Tag Archives: digital ID

The Crucial Link Between Accessibility and Digital Identity

Author: Marie Jordan from VISA. Additional contributions made by members of DIACC’s Adoption Expert Committee.

In the rapidly evolving landscape of the digital age, the concept of identity has transcended the physical realm and taken root in the digital world. This shift towards digital identities brings about numerous conveniences and efficiencies, but it also presents challenges: ensuring accessibility and equity for all. From online banking to social media profiles, our digital identity is an intricate tapestry that weaves together various facets of our lives. It’s crucial to note that when discussing inclusion, equity, and accessibility in this context, the focus is primarily on individuals who experience physical or cognitive disabilities that may impair their use of technology from the outset.

The importance of accessibility in creating digital identity solutions cannot be overstated. To achieve true inclusivity for this specific group, both the public and private sectors must prioritize accessibility and consider specific principles to safeguard the rights and privacy of individuals with disabilities. In this article, we’ll delve into the significance of accessibility for digital identity and the protection of marginalized communities, outlining key principles for both public and private sectors to consider.

Part 1: The Significance of Accessibility in Developing Digital Identity

Digital identity solutions are central to our modern lives, facilitating everything from accessing healthcare records to participating in online communities. However, these advantages are only fully realized when these systems are accessible to everyone, regardless of their physical or cognitive abilities, including accounting for aging populations. An initial product release that lacks accessibility and proves difficult to use, even if it functions as intended, can erode trust and create negative perceptions.

  • Universal design: A foundational principle for digital identity solutions is creating systems usable by all individuals, regardless of disability. A universally designed digital identity solution should accommodate a wide range of abilities, modalities of interaction, and preferences, ensuring that everyone can participate in the digital world on equal terms.
  • Inclusivity in development: Involving individuals with disabilities in the design and testing phases ensures that the final product is genuinely accessible. By including diverse perspectives, developers can identify and rectify accessibility issues early in the development cycle.
  • Adherence to standards: To ensure accessibility, digital identity solutions must adhere to globally recognized accessibility standards, such as W3C’s Web Content Accessibility Guidelines. These provide a clear set of guidelines for making digital content and applications accessible. Compliance with these standards is crucial for ensuring that digital identities are available and usable for all.
  • User-centric approach: Developers must seek to understand how individuals with disabilities interact with their application or technology, offering customization options that empower users to adapt the system to their unique needs and requirements. This might include adjustable font sizes, alternative input methods, and compatibility with assistive technologies. They should also be adaptive in their design.
  • Privacy and security: Paramount in digital identity solutions, individuals with disabilities may be particularly vulnerable to privacy breaches and identity theft. Implementing robust security measures while maintaining respect for user privacy is essential. This can be achieved through encryption, robust authentication methods, and clear privacy policies. Regular audits and assessments can address the security and privacy practices of digital identity solutions as technology shifts, including vulnerability testing and compliance checks to ensure the highest standards of privacy and security are maintained.

Part 2: Safeguarding the Privacy and Trust of Individuals with Disabilities

To ensure that the privacy and trust of all citizens are safeguarded appropriately, accessible solutions must be designed and delivered with intent. To ensure that accessibility is realized, a high level of understanding and education is necessary for individuals to utilize their identity in digital channels without the apprehension of misuse or fear of being exploited.

  • Informed consent: Individuals with disabilities should have access to clear and understandable information about how their digital identity data will be used. Obtaining informed consent ensures that users are aware of the risks and benefits of participating in digital identity systems.
  • Minimal data collection: Users should understand that only the data that is absolutely necessary for the functioning of the digital identity system is being collected. Minimizing data collection reduces the risk of privacy breaches and limits the potential for misuse of personal information.
  • Transparency in data practices: Transparency should be maintained in data practices. All users must have access to their data and understand how it is being used and processed. Transparency, particularly to historically marginalized communities, builds trust and empowers individuals to make informed decisions about the use of their digital identities.
  • Accessible privacy settings and controls: Accessible privacy settings and controls that are easy for individuals with disabilities to use must be available. These controls must allow users to manage their data and privacy preferences effectively.

In conclusion, it’s important to recognize that accessibility, inclusion, and equity are multifaceted challenges. While this article focuses on individuals experiencing physical or cognitive disabilities, it’s crucial to acknowledge that there are various barriers to equitable access, including socio-economic factors, digital literacy, and language barriers. By addressing these challenges collectively, we can work towards creating a more inclusive digital world for everyone.

