DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
What has your career journey looked like?
My curiosity paved much of my career path. It certainly wasn’t a linear or traditional path. There were a number of leaps forward largely into uncertainty fuelled by emerging digital opportunities throughout my career. And, there were a few pauses as well to grow wee ones and fight with cancer along the way. A quest for learning and higher education throughout my career propelled me forward and continues to fuel my passion.
When you were 20 years old, what was your dream job and why?
When I was 20 I wanted to be an engineer. It was the creative and innovative aspects of the job to solve problems for people and improve their lives that interested me. I was keenly aware that it was male dominated profession at the time and this opportunity/challenge didn’t deter me – quite the opposite.
As a female leader, what has been the most significant barrier in your career?
There’s no doubt that at times, gender bias has come into play but equally it was the limitations or unconscious beliefs that we impose on ourselves as female leaders that created a few obstacles for me as well.
How do you balance work and life responsibilities?
Balance – what balance? More seriously, one of my mentees asked me how I do ‘it all’. For her, it appeared that everything was seamless as I managed the demands of my career, school, and a young child. I realized it appeared that way but in truth, I had help. I had a support system and sometimes things were a bit chaotic. I just didn’t expect perfect balance and thrived as things ebbed and flowed.
How can more women be encouraged to pursue careers in the digital ID/tech space?
There are three key areas to focus on STEM education targeted on girls, sustained promotion of digital ID and tech careers as being well suited for women and propagating images that negate gender/racial stereotypes. Women need to see digital and tech roles as a compelling option and more prominent female representation, particularly in leadership roles to illustrate the interesting career options and progression opportunities in tech. Finally, all genders of leaders have a role in empowering women, making space for and ensuring they have a voice.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
Strategies are often dependent on their situation but here are a few basics. First, helping them to identify any limiting beliefs that may be holding them back. Often times, it’s not the lack of opportunity but the lack of confidence that can hold women back, for example, the feeling that they need to know it all before taking the next step. Second, I reinforce that value of building your network, establishing a mentor, a coach and a sponsor to grow and support progression as well as being a mentor to other women. Lastly, I suggest they take a leap, be bold, own their voice, and not be afraid to make mistakes.
What will be the biggest challenge for the generation of women behind you?
Gender imbalance will continue to be a challenge and their opportunity is work together to see the sky undistorted by glass.
What advice would you give to young women entering the field?
Building the digital economy is an imperative to our economic and societal wellbeing, particularly for our economic recovery from the pandemic. The opportunity for young women is boundless and their participation and voices are needed at all levels to create a sustainable and equitable future for all.
Deborah Moore is the Director of Digital Transformation at Celero.
DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
How long have you worked in your sector, and in your current position?
I have been in the tech industry for over 25 years in a variety of companies providing every type of software solution from graphic signage design tools, to Operating Systems, to 3D instrumentation clusters for avionics, to remote identity and document verification. I joined WorldReach Software, in the role of Director of Marketing, 11 years ago. I’ve loved every minute of it!
WorldReach, for those who have never heard of us, uses innovative processes and technology to verify you are who you say you are. We enable highly trusted digital services through our systems for government (borders, immigration, passport and consular) for digital on-boarding, safe and seamless travel, and digital Identity verification and corroboration.
We are probably best known for the core digital channel solution behind the UK Home Office’s EU Settlement Scheme. This smartphone based digital ID Verification (IDV) and enrolment capability has become the world’s most successful immigration programme of its kind with over 5 million completed applications to date!
What has your career journey looked like? Have you always worked in the private sector?
My career path has been so varied my general joke is “You can’t get here from there”. My educational background is in Fine Art. In fact, I have a painting in the Parliament Buildings. The short answer (which is not actually that short) is Fine Art led to Freelance Illustration, which led to Graphic Design, which led to Marketing Management in a software company. This opened me up to a much more technical path – first to Strategic Alliance Management for the Embedded OS market, then to Industry Segment Management, then to Product Management, then finally back to what I would term “Technical Marketing”.
