national identity strategy presentation may 10, 2016

Proposed National Citizen Digital Identity StrategyHuntington Ventures LtdMay 2016

The Business of Identity ManagementCopyright © 2016 Huntington Ventures Ltd. All rights Reserved

Improving Your Economy• You want to increase GDP per capita, reduce unemployment and be an

African leader in creating an innovative economy• The attached proposal uses a similarly sized country, Estonia, that has

done this in Europe:– - In 1987 Estonia’s GDP per capita was about $2,000

• In 2015:– - GDP per capita is $26,355.4 as compared to your country’s?– - Unemployment is 6.984% as compared to your country’s?– - Ranks #15 for ease of doing business as compared to your country’s?– - Ranks #9 in the Index of Economic Freedom as compared to your

country’s?• How did they do this?

They Leveraged the Internet• Over 2,000 e-services ranging from e-prescriptions, e-tax, i-voting, e-

health care, e-school to seamless interactions with local banks and telephone companies

They Leveraged the Internet

• More than 245 million digital signatures have been made, with more than 1 million active identity cards and more than 384 million electronic authentications

Their Current Plans…

• Over the next decade, they see the population virtually growing from 1.3 million to 10 million by creating “e-residents” • Their strategy is to enable people outside of

Estonia to make investments in Estonia, create new businesses there and use the bridge as a way to commerce in the European Union

They Did This By Creating:

• High level framework• Principles• Legal framework• X-Road• e-Identity (e-ID)• Senior government leadership• E-Residency

High Level Framework

• At the heart of the Estonian model is a very simple concept: one citizen-one identity

• When the Estonians were designing their systems in the late 1990’s and early 2000’s they adopted the same principle that large Fortune 500 companies were using – a common unique identifier for every customer, employee and contractor

• This allowed them to streamline their online and in-person services

• It also allowed citizen identity lifecycle “triggers” to then be instantly sent to various government systems e.g. name change, address changes and death

One Citizen – One Identity

Single Citizen Identity

Access Management

Government Portal

Citizen

Ministry Apps/Services



MunicipalitiesApps/Services

3rd Party Apps/Services

Accesses via their phone or the internet

Crown Corp.Apps/Services

Identity - Foundation of e-Governance

Birth

Name Change

Gender Change

Death

Address Change

Tel. Number Change

Parent/Guardian Change

Marriage

Divorce

Authoritative Source









Business Processes

Business Processes

Business Processes

Business Processes

Business Processes

Business Processes

Business Processes

Business Processes

Business Processes

Citizen Tombstone

Identity Directory

National Citizen Identity Lifecycle

• One identity per citizen• Any changes to the identity are then shared

with other apps/services consuming them– One place for a citizen to change things like

addresses and phone numbers– Citizens don’t have to fill in the same information

over and over in forms for different apps/services• Same identity used for access management






Citizen Identity

Management System

Identity Changes Automatically Sent


Citizen


Government Portal







Citizen Identity Access Management System

All Apps/Services Leverage the Same Access Management System

• A small percentage of your citizens have internet accesss

• HOWEVER there is a high cell phone penetration rate• The proposal seeks to leverage the cell phone and

provide a seamless citizen user experience when they gain access to a smart phone

• The proposal leverages voice authentication• Where more sensitive apps or services are accessed,

a 4 digit pin will also have to be entered

Leverage What Citizens Have Today…

• Like payments– Your citizens have to pay for things like

car/motorcycle registration, license renewals, taxes, paying fines, paying for water and power bills, etc.

