Event Recording

Journey to the North: Canadian Perspectives and Progress on Digital Identity


Log in and watch the full video!

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package  
Nice to see everyone here. It's wonderful to be with you confession. This is my first in person conference since the pandemic. So I'm just truly excited to see so many friends and colleagues and meet new people in person. So let's head into as mentioned, let's head to the north and hear a little bit about what's been happening. I'm joining Brennan, president of the digital ID and authentication council of Canada. And we'll share some perspectives from our ecosystem and what we, where we see the ecosystem moving in Canada. Now, if you don't know who we are, the DIAC is a organization. It's an association that's been in operation for 10 years. We are an adoption accelerator. So we help to develop white papers, research, all, all materials that help to reduce uncertainty around adoption of digital identity. DIAC is also what we call a trust framework provider.
And so a trust framework provider of course, is an entity that is responsible for the development and the management, and to provide compliance verification around a particular in this case, an assurance framework. So these are the two things that we do as DIAC now, as we move forward. We've certainly have been hearing a lot about standards. We'll continue to hear about standards this week, of course, policy and governance that makes those standards work together. We've heard from our last speaker around some of the, both the tech and the regulation, the technology, and finally all in the service of people. And so what we love to do at the DIAC is put these pieces together because we believe no single approach, no single view in this puzzle has what it takes to move identity forward in a way that works for every Canadian, for all of us, in a way that's respectful and privacy enhancing.
We have around 120 members, their organizations that are Canadian. Yes, what's unique about us is we have got public sector and private sector sitting around the same table and many corporations that are based in Canada and international corporations as well. The use cases we tend to focus on are those that are around the financial sector, the know your customer and anti-money laundering. These are of course key to enabling the global digital economy. So we spend time there we're very keen in terms of government services. And so how do federal governments deliver service to their citizens? How do provincial governments deliver services, municipalities? And then also, how can this data be used by citizens in their private life as well? So we're focused there. Civic engagement is key for us helping to build a constituency that actually is verified. So we have a verified constituency. Who's providing feedback into policy that is often local.
And we know that sometimes trust has a challenge with scaling at ma at mass scale. So really getting down into that local level of government as well, and finally, something that we're all aware of the healthcare ecosystem, being able to access patient records and move them around for us in Canada, we do have the provincial healthcare systems across our nation. So this is an area where public and private sector meet. So our focus is on that intersection of public and private sector and particularly where our, our mission in fact is to advance the global, our participation in the global digital economy as Canadians. And so we see digital identity as the mechanism of getting there. Now we've heard around individuals and groups. And so we've heard some thinking around kind of perspectives in this space. And I will say that what we see in Canada is digital ID.
Digital identity is largely misunderstood. People do not understand what these words mean. They conjure up their own thoughts. And also when you're speaking with industry, you will find that industry will have problems that they're trying to solve. They won't necessarily think that these are problems that digital identity can provide a solution for. So this is a challenge that we need to work through. And of course, the first step to closing this communication gap is to better understand the perspectives of others within your ecosystem. And so this is what we've done in Canada. We've spent the last three years doing, doing market research with a, a qualified third party research firm. So we've asked Canadians coast to coast, to coast, different languages, different regions, different backgrounds from around our ecosystem, what they think about digital identity. So now we're, we're talking to those people and really getting a better sense of what they understand and what they don't to help guide our way forward.
So let's see what Canadians think and understand or not about digital identity. When we ask Canadians this year, this is 2021 results. How familiar are they with the concept of digital identity? Well, just under half even had some kind of understanding of what digital identity meant. And if we look year over year from 2020 to 2019, yes, we're, we're ticking up maybe 1% more understands each year, what digital identity, what it could be, what it is, but still, we're not over half in terms of understanding the concept of digital identity. So this is presents. The opportunity for education certainly helps us to know that when we're speaking about digital identity, we need to do better in that education space. Some interesting stats around demographics that we'll see in terms of speaking with Canadians, actually what we call the sandwich generation or the caregivers. These are people who are caring for children in the home, maybe caring for dependence in the home.
Those that are aging. This is the group of people who are most keen to adopt digital identity. Once they understand the benefits, these, these have to take care of records for people in all aspects of their lives. And so they really are looking for that convenience and they need it desperately. They especially did through the time of COVID. When we asked Canadians about what they, what was their personal definition and use of digital identity. We actually saw some interesting stats. And so if we, if we think about user IDs and passwords Canadians, in fact, think that that is digital identity. They think that they are learning more about biometrics as time goes by. They also think social media to a degree is digital identity. And so, again, that, that understanding of what digital identity is, they start to fill in the gaps with the things that they kind of may use or are familiar with.