I have always worked in the private sector, however for more than the last decade, I have been working exclusively in B2G. This has meant that one of my primary goals today is to understand all the challenges, wants, needs and technical requirements of the public sector. WorldReach clients are Governments from all over the world: Ministries of Foreign Affairs, Immigration and Border Agencies, but also any department with a citizen service role. Therefore, I spend the majority of my time researching Government digital service delivery program requirements worldwide.
When you were twenty years old, what was your dream job, and why?
Given my artistic DNA, it likely will not be that surprising to hear that my dream job would have been to be a conservator in a prominent museum – someone who spends all their days cleaning, repairing, protecting and conserving incredible works of art. That would have been the perfect combination of my love of art, art history and my annoyingly anal-retentive detail-oriented skillset. Either that or I would have loved life as a professional soccer player! Even in my early twenties, I did not envision a long career in technology.
As a female leader, what has been the most significant barrier in your career?
Externally – being taken seriously. As a woman in the male-dominated tech field over the last quarter of a century, one often hears this. For me personally, also being an openly gay woman adds an additional nuance to climbing the corporate ladder. I have unfortunately experienced homophobia from co-workers and management a few times in a few companies in the past, but I am happy to report that that appears to be in the rear view mirror for me. Still, it is a reminder of why we all need legal protections against discrimination in the work place and employment strategies focussed on diversity and inclusion.
Internally – overcoming the nagging doubt that you do not “belong in the room where it happens”. No matter how much experience you have in a certain industry, women tend towards the infamous “imposter syndrome”. Once you push that aside – and maybe that just comes with growing older and wiser – it really does become far less of a barrier. Belief in oneself goes along way to harnessing your own potential.
How do you balance work and life responsibilities?
Early in my career, I had to step away and become the main support for my incredibly ill child. As a mother, of course, that’s would you do, and what you want to do – there was no question. However, it also helps put things into perspective. There are always things in ones’ life that are more important than work. My son is now 33 years old and cancer-free, thankfully.
In the fast moving, highly competitive tech world, one’s work life can easily take over every waking hour – especially now, during COVID, when many of us are working from home. The boundaries can get very fuzzy. Nevertheless, it is still incredibly important to ensure you understand the crucial role of self-care. If you are exhausted, if you work around the clock, every aspect of your life will suffer – and that includes work.
I personally need physical activity. A long walk with my wife, friends and loved ones, working out in my basement gym, playing with my dogs – it all helps this balance ‘dance’.
How can more women be encouraged to pursue careers in the tech space?
Women can do anything, but sometimes we need permission to dream big. I think the media can play a big role in this as well. Girls and women need to see people just like themselves succeeding. They need to hear the ups and downs of real-world tech careers. They need to think, “If she can do it, maybe I can too!” Let’s just celebrate all the incredible women in tech much more often!
I also think more needs to be done in our educational system. More female guest speakers to come into classes (virtually or physically) and share their journeys, especially in STEM. Perhaps more mentor initiatives. I know I would have loved to participate in anything that showcased successful women particularly in traditionally male-dominated jobs. To show how fascinating and rewarding delving into technology can really be. To imagine yourself having an effect on the systems that are being built now and in the future. To take pride in creating, in innovating. It took me far too long to discover this on my own.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
Do not be afraid to take up space. Do your homework and use your voice confidently. Be respectful and open, but do not apologize for everything.
A very good friend of mine gave me some great advice when I was in middle Management struggling to climb. She reminded me “perception is reality”. In the corporate world, you can be a wonderful capable worker, quite talented, but if the people in charge do not see it or know it, you will remain in the very same place but just with an ever-increasing workload. So – Volunteer for projects that will “stretch you”, that will require you to grow and learn, that will be seen. Be helpful and kind to all your colleagues, contacts and teammates. Go out of your way to lessen their workload, to be a person of value. Soon, it will be others that will be singing your praises – you will not have to!
If Senior Management do not value you in title, responsibilities and compensation, do not be afraid to leave and find it elsewhere. Have confidence in your own value.
