commissioner of Canada reports that 89 percent of Canadians are concerned about people using information about them online to steal their identity. 

How can the government build trust, enhance privacy, and demonstrate that citizens’ rights are top priority? The answer is clear: 9 in 10 Canadians are supportive of digital ID. Citizen-centric, standards-aligned Digital ID offers an ecosystem that reopens doors closed by the pandemic and unlocks entirely new paths to economic resiliency, cohesion, and social trust.

🔑 Recommendation 1: Implement adoption of the Pan-Canadian Trust Framework by businesses and governments to ensure Canadians are empowered post-pandemic and have clarity in building a secure, interoperable, and privacy-respecting digital ID.

The Pan-Canadian Trust Framework™ (PCTF) is a co-created framework that any jurisdiction — federal, provincial, or international — and industry sector can work with to ensure business, legal, and technical interoperability to realize the full benefits of a digital ecosystem. Rather than seeking a single solution, the PCTF promotes choice and offers a shared hub and language that distinct solutions can interoperate through. Developed by public and private sector experts over a decade, the PCTF provides organizations of all sizes, across sectors, industries, and locations with shared principles and guidelines for a digital ID ecosystem. Built based on recommendations from the federal government’s Task Force for the Payments System Review in 2011, this work has been identified by the public and private sectors as key for Canada’s economic resilience but remains underfunded. 

While provinces, territories, and countries around the world set up COVID credentialing and proof of vaccination systems, the need for these systems is urgent. The credentials issued must be designed with common principles and security to enable acceptance across various jurisdictional and sector-specific solutions for their unique context. The PCTF makes this possible, working as a flexible foundation to connect systems without dictating a single technological architecture. 
The PCTF includes adaptable recommendations that are currently being tested in-market, including standards for Notice and Consent, Authentication, Privacy, Verified Person, Verified Organization, Credentials (Relationship and Attributes), Infrastructure (Technology and Operations) and Assessment. A Model, Overview, and Glossary have been published for ease of use across industries and sectors. Developed with Canadians in mind, the PCTF is technology-agnostic, encouraging innovation while prioritizing privacy, safety and security, and supporting digital economic growth on a global scale.

🔑  Recommendation 2: Put citizens first and integrate cross-government priorities. Act on the Finance Committee’s 2021 Pre-Budget Consultation Recommendations 128, Implement a digital identity system that empowers Canadians to control their data that is held by the federal government, and 129, Create a national data strategy.

Empowering individuals to control their data, understand available services, and have more convenient and secure access to government services offers a direct path to rebuild trust. A recent Leger survey commissioned by Postmedia reports that the pandemic has eroded trust in the federal government, either a little or a lot, for 63% of Canadians. After a challenging year, it is critical that the budget puts citizens first. Digital ID is a proactive initiative that offers immediate and long-term benefits. It has the potential to restore confidence, act on Canadian values, and empower citizens.

Providing Canadians with the digital ID credentials necessary to access, manage, and share their own data ensures citizens have control over the important information they need to manage their health, business(es), and digital services. A national data strategy ensures all Canadians benefit from these advances. It also clarifies accountability for those who seek to use technology and personal information with malicious intent. A pan-Canadian strategy evens the playing field for businesses looking to operate digitally across provincial, territorial, and global borders. This approach also enhances Canadians’ ability to compete economically on a global scale, travel, and seek care with the virtual mobility afforded by a secure, verifiable digital ID. 

🔑 Recommendation 3: Ensure all Canadians benefit from digital connections, opportunity, and the right to be recognized with digital ID. Work with provincial and territorial partners and Immigration, Refugees and Citizenship Canada to ensure that all Canadians have access to an ISO-compliant government-issued digital ID credential with economy-wide utility by December 31, 2022.

Digital ID is the key, as the pandemic has built and opened new doors for Canadians navigating their safety, financial security, health and relationships. According to a study by Brookfield Institute, 9 percent of Canadian businesses made 60 percent or more of their total sales online, up from 6 percent in 2019 — but this digital success has been difficult for small to medium enterprises to adopt. As digital service adoption grows, citizen and employee expectations have also shifted to demand more reliable and secure digital alternatives. Digital ID can encourage sustainable, long-term adoption of digital platforms and help organizations of all sizes to benefit from these systems. It also presents a more flexible and streamlined strategy for pan-Canadian notification systems, service delivery, and community safety initiatives.