And still from the survey year over year, there are some lower rates of adoption. And so again, could be an education gap area here to spend time with the clients and the customers. Certainly there's more learning to be done in the space. And roughly a third of Canadians felt that they had used, had used a vaccination passport and felt that that was somewhere in their definition of what digital identity is now carrying on from our, our last speaker and the topic of the digital wallet. We ask Canadians how familiar they are with the concept of a digital wallet. And roughly half felt that they had some familiarity. So half had an idea of what a digital wallet was, 54%. And of course the other half, not much familiarity, not at all in terms of again, who is most interested in the digital wallet concept, who's most using it, who's most keen to adopt it's those caregivers.
It's the people who have to work their jobs care for youngers care for elders care for others in their family and in their home. And it's also the younger generation, the 18 to 34. So these are the generations. These are the demographics, at least from our surveys that are most keen and most familiar with the concept of a digital wallet. Now, when we ask who is actually currently using a digital wallet via their smartphone here, we were at about 38%. We're actually using a digital wallet in their smartphone. I'm, I'm one of those. And the most popular of the, of wallets that was being used is the apple wallet that was followed behind by another type of digital wallet. And so there are many digital wallets out in the ecosystem. We'll, we'll talk a little bit more about that as we go forward. And then that was followed by Samsung pay.
So, so in terms of, I think no big surprises in the digital wallet and which wallets are being used. And again, those, those same demographics in terms of who is most keenly looking for these services and who are the most keen to adopt in their, in their daily life. So we're seeing clear trends in terms of the, the population in that sense, some general key findings from the Canadian ecosystem around digital identity and what Canadians are looking for. Well, when we ask Canadians, should government be moving forward to help establish an ecosystem for digital identity forms of digital identity when they were, when people were explained, the concept of what digital identity was four and five were extremely supportive of the federal government moving forward to, to, to invest and to, to work, to issue and help to create an ecosystem for digital wallets, sorry for digital identity.
And similarly, they felt their province, their, their more local government should be the moving forward with digital identity. And from a Canadian perspective, our legal roots of identity that's important because most Canadians, their legal route begins within their province. If you're someone who's immigrated to Canada, such as myself, your legal route starts with the federal government, say your name, and then you can. Now I'll just, I'll just two thirds of Canadians felt that a collaboration between the public sector and the private sector was the best way forward to establish this ecosystem, to establish a framework, to guide this ecosystem. The reason being in terms of this two-thirds strong majority and support is that people felt that the right checks and balances would be in place if public sector and private sector work together to design a people-centered approach, something that would work for people, whether they were dealing with government or whether they were dealing with their finances, their education, or other aspects of their lives.
So a very strong support for collaboration. We have seen some polarization over the last three years in terms of some much preferring government or much preferring private sector to take the lead. But year over year, three years now, strong collaboration of both is the way forward for Canadians. When we asked Canadians, did COVID really drive the urgency around moving to a fully operational digital identity ecosystem, two thirds felt overwhelmingly that the conditions through COVID social distancing, the ability to transact anywhere, anytime work from home, two-thirds felt that COVID really drove more urgency around. Canada's need to move forward on digital identities. So no surprises here, and then looking forward, as we saw in the, in the trends eight and 10 of the parents or the caretakers, these are the people who are most keen. So when we're thinking about who our audience is, and who's most in need, remember those caretakers, those caregivers, and eight and 10 Canadians wanted to see the concept of digital ID.
They wanted to learn more about the benefits. What could this provide for them, them, how could, how could it help them move forward in their lives? Now, nearly half of Canadians had felt, again, that that vaccine passport felt fit somewhere in their idea, other personal definition of digital identity. So what we can see here is that the concept of digital identity itself among Canadians coast to coast to coast is still unfamiliar. We've not gotten over half in terms of familiarity. However, we do ask some individual questions each year. And this year we learned that one concept was very easily understood by Canadians. So a strong majority agreed that they should have access to personal data that is collected by the federal government of Canada. And also the personal data that's collected by the provincial governments of Canada. They also felt pretty strongly around 86% that they should have access to the ability to see know, and be able to use data that is collected in the private sector as well.