What will be the biggest challenge for the generation of women behind you?
As the next generation of women begin to earn their way into more and more powerful positions, it will be easy to forget how hard the fight has historically been for the generation before them. Look back and learn. Look to the other successful women in the industry. You don’t have to reinvent the wheel.
One of the biggest challenges these women will face is to recognize when their own drive and competitiveness becomes destructive. You cannot sustain being a “superwoman”. We are all human…and this where work/live balance is so important.
What advice would you give to young women entering the field?
Use your own natural talents to the best of your abilities; apply it to your passion and cultivated it. Whether that is being detail-oriented, analytical, a problem solver, purely creative, a team player or combinations of all of them. Know there is value in it all.
There is a misconception that there is only one type of person in STEM. An engineer, a scientist, a developer, a mathematician – only a linear thinker. Women often bring a different perspective, a different way of thinking and solving problems. A creativity. This variation, this diversity of thought is a necessity to produce the best most inclusive results – and the most interesting people!
DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
How long have you worked in your sector, and in your current position?
I’ve been the CEO of Outlier since founding the company in 2013.
What has your career journey looked like? Have you always worked in the private sector?
I’ve worked as an employee for very large companies, including banks, investment firms and insurers as well as for consulting firms, but always in the private sector. It’s a running joke on our team that I might “retire” into a public policy or academic role one day.
When you were twenty years old, what was your dream job, and why?
When I was 20 years old my dream job was probably to be a world-famous DJ…little did I know that I was about to fall into a compliance role and fall in love with unravelling the puzzle that is Canadian regulation!
As a female leader, what has been the most significant barrier in your career?
I think that it took me a long time to truly be authentic in my work roles because authenticity means vulnerability. On my last day as a banker, one of my colleagues and I shared a cab to the airport and he told me that although I was very smart and well-liked, I was always holding myself back and this lack of authenticity would hurt me in the long run. I don’t think that I really understood what he meant until I founded Outlier. At that point, I had the freedom to create the type of environment that I wanted to work in, and to keep building on that vision. It’s something that I’m always working on.
How do you balance work and life responsibilities?
Anything that I would say here would be disingenuous. I don’t really have a “balance” in the traditional sense, and I’m ok with that. Don’t get me wrong, I cook and workout and do self-care things, but I’ve given up on the idea that there needs to be some sort of clean lines between my work and home lives. My colleagues are some of my best friends. It helps that I love what I do and get really excited about the intellectual challenges. If I didn’t have friends in the industry, who would I have philosophical conversations about ideal policy outcomes with?
How can more women be encouraged to pursue careers in the tech space?
I think it starts early. I’ve bought a few Cubettos (tactile coding toys) for bright young girls in my life. I try to take the time to talk to women, especially those starting out in their careers and to be honest about my experiences. I want my nieces (and my nephews) to choose a career that they’re passionate about. Gender shouldn’t be a barrier to that.
I’m also trying to practice radical honesty with my male colleagues because it helps to build awareness. For instance, a male CEO that unreservedly admire told me that he took a nap on a bench in a quiet spot in a Toronto park between meetings, and I told him how envious I felt that he could do that without really worrying about safety. It led to a really great discussion about some of the hidden differences that exist for men and women in business travel.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
One of the funny things that I’ve noticed running a compliance and tech meetup is that 100% of the people that reach out to me to ask to speak are white men. It’s not that the foremost experts in these fields are all white men. It’s not that the best or most knowledgeable speakers are all white men. It’s that white men have been trained to be very comfortable approaching someone that they’ve never met and asking for stage time. I try to make sure that I’m reaching outside of my usual network and beyond those that are volunteering. I try to keep track of people that I’ve spoken to that have really interesting insights that I want to see on stage, on committees, and in leadership roles. I try not to shy away from the conversations about what we can do better – because we can always do better.
