IGF 2019 – Day 3 – Raum I – WS #178 Human-centric Digital Identities

The following are the outputs of the real-time captioning taken during the Fourteenth Annual Meeting of the Internet Governance Forum (IGF) in Berlin, Germany, from 25 to 29 November 2019. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>> Inclusivity about sustainable and trustworthy. Are right at the heart of what digital identity is all about. And so if we look at this discussion today, and think that by 2024 there may be 5 billion people who are in some way using digital identity systems. But if you look at some of the challenges that we've got, a lot of the issues that we've talked about this week are right at the center of the digital identity debate. It is about ambition but how do you balance that with capability? It's about how do we get inclusion but avoid exclusion? How do we empower people with digital identity but yet avoid discrimination? And if we look at some of the aspects of today's world and what is coming around the corner, we can see how digital identity becomes absolutely central to everything that's involved in participating in the digital economy.

If we think about cross-border travel. Think about the possibility of doing remote operations on your heart where the doctor is operating from another country. Think about the role of government E-services going forward. The possibility of using data from multiple agencies around humanitarian aid. All of these will involve aspects of digital identity as we look forward. The question that we have to ask is are we falling into some of the same old traps? The issues about single-use identities when we know that what users want is an approach that's inclusive, involves their ability not just in terms of health, not just in terms of banking, not just in terms of travel, not just in terms of how they interact with government services, but they're looking for something which is user centric. So it's not just about how do we create digital identity systems, but it's about how do we make sure that those systems truly create value for the users? So those are some of the issues that I hope we can begin to get into today as we talk about human-centric digital identity. The format for today is that I'm delighted -- I'll introduce the panelists in a second. We'll have a panel discussion to frame some of the issues, get the debates moving. And then we are going to get you to work so we'll have some break-outs. And we're going to have half an hour in break-outs and then in those break-outs there were five groups and you get 15 minutes in one of the groups and then a second 15 minutes at a second group of your choice. And I hope that what we'll be able to do is draw on some of the collective wisdom in the room. And particularly what we're interested in is your insights, but also where you see good examples. What are the examples that we can draw on as we go forward over the course of the next three, four, five years. That's the sort of time frame.

I hope that by the end of this 90 minutes together that what we'll be able to think a little bit more about is what are some of the principles that we need to understand better to help us with user-centric digital identities? What are some of the use cases? What are some of the best practices that will help shape how we should be implementing digital identity going forward? What are some of the main policy considerations that we should be looking at? How do we avoid some of those pitfalls that we can already see? And then finally, what do we think and what does the panel think are some of the next steps that enable us to move forward in a way that helps us to address both digital identity through a public lens, through a private lens, through an individual perspective, a business perspective, and a government lens? I hope that frames the discussion for us a little bit and what I would like to do is go to the panel. So starting with Linda Bonyo on my right. Linda is the chief executive of LawyersHub. We'll come to her in a second. On her right is Dirk Woywod, and then Michael Bultmann and Sebastian Hufnagel. You have pictures on the screen. Linda, let me start with you. LawyersHub. And one of the things that you've been looking at is this whole question of how the legal system and justice works with technology. And I know that one of the exercises you ran recently was in Kenya looking at the whole question of digital identity. Just help us a little bit to explain what you've been doing and what are some of the insights that you want to sort of share with us about what you are finding around digital identity? I think one of the things we're very aware of in these discussions is we can't look at it all through a developed country lens. We need to think about it through the lens of different parts of the world.

>> LINDA BONYO: Thank you very much. I want to say a little bit about what LawyersHub does. We realize the gap between law and technology. The usual law making process is very bureaucratic and does not involve the communities in our country. So I'm from Kenya and we walk across Africa. The lawyers have trained lawyers to understand technology so they make better policies. In our analysis most of the time the regulators and policymakers are actually lawyers, members of parliament in Africa are composed of lawyers. We thought it was a good place to start from and now we host weekly events to talk about policy and 150 lawyers who come into our space every week. We have 1,000 active membership and 10,000 lawyers. So our reach has been very deliberate. We see the difference in engaging lawyers in policy-making processes. On digital identity I think it is important to learn the history before we move on digital platforms and so in Kenya, for instance, we had the whole colonial registration identity system began in the 1920s and so that sort of classified everybody in terms of their tribe and where they come from.

