Sweden's BankID, a widely used digital identity solution, faces challenges of financial exclusion and privacy concerns due to its reliance on bank accounts and the centralized personnummer system. Alternatives like state-run systems or open-source models are being debated.
We advocate for a diverse digital identity ecosystem, integrating various methods like ePassports and federated KYC, to ensure broader coverage, tailored use cases, and enhanced privacy. This approach promotes innovation and user empowerment while maintaining state oversight and integrity regulations.
TL;DR
-
BankID's Dominance: Sweden's BankID, tied to the state's personnummer, is widely used but excludes many due to bank account requirements and privacy concerns.
-
Complexities in Sweden's Identity Landscape: Balancing automation benefits with financial exclusion and integrity issues prompts debate on alternatives like state-run systems or open-source models.
-
A Multifaceted Digital Identity Vision: Truid advocates for diverse digital identity solutions integrating ePassports, federated KYC, registry integration, and document storage with AI. This approach ensures broader coverage, tailored use cases, and enhanced user privacy.
-
Future Direction: Rather than a mandated unified system, a diverse ecosystem promotes innovation, competition, and user empowerment while mitigating risks of authoritarian control. State oversight and integrity regulations are crucial for fostering a secure and user-centric digital identity landscape.
BankID's Dominance in Sweden
Sweden boasts one of the world's most widely used digital identity solutions, BankID. This private company, formed by major Swedish banks, relies on the state's open persistent identifier, "Personnummer." This unique number ties every citizen to a birthdate and additional digits. BankID essentially functions as a hybrid system, as Personnummer is managed by the Swedish Tax Authority.
Recently, debate has swirled around BankID's dominance in Sweden. Last week, Anna Kinberg Batra, a former Swedish politician exploring future payment regulations, advocated for a new state-run electronic identification system. Others propose mandating alternatives to BankID or an open-source digital identity model.
BankID faces challenges related to financial exclusion and compromised integrity.
-
Financial Exclusion: Currently, a Swedish bank account is required to access BankID (essentially a federation of each bank's KYC process). This excludes roughly 500,000 Swedes from obtaining BankID.
-
Compromised Integrity: The underlying Personnummer raises integrity concerns. This identifier can track an individual across various databases and registries in Sweden. While Swedes generally don't mind this (it would be culturally and legally impossible in neighboring Germany), it poses privacy concerns.
Navigating the Complexities of Sweden's Digital Identity Dilemma
So what is the right solution here? Clearly Sweden reaps enormous benefits in process automation and digitalization in both the public and private sectors thanks to the penetration and network effects of BankID (last year each user made on average >2 transactions per day and almost all adults have BankID installed).
And yet the drawbacks in terms of financial exclusion and integrity infringement are clear, as are the problems with e.g. cross-border identification (which is the main driver of EU initiatives in the area).
One could argue that this should be a state-run utility, but given the integrity challenges of an open persistent identifier it requires that the state never abuses its powers if it could monitor any digital transaction that an individual makes where identity is important.
Swedes generally trust their government, but IF the state becomes authoritarian, the scope for oppression and control would be virtually limitless (and from the example of China we can see what such a system could potentially lead to).
At Truid, we believe the future will be both technically complex and user-friendly. We envision a new generation of digital identity solutions empowering individuals with control over their user control through encrypted vaults, wallets, and seamless identity management methods. While current discussions around user control and integrity often focus on the blockchain-inspired Web 3.0 realm, we believe blockchain adoption isn't necessary for this development.
A Vision for a Multifaceted Digital Identity Landscape
In a world with richer digital identities built by combining different evidence, users will likely leverage various methods to construct their identity. These methods could include:
- ePassports and eID cards: Uploaded to wallets with ownership verification via biometrics and unique codes.
- Federation of trusted KYC processes: Users grant consent to share pre-verified data from third parties, like financial institutions or employers.
- Integration with registries: User consent allows data collection corroborated with other sources, proving signing rights for companies, for example.
- Document storage and AI-guided reading: Used to prove address, certifications, or permits where public registries aren't available (with a slightly lower assurance level).
A world with multiple, overlapping digital identity solutions offers several advantages:
- Greater user coverage: More methods for individuals to choose from.
- Good fit per use case: Users can onboard various identity methods, documents, and products, and choose the most suitable one for each transaction.
- Personal integrity: Reduced risk of mass monitoring when users aren't reliant on a single system.
- Increased competition: Drives technological development, improved functionality, lower costs, and better user experiences.
- System robustness: Overlapping methods offer redundancy against internal and external threats.
Continued innovation in this area benefits everyone. We believe the state shouldn't push for a unified approach. Picking tech winners is challenging, especially for state-run technology. A mandated state system risks becoming a tool for authoritarian control.
This doesn't mean the state should have no role; it can offer its niche product for specific use cases. However, the state's most valuable contributions will likely be in oversight, enforced integrity regulation, and technology-neutral standards.