The other thing that I’ve become very cognizant of after working with someone that abused alcohol, power, and people is my responsibility as a leader to ensure the safety of those around me. We’re in a new era where creeps that try to take advantage of their position are starting to be held to account, but there is still a lot of bad behavior going unchecked. When a known offender is at an event, I will warn organizers and suggest measures to ensure the safety of participants. This is uncomfortable but better than the alternative.
What will be the biggest challenge for the generation of women behind you?
I think that the challenge is always the same – building the best possible world with the tools at our disposal. Someone once told my mom that she would never have a VP title (despite actually doing the VP job for 6 months) because she was a woman. He said it to her face, and there was no recourse. By the time I was the same age, it would be career suicide for someone to say that to my face. By the time my nieces are my age, I’d love for us to be so evolved that no one would even think it.
What advice would you give to young women entering the field?
Sometimes being the only person like you in the room is power. When there are 8 men talking in the same way, I can embrace the fact that my voice is different and able to cut through the din…and when this is the case, it’s also likely that everyone “like you” is going to be judged based on what you say. It’s a lot of responsibility in a sense, and a lot of work but the results are worth the effort. You’ve got this.
DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.
If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!
What has your career journey looked like?
I’m a very full scope kind of person. I’m personally never satisfied or feel fulfilled by half measures, so everything that I do – no matter how big or small – gets my full, absolute attention. This thread runs through my entire career journey; I’ve done every job from being a marketing coordinator and graphic designer, to a visual stylist and an event planner all around the globe to where I am now. Regardless of the position, I’ve always been determined to pour my most creative and committed self into it. Flexibility and the willingness to appreciate the nuances of every position help you best understand the whole, while also giving you the perspective to appreciate and take advantage of the opportunities available to you (and the ones you need to fight for).
When you were 20 years old, what was your dream job and why?
I interned at FLARE Magazine and was determined to work in a creative position. I loved that internship because it allowed me start my career in a hugely creative space where I learned to bring passion to everything that I did. I was fortunate to start in an industry that required me to take a close and exacting look at everything that crossed my desk because the final product would be so visible to a huge audience. I continue to pour as much passion into my job as I did on day one and understanding how great things come to fruition from behind-the-scenes has defined my career.
As a female leader, what has been the most significant barrier in your career?
I am fortunate to have extremely supportive and nurturing parents who instilled that girls can do anything each and every single day of my life – even now. I would say the biggest challenge in my career, as any working mother will tell you, is how to balance work and life responsibilities. Being able to work and show my two boys that women are leaders is an immense privilege, but it is one that takes dedication, planning, and sacrifice.
How do you balance work and life responsibilities?
Being a working mother is a challenge and privilege at the same time. The pandemic has similarly been two-sided: if you’re in a position where you can work remotely from home, you’re able to spend more time with family and children. However, because technology and the demands of work is always right at your fingertips, it’s easy for priorities to be more actively occupied by work. I’ve made a conscious effort to put down the tech and enjoying moments to their fullest. The laundry and work emails can wait until later – they say you only have 18 holiday seasons with your children, and ensuring I’m present during all 18 is my number one priority. Rachel Macy Stafford, who wrote a great book called Hands Free Mama, said, “Being responsible for someone’s childhood is a big deal. We not only create our own memories, but we create our child’s memories.”. This has been a guiding principle as I balance work and life.
How can more women be encouraged to pursue careers in the digital ID/tech space?
Get involved! There are so many wonderful associations, networking, and advocacy groups that provide fantastic opportunities for women to build meaningful communities in digital ID and tech that will serve them for their entire careers. Participating in these kinds of communities, such as DIACC, Women in ID, and Hyperledger, really reveals how many opportunities there are beyond what we traditionally think. Digital ID and tech permeate every sector and actively engaging in these kinds of opportunities can help open doors you never knew existed.
What are some strategies you have learned to help women achieve a more prominent role in their organizations?
Networking and seeking mentors are crucial and have been invaluable strategies for me throughout my career. The more you network, the more meaningful relationships you build, and the better you can learn to advocate through and become a mentor from whom others can benefit. I also strongly recommend finding a career coach to nurture a learner mindset and provide you with resources to further your goals with the added benefit of a third-party perspective.