So we see a strong, easy understanding of the concept of personal data and personal data control. They were not assisted in this concept. And when we reviewed these results in, in the background, we said, gosh, we can't get 91% of people to agree that Elvis has died. So seeing 91% agreement in a poll was the first time we've seen this ever in our three years of research, people understand personal data and they are, they are demanding control and access to that personal data yet still in, in, on the internet, we still have an ecosystem where on the internet, nobody knows that you're a dog in Canada, so we need to move forward. We need to do better. The Canadian ecosystem itself, however, is, does continue to progress. So where are we? We see four scenarios that exist in the Canadian ecosystem today and are progressing.
I don't think these are particularly special scenarios to Canada. I think we'll see them around the world. So we'll take our internet dog. And, and the first scenario is around the platform identity, the big giants. If we continue the way forward with the big giants, there's very little, not so much influencer control that we will have. And so on the internet still, no one knows you're a dog and the platform identity ecosystem, if it is to be dominant and progress the next scenarios around the operator networks. And so we do have a, a strong payment network interact for us in Canada. So, so the operator network, it absolutely provides a lot of functionality. It has a strong front door, strong security. It may not work everywhere, but when it does it really counts and here you, the, on the internet, you still may be a dog, but you do have a credit card and you can make some payments.
So we've got a little bit more assurance in that ecosystem. We've heard in the previous speaker today around self sovereign identity identity. We do see self sovereign identity emerging as one of the ways forward in Canada as well. There's certainly a flurry of work happening in digital wallet space and in different types of networks, self-sovereign identity type networks, and then hybrids thereof, hybrids of operator and self-sovereign identity networks there as well. And maybe in this ecosystem, our dog will be able to show a verifiable proof that it is in fact, a dog. And then of course the open APIs. And so in this ecosystem, this exists today and it should it continue to move forward and be dominant. We don't know if you're a dog, but we certainly know that you like dog treats. So these are the four kind of scenarios that we see playing out in the Canadian ecosystem, as it is today, we have some common challenges across these scenarios to spend our time on one is creating the right market conditions.
So you've already heard, I think I've heard many times today, the word standards being mentioned, we, there are many efforts in the space around standards. There are parallel efforts in different bodies. Many of these works are complimentary. This said there is a world of standards out there. And so there is not a necessarily a single standard that's moving forward. And so that is a place that's a common challenge across those four scenarios. And then in terms of regulatory conditions, if you join us on Friday for the workshop, I think we'll talk a little bit more about this, but in the regulatory conditions in Canada, we do have strong regulations from a perspective of access to, and, and, and transparency and privacy protection for data that is held in the private sector. We could use some work in terms of the access to information. What Canadian's expectations must be for data that is collected or issued by federal and provincial governments and municipalities for that matter.
And so we saw in our perspective research, this is something that Canadians demand. And so we've got some work to do in Canada on the regulatory space to meet that demand and, and to get there and create those right market conditions. The second area of common challenges is promoting market growth. And here sustainability is something that we do need to watch as these newer models come forward around self sovereign identity around digital wallets. And even as we start to move into using operator network systems more for digital identity across each of the scenarios, the sustainability models is something that we have to look for. It's not quite settled yet, and we need to watch particularly there around as everyone included. And, and how is that model being driven and, and kind of where this space is going. So this is a space to watch. And then of course, diversity equity inclusion, making sure that as these systems move forward, no one is left behind and that we're designing for that diversity equity inclusion.
And that certainly is a challenge. And one that needs to be addressed, not, not in a single motion, but continuous motions and, and continuously learning together and building this into the tools as we go. So these are four areas to common challenges to pay attention to in the ecosystem. So let's get into a little bit of the tools that the Canadian ecosystem is looking at to verify assurance across those types of scenarios, those different technologies, and to start to address and to work, to address those challenges that we talked about across the four scenarios, and I would call these tools for trust. And so I often find that when I'm speaking with people about digital identity and particularly standards versus frameworks, it sometimes helps to go through and just remind us what are the differences between standards and frameworks. And so standards are typically documenting one method of doing something they're often rigid purposefully.
So because we wanna document that one method and they're generally accepted as a methodology of, of getting something done. Whereas the frameworks are from the framework perspective, this focuses on meeting the outcomes typically of a regulatory or a policy requirements could be a contractual requirement as well. And frameworks really define a system or ecosystem, not the exact methodology itself. These frameworks really provide a scheme to allow innovation to move forward. So if you're not entirely familiar with some of the key differences of standards and frameworks, we can really see how they work together, where standards are that single methodology. There are many standards out there, and that's where a place where frameworks come in to help to verify trust across those different kinds of standards and those different kinds of solutions. Really these frameworks help us to answer. We were in the last talk, talking about digital wallets.
