Increasingly important in our ultra-connected society, the notion of digital identity still remains unclear for many. The CNIL clarifies it in a complete document also explaining all its implications on privacy.
The growing importance of digital technology in France is leading to the appearance of new forms of identity – on an online video game or a social network, for example – as well as the digitization of identities that were not digital before – civil status, professional identity, etc. We use these digital identities on a daily basis since they constitute a “guarantee” to make an online purchase, subscribe to a service or carry out administrative procedures – the Government is also continuing its policy of digitizing public services. But the complexity of the notion of identity and digital technology can legitimately lead to confusion, and we quickly get lost. This is why the National Data Protection Commission (CNIL) has published a more than welcome summary on the whole subject. She returns to the issues, problems and difficulties around digital identity and clarifies her position on the subject. Many points are discussed, such as the difference between the notions of identity and sovereign identity, between identification and authentication, the authentication chain on a service or an application and biometrics.
Digital Identity: what is it?
But, already, what is a digital identity? As the CNIL explains in his press release, “this is a set of attributes such as a pseudonym, surname, first name, age or place of birth, associated with a natural person, which makes it possible to link this data to this person.” We speak of digital identity when these attributes are recorded in digital form and can be used online. Moreover, it is present both in the public and in the private sector. It is quite possible to have several digital identities – it is even very often the case, without you necessarily being aware of it. For example, an individual can have a sovereign digital identity to register on the electoral lists – we will come back to this later – and another digital identity linked to a pseudonym that he would have chosen for Twitter. The digital identity is plural because it depends on the context, but also on the level of guarantee of its reliability – there are in particular several levels of verification. To summarize using the terms of the CNIL, “A person’s digital identities are thus their different immaterial identities, which will allow them to access mainly digital products and services.”
Digital identity is based on identification, which distinguishes one person from another, such as with the use of national identifiers like the student number (INE) – which is unique for each individual. To identify yourself, you have to go through authentication, which allows you to prove that you are indeed the individual you claim to be, and for that you have to provide what the CNIL calls proof of attributes. identity, which makes it possible to demonstrate the characteristics of one’s identity – student status, majority, nationality… To be able to use one’s digital identity, one must go through an identification scheme, which involves at least three actors: the user – the natural person who wishes to access a set of services –, an identity provider – a trusted third party who provides an electronic identification means (EIM) – and a service provider.
Sovereign digital identity: the national electronic identity card
Among these different digital identities, we find what is called sovereign digital identity, that is to say guaranteed by the State. Indeed, the Government has introduced a national electronic identity card (CNIe). It exists in a physical format, with a size close to the bank card, and contains an electronic chip, which allows it to generate a digital identity via the application France Identity (see our article).
The latter is also compatible with France Connect, thus allowing secure online identification with 1,400 official sites (Ameli, taxes, La Poste, MaPrimeRénov’, CAF, Pôle Emploi, Yris, MSA, etc.) , but also to prove their identity to access certain content (pornographic sites, tobacco, alcohol, etc.), to read the data contained in their CNIe and to create proof of identity in order to avoid scanning documents or to carry their identity card with them. Note that a digital Vital Card should arrive soon and that a European digital driving license is under study.
Digital identity: what are the challenges and difficulties?
Digital identity involves many issues. One of the most important is undoubtedly that of security. The CNIL is in favor of the CNIe because it considers that the device is secure. Indeed, it allows the creation of a “high-level state digital identity”, to have control and control of their data, to improve the security of procedures – in particular by avoiding the circulation of photocopies of identity documents – and to better fight against document fraud – which can lead to theft of ‘identify. However, it is absolutely necessary to preserve the plurality of digital identities in order to separate the different aspects of one’s life and to provide a service that is more or less complete, depending on the context of use – this is essential for security. personal data –: Facebook does not need to have as much information about an individual as Ameli, for example.
The plurality of digital identity solutions is necessary to avoid the centralization of information and the concentration of risks, in particular vis-à-vis cyber malicious acts and their impact on society if the data were to be compromised. This also prevents abuses such as individual tracking, because centralization of information would allow the constitution of a population file, or even a follow-up of the digital activities of the population. Moreover, it is important to protect anonymity and pseudonymity. Indeed, even it is sometimes difficult to put in place – perfect anonymity requires the use of many techniques which are not accessible to everyone – they make it possible to promote freedom of expression, to avoid self-censorship or not be associated with certain militant activities, for example.
Finally, the CNIL warns about the need to maintain physical alternatives so as not to sideline people who are less experienced in new technologies. Starting with the elderly, not all of whom are comfortable – to put it mildly – with computers, tablets, smartphones and the Internet. And they are not the only ones in this situation! Not everyone has this kind of device and a connection available at home. The digital revolution is leaving the population out of account, by aggravating an increasingly sensitive divide, and not only among the “old”.