Proposed Country Citizen Identity Strategy

Guy Huntington, PresidentHuntington Ventures Ltd.

August 3, 2015

Who Am I? I am a VERY EXPERIENCED identity architect who has lead, rescued and successfully

implemented many large identity projects for the Fortune 500 and government.

My past clients include Boeing, Capital One, Kaiser Permanente and, most recently, the Government of Alberta where I lead their implementation of the Digital Citizen’s Identity and Authentication Project.

You can check me out via my linked in page: https://ca.linkedin.com/in/ghuntington

The Government of Alberta’s citizen payment portal and identity system can be found here: http://eservices.alberta.ca/

What Am I Proposing? Based on all my experience, I am proposing an integrated physical and

electronic identity strategy with the following benefits:

Government Ability to make and save money from the proposed solution Leverage the solution to improve health care and education for its citizens Seamlessly integrate existing government identity cards with the electronic

identity and authentication services and also possibly combine it with the driver’s license

Become a digital eGovernment leader

For Citizens Using Their Cell Phone Leverage the cell phone to achieve:

Newborn and children health tracking Health management Education management Easily create new bank and telco accounts using their government identities online

or in -person Purchase government services and paying taxes Receive government subsidies directly into their bank or telco accounts (e-wallets)

For Citizen’s Using a Smart Phone Use a digitally derived government identity card credential to digitally sign

documents

Avoid Common Implementation Challenges Many governments around the world have encountered the following

challenges when implementing citizen identity solutions: Build it and they don’t come

One country implemented an identity solution and only 20,000 citizens enrolled out of 3 million!

Lots of time and money One Canadian province has spent $150 million over 7 years to implement the

identity solution Many enterprises get “locked into” commercial vendor solutions requiring

expertise and time to customize and deploy Commercial software vendors have high ongoing yearly license fees

Use Open Source Leveraging the Phone Use voice for authentication and also use a open source voice portal

This then enables most of your citizens to access the government services using their cell The Government of New Zealand uses voice authentication for a 1-800 type dial in

service (http://www.armorvox.com/its-official-armorvox-powers-worlds-largest-most-successful-government-services-system-3/ )

Use a open source payment portal that integrates with: Open source voice portal Open Source identity and access management

Governments of Canada, Alberta, New Zealand and Norway already use this Open Source enterprise service bus

Enable Citizens to Use Their Phone to Make Payments to the Government Take idea that Alberta has done and go further by integrating the payment

portal not only with debit and credit cards but also with SMS Banking

This enables the citizens to use what they already have, their phone: Authenticate to the government payment portal using their voice Make payments using their SMS banking service

Make and Save Money Increase nightly interest payment revenue

All government payment portal payments go into one back-end government bank account each night to leverage interest

Save money by paying citizens directly into their bank and telephone accounts (e-wallet) for things like home fuel subsidies, etc. Reduce issuing physical cheques and/or having to use expensive payment card

systems

Federate the Solution With Banks & Telcos Enable citizens to create bank and telco accounts in-person or on-line by

having the citizens’ tombstone level identity information to be passed from the central identity and authentication service to the banks and telcos with the citizens’ consent

Also enable citizens to change their address and telephone numbers in the central identity service and, with their consent, have the banks and telcos automatically updated!

Leverage The Solution for Health Care Integrate the solution with open source health care software

Local first aid posts to be given smart phones to then authenticate the citizens and access, with their consent, their health records

Citizens to call in a 1-800 type number, using their cell phones, to obtain medical advice after authenticating with their voice and providing their consent for their health record to be viewed by the medical practitioner on the other end of the call

Vaccinations for infants and young children to be automatically tracked and SMS messages sent to the parents/guardians when a vaccination is required

Leverage the Solution for Education Integrate the solution with open source education software

Students will use voice to authenticate to school education systems as schools implement technology

Parents and guardians can access student records, report cards, etc. using their cell phone and authenticating using their voice

Seamless tracking of students as they pass through various forms and on to post-secondary and trade schools