Canada’s trusted digital ID leader, the DIACC, welcomes Budget 2023

Canada’s trusted digital ID leader, the DIACC, welcomes Budget 2023; applauds the government for investments in digital transformation and Canada’s shift to a digital economy

TORONTO, MARCH 29, 2023 — Joni Brennan, President of the Digital Identification and Authentication Council of Canada (DIACC) released a statement following the tabling of the federal budget yesterday:

The DIACC welcomes the federal government’s investments for digital transformation and Canadian innovation to enable a thriving digital economy announced in yesterday’s budget.

Canada has an opportunity to be a global leader in digital ID, and unlock opportunities for Canadians, decrease costs for governments, consumers, and business, improve service delivery, and drive GDP growth. 

A digital identity is a highly personal yet critical component to both serve and protect Canadians. From increasing data protection and privacy in the public sector to strengthening national security, public safety and child protection through effective authentication and authorization, digital ID is an important part of our transition to a digital world and a digital economy. Further, we know that an effective, safe and secure digital ID ecosystem will save manual operation costs and reduce fraud, saving an estimated $482 million for provincial and federal governments, and $4.5 billion for private sector organizations.

This budget announcement reinforces the government’s commitment to Canada’s digital transformation as it looks for ways to be a full participant in the global digital economy and shift to a digital-first mindset. The government has made some encouraging progress in adopting digital technology solutions to better deliver programs and services, and Canadians are benefiting from that progress. 

We were pleased to see the following commitments included in the budget:

  • A commitment to introduce legislative amendments to the Criminal Code and the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) to strengthen the investigative, enforcement, and information sharing tools of Canada’s AML/ATF Regime.
  • A commitment to improving Airport Operations and Passenger Screening, including $1.8 billion over five years to the Canadian Air Transport Security Authority (CATSA) to maintain and increase its level of service, improve screening wait times, and strengthen security measures at airports.
  • Commitments to improve service delivery for Canadians including $156.7 million over five years to reduce backlogs in Veterans Affairs Canada; $123.9 million over seven years for Old Age Security IT modernization; and a commitment to amend the Citizenship Act to enable the electronic administration of the citizenship program, automated and machine-assisted processing, and the collection and use of biometric information.

The budget provides an opportunity to further advance digital ID in Canada, and the DIACC remains committed to partnering with both government and industry to continue building a trusted digital ID ecosystem and educating Canadians to combat dis and misinformation regarding digital ID.

About Digital ID and Authentication Council of Canada (DIACC)

The Digital Identification and Authentication Council of Canada (DIACC) is a non-profit coalition of public and private sector organizations committed to developing research and tools to enable secure, robust, and scalable Canadian digital ID solutions and services. With privacy, security, and choice at the forefront of all DIACC initiatives, we aim to enable all Canadians to participate safely and confidently in the global digital economy.

For more information:

communications@diacc.ca

Foundational ID: Restoring the Chain of Trust for Identity

Over the course of 2021 and early 2022, the DIACC worked with a Special Interest Group (SIG) to explore how the integration of Foundational IDs into the digital identity ecosystem could improve identity resolution between silos, introduce new efficiencies in service delivery, and reduce fraud. Members of the SIG included representatives from provincial Vital Statistics agencies and digital identity initiatives, Immigration, Refugees and Citizenship Canada (IRCC), representatives from the Canadian financial and insurance sectors, as well as additional participants from the private and public sectors. The SIG members took part in 14 working sessions to explore work streams across various topics including birth records, impacts on service delivery and fraud, and roadmapping.

This report outlines observations, conclusions, and recommendations including a list of 12 proposed initiatives that may be considered as a method to address and resolve some of these challenging issues facing our community today.

Download the report here.

DIACC-Foundational-ID-POC-Final-Report_ENG

Agri-Food Product Identity Verification & Governance – DIACC Special Interest Group Insights

This report was created by the Identity Verification and Food Traceability DIACC Special Interest Group and was a collaborative effort between the University of Guelph, DIACC, and other subject matter experts. This report discusses what the identity verification related requirements for the creation and management of agri-food products (or items) unique identifiers to enable provenance tracking, ensure traceability, facilitate agri-food data integration, enhance governance, protect privacy and confidentiality, inform policies, and improve communications. 

Download the report here.

Agri-Food-Product-Identity-Verification-and-Governance-DIACC-Special-Interest-Group-Insights

Digital ID & Trust

By Julianne Trotman formerly Growth Marketing Lead at Vaultie with additional contributions by members of DIACC’s Outreach Expert Committee.

For those of us new to the Digital Identity scene, separating fact from fiction and deciphering the benefits from the vast array of information written on the topic is not an easy task. Over the past 24 months, the use cases for Digital Identity have become more prevalent and the news surrounding the myriad of solutions and their applications in the marketplace continues to be front and centre. It has left the Digital Identity novice trying to understand the technology and asking three questions:

  1. Why should they care about digital Identity?
  2. How will it benefit them?
  3. Whose responsibility is it to safeguard their personal data in a Digital Identity ecosystem and why they should care?