– If citizens could use their cell using things like e-wallets to pay for these and not have to go into a government office…THEY WOULD LIKELY BE VERY INTERESTED

Re-Engineer Government Services

Banks

Telcos

Paying Bills Using Their Cell or Internet

• Register infants, obtain a biometric footprint and give them an electronic identity which is tied to their parents/guardians identities in the central citizen national directory

• When the child’s first day of school, obtain digital fingerprints, voice scan and face scan (Iris TBD)

• Each subsequent first day of school year, update face and voice scan

• If there is a change to the parent/guardian of a child, this will be fed automatically from the authoritative source to the central citizen identity directory

Citizen Identity Lifecycle– It Starts With Birth

• All authoritative sources for birth, name change, parent/guardian status, marriage, divorce, gender change and death are tied to the national citizen identity system via API’s which in turn feed the national citizen identity directory

• When a adult applies for things like an national ID card, passport, driver’s license, health care, social security program, etc., their identity is validated by providing several biometrics which are then matched against the national citizen identity directory

• Assuming the match is positive, the citizen’s tombstone level identity information automatically flows from the national citizen identity directory through secure API’s to the ministry application/service

Adults Applying For Various Identity Cards

• At regular intervals (e.g. every 5 or so years), all citizens must update their face and voice prints at a government office– This could be done for things like driver’s licenses and national ID

card updates• For all those citizens who are already adults, then a

grandfather process will be designed to register them and/or update their biometrics– This will include business processes including things like police

checks and, electronic verification of birth, marriage, name change documents against the national citizen identity directory

– As well, all identities will be searched against the death registry to ensure the person is not masquerading as a person who is dead

Updating Biometrics &Grandfathering in Existing Adults

• When a person dies, the authoritative source for recording deaths will then automatically update the citizen’s entry in the national citizen directory via API’s tied to the national citizen identity provisioning system.– The national citizen identity system will then automatically

notify all ministry apps/services via the national citizen identity provisioning service and secure API’s.

– All ministry apps and services will now be updated and program delivery stopped or adjusted

When A Citizen Dies

• When cards like the national ID card are created they will have the following functions:– Ability to store a 4 digit pin

• This pin will be something the citizen knows. If the card is swiped against a card reader, the pin will be checked against the national citizen identity authentication infrastructure.– If the authentication is successful, on the service counter screen will appear a picture of the

person» This must match the person who has presented the card and pin

• As well, a voice authentication can also be taken at the counter and authenticated against the national citizen identity system– If successful, the government counter person has a high degree of assurance the identity is

whom they claim to be

• These are practical risk mitigation measures against people who are trying to masquerade as someone else to the government as well as to municipalities, banks, telcos, etc.

Re-thinking the National ID Card

– Ability to store a digital certificate which is protected by another 4-digit pin• When the citizen wants to sign a legal document, they

will swipe their card against a reader and enter their 4 digit pin as above• If successful, they will then enter a second 4 digit pin.

This pin will also be verified by the PKI infrastructure associated with the national citizen identity system

• Assuming the pin is valid, then a digital signature is now used for the legal transaction

Leveraging The National ID Card For Digital Signatures

• As the new emerging US National of Institute’s Standards (NIST) derived credentials are released, the government will then slowly implement these– This will allow for things like physical National ID cards

and driver’s licenses to be electronically installed on citizen’s smartphones.

– When a citizen loses their phone, the citizen will simply call a toll free service and report their phone lost.• The associated derived credentials on them will also be

inactivated

Create Electronic Copies of Physical Cards Like National ID, Driver’s License, etc.

• This was done by doing many things in parallel to the national citizen identity strategy

• Provided internet to all schools• Then they created “e-school”• Began to teach children how to code• They encouraged start-up software companies– Skype is but one example of a company that began

in Estonia

Estonia Raised Their GDP Per Capita

Education

• In the last decade, Estonia has ranked in the top twenty in the world in the domains of reading, mathematics and science as determined by the Programme for International Student Assessment (PISA).

• More impressively, Estonia has the lowest proportion of low-achievers of PISA participating countries.

• More than a third of Estonian students from low socioeconomic backgrounds are among the best performers on PISA.