Key throughout all of these strategies is taking the time to listen instead of merely speaking. I’ve been extremely fortunate to work with a group of women at SecureKey who actively listen, consistently learn from and advocate for each other. By building communities of strong females, we can all help to advance the role of women across every organization.
What will be the biggest challenge for the generation of women behind you?
I have been blessed to have followed a generation of trailblazing career women and am privileged to follow them and continue their work. I think a big challenge for women in the generation behind me will be to look inward versus outward. The entire world is at your fingertips and every opportunity is yours to take. What the challenge can be in a world of plenty is how to narrow your field of vision to suit your needs. Identify what it is you want to do and push yourself to the next level to get there.
What advice would you give to young women entering the field?
Whenever I’m asked this question, I always give four pieces of advice:
Always be kind to those around you. People will remember your kindness, your willingness to help, and your ability to go the extra mile every day.
Find networks that support and advocate for you. If you can’t find one, then make one yourself!
Always ensure you practice self-awareness – understand what drives you every day and how that you help others.
Finally, always say “yes” to any opportunity that comes your way. The more you answer “yes”, the more you can learn.
Sarah Kirk-Douglas is the Vice-President of Global Marketing & Communications at SecureKey Technologies Inc.
While the Authentication component may have been mostly developed before Decentralized Identity approaches emerged, this document demonstrates that Authentication is applicable in the context of Decentralized Identity systems and encourages service providers not to lose sight of good security practice even in the face of new approaches.
Contributions made by members of the DIACC’s Outreach Expert Committee
Across the country, governments are grappling with digital transformation, in an effort to offer services to citizens and businesses with greater flexibility and ease of access. With COVID-19, these efforts are all the more pressing to enable service at a distance and recognize that many people have settled into a new, more remote way of operating.
Moving governments online is not a new focus. Governments have been tackling this transformation for well over 10 years. As technology has advanced and people have grown comfortable transacting digitally, government efforts have also increased to put more information and services online. Yet, the more complex services, (i.e., ones that deal with sensitive data, require multi-ministry involvement, or involve large payouts by way of grants or loans), still generally remain offline, largely due to one key problem: proving that the person behind the computer is who they say they are. The answer to this problem is digital ID.
Digital ID is the ability to identify someone electronically and confirm that they are the right person for a specific activity. When coupled with program information, a Digital ID can help confirm that the person has permission or authorization to carry out a transaction or activity. When delivered well, it offers citizens and businesses improved data security, increased flexibility to access government services when and how they want, and ultimately is a key foundation for accelerating our digital economy. Just think of all the times in banking, education, health and even buying alcohol where you’re required to produce a physical ID.
In a digital ID world, improved privacy and security can complement convenience, rather than inhibit it. The old ways ask us to show up in person for a signature or to show ID, or to fill out a form with all sorts of personal information that is then collected and stored where it’s left susceptible to hacks, and frankly, simply becoming out of date. Digital IDs allow us to confirm information without storing it. Governments can ask you for personal information – an address, birth date, or even your photo – and compare it against sources of truth like vital stats or the driver’s license database. But then, critically, that information is discarded. No additional storage and you’ve proven it’s you without leaving your own home.
The promise has been significant, but until recently it has been inhibited by immature technology, a lack of standards to build trust and safeguard Canadians, and with few exceptions, a lack of public-sector investment to dig in and get digital IDs delivered across the country. Fortunately, in the last few years, that’s all started to change. Both Alberta and British Columbia have launched digital IDs, with BC including a mobile card and a Verify by Video option. Provinces like Quebec have made significant investments, and other jurisdictions like Ontario, Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick are nudging into the space with pilots, proofs of concepts and digital ID components offered through their single-sign on. Enabling the broader digital economy is also on the horizon. Digital documents, such as government-issued licences, permits, and education credentials, are envisioned to support digital trade and commerce and to enable individuals and organizations to participate in the digital economy and society.