Having a Digital Identity is an important component for those wanting to interact in the digital economy. But what really is a Digital Identity and what is it used for? One way to think of a Digital Identity is as the equivalent of your identity in the physical world, such as having your physical driver’s license or health card digitized. It helps us to prove we are who we say we are, in an online context. Your identity can be used to replace physical identification such as a digital driver’s license, job credentials, or vaccine passport. Or it can also be used as a credential to access online services such as banking, apps on a mobile phone, or educational diplomas and certificates. Without trust in these relationships; between customers and organizations, citizens and government adoption and continued development of Digital Identity will be a challenge. Getting people to participate in the digital ecosystem is reliant on how much they trust that their information will be kept safe and not subject to unauthorized access by those in authority or with nefarious intent. For some, the trade-off between the ease of use and convenience of a Digital Identity, and the potential danger of having information compromised is not a great concern. They see the advancement of the technology that facilitates secure Digital Identity as progress and the trade-off as being a reasonable one. However, for many, the risk is not worth the adoption of a Digital Identity and their lack of confidence in the powers that be to keep their data, especially financial details, secure.

So, what’s missing? What is needed to instill trust into the equation? It seems as though almost every week there’s a story in the news about the latest organization that has been affected by a data breach. These breaches have been directed at private sector organizations, public institutions, and government targets. The hackers are indiscriminate about which institutions they attack, so the general public’s faith and trust in these institutions continue to be eroded every time another one of these attacks comes to light. The uncertainty that comes with not knowing whether data you have shared with an organization is secure or not, or what you can do to avoid this type of thing happening again in the future, is very unnerving. For people to have more faith in the current systems they need to understand how and why an organization is collecting their data and how it will be used, shared, and stored. This issue has been the source of much debate when it comes to trusting that some areas of government will not collect and use their citizen’s data for purposes that have not been fully disclosed. For example, with law enforcement, many people are hesitant to open pandora’s box of police-citizen data collection with a historical lack of transparency around its use and to what extent this data is collected in the name of public safety.

To deal with the issue of trust, governments and industries have looked to put what are known as trust frameworks in place, such as the Pan-Canadian Trust Framework (PCTF). These frameworks provide auditable criteria for different capabilities in an identity ecosystem, such as those for issuers of digital credentials, the people who use them, and the organizations who rely on identity assertions linked to the credentials. Trust frameworks vary in scope as some seek to verify the trustworthiness of information, technology, and processes of a solution, such as the PCTF, while others seek to facilitate a clear understanding between the people using Digital Identity products, the organizations providing and using the services, and the data being used. A trust framework is a tool to facilitate information verification and compliance that help promote trust and technical interoperability while allowing for information assurance verification and technical implementation compliance. Trust Frameworks enable digital systems and technologies to be able to communicate with each other or together measure each system’s trustworthiness. However, having these frameworks in place does not in and of itself help guarantee trust in the system. In order for this to happen there needs to be education around what the frameworks are given that trust frameworks define outcome-based requirements trust frameworks themselves may not guarantee interoperability between systems. For this to be secured solutions would need to build on the same technologies and standards with additional technical compliance verification required.

The journey to a more ubiquitous world of Digital Identity is one that still has many hurdles to overcome before it becomes a more pervasive reality. As many of these challenges are met and the acceptance of the ecosystem becomes more the norm than the exception, ensuring that we do not lose sight of the human side of the discussion is paramount. Trust is earned not given, and we, those involved in the Digital Identity industry must continue to work towards building an ecosystem that encompasses systems and technologies that help to instill trust into the process.

BC Government’s Verifiable Credential Issuer Kit Proof of Concept Report

The intent of this report is to communicate the project drivers, what the POC demonstrated, the experience and learning of the participants, and how governments might proceed to implement digital identity in their own programs. This report uses a narrative approach to summarize the results of this POC. This report provides strategic and operational insights regarding the results of this POC for other government entities that are interested in building a POC or production system using SSI. The report was written based on a set of interviews with people who were part of this initiative. The interviewees subjects included government staff, vendors who responded to the call to collaborate, and observers from within the identity management industry.

Download the paper.