• Reference: http://www.ncee.org/2014/04/global-perspectives-e-stonia-how-estonias-investment-in-it-skills-impacted-improvements-in-the-economy/

http://www.ncee.org/2014/04/global-perspectives-e-stonia-how-estonias-investment-in-it-skills-impacted-improvements-in-the-economy/



Students Can Log On At School Using Their Voice


Citizen


Government Portal

E-School


• Citizens will be able to call a toll free number for health care– They will authenticate using their voice and then

give their permission for a health care worker to view their health record and then assist them

• SMS vaccination messages will be sent to parents/guardians of young children

• All health care records will use the same identity

Leverage the Same Infrastructure for Health Care

Leverage Identity With Health


Citizen


Government Portal

E-Health


Citizens able to call a toll-free health care number

Solution: Use A Phased Vision

Then Migrate To The End State

How To Do This?

• I have led, as well as have rescued, many large Fortune 500 identity projects (including Boeing and Capital One) and recently was the identity architect for the Government of Alberta’s digital citizen identity and authentication project

• I break down large complex projects into crawl, walk and run phases

• I also leverage wherever possible existing knowledge, experience and technology

Pre-Phase I - Discovery

• Estimated time: 6-10 weeks• Bring me in to do the first discovery• I would work with a number of local analysts • Deliverables:

– Documentation of existing identity workflows and data structure used for identities today in major government systems

– Review of current governance/legal framework– Review of how payments are made today by citizens to the

government– High level review of existing infrastructure– Estimates for first phase budget costs and resource requirements– Determine who can fund the next phase

Crawling

• Estimated time: 6 months• Deliverables:

– Detailed gap analysis for the following areas:• Governance• Architecture• Identity• Infrastructure• Services and Service/Application integration• Cyber security• Training/Maintenance

– Numerous RFP preparations to cover the many different components this program entails

– Detailed proposed implementation plans for the next two phases– Budget and resource requirements

Team

• The team would include:– A number of different subject matter experts (SME’s) covering areas

such as:• Governance• Identity and access management• Voice authentication• Network/High Availability• Interactive voice response• Payment portals• Cyber security• Health • Education

– e-Governance Academy Foundation from Estonia – I want to ensure that there are a number of local national SME’s as

part of the gap analysis to begin knowledge transfer

Addressing Security

• Imagine it’s a few years down the road and your country has 1,000 or more citizen e-services online, similar to what Estonia has

• At that point, the country becomes a prime target for an attack. This is what happened in Estonia in April-May 2007

• It is totally possible malware could be introduced into the code such that organized crime could demand a ransom or bring down the services

• It is also possible to create a denial of service attack to do so• To mitigate against this risk, as part of the crawling phase, we would bring in

folks from Estonia as well as the Nato Cooperative Cyber Security Defence Centre of Excellence, which is located in Estonia

• Design would then use current best practices• These systems must be up and available 24x7x365 and have high levels of code

security and mitigation measures for a denial of service attack.

Numerous RFP’s Required

• There is no one company that can supply all the different components

• Therefore numerous RFP’s are required:

– Open source identity and access management software, design and implementation

– Contract to assemble a set of test voice prints

– Voice authentication RFP with vendor bake-off using the test voice prints

– Open source interactive voice response software, design and implementation

– Open source payment portal design and implementation

– Back-end payment processing contract for credit, debit and cell phone e-wallet payments

– Contract for Estonia e-government advisory

– Contract for malware and denial of service attack best practice design and implementation

– Contract for high availability design and implementation

– Contract for 3rd party penetration testing

– Contract for open source health care software design and implementation

– Contract for open source education management design and implementation

Walking Phase• Estimated time: 2 years• Deliverables:• Implement laws and acts as defined by the gap analysis and the

infrastructure, security and support, etc.• Citizens will be able to use their cell phones to call into a

government number authenticate using their voice and be able to pay bills using their voice, via the cell phone e-wallet, SMS bank account or debit/credit card

• Citizens will also be able to interact with government services via their cell phone and SMS

• Implement the legal framework gap requirements• Mesh the infrastructure with new highly available data centres.

