Tag Archives: COVID-19

Our digital future and economic recovery rest on getting digital ID right

As Canada’s economy reopens and talk of requiring vaccination proof heats up, it is essential to remember that security and privacy are paramount. 

Proof of vaccination, sometimes called “vaccine passports,” may provide a tool for accelerating economic recovery, and the validity of these proofs requires a safe and secure relationship to an identity behind it. Solving digital ID challenges with priority in a meaningful way is the most impactful way to empower people, prevent fraud, and privacy breaches as Canadians return to attending school in person, going to concerts, travelling, eating indoors in restaurants and more. 

We can no longer wait — it’s time for Canada to take leadership and get serious about solving digital identity or someone else outside of our country will.

As privacy commissioners across Canada have said, “Privacy should be front and centre as governments and businesses consider COVID-19 vaccine passports as a tool to help Canadians return to normal life.”

Data minimization must be the standard, where TWO things are essential for a secure and smooth transition to our digital economy: 

1) only share the necessary information to prove a user’s identity, and 

2) only share the data needed to fulfill the transaction at hand. 

That’s why, for 10 years, the DIACC has built up the important digital ID sector as the trusted voice for driving the public and private sector development of a Pan-Canadian Trust Framework, industry standards, policy advisory, and proof of concept initiatives that support the establishment and adoption of a fully digital, and privacy-respecting country that benefits Canadians.

Canadians and businesses need clarity and leadership from governments on implementing a safe and secure digital ID so that society and the economy can reopen more safely. A cohesive public and private sector approach is needed. And governments must make solving digital identity, with privacy and security, a stated priority now. Our country cannot afford to address digital identity as siloed and individual projects. Canada needs to take the lead by establishing Canadian principled solutions that will work at home and export our values around the world.

Implementing a digital identity ecosystem now will allow for a more effective transition to secure Canada’s full and beneficial participation in the digital economy, whether it’s introducing digital vaccine proofs, receiving government benefits, updating an immigration status, entering the workforce and more.

As Canada’s trusted voice on digital ID, the DIACC’s 100-plus members from both the private and public sectors have the business, legal, technical and deep real-world experience to continue spearheading the establishment of a digital identity ecosystem that is designed to benefit people.

While technologies for creating digital proofs of identity and vaccination (passports) are here now, residents and businesses need provincial and federal governments to take leadership by establishing clear policy and guidance for usage to ensure that no Canadians are left behind.

If Canadian governments prioritize the establishment of digital ID that works for people, governments, and the economy, then vaccine proofs (passports) and myriad other uses can be implemented with security and privacy embedded by design.

Digital ID is not about surveillance, tracking Canadians’ online activity, or data collection. It’s about empowering Canadians with the choice to safely share their existing credentials (eg: passports, driver’s licenses, health cards, citizenship cards) for digital transactions.

With digital identity done right, a vaccine proof (passport) would allow Canadians to securely prove who they are, verify that they were vaccinated, and have a digital credential to use in any instance that requires it — all in a safe and secure way that does not divulge any other private health record. 

Our digital future and economic recovery rest on getting digital ID right.

About the Author:

Joni Brennan is the President of the Digital ID & Authentication Council of Canada (DIACC) and builds on 15 plus years of experience in Digital Identity innovations and standards development. She helps DIACC to fulfill its vision of unlocking interoperability of public and private sector capabilities through the establishment of an identity trust framework that will grow Canada’s economy.

Protecting Privacy While Reopening Economies

The Value of the Pan-Canadian Trust Framework

Co-written by Kaliya Young, IdentityWoman & Joni Brennan, DIACC President

Around the world, people are suffering due to the disruption caused by the COVID-19 pandemic. Some of this suffering is due to the need to move education and work to take place fully online. Many workplaces have moved their workforce to be remote.  However, not all workplaces are able to function remotely. (Examples goods and essential services, pharmacy, travel etc…) Workplaces that are not able to operate remotely have shut down or limited hours and capacity severely.  This puts a massive strain on economies.  

In the past we have talked about Digital Identity as a convenience to make it easier for people to transact with cybersecurity and privacy protection. Now, when we talk about security, the conversation is urgent and focused on life security.  People are asking, “Will I be able to continue to work? Will I be able to put food on the table?”  

