Everybody Deserves a Digital Identity

Source: iStock

According to an analysis by a US-based identity management provider, the average internet user has around 90 online accounts. Add to that the various kinds of physical identities like state-issued ID cards, supermarket loyalty cards, and library cards and we can probably round this up to a neat 100 identities. The problem with this situation is not the diversity of accounts or identities, but rather the low levels of security and assurance.

Security revolves around the following question: How easy is it for someone else to hijack your identity? The same combination of e-mail address and password that you use for your other 99 accounts? Biometrics? Two-factor authentication? Or perhaps just knowing your identity/account number, as is the case with the US social security number?

Assurance goes hand in hand with security but seeks answers to a slightly different question: How certain can the service provider be that you are not trying to pretend to be another person online? John Doe can create an account with the username “Jane Moe” in an online forum and nobody would be any the wiser. Imagine if you could create national ID cards the same way – upload your favourite photo (of yourself or anyone else), pick a name, date of birth, etc. and print it out at home. Madness.

Getting our digital house in order

You can see where we’re going with this. In the EU, we have a regulation called eIDAS which outlines the different valid levels of assurance. Here’s what the three levels look like: “Low” is for self-registration without any identity verification, as is the case with online forums today. “Substantial” is based on added authentication steps like verified identity information and activating an account via a one-time password sent to your phone. “High” is reserved for enrollment by registering in person in an accredited office (for example the authority that hands out ID cards in your country). These levels are also referred to a “Simple-”, “Advanced-” and “Qualified Electronic Signatures” or “SES”, “AES” or “QES” respectively.

eIDAS absolutely allows to establish a secure, more convenient, and seamless environment for cross border transactions, thus far most services are still provided domestically. In Estonia and a growing number of other countries we can use our electronic identity to log into digital government services and private sector offerings like banks or online shops. And we can use them to give Qualified Electronic Signatures which are equal to handwritten signatures for any kind of digital file to show our intent online – whether it’s a contract, application, a photo, or an architectural model, digital signatures are legally equivalent to paper-based signatures.

Thanks to e-Residency, people from all over the world can now get a digital identity issued by the Estonian government and they can use it for authentication and signing purposes just like an Estonian citizen. The beauty of the eIDAS regulation lies in the requirement of cross-border recognition of a certain assurance level of electronic identities and electronic signatures allows people and businesses to interact with each other online.

Source: e-resident.gov.ee/dashboard

We still don’t talk enough to each other

This is where things get tricky, though. In some countries, like Germany, the government has simply failed to provide a free and compatible digital signature solution. As a result, companies flooded the digital signature market with a wide range of solutions. Some of them have expensive monthly subscriptions, others have the UX of a potato, and too many of them are plainly not compatible with each other. The result is simple: Both the German and Estonian government operate under the eIDAS regulation but if you believe that any German government authority will recognise a PDF with an Estonian digital signature, then we have a bridge in Brooklyn to sell you.

Even for more technologically advanced countries like Norway, the current environment is tricky. It is not possible for a Norwegian to use many Estonian e-services, because even though he has a tool with which it is possible to log into the e-service, he cannot submit an application because he does not have the option of digital signature. It is also not possible for a Norwegian and an Estonian to sign a rental agreement in the way we do it in Estonia, because the most widely used tools in Norway do not provide the option of signing something.

Of course, following the principle of freedom of contract, a contract can also be concluded by e-mail or by creating an image of one’s signature on a PDF, but in the case of such confirmations, it cannot be said with certainty that the person with whom the transaction was concluded was really the one with whom it was intended. The eIDAS regulation, which obliges e-signatures to be recognised, regardless of which service provider’s tool is used, does not help here either.

Therefore, the e-signature is slightly different in each country. Estonia has moved towards a highly certified and cryptographically based e-signature, while there are countries where the e-signature is also the name under the e-mail or a click under the declaration of intent. Also, only authentication is used more and more, after which the person no longer needs to submit a signature.

Source: iStock

Finding the digital needle in a paper-based haystack

That’s why the demand for a universal digital identity is strong and ever-surging. Recently, Estonia celebrated the registration of its 100,000^th e-Resident and the creation of the 25,000^th Estonian company created by said e-Residents. The applicants are as diverse as you could possibly imagine – entrepreneurs from the EU’s periphery (like Ukraine and the UK) appreciate the digital ecosystem as much as bureaucratic refugees from within (like Germany and Italy). There are e-Residents from Bhutan, Lesotho, and Grenada, all of whom were not tempted by Estonia’s natural beauty (though there is plenty of it) but by the possibilities that a widely used electronic ID provides.

Other countries have caught onto the trend of providing e-Residency-like products. The reason is simple: Digital entrepreneurs create plenty of financial and cultural value. In the first half of 2022 alone, the Estonian government collected €24m in tax revenue from e-residents. For a small country of 1.3 million people, that’s a fair bit of money.

It is easy to picture the advantages of a global digital society with compatible electronic identities and signatures. Picking up your prescription medicine while traveling abroad, proving your academic background while applying for a bank account in another country, or signing contracts between management board members based around the world… None of this is science fiction. For the last couple of decades, public and private sector specialists have been sowing the seeds for digital transformation in their respective parts of the world. Electronic identities and digital signatures as well as services that tie these tools into an attractive package – like e-Residency – are the first small signs of a blossoming digital world. Make no mistake: There is a lot more to come.

Written by: Florian Marcus (Project Manager) and Laura Kask (CEO) from Proud Engineers

Edited by Martin Nørgaard Gregersen (CTO) from sign.online