Use the Same Infrastructure for Businesses Businesses are legal identities

Streamline existing government services to businesses by integrating businesses into the same infrastructure

Seamlessly Integrate With The Existing National Identity Card

Adjust the registration processes to leverage additional biometrics such as face, finger print, voice and iris

Consider merging driver’s licenses with the national identity card

Then consider creating derived electronic versions of it that can be placed on citizen’s smartphones

Protect Citizen’s Privacy System uses citizen consent to release any identity information via User Managed Access

(UMA) https://kantarainitiative.org/confluence/display/uma/Home

Mitigate the risk of citizen’s identities being able to be profiled by using different identifiers for each application

Three different types of encryption used between parties

Only store tombstone level” identity information in the central identity data store. Sensitive data is stored in their proper government application

Create a central citizen consent panel such that citizens can see what they have provided their consent for.

When citizen identity attributes are changed, citizens receive SMS and/or email notifications.

Is Voice Authentication Common? Yes. Beyond the New Zealand reference already given, this link by Opus

Research http://opusresearch.net/wordpress/tag/voice-biometrics/ provides an ongoing update of who is using voice.

This link provides a reference point for industry use of voice around the world http://opusresearch.net/wordpress/pdfs/OpusResearch_VBCNYC2015.pdf

Does Voice Authentication Work For Everyone? No.

A few percent of citizens will have trouble authenticating using their voice. Having citizens say a longer sentence when authenticating can mitigate this.

For those whom it won’t work, they will be given a username and password to enter via their cell phone

What if a Malicious Person Plays Back a Person’s Voice? The national identity service uses authentication based on risk. The

technology in use today can mitigate against most of the risk of a voice playback.

For low risk applications, the citizen’s voice alone will be accepted for authentication. HOWEVER, If the citizen is accessing a more sensitive application or service, where the risk is higher, the authentication used will be stronger (i.e. by requiring the citizen to provide something they know, i.e. a 4 digit pin, in addition to something they are, i.e. their voice).

What if the Cell Phone is Shared by Several Citizens? Sharing of cell phones is quite common in 3rd world countries. To address this the strategy

uses the following:

The primary cell phone holder will be identified in the central identity data store

When another citizen wants to use the same telephone then the primary cell holder will have to provide their permission

When any SMS messages are sent to the citizen, it will be labeled with their name such that the citizen is clearly determined

Agreements between citizens, telephone companies and governments will be obtained such that if the citizen’s cell phone number changes, the telco will automatically notify the central identity service

Why Doesn’t the Strategy Rely More on Facial Recognition? Facial recognition is today widely used around the world for driver’s licenses and

passports

However, technology is advancing which is increasingly able to replicate the face of another at lower cost

This video, produced in 2013, is an example of this http://www.adweek.com/adfreak/belgian-bank-pulls-seriously-creepy-prank-warn-you-about-identity-theft-151096

The strategy still uses face recognition as one of the biometric attributes BUT it doesn’t solely rely upon it. Instead other biometrics are also used to mitigate against the risk of facial impersonation

Standardize the Systems Standardize the back end identity system while allowing for rapid

customization of the front end (look and feel, languages, etc.).

The code can be placed in repositories and then used by other governments. This is the value of using open source.

Future changes to the code made by one government can then be rapidly used by other governments

Externally Fund the Project I believe external funding agencies like the World Bank, African

Development Bank, Asian Development Bank, Bank of the South, World Heath Organization, Gates Foundation, etc. will fund all or portions of this solution because: It can scale quickly and at low cost to other countries Develop innovative health care using the cell phone coupled to the central citizen

identity and authentication service Design new ways of educating citizens by using technology linked to the individual

identity

Lay the Foundations for a Digital Revolution & Evolution

Add all-of-the above up and it enables a digital revolution and evolution for citizens and the government

Citizens will now interact with the government using their existing technology because it makes their life easier and better

Governments can reduce costs and actually make more money each night

Become the leaders in e-Government by thinking outside the traditional box. Leverage the cell phone!

Let’s Discuss This Further! I can be reached at:

1-604-861-6804 guy@hvl.net www.hvl.net