Governments and businesses are urgently looking for tools to safely reopen and restart economies. 

About CLEAR

In the U.S., large cities are considering proposals that delegate the management of phygital (physical-digital) identity to CLEAR, a U.S. based company, so that cities can “safely reopen” their local economies by requiring people who want to navigate the city to have a CLEAR ID and link it to their health record/COVID status. 

CLEAR offers a service that replaces a physical ID check with a biometric scan of a person’s eyes and fingertips. In some locations, this service allows passengers to move through airport security faster. 

CLEAR is like “login-with Facebook” or “login-with Google” where people are required to get into websites to have a relationship with these private identity providers where CLEAR’s service straddles both the physical and digital worlds. 

Just as Facebook or Google login tracks and surveils you and your behaviours, the CLEAR approach could essentially track and surveil people in the physical world. This approach also has the potential to delegate authority to manage access to public spaces by a single private sector entity. Without an agreed on and adopted framework, this type of approach could have the effect of restricting freedom of movement to be managed by a single private sector entity.  

Why Trust Frameworks Matter

As businesses and governments are looking for tools to safely reopen and restart economies.  Tools for reopening are an important part of the challenge.  Tool development and tool selection in these scenarios must be guided by “rules of the road” that put people and socioeconomic security at the centre of the design. 

Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests. 

The Pan-Canadian Trust Framework represents a set of operational rules that have been developed by public and private sector leaders to enable a diversity of public and private sector organizations to provide services and solutions that could help to restart the economy.  

By having a Pan-Canadian Trust Framework, the playing field could be leveled to enable a diversity of entities to play a role in safely reopening economies with privacy and personal data protections built in by design. 

The Pan-Canadian Trust Framework has been built with privacy and consent to personal information disclosure embedded into all aspects of the design. The Pan-Canadian Trust Framework has been designed to measure the implementation of assurance, security and privacy practices in networks and solutions that are built on various (and often different) technologies. 

For more information about how your organization can adopt or help to shape the Pan-Canadian Trust Framework please visit diacc.ca or contact us at info@diacc.ca.

Help Define and Design the Future of Canada’s Levels of Assurance with DIACC

Online transactions, interactions, and service delivery are no longer aspirational end-states. In the wake of COVID-19, digital has become the default for many Canadians and industries. Making that default work long-term means earning and maintaining trust for people and platforms. Levels of assurance (LOAs) create a clear roadmap for developing that confidence, both for teams offering and people accessing services. Learn more about LOAs in our recent post to understand why they matter to Canadians, where we’re at and where we go from here.

“Making sure we have a common way to evaluate and measure the integrity of that data is central to a common bar of acceptance,” DIACC President Joni Brennan explained. To get a better understanding of how LOAs are a core factor in the future and success of digital platforms, we spoke with Joni and George Watt, Partner, Strategy and Lean Innovation Practice at Becker-Carroll. George has extensive experience leading and developing innovation and security with global enterprises.

Why are Levels of Assurance so important right now? 

George Watt: The pandemic accelerated the pace of digital transformation to breakneck speed. Governments have responded with impressive resolve to deliver new digital services safely. The private sector faced similar challenges with lockdowns and restrictions, new customer needs and opportunities to better serve their customers. For some, these transformations are imperative just to remain viable.

These organizations, both public and private, need to be able to safely transact digitally with their customers, and to interact with one- another. They need to be certain the entities they’re dealing with are who they claim to be with a level of confidence commensurate with risk inherent in each transaction. 

Levels of Assurance are about specific agreements between participants in an ecosystem that enable them to understand the level of confidence they can place in those transactions.

When it’s done well it becomes an unambiguous contract that makes it safe for people to transact digitally. 

Joni Brennan: The LOA conversation is important because it is a piece of the conversation that focuses on the verification of information that would be part of a transaction is authentic. The technical conversation is an important part of the puzzle… but making sure we have good data that can be relied upon and have assurance around that data is ultimately critical. 

For example, if I were a bank, I want to know data is good no matter where it came from. 

LOAs are an important piece of the puzzle for making transactions possible. 

What’s a use case where Canadians interact with LOAs? 

