by Francesca Morpurgo – CyberEthics Lab
A short summary of the meeting organised by CyberEthics Lab. in the context of the IMPULSE project, where policy-makers from all around Europe discussed the pros and cons of the introduction of a system of electronic identity based on disruptive technologies and on the self sovereign identity approach.
IMPULSE (Identity Management In Public Services) is a project whose aim is to introduce a new electronic identity management system, based on disruptive technologies like artificial intelligence (AI) and blockchain, led by the principle that citizens should have the full control of their personal data, without being forced – in order to access to public services – to relinquish their ownership to third parties. That, put it simply, is the main idea behind the so-called Self Sovereign Identity (SSI) approach, which inspires IMPULSE as well as the Digital European Wallet initiative.
How to successfully introduce new technologies
As many pointed out during the discussion, the introduction of a new service or system, especially when based on new concepts or technologies, may be an extremely difficult task. We must keep in mind that the ensemble of European countries is vastly multifaceted and that this factor increases even more the complexity of the task ahead.
That is the reason why attentive preparative work is absolutely necessary. At IMPULSE we are going to deal with this issue in different ways, one of which is establishing a dialogue with the people who, in different European countries, can have an impact on countries policies and have a clear and thorough vision of what the difficulties and on the contrary the opportunities may be. The first move we made in this direction was holding a “policy round table” with 14 policy makers from various European countries, with participants from Austria, Belgium, Greece, Bulgaria, Italy, Germany, Spain.
We submitted to the participants 5 questions, which were the result of a collective reflection internal to the Consortium on the work done so far and on the issues that came out.
IMPULSE policy round table: the questions
The questions were:
Q1. What do you think of the idea of introducing electronic identity as a mean of accessing (public) services? Are you aware of any projects actually running on this topic? If yes, what are their outcomes?
Q2. What could be the main obstacles, both technological and socio/political or economic to the adoption and further diffusion of a European system of electronic ID management for public services?
Q3. Do you think that from the adoption of disruptive technologies and in particular of a European system of electronic ID management could derive potential threats? There may be concerns about the technologies and procedures (i.e., blockchain, AI) involved in the storage and usage of citizens data as well as about the involvement of AI in the process. There may be problems related to transparency, comprehensibility or privacy?
Q4. What could be the impact of the adoption of a European electronic ID management, both on Public Administration (with particular regard to possible impacts on capital, labour and knowledge) and more in general on society?
Q5. In the light of your experience, what actions would be necessary to foster a positive social environment for the adoption of a European electronic ID system and in general of disruptive technologies?
eID: different approaches being developed
Many interesting points emerged, the first one of which being that there is actually a strong interest towards implementing a common eID system, but at the same time there are many different approaches between the various European countries, strongly pointing to the need for an interoperability focus.
It is worth noting that from the policy makers’ point of view the adopted technology is somewhat “transparent” and unless one asks specifically to focus on that aspect it is less important than other aspects, like for example the variety and significance of the services you can access with that technology. Unless, as in the case of Germany with a blockchain based eID solution, a major failure happens in connection with a widely advertised technological solution. In that case, a sense of inefficiency and clumsiness may be quite permanently associated with a certain technology even though of course the technology is only a minimal part of the ecosystem that generated the problem in the first place. So if a certain technology is reputed as being “core” or fundamental an extreme attention should be placed to the first phases of its introduction and to the correct functioning of the associated services.
Services come first
The fact that more than the underlying technological solution the kind of services that are used as a “killer app” are important have been stressed by almost all the participants. Where, as in Italy or in Austria, a new eID system has been introduced in combination with a service that truly meant something for the citizens, then also the eID system experienced a massive growth and successfully expanded to other services. The point is gaining the citizens’ trust in the first place. In Italy the pension system has been fundamental for the introduction and the success of the SPID system (the Italian system of digital identity) as in Austria was the EU covid certificate (the so-called “green pass”) and in Ireland the social protection system services.
There are of course objective barriers to the introduction of an eID system like the one IMPULSE is developing (being the digital divide the first one, as stated by many of the policy makers who attended) but – as it was strongly stated by Mr. Paluello from the city of Rome but also from Ms. Filipponi from Italian government and from Mr. Leitold from Austria Secure Information Technology Center – any service and any system, even the most successful and accurate ones, are doomed to failure without effective communication and without a meditated strategy for their introduction, which may imply going slowly and in phases, closing the digital gap, understanding the problems that the public administration may experience when introducing the new service.
Gaining the citizens’ trust is absolutely essential and is something not easily reached. As per the disruptive technologies that lay at the base of the IMPULSE eID solution, it is important to know that they could make it more difficult to build trust, because people at best do not know anything about them, at worst they could actively distrust and criticate them. For this reason the digital divide may be an enormous problem in certain countries and something that must be accounted for and that must in some way be solved before or at the same time as the problem of introducing digital identity. In Italy, for example, the policy makers who participated reported that they started from the biggest public administration offices, which had the resources and also the “company culture” to overcome the organizational change required but that now, after some four years, the situation is really different and the difficulties do come from the fact that there is an extremely scattered situation. It is surely necessary to take into account the diverse needs of the different public administrations and to adapt the adoption paths, helping the small public administrations to successfully step into the process and parallely educating the end users.
A strong communication campaign is necessary
In any case programs like IMPULSE can benefit from other similar programs, which have a similar learning curve and that create a sort of “halo effect” about a certain particular topic, but also should be very careful about communicating with their end users, after an attentive marketing analysis. The adoption and the trust have more to do with the emotional side of perception rather than with the rational one, so when introducing a novel technology an awareness of this factor is required to be rewarded with success.
The fact that a European citizen may experience an harmonised way of accessing services across Europe may be a fundamental asset in fostering a true European citizenship and identity, but – as emerged during the round table – an attentive communication campaign, targeting specific group of people (young people, aged people, digital natives people, people with lower education, etc) is absolutely essential. The fact that personal data is safer in this model may be an advantage but it depends on how it is communicated and to what target, and it must not be forgotten that it places an additional responsibility burden on the citizen’s shoulders, something that it is a novelty of this era and of this approach.