Historically, states have developed identity systems in response to specific needs for visibility and surveillance over their residents—for example, birth and death certificates to track populations and thus the allocation of resources, voter cards to determine eligibility for participating in elections, and passports to control state borders and international travel. More recently, many states have launched national identity systems,1 such as Aadhaar in India, which seek to provide a singular credential that can serve most if not all functions.
These national identity systems are being driven by the increasingly complex needs of the modern state, but also because advancements in technology— especially biometrics, encryption, and mobile telephony—now enable large-scale, digitized identification and authentication on a cost-effective basis. For many emerging market economies, the low penetration of paper-based functional identity systems, such as civil registries (birth, death, marriage certificates), have encouraged the launch of digital national identity systems, in what is often characterized as a classic “leapfrog” process of skipping over outdated infrastructure investments and moving into cutting-edge digital technology.2
The incentives for the state to integrate or subsume existing functional identity systems into a single, unifying national identity system are relatively straightforward: there are tremendous cost savings, because disparate and unconnected identity databases facilitate large amounts of fraud, duplicated effort (and identities), and higher management costs; and there are significant benefits to surveillance and visibility, as individuals can now be tracked across domains and over time.
And as our research shows, there are benefits of a single identity credential to individuals as well. Having only one credential, instead of many, can simplify identity management, reduce time and resource costs for enrollment, and streamline access to services. And of course, many benefits that accrue to the state—such as increased surveillance that deters criminal activity, or cost savings from reducing fraud—lead to aggregate benefits that help the individual as well.
Our user research, however, revealed a number of ways in which individuals benefit from having a plurality of identity credentials or elements available to them. These include:
Agency and choice—When people are allowed to present different identity credentials to authenticate themselves, they can exercise some control over both information disclosure and credential security. For example, showing a voter card instead of a driver license would allow an individual to authenticate herself without revealing her age or height or weight. In terms of security, being able to use less important credentials when possible reduces the likelihood that a critical identity credential is stolen or hacked in some way, providing the individual a way to compartmentalize their data and risk. While most people we spoke with did not describe this level of caution, Jafar Akbar revealed how he intentionally tried to manage what he shares:
The government has made [Aadhaar] compulsory in many places, so this scares me a little. For me this card is a tracking device. When someone asks me for ID and specifically Aadhaar, I always ask what other proof can work. I don’t say that I have an Aadhaar card.
Resilience against shocks—Many respondents talked about the difficulties involved in modifying or replacing state-based identity credentials. Byzantine bureaucracy, convoluted processes, and long waiting times (both in queues and processing) mean that getting a replacement credential carries high opportunity (and sometimes financial) costs. Having multiple official credentials provides individuals with alternate ways to authenticate themselves in case a credential is lost or invalidated. In contrast, if people had to rely on a single credential, any issues (such as loss of the card) could mean that the individual is left without any real way of authenticating herself. This can be especially critical for those with the least capacity to absorb the cost of taking time off work to visit a government agency.
Stretching rigid systems to cover dynamic needs—Some of the people we spoke with kept multiple credentials with different identity information in order to be eligible for the services they believed they are entitled to. For example, a migrant moving to the city will typically have to show proof of a local address from a landlord or utility in order to open a bank account. Yet if they change their voter card that they have with their village address to their city address, they may lose official record of them being from the village, which presents its own problems. In essay V2, we describe the challenges many migrants face in becoming formally accepted in their new community, including access to services. Multiple credentials are thus used by many people as a way to compensate for rigid identity systems that can’t accommodate the more complex and dynamic needs of many individuals.
Proponents of singular identity systems will argue that these issues can actually be addressed via the technological architecture and design of the system. Digital identity systems using sophisticated encryption can enable “zero-knowledge proofs,” which hide any personal information about the individual and only provide a “yes/no” answer to authentication requests. And it is technically possible to have a single digital identity that is linked to multiple credentials with different information, allowing an individual to have, for example, a signed certificate from the village panchayat and a rental agreement from a Delhi landlord both attached to her singular unique identity. In other words, technologists might argue that a singular identity system, well- designed, could address all of these concerns.
Yet cutting-edge digital technology systems are rarely a great equalizing force in terms of accessibility and benefits. Aadhaar’s fingerprint readers are often inoperable in rural areas with poor telecommunications networks, leading to less-secure workarounds. In Pakistan, the NADRA enrollment drive required sending agents on foot into rural mountainous areas, wearing large backpacks full of the expensive computing and biometrics technology required to do enrollment. In other words, relying on sophisticated technological systems to bring about inclusion for the most marginalized is fraught with problems.
Although the framing of this issue—multiple identity credentials vs. a singular credential—reflects the lived experience of individuals in India and many other countries, the quantity of credentials is actually not the key issue. The three concerns described above reflect ways in which multiple credentials help people cope with the challenges they face in identifying and authenticating themselves using formal identity systems.
Therefore, while the choices and design of the technological system are undoubtedly critical, we focus here on the needs and goals of the individual. By understanding how and why people utilize multiple credentials to better manage their identities, system designers and policymakers can gain insight into some of the key challenges facing users, regardless of the identity technology being used. Finding ways to design for agency and choice in sharing of identity information, creating mechanisms for easy identity management by the individual in case of shocks, and designing both technical architectures and processes to be more flexible for edge cases will improve any identity system.