DIACC_BC-Governments-Verifiable-Credential-Issuer-Kit_Proof-of-Concept-Report_ENG

2022 Pre-Budget Submission

DIACC’s Written Submission for the Pre-Budget Consultations in Advance of the 2022 Budget

Ahead of the 2022 federal budget, the House of Commons Standing Committee on Finance has asked Canadians to share their input. 
DIACC is pleased to have submitted a brief, calling on the Federal Government to implement the following recommendations: 

  1. That the government secure adoption of the Pan-Canadian Trust Framework by businesses and governments.
  2. That the government act on the Finance Committee’s 2021 Pre-Budget Consultation Recommendations 128, Implement a digital identity system that empowers Canadians to control their data that is held by the federal government, and 129, Create a national data strategy.
  3. That the government work with provincial and territorial partners and Immigration, Refugees and Citizenship Canada to ensure that all Canadians have access to an ISO-compliant government-issued digital ID credential with economy-wide utility by December 2022.
  4. That the government make digital identity-enabled services available to all Canadians by December 2022.
  5. That the government prioritizes funding and integration of digital ID as part of the Digital Technology Supercluster Initiative.

The Key to Unlocking an Inclusive Digital Economy: Investing in Digital ID

To re-start the economy and deliver inclusive services to all Canadians, governments must invest in unlocking digital. Digital ID empowers Canadians with the choice to safely share their existing credentials (eg: passports, driver’s licenses, health cards) for digital transactions.

Investing in digital ID offers economic benefits to citizens, businesses, and governments and also establishes digital tools to support societal trust, security, privacy, and fraud mitigation. This is a win for all.

Few budget items have the potential to impact every government initiative – digital ID is one such investment with broad impacts and encompassing benefits. Digital ID offers service improvements across all government services and priority areas. This initiative has the potential to empower individuals, increase government efficiency, strengthen companies, and unite communities across the country with secure access to resources, economic development, trust, and support. 

Canadians understand the potential. The pandemic has been an intense and polarizing experience, leading many Canadians to lose faith in institutions. The Edelman Trust Barometer reports that 46% believe that government leaders purposely misled them. At the same time, Canadians are relying more on technology, with the digital sector growing 3.5 percent in 2020, while the economy as a whole shrunk by 5 percent. With digital transformation happening across the country, Canadians are aware that online privacy is crucial. A recent poll from The Office of the Privacy Commissioner of Canada reports that 89 percent of Canadians are concerned about people using information about them online to steal their identity. 

How can the government build trust, enhance privacy, and demonstrate that citizens’ rights are top priority? The answer is clear: 9 in 10 Canadians are supportive of digital ID. Citizen-centric, standards-aligned Digital ID offers an ecosystem that reopens doors closed by the pandemic and unlocks entirely new paths to economic resiliency, cohesion, and social trust.

🔑 Recommendation 1: Implement adoption of the Pan-Canadian Trust Framework by businesses and governments to ensure Canadians are empowered post-pandemic and have clarity in building a secure, interoperable, and privacy-respecting digital ID.

The Pan-Canadian Trust Framework™ (PCTF) is a co-created framework that any jurisdiction — federal, provincial, or international — and industry sector can work with to ensure business, legal, and technical interoperability to realize the full benefits of a digital ecosystem. Rather than seeking a single solution, the PCTF promotes choice and offers a shared hub and language that distinct solutions can interoperate through. Developed by public and private sector experts over a decade, the PCTF provides organizations of all sizes, across sectors, industries, and locations with shared principles and guidelines for a digital ID ecosystem. Built based on recommendations from the federal government’s Task Force for the Payments System Review in 2011, this work has been identified by the public and private sectors as key for Canada’s economic resilience but remains underfunded. 

While provinces, territories, and countries around the world set up COVID credentialing and proof of vaccination systems, the need for these systems is urgent. The credentials issued must be designed with common principles and security to enable acceptance across various jurisdictional and sector-specific solutions for their unique context. The PCTF makes this possible, working as a flexible foundation to connect systems without dictating a single technological architecture. 
The PCTF includes adaptable recommendations that are currently being tested in-market, including standards for Notice and Consent, Authentication, Privacy, Verified Person, Verified Organization, Credentials (Relationship and Attributes), Infrastructure (Technology and Operations) and Assessment. A Model, Overview, and Glossary have been published for ease of use across industries and sectors. Developed with Canadians in mind, the PCTF is technology-agnostic, encouraging innovation while prioritizing privacy, safety and security, and supporting digital economic growth on a global scale.

🔑  Recommendation 2: Put citizens first and integrate cross-government priorities. Act on the Finance Committee’s 2021 Pre-Budget Consultation Recommendations 128, Implement a digital identity system that empowers Canadians to control their data that is held by the federal government, and 129, Create a national data strategy.