If I look at your I.D. card, Kenya but mostly Kenya and Zimbabwe I can see what your tribe is from your identity card. When the government put in place and said they're coming up with a number, their version of digital identity, we thought it was not well thought through. One, we have stateless individuals in Kenya and moving them to a digital identity without sorting out issues of exclusion would actually exclude them further in a digital environment. So we also asked about the second question, how do we insure that there is privacy around these issues? The Kenyan government have been hacked more times. And having this information in their databases and their proposal was to centralize digital identity. Centralizing it and adding DNA information would be problematic. What if the information is compromised? We did not have a data protection act. We enacted one two weeks ago and came into place on November 25th on Monday. So we thought that would not work so what did we do? We got on the ground and started doing policy hack-A-Thons and inviting people to our spaces and what do you think about digital identity? What proposals do you have and what can we do about it? We did policy hack-A-Thon across the country and developed an alternative policy which we hope that African countries can take it up as alternative and law. What is missing especially in the global south is who can we learn from? Most of the African countries are looking at India and saying they have their system. But our jurisdictions are different. We need something that's more African that actually understands the difference in population, the tribe, for instance. I don't think a tribe information needs to go on an identity card. That means we're simply taking issues we've fought through the years to a digital platform. So my final comment on this would be learning from Kenya, I think digital identity should have meaningful consent. The government should not force you into a digital platform but insure that users actually opt in willfully. They see value in it and why they need to come into that system. And also engage other sector players. Engage the lawyers and businesses. Because businesses understand the importance of having a digital identity. People need to understand why it's important for them to be authenticated. It will offer me good alternatives if I'm banking, walking into a building and I want to surprise you. In Kenya, the buildings you can't access without an identity card. So people who are stateless and refugees cannot access things in Kenya. I think identity is crucial for us. Learning from Ethiopia, they took a different approach and said can we test a particular population around digital I.D. and scale it across the country? Thank you.

>> MODERATOR: Can I pick up on this question about do Kenyans truly see value in the digital identity? 38 million people have signed up to the digital identity program. The real question whether is Kenya or any other country is ultimately do people see value in it and the issues and friction? When you do the hack-A-Thon, what was the value that your individuals sought. I understand the problems about tribes and ethnicity but where is the source of value? If we can't get the value clear I think digital identity programs won't fly.

>> LINDA BONYO: I think the value is seen mostly by businesses. We had a discussion last week on digital identity and a lot of the businesses that are already working on products. They see the value and banks see the individual. Individual users still don't see the value. The government had a tag line if you get a number, you will have better government services. So I see tweets people just on Twitter saying it is 100 days -- I still don't get government services. They don't see the value. I think it will take a lot of teaching and then also organizations like private sector having actual projects on digital identity that would be interoperable with what government is already doing for people to see the value in it.

>> MODERATOR: Thank you very much. Michael. Let me come to you, a very different context, mapping and location services, but huge geographical implications as those get rolled out. So how does digital identity in your business lens work?

>> MICHAEL BULTMANN: First of all, good afternoon, ladies and gentlemen, and thanks a lot for having us here. I have to first give my compliments to the selection of the topic. That was the reason why I was saying to my colleagues this is spot on. A topic of high relevance to all of us, human-centric digital identities. In one word what we're doing and Mark was alluding to it we are capturing the entire world in digital format so we are active in 200 countries and have a digital representation of the world. If possible in realtime this is not always possible in some parts of the world, but we are on a good way.

