Recently, I was in Sweden and talking with some friends about the success of Sweden’s BankID implementation, which was started and owned by the major national banks. Over 90% of Swedes use BankID for secure identity verification and SSO access to not only their bank, but government services, telco accounts, payments authorization and many more services. Once you’re inside the BankID bubble, it’s amazingly straightforward and easy to use and solves nearly every online interaction of consequence. But when you’re outside - maybe you are an expat who just moved back to Sweden, or you’re a guest worker or student, or you have a bad financial record that means banks don’t want to do business with you - it’s extremely difficult to function in everyday society. And it made me think, as successful and beneficial as the model is, it might highlight some compelling reasons why it makes sense that, when possible, governments should be the primary sponsors and issuers of digital identities. 

So my goal with this article is to put forward some of the reasons that US government authorities should be the entities we should be looking to in addressing our challenges around a standardized, secure, privacy-preserving personal digital identity solution. Disclaimer: This is from a US-centric viewpoint.

• State governments already have processes for issuing identity and holding personal data.

• Government agencies must serve everyone.

• Government agencies are answerable to the public.

• Government agencies are historically more stable than private companies.

• Governments are obligated to keep constituents safe and enforce the rule of law.

Governments already have processes for issuing identity and holding personal data.

First, the government is already the authority on personal identity when it comes to authenticity and accountability of the individual. From birth certificates to social security numbers, passports to driver's licenses, governments have long been the custodians of critical identity-related data. This existing infrastructure, vetting processes for identifying individuals and storage of personal data provide a robust foundation for the development and deployment of digital identities. By leveraging this pre-existing structure, governments can create digital identities that are not only secure but avoid the requirement that personal data must be shared with private institutions in order for an individual to utilize a native digital identity. 

Governments must serve everyone.

The government has an inherent obligation to serve all residents and citizens. This obligation is enshrined in the very fabric of governance, ensuring that every individual has access to essential services and rights. Unlike commercial companies, which often cater to specific customer segments or regions, the government’s mandate is inclusive and comprehensive. Private companies, especially financial institutions, may have reasonable (or even regulatory) cause for refusal to engage or provide services for certain individuals. 

Governments are answerable to the public.

US government agencies are answerable to the public and operate under a framework of laws and regulations that mandate transparency in their actions. I know that there is skepticism and deserved criticism of governments when it comes to the protection of personal privacy, but in comparing public and private institutions, the motives of a public institution holding my personal data are going to be more in my best interest than a private business. This accountability is crucial in maintaining public trust, especially when it comes to managing sensitive personal data. In contrast, commercial entities, driven primarily by profit motives, may not always prioritize transparency or be held to the same rigorous standards.

Governments are more stable than private companies.

Another critical aspect is the long-term stability and continuity that government sponsorship provides. Governments, unlike private companies, are less susceptible to market fluctuations, mergers, or closures that could disrupt the provision of digital identity services or the rules that govern that personal data. This stability ensures that individuals can rely on their digital identities over the long term, without the risk of service interruptions or loss of data due to the business decisions of a commercial provider.

Governments are obligated to keep constituents safe and enforce the rule of law.

Lastly, government-issued digital identities can play a pivotal role in enhancing national security. By maintaining a secure digital identity system, governments can better monitor and manage identity verification processes, reducing the risk of fraud, identity theft, social harms, and other cyber threats. Digital identity is a common good, necessary for maintaining trust and accountability in modern society, and we should expect our government to provide that security.

In all, while commercial companies have made significant strides in the realm of digital identity, the government remains the best positioned entity to sponsor and issue these identities. The government’s obligation to serve all citizens, its established role as the authority on personal identity, its transparency and accountability, its ability to ensure interoperability, its long-term stability, and its role in national security collectively make a compelling case for government-issued digital identities. 

For these reasons motivate me to do my best to promote and support government programs around digital identity. I use my mDL at TSA at the airport, I ask about using it at my local state liquor store, I talk about it with complete strangers, and I offer my time trying to promote and collaborate through Secure Technology Alliance. If you agree governments should continue to pursue these initiatives, it’s important to support them, as an individual by using your government digital identity when you can, asking about it when it isn’t offered, and if you’re in a position in your organization to promote it!