Provinces and territories are establishing their own digital ID initiatives. Alberta and British Columbia have launched digital IDs, with BC including a mobile card and a Verify by Video option. Significant investments have been made in Ontario and Québec, where proof of vaccination credentials have been launched. Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick are launching pilots, proof of concepts and digital ID components. 

This prioritization demonstrates demand for this enabling capability across the country — but unequal funding and approaches developed in departmental silos pose a risk. Without cohesive federal leadership, these systems will be disjointed and miss the opportunity to be truly interoperable, efficient, and useful for all Canadians. Unlocking these opportunities in a synchronized and equitable manner will ensure Canadians can all access economic opportunities, required public services, and the chance to manage their own personal information.

🔑  Recommendation 4: Collaborate for the highest and most equitable impact. Make digital identity-enabled services available to all Canadians by December 2022.

As the provincial and territorial governments take action to simplify and secure digital identities, private companies are also taking note of this massive market opportunity. Notably, Apple is teaming up with the TSA to be a trusted source of ID for Americans and Stripe is pursuing digital ID services partnering with other apps, including Discord, for user verification. Many more companies are entering the digital ID space in hopes of earning users’ trust and capturing market share. As the issuer of identity in Canada, the public sector is uniquely positioned to empower Canadians and enable the private sector — but the government needs to act now. 

While offering numerous economic and social benefits locally and globally, a Canadian digital ID builds citizen trust and mitigates risk. As the Canadian Centre for Cyber Security noted, “the number of cyber threat actors is increasing, and… Cybercrime will almost certainly continue to be the cyber threat most likely to affect Canadians.” This vulnerability means that Canadians urgently require an encompassing, policy- and leadership-driven approach to implementing and enforcing Privacy by Design principles. A McKinsey report confirms this, suggesting that, for national governments to address the heightened risks presented by cyber threats, “organizations can move from a ‘trust but verify’ mindset to a ‘verify first’ approach.” Pressures and requirements for proof of vaccination, contact tracing, and social distancing are also made possible, digitally secure, and more user-friendly through universal data minimization standards. 

Digital ID offers the key to unlocking secure digital services and pathways. With opportunities to boost job creation, economic growth, citizen wellbeing, COVID-19 planning, support, and mitigation, and reconciliation efforts, digital ID is a budget line that prioritizes and directly benefits all Canadians. Digital ID offers Canadians more personalized control over personal information and convenient access to services. It can increase mobility and connect intra-provincial and territorial systems. It offers an opportunity to strengthen innovation and establish a secure foundation for international collaboration.

🔑  Recommendation 5: Embed within existing ecosystems. Prioritize the funding and integration of digital ID as part of the Digital Technology Supercluster Initiative. Digital ID supports and intersects its areas of focus including health, sustainable natural resource applications, and digital training.

Strides are already being made by Canadians. Purpose-built solutions, like the COVID Alert App, demonstrate that Canada has the talent and innovation to adapt and develop market-leading solutions. Unfortunately, the $20 million price tag and reactive nature of these innovations could be improved. The app has also not been approved by data authorities in Alberta, British Columbia, Nunavut, and Yukon, making it an incomplete solution that doesn’t account for different provincial regulations. Due to the nature of the pandemic, a pan-Canadian solution isn’t a nice to have — it’s a must. Digital ID is a proactive investment that could provide similar benefits in contact tracing and offer lasting impacts on service delivery. 

Digital ID has the potential to add $4.5 billion of added value to SMEs and reinvestments in the economy. It also directly meets the needs and preferences of consumers, with Signicat reporting that 68 percent of consumers expect 100 percent digital onboarding in the wake of COVID-19 and 60 percent would value digital identities to access services internationally. Canada has an opportunity to lead, recover, and take a future-focused position by making an investment in digital ID. 