Empowering individuals to control their data, understand available services, and have more convenient and secure access to government services offers a direct path to rebuild trust. A recent Leger survey commissioned by Postmedia reports that the pandemic has eroded trust in the federal government, either a little or a lot, for 63% of Canadians. After a challenging year, it is critical that the budget puts citizens first. Digital ID is a proactive initiative that offers immediate and long-term benefits. It has the potential to restore confidence, act on Canadian values, and empower citizens.

Providing Canadians with the digital ID credentials necessary to access, manage, and share their own data ensures citizens have control over the important information they need to manage their health, business(es), and digital services. A national data strategy ensures all Canadians benefit from these advances. It also clarifies accountability for those who seek to use technology and personal information with malicious intent. A pan-Canadian strategy evens the playing field for businesses looking to operate digitally across provincial, territorial, and global borders. This approach also enhances Canadians’ ability to compete economically on a global scale, travel, and seek care with the virtual mobility afforded by a secure, verifiable digital ID. 

🔑 Recommendation 3: Ensure all Canadians benefit from digital connections, opportunity, and the right to be recognized with digital ID. Work with provincial and territorial partners and Immigration, Refugees and Citizenship Canada to ensure that all Canadians have access to an ISO-compliant government-issued digital ID credential with economy-wide utility by December 31, 2022.

Digital ID is the key, as the pandemic has built and opened new doors for Canadians navigating their safety, financial security, health and relationships. According to a study by Brookfield Institute, 9 percent of Canadian businesses made 60 percent or more of their total sales online, up from 6 percent in 2019 — but this digital success has been difficult for small to medium enterprises to adopt. As digital service adoption grows, citizen and employee expectations have also shifted to demand more reliable and secure digital alternatives. Digital ID can encourage sustainable, long-term adoption of digital platforms and help organizations of all sizes to benefit from these systems. It also presents a more flexible and streamlined strategy for pan-Canadian notification systems, service delivery, and community safety initiatives.

Provinces and territories are establishing their own digital ID initiatives. Alberta and British Columbia have launched digital IDs, with BC including a mobile card and a Verify by Video option. Significant investments have been made in Ontario and Québec, where proof of vaccination credentials have been launched. Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick are launching pilots, proof of concepts and digital ID components. 

This prioritization demonstrates demand for this enabling capability across the country — but unequal funding and approaches developed in departmental silos pose a risk. Without cohesive federal leadership, these systems will be disjointed and miss the opportunity to be truly interoperable, efficient, and useful for all Canadians. Unlocking these opportunities in a synchronized and equitable manner will ensure Canadians can all access economic opportunities, required public services, and the chance to manage their own personal information.

🔑  Recommendation 4: Collaborate for the highest and most equitable impact. Make digital identity-enabled services available to all Canadians by December 2022.

As the provincial and territorial governments take action to simplify and secure digital identities, private companies are also taking note of this massive market opportunity. Notably, Apple is teaming up with the TSA to be a trusted source of ID for Americans and Stripe is pursuing digital ID services partnering with other apps, including Discord, for user verification. Many more companies are entering the digital ID space in hopes of earning users’ trust and capturing market share. As the issuer of identity in Canada, the public sector is uniquely positioned to empower Canadians and enable the private sector — but the government needs to act now. 

While offering numerous economic and social benefits locally and globally, a Canadian digital ID builds citizen trust and mitigates risk. As the Canadian Centre for Cyber Security noted, “the number of cyber threat actors is increasing, and… Cybercrime will almost certainly continue to be the cyber threat most likely to affect Canadians.” This vulnerability means that Canadians urgently require an encompassing, policy- and leadership-driven approach to implementing and enforcing Privacy by Design principles. A McKinsey report confirms this, suggesting that, for national governments to address the heightened risks presented by cyber threats, “organizations can move from a ‘trust but verify’ mindset to a ‘verify first’ approach.” Pressures and requirements for proof of vaccination, contact tracing, and social distancing are also made possible, digitally secure, and more user-friendly through universal data minimization standards. 

Digital ID offers the key to unlocking secure digital services and pathways. With opportunities to boost job creation, economic growth, citizen wellbeing, COVID-19 planning, support, and mitigation, and reconciliation efforts, digital ID is a budget line that prioritizes and directly benefits all Canadians. Digital ID offers Canadians more personalized control over personal information and convenient access to services. It can increase mobility and connect intra-provincial and territorial systems. It offers an opportunity to strengthen innovation and establish a secure foundation for international collaboration.

🔑  Recommendation 5: Embed within existing ecosystems. Prioritize the funding and integration of digital ID as part of the Digital Technology Supercluster Initiative. Digital ID supports and intersects its areas of focus including health, sustainable natural resource applications, and digital training.