George Watt: When citizens interact with these LOA schemes they aren’t aware it’s happening – but they are aware of its impact. Signing into social media is a low risk example that many people do every day – but those service providers don’t truly know who their customers are. Any of the other services Canadians access with those social media digital credentials would also be considered low level of assurance because nothing is done to ensure the account holder is who they claim to be. 

Online banking is a high risk example. Compromise of that information could be devastating and could lead to bankruptcy or worse. That’s why the Canadian banking industry has a very high LOA standard that helps ensure customers are who they say they are, and helps customers protect themselves. 

The consumer doesn’t see these LOAs in explicit ways but sees their impact implicitly. For example, you don’t need to visit Facebook HQ to get an account – it has a low level of assurance – but you do need to visit your financial institution or go through a more rigorous process to prove who you are to get a bank account. They require a higher level of confidence that they know who you are. 

Joni Brennan: The ability to access city plans and interface on a decision like [changing traffic flow to create active streets] would be a lower risk interaction. Learning that there will be some barriers set up for bicycles would be low risk for other citizens or the municipal government. 
Accessing your pension or tax refund would be an example with higher risk. Something that we haven’t solved yet (but relates to digital ID) is access to digital medical records. Ideally, it will be in a way that the patient can access their own records and make those records transferable or portable between doctors, between patients and across different devices. Access to health records in a ubiquitous way is high risk. It’s something we don’t have today that identity and LOA would help with.

What’s the biggest advantage of a strong LOA scheme? 

Joni Brennan: Part of the ‘why’ behind why we’re talking about this is because we have different LOA schemes in Canada today. Those different schemes have created room for challenges and adoption delays, across different regions and different stakeholders. Different parties might be using the same assurance number – but the way they’re calculating it isn’t consistent, leading to variable outcomes. 

A level of consistency and transparency in terms of assurance – that relates to individual capability in a transaction – makes acceptance and confidence in an interaction clearer and helps the economy as a whole. It’s important for banks, governments, telecommunications providers, and users. Strength in a common acceptance and transparency would help and that’s what we’re missing right now in Canada. 

George Watt: It’s important that we develop a common understanding of these risks and establish a shared vocabulary that ensures we all evaluate risks the same way. Strong LOA schemes will enable positive economic and social impact through more robust delivery of services across domains. 
If we don’t understand those risks collectively, we either won’t deliver the services necessary to live up to our potential — or we will deliver them without understanding the risks, which could be even worse and potentially set us back. Trust is speed. A strong scheme means faster delivery of more robust and trustworthy services. Participation in these digital ecosystems will drive better seamless services for all Canadians.

Why is DIACC advocating for stronger and consistent LOAs?

Joni Brennan: We need commonality in terms of how information is verified. For that measure of assurance of information, we need a common scheme that works across the different schemes that exist in Canada today. It will create visibility and a common approach so that no matter the industry, teams can work from the same starting point for validation and verification of information. That is so important, whether it’s health or AI or smart cities. 

The current scheme and current state of the art doesn’t provide the level of dynamism required in a hyperconnected ecosystem. The current ‘1 through 4’ scheme applied on top of a complicated transaction involving many partners with different capabilities – that singular number is actually insufficient. It’s much better to have transparency, visibility, and a ‘score card’, if you will, that measures assurance that is verified. That’s the kind of dynamism and transparency we need in a hyperconnected ecosystem, that provides scalability in an LOA scheme. 
George Watt: What we had was good – but it needs to evolve to keep up with what we’re dealing with now. We need to solve tomorrow’s challenges today, not yesterday’s problems. A more modern approach to LOAs is necessary to make that happen.

What will be the biggest factor for success? 

George Watt: Bringing the public and private sector together and bridging the many international standards groups… I think the defining factor for success will be collaboration. There are lots of smart people who’ve been thinking about this. More importantly this assurance scheme will work best when private and public sector, NGO and standards orgs work together to create a more trustworthy, more robust ecosystem that allows Canada to live up to its potential. Collaboration will be key. 

Joni Brennan: Collaboration will also represent a diversity of stakeholder needs and values – which is important to ensure the way forward is as inclusive as it can be. Success requires communication and education around the why – why we’re doing this work, the value, as well as how this work will be adopted. 

