Identity And Me

One of the things that companies and private sector organizations (like the Government of Alberta) need to come to grips with in the next few years is whether or not to do something for the organization or the customer/citizen.  These things are not mutually exclusive.  Indeed, for many private sector firms doing something for the customer ultimately provides significant benefits to the organization.  But what about Public Sector?

Let’s take a look at something specific: identity and authentication.  When should the needs of the citizen override the desire of the organization?

In my mind the needs of the citizen should always override the desire of the organization.  I have a system that keeps track of my passwords for me.  Why do I have a tool as opposed to memorizing all of my passwords?  Well, according to my tool I have 562 different accounts/passwords.  I can barely remember my GoA credentials how am I supposed to remember 562 different sets?  Yes, many of these are to web sites that I’ll probably never visit again (https://teachable.com/, https://www.rescuetime.com/, https://www.jivesoftware.com/, etc.)  But other sites are important. If a site gives me an option to connect up with my Google account (and that is a list of sites not included in the 562) then I take it.  Why?  Because I have too many logins.  I don’t want another login.  It is in my best interest not to have another login.  (Caveat:  sites that have access to money have a separate login)

Why would I want/need another login.  It is my desire, as a citizen, to have a common ID that the Government of Canada, all of the various provincial governments, and even municipal governments would accept.  I have one Social Insurance Number, why not one identity?  I have one drivers license, why not one identity?  I have one health care number, why not one identify?  There are a lot of ways that governments can uniquely identify me, why do I need another?

There is within Canada an organization called DIACC (Digital ID & Authentication Council of Canada).  The purpose of DIACC is to create a pan-Canadian approach and standards:

The Digital Identification and Authentication Council of Canada (DIACC) believes it is imperative that Canadian institutions protect and promote Canadian values and perspectives as the digital economy develops.

The DIACC leverages the following Canadian and universal principles as guidance with regard to initiatives that support our mission and vision.

Principals of a digital identity ecosystem for Canada, and solutions within:

  1. Robust, secure, and scalable
  2. Implement, protect, and enhance Privacy by Design
  3. Inclusive, open, and meets broad stakeholder needs
  4. Transparent in governance and operation
  5. Provide Canadians choice, control, and convenience
  6. Built on open, standards-based protocols
  7. Interoperable with international standards
  8. Cost effective and open to competitive market forces
  9. Able to be independently assessed, audited and subject to enforcement
  10. Minimize data transfer between authoritative sources and will not create new identity databases

They have a fairly impressive list of organizations that have joined DIACC:

  • Government of Canada
  • Government of B.C.
  • Government of Ontario
  • Government of New Brunswick
  • Canada Post
  • BMO
  • CIBC
  • TD
  • RBC
  • Interac

These organizations understand that we need to handle identity and authentication in a pan-Canadian approach.  We need to be unified.  We need to make it less painful to do business with each other.

So, where is Alberta in that list of organizations?

Leave a Reply