Prioritizing digital ID is putting Canadians today and in the future first, and reflects responsible investment that offers benefits across departments. Its utility and impact apply during and beyond health or environmental crises. Digital ID delivers an adaptable foundation to deliver new services, security, citizen engagement opportunities, and economic growth.

DIACC members work in partnership with the Government of Canada and all levels of government and welcome further conversations and collaboration.

All sources may be referenced within the PDF version, accessible here or below.

DIACC_Pre-Budget-Consultations_August_2021-1

Facial Biometrics: Liveness and Anti-Spoofing

Most of us understand how fingerprinting works, where we compare a captured fingerprint, from a crime scene for example, to a live person’s fingerprint to determine if they match. We can also use a fingerprint to ensure that the true owner, and only the true owner, can unlock a smartphone or laptop. But could a fake fingerprint be used to fool the fingerprint sensor in the phone? The simplest answer is yes unless we can determine if the fingerprint actually came from a living and physically present person, who might be trying to unlock the phone. 

In biometrics, there are two important measurements, Biometric Matching and Biometric Liveness. Biometric matching is a process of identifying or authenticating a person, by comparing their physiological attributes to information that had already been collected. For example, when that fingerprint matches a fingerprint on file, that’s matching. Liveness Detection is a computerized process to determine if the computer is interfacing with a live human and not an impostor like a photo, a deep-fake video, or a replica. For example, one measure to determine Liveness includes determining whether the presentation occurred in real-time. Without Liveness, biometric matching would be increasingly vulnerable to fraud attacks that are continuously growing in their ability to fool biometric matching systems with imitation and fake biometric attributes. Attacks such as “Presentation Attack”,  “spoof”, or “bypass” attempts  would endanger a user without proper liveness detection. It is important to have strong Presentation Attack Detection (PAD) as well the ability to detect injection attacks (where imagery bypasses the camera) as these are ways to spoof the user’s biometrics. Liveness determines if it’s a real person while matching determines if it’s the correct, real person.  

With today’s increasingly powerful computer systems, have come increasingly sophisticated hacking strategies, such as Presentation and Bypass attacks. There are many varieties of Presentation attacks, including high-resolution paper & digital photos, high-definition challenge/response videos, and paper masks. Commercially available lifelike dolls are available, human-worn resin, latex & silicone 3D masks, as well as custom-made ultra-realistic 3D masks and wax heads. These methods might seem right out of a bank heist movie, but they are used in the real world, successfully too. 

There are other ways to defeat a biometric system, called Bypass attacks. These include intercepting, editing, and replacing legitimate biometric data with synthetic data, not collected from the persons biometric verification check. Other Bypass attacks might include intercepting and replacing legitimate camera feed data with previously captured video frames or with what’s known as a “deep-fake puppet”, a realistic-looking computer animation of the user. This video is a simple but good example of biometric vulnerabilities, lacking any regard for Liveness.

The COVID19 Pandemic provides significant examples of Presentation and Bypass attacks and resulting frauds. Pandemic Stay-at-Home orders, along with  economic hardships, have increased citizen dependence on the electronic distribution of government pandemic stimulus and unemployment assistance funds, creating easy targets for fraudsters. Cybercriminals frequently utilize Presentation and Bypass attacks to defeat government website citizen enrolee and user authentication systems, to steal from governments across the globe which amounts in the hundreds of billions of losses of taxpayer money

Properly designed biometric liveness and matching could have mitigated much of the trouble Nevadans are experiencing. There are various forms of biometric liveness testing:

  • Active Liveness commands the user to successfully perform a movement or action like blinking, smiling, tilting the head, and track-following a bouncing image on the device screen. Importantly, instructions must be randomized and the camera/system must observe the user perform the required action. 
  • Passive Liveness relies on involuntary user cues like pupil dilation, reducing user friction and session abandonment. Passive liveness can be undisclosed, randomizing attack vector approaches. Alone, it can determine if captured image data is first-generation and not a replica presentation attack. Significantly higher Liveness and biometric match confidence can be gained if device camera data is captured securely with a verified camera feed, and the image data is verified to be captured in real-time by a device Software Development Kit (SDK). Under these circumstances both Liveness and Match confidence can be determined concurrently from the same data, mitigating vulnerabilities.  
  • Multimodal Liveness utilizes numerous Liveness modalities, like 2 dimensional face matching in combination with instructions to blink on command, to establish user choice and increase the number of devices supported. This often requires the user to “jump through hoops” of numerous Active Liveness tests and increases friction.  
  • Liveness and 3-dimensionality. A human must be 3D to be alive, while a mask-style artifact may be 3D without being alive. Thus, while 3D face depth measurements alone do not prove the subject is a live human, verifying 2-dimensionality proves the subject is not alive. Regardless of camera resolution or specialist hardware, 3-dimensionality provides substantially more usable and consistent data than 2D, dramatically increasing accuracy and highlights the importance of 3D depth detection as a component of stronger Liveness Detection.

Biometric Liveness is a critical component in any biometric authentication system. Properly designed systems require the use of liveness tests before moving on to biometric matching. After all, if it’s determined the subject is not alive, there’s little reason to perform biometric matching and further authentication procedures. A well-designed system that is easy to use allows only the right people access and denies anybody else.  

Care to learn more about Facial Biometrics? Be sure to read our previous releases Exploring Facial Biometrics. What is it? and Facial Biometrics – Voluntary vs Involuntary.

About the authors:

Jay Meier is a subject matter expert in biometrics & IAM, and an author, tech executive, and securities analyst. Jay currently serves as Senior Vice President of North American Operations at FaceTec, Inc. and is also President & CEO of Sage Capital Advisors, LLC., providing strategic and capital management advisory services to early-stage companies in biometrics and identity management. 

Meyer Mechanic is a recognized expert in KYC and digital identity. He is the Founder and CEO of Vaultie, which uses digital identities to create highly fraud-resistant digital signatures and trace the provenance of Legal and financial documents. He sits on DIACC’s Innovation Expert Committee and has been a voice of alignment in advancing the use of digital identity in Canada.

Additional contributions made by members of the DIACC’s Outreach Expert Committee including Joe Palmer, President of iProov Inc.

Les membres du CCIAN nomment le conseil d’administration de 2021

Le 22 juin 2021 – Le Conseil canadien de l’identification et de l’authentification numériques (CCIAN) a annoncé aujourd’hui la nomination de cinq candidats aux cinq sièges à combler lors de son assemblée générale annuelle virtuelle qui s’est tenue en ligne le 17 juin 2021.

Nouveau membre du Conseil :

  • Iliana Oris Valiente, directrice déléguée, Accenture

Administrateurs réélus :

  • Colleen Boldon, directrice, Laboratoire numérique et programmes d’identification numérique, province du Nouveau-Brunswick
  • Neil Butters, chef de l’identité numérique, de l’innovation et des nouvelles entreprises, Interac
  • Robert Devries, sous-ministre adjoint, Plateformes, gouvernement de l’Ontario
  • Louis Jacob, vice-président, Ingénierie de base et transformation, Manuvie

« J’ai le plaisir de souhaiter la bienvenue, au nom du Conseil de l’identification et de l’authentification numériques (CCIAN), au sein du conseil d’administration, a déclaré Joni Brennan, présidente du CCIAN. Son expertise en innovation et technologies émergentes va procurer une valeur stratégique au groupe. Le CCIAN va faire d’importantes avancées au cours de la prochaine année, en tant que communauté de leaders de l’identité numérique la plus vaste et la plus inclusive du Canada. »

« Tout comme notre Conseil compétent et respecté, je suis impatiente de collaborer avec ces leaders pour faire en sorte que l’identité numérique aille de l’avant en tant que priorité nationale, a indiqué Dave Nikolejsin, président du Conseil. Ensemble, nous allons promouvoir, faire connaître et faire adopter l’identité numérique afin d’habiliter les personnes, les entreprises, les centres de soins de santé, les institutions d’enseignement et la société civile. »

Les administrateurs du CCIAN sont des leaders élus de l’industrie qui fixent les orientations stratégiques organisationnelles, et voient à ce qu’une bonne gouvernance soit pratiquée, en s’assurant que les politiques et les procédures sont continuellement améliorées et qu’elles s’alignent sur la vision et la représentation des membres du CCIAN.