In short, federal, provincial, territorial and municipal collaboration is coalescing like never before, with strong leadership and a sense of purpose. Digital ID solution providers are emerging in Canada’s tech sector, thanks in part to creative challenges, pilot projects and investment from the public sector. The Pan-Canadian Trust Framework, and its public sector counterpart, the Public Sector Profile, have emerged to provide the blueprints for digital ID in Canada and are being accelerated with the increasing realization that social distancing is here to stay, for a while.
Once we have the confidence that the person on the internet is truly who they say they are, that they are a legitimate, verified person, it opens up a whole new world of possibilities. We can start to attach proofs to digital IDs, like proof of vaccination or essential worker status. We can use digital IDs to prove online that we’re the correct person to write an exam, sign a mortgage or contract, or stamp blueprints.
We can use digital IDs to speed up lines at the airports, borders and other secure access points with trusted, reliable ‘scan and go’ systems, and we can use digital ID to help maintain that all-important social distancing, protecting the safety of workers and citizens by not having to hand over your physical ID card and instead presenting your phone to be scanned. Digital ID offers Canadians improved data security, enhanced access and increased flexibility when dealing with governments, and ultimately will support ushering in an enhanced digital economy.
Governments across the country are working harder than ever to make digital ID a reality. The necessary investment, focus, and accelerators that allow governments to move with trust and confidence are finally starting to come together. With COVID-19 still very much present, now more than ever is the time to make the shift. Look to the DIACC to learn more about digital ID and primary accelerators like the Pan-Canadian Trust Framework and the ever-growing vendor community working to verify identity online.
Digital ID and Authentication Council of Canada research finds that three-quarters of Canadians feel it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online
Toronto, February 16, 2021 — As more Canadians and businesses are moving online throughout the COVID-19 pandemic, three-quarters of the population feels it’s important to have a secure, trusted and privacy-enhancing digital ID to safely and securely make transactions online.
“From receiving emergency pandemic benefits to ensuring health records are correct and helping children and youth with online education, there are many ways in which a secure digital ID is essential to the functioning of daily life during a pandemic,” said Joni Brennan, President of the Digital ID and Authentication Council of Canada (DIACC). “The pandemic has put a spotlight on the need for governments to move with urgency to invest in the digital infrastructure needed to ensure that Canadians receive the services they need and that Canadian businesses can participate fully and securely in the global digital economy.”
The majority of Canadians believe it is important for federal and provincial governments to move quickly on enabling digital ID in a safe and secure manner, according to the survey. It also shows that collaboration between governments and the private sector continues to be considered the best approach to create a pan-Canadian digital ID framework.
“As policymakers consider how best to invest to support Canada’s post-pandemic economic recovery, prioritizing the issuance of trusted digital ID credentials to all Canadians must be a priority,” stated Dave Nikolejsin, the DIACC’s Board Chair.
As the federal government focuses on post-pandemic recovery, investing in digital ID makes economic sense, especially for small and medium-sized businesses. For SMEs, the impact of digital identity could be used to improve processes that are difficult today. This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 per cent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one per cent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy.
Digital ID critical to privacy in Canada
Survey respondents identified security, efficiency and privacy as the top three benefits of digital ID. Further, an overwhelming number of Canadians are looking for solutions that address both the public and private sectors.
“As Innovation, Science and Industry Minister Francois-Philippe Champagne ushers through Bill C-11, the Digital Charter Implementation Act, to introduce private sector protections for consumer data, it’s imperative that public sector data also be considered in the legislation,” said Brennan.
A digital ID would help to keep Canadians’ data secure and pan-government services easier to access as we move through the pandemic to recovery. This means adopting the Pan-Canadian trust framework.
With new research and compelling data, it’s clear there is no better time for governments to invest in making digital ID a national public policy priority.