Speed Up the Process

• I am proposing your government license from the Government of Alberta, the intellectual property for the citizen payment portal and the identity and authentication system as a starting point

• This will cut down implementation times by a year

• Then modify it for the use of voice and interactive voice response with the payment portal

• Note: New Zealand uses voice authentication for their call centres

Running Phase

• Estimated time: 2 years• Deliverables:– Implementation of the required governance,

infrastructure, security, support etc. as defined by the gap analysis to enable introduction and use of the digital e-National ID Card

– Citizens will be able to digitally sign documents and begin to access services similar to those offered by the Estonian government today to its citizens

– Create a National e-Governance Academy Foundation

Your People Run the System

• Goals are:– To have all people who are running the system to be

your country’s national folks– Your government create their own e-government

foundation academy which can then sell their knowledge across Africa

• To do this, it means your country has to “walk the talk” in all aspects of the project

Use Me As A Trusted Advisor

• Using all my experience I will:– Guide the program in the early days to determine all the gaps,

prepare RFP’s and help assemble the various teams required• Pair me up with Program and Project Managers

– I want to ensure that we successfully implement the program and various sub-projects

– Therefore, I will help select these people and then train them to design, implement and then sustain the infrastructure

• I will work with the Government to ensure that RFP’s go to combined national and other countries experts to build up local expertise as and where required

• I have a successful track record in integrating complex systems with numerous vendors

In about 5 years…

• Your could be the first in Africa to transform itself digitally

• GDP per capita would rise, employment would increase and the way of life for most citizens would positively change in how they conduct business and interact with the government

Summary

• Your country could become the Estonia of Africa - a small innovative nation that leveraged the digital world to rethink itself

• Please contact me:– 1-604-861-6804– [email protected]– www.hvl.net

mailto:[email protected]

http://www.hvl.net/

Appendix Slides

Senior Government Leadership

• Implementing such a radical change in society requires the most senior government officials to guide the project

• In Estonia, both the President and Prime Minister were actively involved in all stages of the project

• This involved shepherding significant change through their bureaucracies and also keeping a steady hand when the infrastructure came under a massive denial of service attack in 2007.

• Work began in 1992

World Bank ID4D Study

• Recently the World Bank released a study “Identification for Development (ID4D) Integration Approach Study”

• It recommends that countries implement national citizen identity strategies using a integration model similar to Estonia’s

ID4D’s Integration Model

Is the Answer to Adopt ID4D/Estonia?

• The model in this proposal is very similar to Estonia and the one ID4D uses

• HOWEVER, the ID4D and Estonia models are built upon all citizens/residents having access to the internet

• Most of your country’s citizens currently don’t have internet access

• Thus, from the citizen’s perspective, the cell phone is the communication technology to start with

• The proposal uses interactive voice response and voice authentication with the internet infrastructure running underneath it

• Thus, all citizens can take advantage of the solution if they are using their cell, a smart phone or a computer

Government Will Make & Save Money

• Increase nightly interest payment revenue– All government payment portal payments go into one

back-end government bank account each night to leverage interest

• Save money by paying citizens directly into their bank and telephone accounts (e-wallet) for things like subsidies, etc. – Reduce issuing physical cheques and/or having to use

expensive payment card systems– Give citizens the choice of how to be paid

Use Open Source

• The proposal uses open source software wherever possible– Interactive voice response (IVR) - TBD– Payment portal - TBD– Identity and Access Management (ForgeRock)– API Gateway servers – TBD– Enterprise Service Bus – optional - TBD– Monitoring - ELK for monitoring (Elastic Search, Log Stash and Kabana)– Environment automation - Ansible for quickly spinning up and down

servers in the various environments– Health care management – TBD– Education management - TBD

