What’s All the Buzz About Digital Identity in Canada? Come On, Microchip Implants Don’t Hurt That Much.
Hopefully the title grabbed the attention of those who have been duped by the numerous conspiracy theories spewed on social media platforms when it comes to digital identity! The misinformation and disinformation on this subject are laughable on the surface, but sadly it is regressive and detrimental to Canada’s ability to flourish in the 21st Century while competing nations embrace the digital economy. Canadians deserve better than to be held back by baseless claims of a small minority.
And no, in Canada microchip implants have nothing to do with digital identity. Zero. Zip. Nil. Nada.
Further, unlike some countries with national IDs, what is underway in Canada is not a mandate or an invasion of privacy – in fact it is voluntary and designed to protect and enhance Canadian’s privacy. Contrary to conspiracy theorists’ claims, the government is not conducting surveillance on law-abiding citizens.
Did you know that there is a whole industry focused on strengthening security and protecting your identity? It’s not just industry that works in this area, it is your provincial and federal government too, and there is nothing nefarious with their intent, other than to make your experience safer, securer, and easier. Over a decade ago, industry partnered with government to launch the Digital Identity and Authentication Council of Canada (DIACC).
In September of 2022, Privacy Commissioner, Philippe Dufresne stated he will be promoting:
Privacy as a fundamental right;
Privacy in support of the public interest and Canada’s innovation and competitiveness; and
Privacy as an accelerator of Canadians’ trust in their institutions and a driver in their participation and contribution towards a robust digital economy.
All three are equally important, with #3 most applicable to this article.
There are times when anonymity or pseudonymity is a good thing on the Internet, like Twitter. However, being anonymous doesn’t cut it when it comes to banking online, paying your taxes to the CRA, or accessing other government services at the local, provincial, or federal levels.
As stressed above, participation in the PCTF is voluntary. For those that choose to have a digital identity, the benefits start with the ability to prove who you are online.
Proving who you are in-person is easy for most folks, by simply taking their driver license or health card out of their wallet or showing their passport when traveling outside of Canada. Those documents satisfy the needs of everyone, from the ticket taker at a movie theater to a bouncer at a nightclub to law enforcement and the CBSA.
Things are vastly different online. How do you prove who you are online? Equally important, how do you prevent an identity thief from using your information online? Entering your name certainly doesn’t cut it. Adding a static password doesn’t either. Hint: an embedded microchip is not the answer.
Given all the data breaches over the past few years, even answering “out of wallet” questions from your credit history are no longer credible. Why? Because there is a good chance fraudsters and identity thieves purchased this information on the Dark Web – your personally identifiable information.
When it comes to identity online, it’s a two-way street. As much as a company or government agency wants to know that you are who you say you are, you also want to know that the website you are logging into is who they claim they are. With phishing attacks on the rise, fraudsters often pose as a legitimate service provider. In September the Canadian Anti-Fraud Centre reported that “fraudsters claiming to be the Canada Revenue Agency (CRA) are sending phishing emails that may look legitimate but, if you look closely, the email address is not from the CRA. The CRA won’t ask you to click on a link and share your personal or financial information.”
Where To Turn? Voilà Verified!
Although no solution is 100% secure, I encourage all Canadians to follow the work of the DIACC. Taking almost a decade to develop, with input from the public, industry and government, the Pan-Canadian Trust Framework™ (PCTF) was launched in 2021.
From a 2016 DIACC press release, the PCTF confirms “the commitment of government and private sector to work collaboratively to safeguard digital identities online through a robust framework, which will standardise processes and practices across the ecosystem and facilitate the growth in trusted digital services.”
The PCTF encompasses several components: Verified Person, Verified Organization, Authentication, Consent and – yes – Privacy, to name a few. Privacy is not only a core component, but also the very foundation of the PCTF. Every component is accompanied by a conformance profile document, which defines what vendors and service providers must do to be awarded a coveted trustmark.
Enter the DIACC’s Voilà Verified Trustmark Program, launched in October of 2022. Per the press release, “The DIACC’s PCTF is a publicly available framework for identity solutions that defines client, customer, and individual duty of care. The Voilà Verified program provides a vetting and assessment opportunity where PCTF-compliant solution vendors can earn a public-facing trustmark. The result? Spotlight visibility of trustworthy, safe, reliable, and efficient solutions.”
When doing business online, whether shopping, opening an account with a financial institution, buying concert or sporting event tickets, posting on social media, or transacting with another service provider, look for the DIACC trustmark. Aside from complying with federal and provincial laws and regulations, organizations have different policies and practices. Voilà Verified levels the playing field, and organizations that have taken the time to voluntarily obtain trustmark(s) are deemed trustworthy. Organizations will proudly display their trustmarks on their website or in their marketing materials.
You can also visit the DIACC’s Voilà Verified Program Public Directory – the official list of trustmark holders, including accredited entities, verified services, and verified networks. As the first accredited assessor of the program, we at Kuma are very proud that we were the first organization to be listed.
If you are a service provider looking to differentiate your solutions from your competitors, feel free to contact us at firstname.lastname@example.org to learn more.
Michael Magrath, as Managing Director of Digital Identity, is responsible for Kuma’s global digital identity practice and works with clients to achieve NIST 800-63-3 certification under Kantara’s globally acknowledged Identity Assurance Framework (IAF). In addition, he assists global clients in achieving trustmarks in compliance with the Pan-Canadian Trust Framework and the UK Government’s Digital and Identity and Attributes Trust Framework. He also represents Kuma on Kantara’s Board of Directors and Kantara’s Identity Assurance Work Group (IAWG). He is also a member of the Digital Identity and Authentication Council of Canada (DIACC) and currently participates in the Trust Framework Expert and Outreach Expert Committees.