We learned over the years the relevance and importance of digital identities. The starting point we're not a clearly consumer brand but more of a customer brand so business to business and business to business to consumer approach. However, we realize it is quite crucial to have a proper management and proper view on identities. I can give you an example. I was sitting in a board meeting in California and a colleague from China was saying I don't know what you have about privacy. It is always about GDPR and consent and relation between individuals and the government. We have an issue in China. There is not only one -- there are at least 20 in China. The identity is taken away and without proper identity and being really sure that the person who is really the one who would like to vote, to consume, to express an opinion is the real one behind the issue. I'm not the one giving advice to governments to how to do and have a simple minded business view on it but we see huge opportunity and necessities to focus much more on that. To give you one example, in the area of banking, we are collaborating with a big credit card company, MasterCard. And they have really the need to understand that the person who is behind the transaction is the one who is claiming to be that person by knowing and looking again to you, Mark, sorry. That is of crucial importance. Location intelligence is playing a bit of a role in it to double-check whether this information is correct.

So digital identities are of outstanding importance there. We are also contributing to -- I will leave it to my colleague dirk to describe another approach. Any main message is here before we're talking about the challenges, about discrimination, about equal access to it, what is crucial in the Internet without any doubt, we need to really raise the sensitivity and understand, really, that identity was already important but that it has not change in the digital world. Because of the speed of the exchange of information, the risk exposure is different and special focus and attention on it absolutely required. Thanks a lot.

>> MODERATOR: Michael, could you comment a little bit on this world of realtime information that we're going to move towards? Clearly the sorts of work that you are focusing on, whether it's driving a car, whether it's looking at integrated supply chains, it seems to me that most of us think about the information that we access is very much historic. But we're just about to move into an era you see 5G and Internet things coming. You look at what you are doing with automotive technologies where we truly are in a world of realtime information whether you walk into a shop or driving a car, whether you're looking at where things are in your supply chain. How does digital identity or how critical is digital identity in that world?

>> MICHAEL BULTMANN: We're not there in November 2019 if you're working with autonomous solutions. We don't have everywhere we have access to realtime data. We see the first case is very concretely. Of course, it is very compelling and very interesting offering to say nobody cares too much whether the city believes in the speed limit or in a certain road condition. What counts is actually what do we see in reality? If an accident is a black eyes can I drive the way I would like to drive? You can translate it to shopping. You go into a shop and you see the pricing system and the offering, in realtime. In that situation if a customer, consumer, driver is coming to a scenario it is, of course, very important because certain of the let's say the environment, the point of interest, may vary. It is highly individual. That is of course very important to know who is coming around the corner and that maybe -- may create huge benefit for that concrete person in a very concrete situation. I do see, of course, that there is risk associated to if you don't manage it properly, therefore we do not have a lot of time to talk in detail about an organization techniques of the future and the context of privacy which we're working very actively on. But this is crucial that the human really in the center, that this person can consent in order to proceed with a given situation, with a given solution.

>> MODERATOR: Very good. Thank you. Sebastian let me come to you. Dell's line is the future is better than today. As someone who has a company which is critical in terms of the hardware, the infrastructure that we're all using, which enables us to access Internet, tell us a little bit about how Dell thinks about digital identity and what is it that we see coming on the horizon which you think is particularly important for us to note?

>> SEBASTIAN HUFNAGEL: Thank you, mark and for the invitation to this important discussion. As you mentioned, Dell technologies provides infrastructure for the digital transformation including digital identities and the data economy, data management, and so for us it's crucial that digital identities are adopted and trusted and secure and as without them a lot of the solutions that we're talking about wouldn't be possible and a lot of the solutions that run on our infrastructure wouldn't be possible. So for us I think we see privacy and security as a crucial conditions that have to be secured in this infrastructure and at a company that will -- we have committed to privacy as a fundamental right of our customers and users and I have to say that we have not using our customer data for commercial gain. Our customers want us to treat their data is a responsible way. We've always invested in our data management and governance systems, risk management systems and we'll keep doing so.

Recently as part of our 2030 corporate responsibility strategy we've committed to create a dashboard for our customers where they can easily access their personal information, delete, update and also choose how we share it with our suppliers. We've also committed to only work with companies in our supply chain who share our standards in terms of privacy. In terms of security, as well it's crucial to insure that in the products and by adopting security by design approaches or even security by default. And -- sorry -- yes. And also to secure the supply chain again, suppliers certified supply chains. We're working with risk management systems that are kind of state-of-the-art and we are also working for instance -- an organization that also had an event here yesterday where industries, companies from different organizations come together and work on exchanging best practices across sector silos to create this baseline security requirements that would be adopted worldwide ideally.