Strides are already being made by Canadians. Purpose-built solutions, like the COVID Alert App, demonstrate that Canada has the talent and innovation to adapt and develop market-leading solutions. Unfortunately, the $20 million price tag and reactive nature of these innovations could be improved. The app has also not been approved by data authorities in Alberta, British Columbia, Nunavut, and Yukon, making it an incomplete solution that doesn’t account for different provincial regulations. Due to the nature of the pandemic, a pan-Canadian solution isn’t a nice to have — it’s a must. Digital ID is a proactive investment that could provide similar benefits in contact tracing and offer lasting impacts on service delivery. 

Digital ID has the potential to add $4.5 billion of added value to SMEs and reinvestments in the economy. It also directly meets the needs and preferences of consumers, with Signicat reporting that 68 percent of consumers expect 100 percent digital onboarding in the wake of COVID-19 and 60 percent would value digital identities to access services internationally. Canada has an opportunity to lead, recover, and take a future-focused position by making an investment in digital ID. 

Prioritizing digital ID is putting Canadians today and in the future first, and reflects responsible investment that offers benefits across departments. Its utility and impact apply during and beyond health or environmental crises. Digital ID delivers an adaptable foundation to deliver new services, security, citizen engagement opportunities, and economic growth.

DIACC members work in partnership with the Government of Canada and all levels of government and welcome further conversations and collaboration.

All sources may be referenced within the PDF version, accessible here or below.

DIACC_Pre-Budget-Consultations_August_2021

Facial Biometrics: Liveness and Anti-Spoofing

Most of us understand how fingerprinting works, where we compare a captured fingerprint, from a crime scene for example, to a live person’s fingerprint to determine if they match. We can also use a fingerprint to ensure that the true owner, and only the true owner, can unlock a smartphone or laptop. But could a fake fingerprint be used to fool the fingerprint sensor in the phone? The simplest answer is yes unless we can determine if the fingerprint actually came from a living and physically present person, who might be trying to unlock the phone. 

In biometrics, there are two important measurements, Biometric Matching and Biometric Liveness. Biometric matching is a process of identifying or authenticating a person, by comparing their physiological attributes to information that had already been collected. For example, when that fingerprint matches a fingerprint on file, that’s matching. Liveness Detection is a computerized process to determine if the computer is interfacing with a live human and not an impostor like a photo, a deep-fake video, or a replica. For example, one measure to determine Liveness includes determining whether the presentation occurred in real-time. Without Liveness, biometric matching would be increasingly vulnerable to fraud attacks that are continuously growing in their ability to fool biometric matching systems with imitation and fake biometric attributes. Attacks such as “Presentation Attack”,  “spoof”, or “bypass” attempts  would endanger a user without proper liveness detection. It is important to have strong Presentation Attack Detection (PAD) as well the ability to detect injection attacks (where imagery bypasses the camera) as these are ways to spoof the user’s biometrics. Liveness determines if it’s a real person while matching determines if it’s the correct, real person.  

With today’s increasingly powerful computer systems, have come increasingly sophisticated hacking strategies, such as Presentation and Bypass attacks. There are many varieties of Presentation attacks, including high-resolution paper & digital photos, high-definition challenge/response videos, and paper masks. Commercially available lifelike dolls are available, human-worn resin, latex & silicone 3D masks, as well as custom-made ultra-realistic 3D masks and wax heads. These methods might seem right out of a bank heist movie, but they are used in the real world, successfully too. 

There are other ways to defeat a biometric system, called Bypass attacks. These include intercepting, editing, and replacing legitimate biometric data with synthetic data, not collected from the persons biometric verification check. Other Bypass attacks might include intercepting and replacing legitimate camera feed data with previously captured video frames or with what’s known as a “deep-fake puppet”, a realistic-looking computer animation of the user. This video is a simple but good example of biometric vulnerabilities, lacking any regard for Liveness.

The COVID19 Pandemic provides significant examples of Presentation and Bypass attacks and resulting frauds. Pandemic Stay-at-Home orders, along with  economic hardships, have increased citizen dependence on the electronic distribution of government pandemic stimulus and unemployment assistance funds, creating easy targets for fraudsters. Cybercriminals frequently utilize Presentation and Bypass attacks to defeat government website citizen enrolee and user authentication systems, to steal from governments across the globe which amounts in the hundreds of billions of losses of taxpayer money

Properly designed biometric liveness and matching could have mitigated much of the trouble Nevadans are experiencing. There are various forms of biometric liveness testing:

  • Active Liveness commands the user to successfully perform a movement or action like blinking, smiling, tilting the head, and track-following a bouncing image on the device screen. Importantly, instructions must be randomized and the camera/system must observe the user perform the required action. 
  • Passive Liveness relies on involuntary user cues like pupil dilation, reducing user friction and session abandonment. Passive liveness can be undisclosed, randomizing attack vector approaches. Alone, it can determine if captured image data is first-generation and not a replica presentation attack. Significantly higher Liveness and biometric match confidence can be gained if device camera data is captured securely with a verified camera feed, and the image data is verified to be captured in real-time by a device Software Development Kit (SDK). Under these circumstances both Liveness and Match confidence can be determined concurrently from the same data, mitigating vulnerabilities.  
  • Multimodal Liveness utilizes numerous Liveness modalities, like 2 dimensional face matching in combination with instructions to blink on command, to establish user choice and increase the number of devices supported. This often requires the user to “jump through hoops” of numerous Active Liveness tests and increases friction.  
  • Liveness and 3-dimensionality. A human must be 3D to be alive, while a mask-style artifact may be 3D without being alive. Thus, while 3D face depth measurements alone do not prove the subject is a live human, verifying 2-dimensionality proves the subject is not alive. Regardless of camera resolution or specialist hardware, 3-dimensionality provides substantially more usable and consistent data than 2D, dramatically increasing accuracy and highlights the importance of 3D depth detection as a component of stronger Liveness Detection.

Biometric Liveness is a critical component in any biometric authentication system. Properly designed systems require the use of liveness tests before moving on to biometric matching. After all, if it’s determined the subject is not alive, there’s little reason to perform biometric matching and further authentication procedures. A well-designed system that is easy to use allows only the right people access and denies anybody else.  

Care to learn more about Facial Biometrics? Be sure to read our previous releases Exploring Facial Biometrics. What is it? and Facial Biometrics – Voluntary vs Involuntary.

About the authors:

Jay Meier is a subject matter expert in biometrics & IAM, and an author, tech executive, and securities analyst. Jay currently serves as Senior Vice President of North American Operations at FaceTec, Inc. and is also President & CEO of Sage Capital Advisors, LLC., providing strategic and capital management advisory services to early-stage companies in biometrics and identity management. 

Meyer Mechanic is a recognized expert in KYC and digital identity. He is the Founder and CEO of Vaultie, which uses digital identities to create highly fraud-resistant digital signatures and trace the provenance of Legal and financial documents. He sits on DIACC’s Innovation Expert Committee and has been a voice of alignment in advancing the use of digital identity in Canada.

Additional contributions made by members of the DIACC’s Outreach Expert Committee including Joe Palmer, President of iProov Inc.

DIACC Membership Appoints 2021 Board of Directors

June 22, 2021 – The Digital Identification and Authentication Council of Canada, (DIACC) today announced the appointment of five (5) nominees to the five seats up for election at its Virtual Annual General Meeting held online on June 17, 2021. 

Newly elected to the Board: 

  • Iliana Oris Valiente, Managing Director at Accenture

Re-elected to the Board:

  • Colleen Boldon, Director, Digital Lab and Digital ID Programs, Public Services and Smart Government, Province of New Brunswick
  • Neil Butters, Head, Digital Identity Innovation & New Ventures, Interac Corp.
  • Robert Devries, Assistant Deputy Minister, Platforms, Government of Ontario
  • Louis Jacob, Vice President, Core Engineering and Transformation, Manulife

“On behalf of the DIACC, I am pleased to welcome Iliana to the Board. Her expertise in innovation and emerging technologies will bring great strategic value to the group,” congratulates President Joni Brennan, “The DIACC will make important progress in the year ahead, as Canada’s largest and most inclusive community of digital identity leaders.”

“I look forward to continuing working alongside our qualified and esteemed Board to drive forward digital ID as a national priority,” said Dave Nikolejsin, Board Chair. “Together we will work to champion, educate, and ensure the adoption of digital identity to empower people, businesses, health care centres, academic institutions, and civil society.”

DIACC Directors are elected industry leaders who set the organizational strategic directions and ensure good governance is practiced, ensuring policies and procedures are continually improved and align with the vision and representation of DIACC membership. 