As George said, for people participating in a transaction these LOAs are meant to be invisible. They’re not always the most exciting or technical part of the work – but they provide that layer of integrity underneath the technology and user experience. To succeed, we’ll need education and communication.

George Watt: Diversity is the rocket fuel of innovation. Working with DIACC, I’ve always been impressed by the diversity of membership and those who participate. It’s a diverse group of smart people who are willing to come together to work on important and complex problems.

Bring your voice to the DIACC and share your perspective on how we can solve these pressing, complex challenges. Together, through our Five Year Strategy, we’re aiming to identify key policy and regulatory enablers and barriers to digital identity growth, including creating a unified approach to LOAs. Join us and subscribe for more on LOAs in Canada.

Adapting to Distance: How Digital Solutions are Creating a Path Forward for Traditional Industries

The pandemic has changed everything – in small, invisible ways and in big, obvious, and often dramatic shifts. “It is not business as usual. People are rushing to find solutions, and people who were procrastinating are committed to changing,” explained Patrick Drolet, VP, Operations and Product Strategy, Notarius

Traditional sectors, like the legal sector, banking, education, and government, are particularly impacted by requirements to stay physically distant. As organizations that are heavily reliant on paper documents, witnesses, and face-to-face meetings, working in a new digital and decentralized format can present challenges. 

“What has amazed me is the variety of people who want to go digital,” Marc St-Jacques, VP, Sales and Marketing at Notarius said. “Everything from government to industry, health, [and] universities.”

Making the transition to digital isn’t always straightforward. For many of these secure, highly sensitive industries, a foundation of strong, trusted, and protected digital identity is necessary to continue operating. As individuals and businesses shift their focus and, in some cases, scramble to quickly adapt, a delta is opening up between those who were already moving towards digital transformation – and those who were dragging their feet. 

“It is not business as usual. People are rushing to find solutions, and people who were procrastinating are committed to changing.”

“On the one hand, individuals forced into digital are going now. It also illustrates the disparity between approaches. The shift has made everyone stand out,” St-Jacques explained. Whether it’s because they’re practiced in offering digital solutions or because they’ve been holding off, St-Jacques says it’s easy to see how different businesses operate. 

The Pan-Canadian Trust Framework, can help close the gap between early adopters and laggards, and ensure everyone has a clear path to operating in an increasingly digital-first world. 

For Notarius, there are two product lines that have been in high-demand in the wake of COVID-19. The traditional “old fashioned identity” that is consistently a big part of their business, and renewed interest in the document part. Secure, remote digital signatures and document execution are presenting a lot of opportunities for their clients to move forward. At the onset of the pandemic, they offered 60-day free trials and special offers, helping make the transition even easier for clients.

Witnessing the Shift in Industries

The industries who are showing the most interest are traditional sectors that may have been slow to adopt and adapt to digital technologies. “We are seeing a lot of appetite from the government. It is refreshing to see, as [the sector] has been slow to adopt. The biggest uptake, though, is in the university marketplace, both inside and outside of Quebec. They have moved quickly,” St-Jacques said.

“In many instances, organizations were held back by a department or two,” St-Jacques explained. “Legal departments were often the roadblock.” Those departments, including IT and government sectors, are now transforming rapidly to keep up.

The change is not – and cannot – only happen at the organizational level, though. From provincial to federal governments, the pandemic is accelerating change. “There is a long list of laws that were not ID-friendly. Government used to be so slow. They are moving now, which is super exciting,” Drolet said. 

One example is the notary bar in Quebec, a completely paper-based line of work. Although digital transformation was under consideration for the past four or five years, in the COVID-19 era, it took just three weeks for a temporary law to be passed so notaries can work in a digital format. 

Across the board, attitudes are changing and, in many cases, charting a digital path forward is no longer an option – it’s necessary for survival. The Pan-Canadian Trust Framework ensures businesses from all industries will be able to interact seamlessly with government and other industries, creating more efficiencies and helping all Canadian industries meet a baseline for privacy, security and usability. 

Digital ID Helps Maintain Connections Across Closed Borders

In a highly connected, global environment, these tools offer more options to continue connecting internationally. “Foreign students need their transcripts, they want to do their exams. Transcripts are like the identity of organizations,” St-Jacques explained, connecting the trends in education to other sectors. 