>> MODERATOR: So one of the issues that people always keep coming back to with digital identity the importance of collaboration. You mention there the idea of security by design, sharing standards. How do I know or how would I know that Dell, within your sort of ecosystem, are actually able to have common standards across company boundaries? Because it seems to me that one of the big challenges that we face is collaboration not just across industry boundaries but also between public and private. That to me is one of the big issues going forward. So are there any insights that you can bring around how your collaborations work and when you focus on whether it's standards about cybersecurity or just standards in terms of interoperability going forward? How is that going to work in practice?

>> SEBASTIAN HUFNAGEL: Of course we're teaming up with other leading companies in the sector to work with governments. That also part of the dialogue and not just working within the industry but also with the governments and advocating for policies that set a reasonable framework that provide some rail guards, let's say, for everybody in the industry to have some standards that everybody can agree to and are also interoperable. That's very important that we don't -- not every country, every jurisdiction comes up with regional standards but we have the interoperability between jurisdictions and that's just on the global level. We've seen that another issue is lock-in that needs to be prevented. It is very important that identities that are now near every kind of application that they are -- they don't lead to dependencies on specific vendors and I think with these common standards we can prevent the lock-in to happen and policymakers have the responsibility to provide framework for that. It wouldn't naturally come in the market. GDPR and the free flow of data regulations are two good examples of frameworks that enable that to happen. In terms of identities the regulations have helped interoperability for digital identities, I think among six European countries now and something that will be rolled out across the region. Other good examples in western Africa. I think that's the right direction.

>> MODERATOR: Very good. If you listen to the debate so far we've had something about user centricity and the importance of that. How to get 38 million in Kenya onto a digital identity system. There is insights around how we're going to cope with realtime information. The importance of collaboration. Dirk, let me come to you. So you purport to be able to revolutionize digital identity. Are we on the right track here? So if you look at some of the issues we've already raised here are we going in the right direction? Or are we sort of going in the wrong direction? Give us a few insights about just revolutionizing digital identity and what it means in practice and I want to ask you a couple of questions really about the problems. What I don't want us to get across is that everything is Rosy. There are clearly some issues. I want to know what the challenges are as well.

>> DIRK WOYWOD: Thank you for the invitation and introduction. Maybe I start the first thing is what do we mean by digital identity? In the offline world you think identity is you take out your passport and show it to someone and maybe it happens, yeah? You go to a bank and open a bank account or you cross a border or whatever. But that is, of course, not digital identity. That is offline identity. Digital identity is far more. It has sort of three aspects. One is, of course, proving that my identity date qua is there. My name is dirk, I was born there and I live in Germany and my shoe size is 42. These are identity data that are verified. I call it identification. That's one thing. In a digital world I need to prove I live there, was born there and I'm over 18 or something.

Second, it's all about access. In the offline world you just enter a door or you go there and take your key. But in a digital world access meaning I have to prove that I'm dirk and allowed to go here and go into it. Sometimes we call it log in. Passport and username is just one side. So you can also enter the digital world in far different methods. You take your biometrics to get into your phone. That is access. Sort of getting in. And there is no really offline equivalent to it. We have to discuss how to make access really secure.

Third, authorization. To prove something, given consent to something. Sometimes you call it sign a contract that yes, I will do this and approve that. I signed that contract, but you do it in the digital world and you call it authorization. So in these three aspects I call it digital identity core. So sometimes you always talk about that one and that one. But you have to come up with all three aspects of digital identity. That's one thing.

Going back, what's in there? States maybe in Germany and Europe, they start to think oh, I have to come up with electronic I.D. So maybe I put a ship on a cart like in the passport after 9/11 the international sort of states decided put a Shiv into the passport. A fingerprint and picture and all that. But can I really use my passport to log into my mobile phone? Or to log into the government website or to sign a contract? No. So states are really focusing on proving the identities is the first segment I mentioned so I'm Dirk and I was born there and my name is real and all that. They have no clue about getting a secure access for the citizen and getting a good content or approval of the citizen. So states are focusing on identification. Forget about access and approval.