The full listing of the DIACC Board of Directors: 

  • Dave Nikolejsin, Strategic Advisor, McCarthy Tetrault & Board Chair
  • Franklin Garrigues, Vice President Digital Channels, Mobile for Everyone, TD Bank & Board Vice-Chair
  • Andre Boysen, Chief Identity Officer, SecureKey & Board Treasurer
  • David Attard, SEVP, Head of Personal and Business Banking, CIBC
  • Colleen Boldon, Director, Digital Lab and Digital ID Programs, Public Services and Smart Government, Province of New Brunswick
  • Marc Brouillard, Chief Technology Officer, Government of Canada
  • Neil Butters, Head, Digital Identity Innovation & New Ventures, Interac Corp.
  • Patrice Dagenais, Vice President, Payment and Business Partnerships, Desjardins Cards Services (DCS)
  • Susie De Franco, General Manager, Digital Channel & Products, Canada Post
  • Robert Devries, Assistant Deputy Minister, Enterprise Digital Services Integration Division, Ministry of Government and Consumer Services, Government of Ontario
  • Louis Jacob, Vice President, Core Engineering and Transformation, Manulife
  • Hugh McKee, Head, BMO Partners
  • Iliana Oris Valiente, Managing Director, Accenture
  • CJ Ritchie, Associate Deputy Minister & Government Chief Information Officer, Province of BC
  • Eros Spadotto, Executive Vice-President, Technology Strategy, TELUS

2021 marked the end of the three year term of Allan Foster, Vice President of Global Partner Success, Forgerock on the Board. DIACC thanks him for his service and dedication, and looks forward to continuing to work with Forgerock as a DIACC member organization.

Following the trend of the past few years, the number of nominees far exceeded the number of Board seats available. DIACC thanks all highly qualified nominees for taking part in the process. This reflects the growing interest and investment by Canadian individuals, governments and businesses in making digital ID a national priority.

About the Digital ID and Authentication Council of Canada (DIACC)

The DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian digital identification and authentication framework to enable Canada’s full and secure participation in the global digital economy. The DIACC was created as a result of the federal government’s Task Force for the Payments System Review and members include representatives from both the federal and provincial levels of government as well as private sector leaders.

Covid has accelerated Canadians’ demand for digital ID

Digital ID and Authentication Council of Canada research finds that three-quarters of Canadians feel it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online

Access the full Canadian Digital Identity Research 2020 Report

Access the Multi-page Synopsis

Access the One-page Synopsis

Toronto, February 16, 2021 —   As more Canadians and businesses are moving online throughout the COVID-19 pandemic, three-quarters of the population feels it’s important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online. 

“From receiving emergency pandemic benefits to ensuring health records are correct and helping children and youth with online education, there are many ways in which a secure digital ID is essential to the functioning of daily life during a pandemic,” said Joni Brennan, President of the Digital ID and Authentication Council of Canada (DIACC). “The pandemic has put a spotlight on the need for governments to move with urgency to invest in the digital infrastructure needed to ensure that Canadians receive the services they need and that Canadian businesses can participate fully and securely in the global digital economy.”   

The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey. It also shows that collaboration between governments and the private sector continues to be considered the best approach to create a pan-Canadian digital ID framework. 

“As policymakers consider how best to invest to support Canada’s post-pandemic economic recovery, prioritizing the issuance of trusted digital ID credentials to all Canadians must be a priority,” stated Dave Nikolejsin, the DIACC’s Board Chair. 

As the federal government focuses on post-pandemic recovery, investing in digital ID makes economic sense, especially for small and medium-sized businesses. For SMEs, the impact of digital identity could be used to improve processes that are difficult today. This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 per cent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one per cent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy.

Digital ID critical to privacy in Canada

Survey respondents identified security, efficiency and privacy as the top three benefits of digital ID. Further, an overwhelming number of Canadians are looking for solutions that address both the public and private sectors. 

“As Innovation, Science and Industry Minister Francois-Philippe Champagne ushers through Bill C-11, the Digital Charter Implementation Act, to introduce private sector protections for consumer data, it’s imperative that public sector data also be considered in the legislation,” said Brennan.

A digital ID would help to keep Canadians’ data secure and pan-government services easier to access as we move through the pandemic to recovery. This means adopting the Pan-Canadian trust framework.

With new research and compelling data, it’s clear there is no better time for governments to invest in making digital ID a national public policy priority.

ABOUT DIACC
DIACC is a growing coalition of public and private sector organizations who are making a significant and sustained effort to ensure Canada’s full, secure, and beneficial participation in the global digital economy.  By solving challenges and leveraging opportunities, Canada has the chance to secure at least 3% of unrealized GDP or $100 billion of potential growth by 2030. Seizing this opportunity is a must in a digital society as we work through the COVID pandemic challenges. Learn more about the DIACC mandate
DIACC was created as a result of the Minister of Finance’s Electronic Payments Task Force that recommended that Canada needs a framework for digital identity and authentication that a self-governing body of experts must create.

ABOUT THE STUDY
Burak Jacobson Research Partners is a full-service market research consulting firm headquartered in Toronto, Ontario. Founded in 1981, Burak Jacobson has conducted over 4,000 research projects in 39 countries across various industries.

« Older Entries