Can I trust this verified person credential? Can I trust this credential? Can I trust this wallet? Can I trust this network? Or is privacy protected well enough? Or do I need to have more assurance to complete this transaction trust really does depend on assurance. And when we are dealing with proofs, verifiable proofs or other proofs, we need to know that they're connected to that verified person. We need to know that there, the, these proofs have been issued by a verified organization, that the credential contains the right verified information and that privacy and notice and consent has been met. So these are just some of the examples of where assurance really assurance tools really matter in this ecosystem as we go forward and particularly looking at, and thinking about wallets from our perspective, wallets must be user centric. They must be accessible to all Canadians, and they must interoperate protect privacy.
And of course be secure. So in a space where I think we were hearing previously, there is no singular technology on the way forward on wallets. Yet we have some proprietary work in the space, the standardization to be done in the space. Certainly there's open source work that's happening in the space. And so wallets are a prime space that can benefit from assurance tools so that we can, as this new emerging ecosystem moves forward, along with the existing ecosystem and the existing tools that we have, we can verify that trust, and that's gonna be important for our clients, our customers, our citizens, and also important for the issuers and the, and the data, the data issuers who, who issue those data as those credentials. So the primary tool that we've developed within the DIAC is the pan Canadian trust framework. And really this comes back to our theme in the beginning, it's a tool to work across those standards, across the different technology models, across policy and governance, all in the service of people.
And so we can think about the Pan-Canadian trust framework as a framework that has been developed in the locality, the jurisdictional needs of the Canadian ecosystem. However, it is an important tool to help us bridge across as we're looking at. I think the previous speaker mentioned, you know, what if wallets are coming from jurisdictions that are not within Europe? Well, I think using tools like trust frameworks, we can have methodologies to say, can we turn a Canadian flagged wallet to a Dutch flagged wallet or a German flag wallet, or a Swedish flag wallet. So these are really tools to help us bridge these gaps. As we work through these jurisdictional requirements, our framework is available for all we're in version 1.0, and we're continuing to add to the, to the functionalities that we have. It is a componentized, a component based framework. We see that no, typically no single entity can provide the capabilities from end to end.
One of the things that we're most excited about in the framework, well, privacy is all encompassing. So this is privacy is built into every section of our framework. We also have a particular specific module to be able to verify privacy from the Pan-Canadian trust framework, all aligned with those regulatory outcomes and those policy outcomes that we mentioned. One of the areas that we are most excited about in the pan Canadian trust framework right now is the digital wallet component. This is out and available for comment. You need not be a member of DIAC. You need not be Canadian. I think over the course of our P CTF development, we've processed around 5,000 comments from nine different countries around the world to make input to the framework, to my knowledge, it's one of the first assurance assurance tools to be able to measure outcomes of wallets that could be built on different technologies, using different standards, using different governance.
So as we see that wallet ecosystem move forward, it could provide a mechanism to it's in position to provide a mechanism, to add a assurance, check mark to a digital wallet. So we're excited for this. And if you'd like to comment on it, you can find this in our DIA CC, a CA DIAC website. And finally, we're pleased to introduce you the VO program. This is, I promise you we're do nearly done. The VO verified program is our assurance program where we're offering trust marks for organizations who would like to participate in this space. And we're currently accepting applications. You can access our five year strategy on our website as well. This shows you where we've started and where we're going. We're in year two. And for the EIC conference, we're very keen to work with you all, particularly on use cases around open banking, around international students and immigration and refugees.
So the last thing that I will leave you with is as we navigate this system that is very complex with many standards and many technologies tools for information assurance like the pan Canadian trust framework really do provide a bridge. I'll leave you with a picture of where I'm from Vancouver, British Columbia. This is the Lionsgate bridge. It was built by the Guinness family. Yes, that Guinness family in Canada. So this bridge was built in 1938. And prior to seeing that bridge, we did not have all of those apartments that are on the other side. Stanley park is on the, is to your, this side. We didn't have all those apartments. We didn't have the ski hill that has the lights on top. And so that bridge made it possible for us to develop that area and to move on and bridge these areas and really grow our economy and grow our opportunities. So I'll leave you with one last thought from the philosopher Canadian philosopher, Marshall McCluen, who said first, we shape our tools and afterwards our tools shape us. So tools to verify assurance in the digital identity ecosystem really do matter. Thank you. And I hope you have a great rest of your evening.
Thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Webinar Recording

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Analyst Chat

Analyst Chat #152: How to Measure a Market

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00