Voici la liste complète des membres du conseil d’administration du CCIAN :

  • Dave Nikolejsin, conseiller stratégique, McCarthy Tetrault et président du Conseil
  • Franklin Garrigues, vice-président, Canaux numériques, Mobilité pour tous, Banque TD et vice-président du Conseil
  • Andre Boysen, chef de l’identité, SecureKey et trésorier du Conseil
  • David Attard, vice-président exécutif principal, chef des services bancaires personnels et d’affaires, CIBC
  • Colleen Boldon, directrice, Laboratoire numérique et programmes d’identification numérique, province du Nouveau-Brunswick
  • Marc Brouillard, dirigeant principal de la technologie, gouvernement du Canada
  • Neil Butters, chef de l’identité numérique, de l’innovation et des nouvelles entreprises, Interac Corp.
  • Patrice Dagenais, vice-président, Paiement et partenariats commerciaux, Services de cartes Desjardins
  • Susie De Franco, directrice générale, Canaux et produits numériques, Postes Canada
  • Robert Devries, sous-ministre adjoint, Division de l’intégration des services numériques pour les entreprises, ministère des Services gouvernementaux et des Services aux consommateurs, gouvernement de l’Ontario
  • Louis Jacob, vice-président, Ingénierie de base et transformation, Manuvie
  • Hugh McKee, chef, BMO Partenaires
  • Iliana Oris Valiente, directrice déléguée, Accenture
  • CJ Ritchie, sous-ministre déléguée et dirigeante principale de l’information du gouvernement, province de la Colombie-Britannique
  • Eros Spadotto, vice-président exécutif, Stratégie technologique, TELUS

Le mandat de trois ans d’Allan Foster, vice-président de Global Partner Success, Forgerock, comme administrateur s’est achevé en 2021. Le CCIAN le remercie pour ses services et son dévouement, et se réjouit de continuer à collaborer avec Forgerock en tant qu’organisation membre du CCIAN.

Comme c’est le cas depuis quelques années, le nombre de candidats a dépassé de loin les sièges disponibles au Conseil. Le CCIAN remercie tous les candidats hautement qualifiés qui ont pris part au processus. Cette tendance reflète l’intérêt grandissant et l’investissement des particuliers, gouvernements et entreprises au Canada pour faire de l’identité numérique une priorité nationale.

À propos du Conseil canadien de l’identification et de l’authentification numériques

Le Conseil canadien de l’identification et de l’authentification numériques (CCIAN) est une coalition à but non lucratif de leaders des secteurs public et privé déterminés à élaborer un cadre canadien d’identification et d’authentification numériques afin de permettre au Canada de participer pleinement et d’une manière sécuritaire à l’économie numérique mondiale. Le CCIAN est le fruit du groupe de travail du gouvernement fédéral mis sur pied pour examiner le système de paiements et ses membres incluent des représentants des gouvernements fédéral et provinciaux, ainsi que des membres influents du secteur privé.

La COVID-19 a accéléré la demande des Canadiens pour une identité numérique

Selon une étude du Conseil canadien de l’identification et de l’authentification numériques, trois quarts des Canadiens trouvent important d’avoir une identité numérique sûre et fiable qui protège davantage la vie privée pour effectuer des transactions en ligne en toute sécurité

lire le rapport ici

lire le résumé du rapport ici

lire le résumé du rapport d’une page ici

Toronto, le 16 février 2021 – Alors que le nombre de Canadiens et d’entreprises qui font le saut en ligne augmente en raison de la pandémie de COVID-19, les trois quarts de la population estiment important d’avoir une identité sûre et fiable qui protège davantage la vie privée pour effectuer des transactions en ligne en toute sécurité. 