ABOUT DIACC DIACC is a growing coalition of public and private sector organizations who are making a significant and sustained effort to ensure Canada’s full, secure, and beneficial participation in the global digital economy. By solving challenges and leveraging opportunities, Canada has the chance to secure at least 3% of unrealized GDP or $100 billion of potential growth by 2030. Seizing this opportunity is a must in a digital society as we work through the COVID pandemic challenges. Learn more about the DIACC mandate. DIACC was created as a result of the Minister of Finance’s Electronic Payments Task Force that recommended that Canada needs a framework for digital identity and authentication that a self-governing body of experts must create.
ABOUT THE STUDY Burak Jacobson Research Partners is a full-service market research consulting firm headquartered in Toronto, Ontario. Founded in 1981, Burak Jacobson has conducted over 4,000 research projects in 39 countries across various industries.
Co-written by Kaliya Young, IdentityWoman & Joni Brennan, DIACC President
Around the world, people are suffering due to the disruption caused by the COVID-19 pandemic. Some of this suffering is due to the need to move education and work to take place fully online. Many workplaces have moved their workforce to be remote. However, not all workplaces are able to function remotely. (Examples goods and essential services, pharmacy, travel etc…) Workplaces that are not able to operate remotely have shut down or limited hours and capacity severely. This puts a massive strain on economies.
In the past we have talked about Digital Identity as a convenience to make it easier for people to transact with cybersecurity and privacy protection. Now, when we talk about security, the conversation is urgent and focused on life security. People are asking, “Will I be able to continue to work? Will I be able to put food on the table?”
Governments and businesses are urgently looking for tools to safely reopen and restart economies.
About CLEAR
In the U.S., large cities are considering proposals that delegate the management of phygital (physical-digital) identity to CLEAR, a U.S. based company, so that cities can “safely reopen” their local economies by requiring people who want to navigate the city to have a CLEAR ID and link it to their health record/COVID status.
CLEAR offers a service that replaces a physical ID check with a biometric scan of a person’s eyes and fingertips. In some locations, this service allows passengers to move through airport security faster.
CLEAR is like “login-with Facebook” or “login-with Google” where people are required to get into websites to have a relationship with these private identity providers where CLEAR’s service straddles both the physical and digital worlds.
Just as Facebook or Google login tracks and surveils you and your behaviours, the CLEAR approach could essentially track and surveil people in the physical world. This approach also has the potential to delegate authority to manage access to public spaces by a single private sector entity. Without an agreed on and adopted framework, this type of approach could have the effect of restricting freedom of movement to be managed by a single private sector entity.
Why Trust Frameworks Matter
As businesses and governments are looking for tools to safely reopen and restart economies. Tools for reopening are an important part of the challenge. Tool development and tool selection in these scenarios must be guided by “rules of the road” that put people and socioeconomic security at the centre of the design.
Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests.
The Pan-Canadian Trust Framework represents a set of operational rules that have been developed by public and private sector leaders to enable a diversity of public and private sector organizations to provide services and solutions that could help to restart the economy.
By having a Pan-Canadian Trust Framework, the playing field could be leveled to enable a diversity of entities to play a role in safely reopening economies with privacy and personal data protections built in by design.
The Pan-Canadian Trust Framework has been built with privacy and consent to personal information disclosure embedded into all aspects of the design. The Pan-Canadian Trust Framework has been designed to measure the implementation of assurance, security and privacy practices in networks and solutions that are built on various (and often different) technologies.
For more information about how your organization can adopt or help to shape the Pan-Canadian Trust Framework please visit diacc.ca or contact us at info@diacc.ca.
Recent advances in the state of the art of digital identity systems are putting the user back in control of their information and their privacy. An important building block of this advancement is the digital wallet for users. This document proposes what a trusted digital wallet should aim to do. Without it, software developers are left to guess, the marketplace offering will be fragmented, and ultimately will result in delaying the adoption of user-centric digital identity solution.
Levels of Assurance (LOA) play a foundational role in the world of standards, digital identity, and digital transactions. Put simply, LOA is the degree of confidence in the validity of a claim, process, or authentication. In the sphere of digital identity, it is a necessary model to verify that the person or entity claiming an identity is the entity to which that identity was assigned.