• It is likely proprietary vendors will be selected for:– Voice authentication - TBD– Digital certificates – TBD

https://www.forgerock.com/

https://www.elastic.co/elasticon/2015/sf/performance-monitoring-with-the-elk-stack-collectd

Biometrics…

• Biometrics are not “perfect”• A measure of their accuracy is something called

the “Equal Error Rate” (ERR) or “Cross Over Error Rate” (CER) at which point the false acceptance and false rejection rates are equal

• Voice ERR is approximately 10%

Therefore…

• Voice doesn’t work for everyone • A few percent of citizens will have trouble

authenticating using their voice. Having citizens say a longer sentence when authenticating can mitigate this.

• For those whom it won’t work, they will be given a username and password to enter via their cell phone

Person Playing Back a Citizen’s Voice?

• For low risk applications, the citizen’s voice alone will be accepted for authentication

• However, as the service level risk rises, citizens/residents will be required to enter an additional 4-digit pin.

• When the e-National ID Card is released, citizens/residents will be able to use it in a manner similar to the way Mobile ID is used today in Estonia, via their smartphone. They will enter a 4-digit pin in addition to having the digital certificate on their smartphone.

• All of this is defined in the Credential Assurance Standard

Cell Phone is Shared by Several Citizens?

• Sharing of cell phones is quite common• To address this the strategy uses the following:– The primary cell phone holder will be identified in the central

identity data store– When another citizen wants to use the same telephone then the

primary cell holder will have to provide their permission– When any SMS messages are sent to the citizen, it will be labeled

with their name such that the citizen is clearly determined– Agreements between citizens, telephone companies and

governments will be obtained such that if the citizen’s cell phone number changes, the telco will automatically notify the central identity service

All That Glitters Is Not Gold

• The Government of Alberta system is a good place to start but not to end up. Why?

• Low level identity assurance – If you say you’re Mickey Mouse the system will accept this

• No second factor authentication• Can’t do digital signatures

So Why Use Them?

• It will reduce implementation times by about a year by licensing the intellectual property for their:– Privacy architecture– Use cases– Test cases (for only the IAM portion the team developed over 500 test

cases)– Testing tool

• The team supported platform (approximately 15 different browsers and mobiles.• For each platform the tests had to be run in each environment. So, just for the

IAM portion alone, it meant running 15 sets of over 500 tests PER ENVIRONMENT. Therefore, the team wanted to automate the testing as much as possible and developed a testing tool to accomplish this.

– Data standards– Implementation guides to allow for services/applications to quickly

integrate– Software code

Bottom Line…

• Your country must develop a solution tailored to fit your needs and not drop ship or entirely adopt something developed elsewhere

• HOWEVER, it should LEARN from others wherever possible• It needs to develop a solution:– For your citizens of all types and regions– Leveraging existing technology citizens have today– Run by your country’s people and companies– With an eye to standardizing wherever possible– To then lead Africa into the new economies which are rapidly

emerging

National Leadership

• The proposal seeks to have your country’s government lead other regional countries in defining common standards for Evidence of Identity and Credential Assurance

• It also sees creation of a similar agency to Estonia’s e-Governance Academy Foundation to then train other African nations on how to achieve this

Guy Huntington

Guy Huntington is a very experienced identity architect, program and project manager who has led, as well as rescued, many large Fortune 500 identity projects including Boeing and Capital One. He recently completed being the identity architect for the Government of Alberta’s Digital Citizen Identity and Authentication program.

Changing the World a Bit

• Guy wants to change the world a bit by assisting developing countries to leapfrog ahead of most western societies by:– Leveraging citizen’s use of the cell phone and their voice to

then access online government services – Utilize digital versions of their national identity cards on

smartphones to enable use of this for digital signatures– Using mostly open source products with “standardized back

ends” and customizable “front ends” – Reusing the same code and intellectual property in other

jurisdictions to dramatically reduce implementation times and costs

national identity strategy presentation may 10, 2016

Government & Nonprofit