Through Notarius, these identifying documents are connected with a digital signature that it is clear and immediate, appealing to teams around the world. “We’re seeing requests from Europe, Asia, and the US,” St-Jacques shared. 

“For the international part, we are the only one recognized by Adobe. We were the only platform certified with EIDAS, with the highest standards,” Drolet explained.

Looking Ahead as Old Barriers Come Down

While the situation has not been ideal for anyone, the speed with which many have had to respond to this serious outbreak has led to some positive changes. “Usually it would be a structured and siloed process. Now, everyone is scrambling and can take initiative,” Drolet shared. “They see the value and what used to take weeks, now takes 15 minutes. Unfortunately, the pandemic was the driver.” 

So, what does the future look like?

For digital identity, Drolet predicts a surge in interest and adoption. “Who are your competitors in the ID space? The bad guy used to be the pen, now even that guy is going away,” he said.   

For industries, St-Jacques envisions lasting change. “I really don’t see people going back,” St-Jacques predicts. Old concerns about security, processes, and reluctance to change are being dissolved, as the rapid changes set precedent for what’s possible.

No matter what comes to pass, digital identity will be an important lever for success. Join Canada’s digital identity ecosystem to be a part of leading the change.
The Pan-Canadian Trust Framework ensures privacy, security, and accessibility remain features of our economy as all industries face a global push to go digital. Learn more about how DIACC is aligning organizations across industries, sectors, and Canada toward digital transformation.

OARO: Fighting COVID-19 with Automated Temperature Screening

by Brenan Isabelle, Director, Enterprise Solutions, OARO

As the world is grappling with coronavirus (COVID-19), minds are churning with the desire to come up with innovative ideas. We need solutions, and fast.

Leveraging our OARO ACCESS product line, a physical access control system that uses facial recognition and blockchain identity technology, the team at OARO took a leap forward – offering a technology solution to meet the needs of the current pandemic. 

Mainly used to secure areas in New Brunswick’s Saint John Airport, we have expanded this line to now feature an optional body temperature module for fever screening. A common symptom of COVID-19, up to 80 per cent of individuals suffering from the virus may have a higher than normal temperature, making temperature a critical factor to measure. To enable fully automated detection of elevated body temperatures, OARO has integrated the latest generation of smart thermal cameras with our AI-based facial recognition technology. Additionally, with this solution, physical contact at entry points is also greatly reduced.  

How does temperature screening work?

Involving both a thermal camera and a visual camera, the two video feeds are streamed back to a computer server that uses facial recognition to automate the temperature screening process. Artificial intelligence recognizes faces in the visual video stream, identifying the best place to measure skin temperature, which is near an individual’s inner eye (the tear duct). It is important to note that this is not a diagnosis, it is simply a screening method.

Why temperature screening in the time of COVID-19?

One issue in today’s health sensitive world is that many physical access control systems use either palm or fingerprint readers, which carry the risk of viral transmission. Thus, there has been a shift towards the use of facial recognition and thermal cameras. Our vision at OARO is to have this integrated within access control or video management systems, optimizing it for large enterprises. 

For contactless access control systems, there are two various set-ups: a thermal camera can run automated facial recognition at an entry check-point, and the gate could be configured to open for authorized employees and contractors. Alternatively, smart facial recognition terminals can be installed at doors, and read employee keycards. 

What differentiates OARO’s thermal screening approach from other thermal screening approaches? 

We are striving to move away from having trained operators, with an entirely automatic system that scans multiple faces so people do not have to stop at screening points. 

As with all technologies today, maintaining a responsible approach to privacy by design and data management is key, as is compliance with PIPEDA and Canada’s Privacy Act. If done wrong, this technology has the potential to be quite invasive and “big brother-esque.”

An extremely popular technology today, the current demand for thermal cameras is very high (there is limited inventory across North America)! As businesses are considering this technology, which many are, it is important to remember that, despite being in a pandemic situation, identity and privacy needs must be continually upheld. As many of the current systems were not built on privacy by design principles, our goal was to take a modern, blockchain and cryptographic approach to this, rather than one that is centred on surveillance and big data.  

Learn More about DIACC member initiatives and identity solutions including OARO’s within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.