Most Canadians don’t think too deeply about LOAs, and yet most Canadians interact with these models, unknowingly, at some point in their lives. For example, Canadian experience LOAs when opening a bank account, demonstrating qualifications for a government service or benefit, making an insurance claim, or wiring money to a client or family member.
Organizations that use LOAs to inform their policies and processes often have dedicated strategies and teams, working out contingencies and approaches to maximize security in Canada and internationally. These teams often face challenges interacting with other service providers, meeting different standards across jurisdictions, and minimizing friction for clients accessing their services.
How the Current LOA Model Works
Imagine two people, Samir and Aiya, are trying to apply for a small business loan. Both women have very strong credentials, a passport, driver’s license and the requisite business records. Samir and her credentials are linked through a knowledge-based authentication (KBA), and are accepted after answering a security question she previously populated about her father’s middle name. Aiko and her credential are linked with an in-person ceremony, as she went to her local bank branch with two pieces of identification and her business records to complete the loan application. Aiya’s scenario offers a stronger LOA and Samir’s a weaker LOA. Despite these differences, Canada’s federal LOAs currently dictate that Samir and Aiya both have the same assurance.
In Canada and many places around the world, it is common for LOA structures to combine a number of factors into a single score. The result is an obscured view of the risk factors and authentication. This lack of granularity into the LOAs of specific capabilities is a challenge present in the construct of LOA models around the world. The deciding factor regarding acceptance of an identity comes down to Relying Parties (parties who rely on the validity of identities) who determine their own risk profiles.
In this case, the relying party is the bank. The banker helping Samir and Aiya also benefits from a stronger LOA as they sign off on the business loan. In addition to building a stronger relationship with the client, they are able to manage their portfolio with confidence.
There is widespread agreement the current LOA model in Canada is inadequate. While LOAs serve a purpose, they are not transparent and dynamic enough to address the myriad digital solutions and scenarios of today. Internationally, single LOA schemes are no longer state of the art and today’s requirements necessitate separate evaluation for specific capabilities. In the DIACC community, there is consensus that there must be separate schemes for credentials and identity, at a minimum, in order to be useful in the widest possible range of scenarios and contexts. An improved assurance model should be capable of asserting identity and credentials at different levels.
Envisioning a New Risk-based Model for Assurance
A risk-based model offers a more enduring, user- and industry-friendly path forward that enables existing LOA schemes to participate while building for a more dynamic and scalable digital ecosystem. The notion of leveraging a risk-based model is highly applicable as the application of LOAs today are best determined by performing a threat or risk analysis. The risk-based model must address the likelihood and impact of something happening, and the appropriate mitigation approach.
LOA is essential in determining liability and risk; offering a clear understanding how a Subject (customer or citizen) and a Relying Party (company or government service) can validate that they are who they say they are. It is a central component in being able to determine whether a transaction should proceed.
The risk-based starts by assessing risk first and then the approach drives more value for organizations, as they confront the baseline of their current systems and assess risk realistically. It also helps adopters improve their systems through motivation to reduce or remove risks through various types of mitigation.
DIACC is on a mission to rapidly deliver a modern, risk-based LOA model that is…
Risk-based
Directive and illustrative
Non-prescriptive in execution
Evergreen
Deterministic in implementation and assessment
Congruent with existing state of the art and best practices
Inclusive in support of both the private and public sector
Supportive of evolving needs on credentials and bindings
The impact of this evolution is far-reaching, and will ensure that the Pan-Canadian Trust FrameworkTM is strong and resilient over time. This evolution takes a framework-wide approach to address interdependencies, independencies, and support communication across platforms. This new approach ensures scalability over time as technologies and their uses evolve.
DIACC has engaged a small, representative team to rapidly deliver a new model to support the PCTF, which launched September 15, 2020. The model will benefit from the DIACC’s well-documented peer and public review process. Members can contact info@diacc.ca to contribute. Non-members can get in touch to learn more.