« Qu’il s’agisse de recevoir des prestations d’urgence liées à la pandémie, de s’assurer que les dossiers de santé sont exacts ou d’aider les enfants et les jeunes à étudier en ligne, une identité numérique sûre est essentielle de bien des façons pour le fonctionnement de la vie quotidienne pendant une pandémie », a déclaré Joni Brennan, présidente du Conseil canadien de l’identification et de l’authentification numérique (CCIAN). La pandémie a mis en évidence la nécessité pour les gouvernements d’agir avec urgence pour investir dans l’infrastructure numérique nécessaire afin que les Canadiens reçoivent les services dont ils ont besoin et que les entreprises canadiennes puissent participer pleinement et en toute sécurité à l’économie numérique mondiale. »

Selon l’étude, la majorité des Canadiens estime important que les gouvernements fédéral et provinciaux agissent vite pour instaurer une identité numérique d’une manière sécuritaire et sûre. Il ressort également de l’étude qu’une collaboration entre les gouvernements et le secteur privé continue d’être considérée comme la meilleure approche pour créer un cadre d’identité numérique pancanadien.

« À l’heure où les décideurs réfléchissent à la façon idéale d’investir pour soutenir la relance économique post-pandémie du Canada, l’attribution à tous les Canadiens de justificatifs d’identité numérique de confiance doit être une priorité », a indiqué Dave Nikolejsin, président du Conseil du CCIAN.

Maintenant que le gouvernement fédéral axe ses efforts sur la relance post-pandémie, c’est censé du point de vue économique d’investir dans l’identité numérique, surtout pour les petites et moyennes entreprises. Les PME pourraient profiter de l’impact de l’identité numérique pour améliorer des processus qui sont actuellement ardus, en particulier dans les cas où les entreprises doivent fournir une preuve d’identité à d’autres compagnies. Sachant que les PME comptent pour environ 30 pour cent du PIB total du Canada (450 milliards de dollars), il suffirait qu’une PME moyenne gagne un pour cent d’efficacité en ayant accès à une identité numérique de confiance pour rapporter potentiellement 4,5 milliards de dollars en valeur ajoutée aux PME et réinvestissements dans l’économie canadienne.

L’identité numérique est essentielle pour protéger la vie privée au Canada

Les participants à l’étude ont indiqué que la sûreté, l’efficacité et la protection de la vie privée sont les trois principaux avantages de l’identité numérique. En outre, de très nombreux Canadiens veulent des solutions qui s’appliquent aux secteurs tant public que privé. 

« Maintenant que le ministre de l’Innovation, des Sciences et de l’Industrie François-Philippe Champagne a présenté le projet de loi C-11, qui édicte la Loi sur la mise en œuvre de la Charte numérique, afin d’introduire dans le secteur privé des mesures destinées à protéger les données des consommateurs, c’est impératif que la législation tienne également compte du secteur public », a affirmé Joni Brennan.

Une identité numérique aiderait à protéger les données des Canadiens et faciliterait l’accès aux services à l’échelle du gouvernement alors que nous traversons la pandémie et nous dirigeons vers la reprise. C’est pourquoi il faut adopter le cadre de confiance pancanadien.

Étant donné cette nouvelle étude et ses données irréfutables, c’est le moment idéal pour les gouvernements d’investir pour faire de l’identité numérique une priorité nationale en termes de politique publique. 

À propos du CCIAN

Fruit du groupe de travail du gouvernement fédéral chargé d’examiner le système de paiement, le DIACC est une coalition à but non lucratif de leaders des secteurs public et privé qui se sont engagés à développer un cadre canadien d’identité et d’authentification numériques afin que le Canada puisse participer pleinement et d’une manière sécuritaire à l’économie mondiale. Les membres du DIACC incluent des représentants des gouvernements fédéral et provinciaux ainsi que des leaders du secteur privé. Pour plus de renseignements, visitez diacc.ca.

À PROPOS DE L’ÉTUDE

Burak Jacobson Research Partners est une firme d’études de marché qui offre des services-conseils complets et a son siège social à Toronto, en Ontario. Fondée en 1981, Burak Jacobson a mené plus de 4 000 projets de recherche dans 39 pays et diverses industries.

« Older Entries