About the Author: Brenan Isabelle

Brenan is the Director of Enterprise Solutions at OARO. Brenan’s background is in private equity and venture capital investments. Prior to this, he was a strategic and operations consultant at Deloitte — the largest professional services network in the world and a bond trading analyst at Scotia Capital. He holds an MBA in finance from Dalhousie University and a BBA from St. Francis Xavier University. Outside work, Brenan is an expert skydiver with over 3,700 logged parachute jumps.

Reliance on the Internet and the Battle Against COVID-19 Highlight the Need for Multi-Channel Authentication

By Karl P. Kilb III, CEO, Boloro Global Ltd.

Today, as COVID-19 rocks the world, the importance of digital identity solutions are only emphasized. We are pleased to share a number of guest blogs in the context of the DIACC network, showcasing members with capabilities, solutions and forward-thinking ideas surrounding the pandemic.

Learn more about DIACC member initiatives and identity solutions within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances. 

Due to the COVID-19 pandemic, society is moving towards an increasingly virtual lifestyle, as many of our daily activities are now taking place in the digital realm, including online banking and eCommerce. We are all traveling non-stop on an information superhighway that was not built with safety and security in mind, as the Internet was built for mass dissemination of information and not for secure transactions and other risky activity that could allow fraudsters to run rampant with identity theft. We see stories each day about emails being hacked and Operating Systems being subjected to malware, making online activity inherently vulnerable to fraud. Our increased reliance on online activity during the current pandemic highlights these long-standing problems, as SIM Swaps, email hacks, malware, man-in-the-middle attacks and other forms of fraud are all rising dramatically. The decentralization of customer support desks may also be contributing to the ability of fraudsters to wreak havoc on current security systems in place. 

So, what can be done to put real security in the hands of consumers? 

As activity on the Internet and Operating Systems are increasingly becoming easy prey to sophisticated fraudsters who routinely exploit this single point of failure, we need to consider new approaches to security that avoid such systems. Security should not only be multi-factor, but also multi-channel, eliminating the vulnerabilities of a single point of failure. “In app security” is still touching the inherently vulnerable Internet, meaning its users are still putting all of their eggs in an unstable basket. Out-of-band security is one option that stands as a viable alternative, meaning, when activity is on one channel, authentication should be on a separate channel, providing an independent lock-and-key that cannot be intercepted and compromised. 

At a time when the world is increasingly becoming aware of the inherent vulnerabilities of virtual technologies, we are also seeing the dangers of physically touching public Point of Sale devices, ATM keypads, finger scanners, or anything that could spread the virus. During a time of social distancing, conducting multi-factor and multi-channel security safely on one’s own device is an effective approach.

Along with data protection and privacy, authentication processes must also be considered. In Europe, for instance, the Payment Services Directive (PSD2) defines Secure Customer Authentication, and the General Data Protection Regulation (GDPR) defines the guidelines for protection of personal data, regardless of the form it might take. There is a need to address both. One way this can be achieved is with a multi-channel approach that provides real security (both what you possess and what you know). Authentication should strive to provide assurance to the question “Is this really you?” without being unnecessarily intrusive in its use of a consumer’s personal data.

At Boloro, we believe that authentication should be multi-factor and multi-channel, separating the security process from the activity itself in order to avoid the vulnerabilities of a single point of failure. Authentication should be secure, user-friendly, instantaneous and compatible with all mobile phones, giving everyone the opportunity to safely, securely and seamlessly participate in the global economy and social media using what should be their most trusted device – their own personal, mobile handset. 

We should all strive to work together to make the world safer and healthier, and doing this through secure mobile activity is one of the ways we can work towards achieving this goal.

About the Author: Karl P. Kilb III

Karl P. Kilb III has been the CEO of Boloro Global Limited since October 2016, focusing on the licensing of Boloro Authentication for all forms of identity verification and activity validation. Boloro Authentication is patented in 84 countries and approved by the GSMA, among others. Prior to Boloro, Kilb was a pioneer in data, analytics, media, and electronic trading at Bloomberg LP, serving as General Counsel for more than 15 years. Kilb regularly lectures on identity verification, cyber security, fraud prevention, and welcomes exploring collaboration opportunities.