On the other hand the global players are taking care of the elements. Google, Amazon, Facebook. They come in with a good Facebook sign in. You can go through a doors and log in somewhere. With Amazon you can pay. You approve a transaction. Or maybe with Microsoft you can authenticate with second factor. They offer really nice services already. And they actually don't have really identity data but if we go right into that now. So I think one month ago apple posted two patents. One patent is to put a sort of passport used to cross border, to travel around the world, to put a passport on the iPhone. Put a pattern on it so I know how to put a passport on the iPhone so no one can do it as well.

The second patent is they issued also put an international driving lines on the iPhone. Protect the driving licenses on the Smartphone. Google did it also so they came up with API on Android saying I do it the same on Android as you guys do it on IOS. So they would come up in the next maybe 12 months, 24 months with a real nice identity portfolio for all of us. And we will use it all because it's for free, it's easy, it's a one click experience, and it is safe because from the technologies they know what to do.

So what sort of in two years I think it's done and it's good. But what the problem is about then apple decides whether you can sort of cross a border maybe. Apple decides if you have a valid passport driving license and a policeman stops you. Google will decide whether your Visa is approved. And maybe also Amazon will decide someday if you cannot pay something in the digital world anymore. So the reason is -- that is all true, no discussion about it. And I don't want to come up as really bad interpretation of the future. But I am really worried. I'm really worried and I can't see that the countries, even in Europe or the international member states of the U.N. will actually got that information and got the feeling that oh, we have to protect our citizen and come up with a sort of worldwide maybe open digital I.D. platform. There are a lot of providers. We aren't the only one. We have good solutions here and there and they are going to -- there is an open trust network not intended to sell the data, not intended to actually sort of make big profit out of it. But to make sure that citizens on the planet have a real chance to go safely in the digital world as we do actually assure to go safely in the offline world. That's my message. And I think you should really think about that.

>> MODERATOR: That should have got everybody worried. But tell me, how would you rate the user experience today on digital identity and what would be the one, two, three steps that we can -- how can we improve it?

>> DIRK WOYWOD: That's the one killer will be the usability. If not the privacy because no one is caring about privacy. If you want to buy something you click yes, yes, yes, every one of us. If you think about security, could be the criteria, no way. No one is actually interested in security. I really always come up with sort of if I go into the car -- a new car and then I drive, I don't check the security standards and I don't come up with my airbag under my arm and put it in because I think oh, that security feature I need to install here. I expect when I go into the car it drives and easy. So the same should be our vision that we go into the voting system or a payment transaction system or identification system. It is all should be in. Privacy by default. Security by design. No options, no consents, it is just in there. So the only sort of criteria will be for the adoption rate on people will be usability and then we have to go to apple and Google again and say they don't go into the market with a one-click experience. We should come up with that as well.

>> MODERATOR: Linda, how do you respond to what you just have heard here particularly when you look at it through an African lens?

>> LINDA BONYO: In Africa, governments are more powerful than Amazon on Google so I'll comment and say on your point on who decides, we had a question in Kenya on the fact that the primary document for digital identity registration is your birth certificate if you are a baby and your national I.D. as an adult over 18. What that means is when I register or do my number, it means anybody who has a government official is making a citizenship decision. Yet it should not be a question on citizenship but getting everybody on the platform. So I agree with you on the question about Amazon making decisions around who goes to what country and what -- I think we did not elect Amazon in a Democratic society to issue such sort of, you know, questions. And then maybe the second one will be on digital I.D. is very crucial. In my part of the world it is government -- you can't access government services without an identity. In certain cases government isn't as power. But most of the services are issued. If you talk about refugees and accessing, you know, if they are having food and all these they need an identity. Look at it in the lens of -- the data collection is great in realtime. Kenya, the government came with a law if I register for the digital I.D. I have to put in my GPS location, number and email. If I change any of that documents or any of those details I have to inform the government. Otherwise it becomes a criminal offense. Criminalizing it but also getting data. Using data in the hands of government that may be rogue means there will be an increase on civilians. So I think that means in our side of the world we're scared even more when there is no check and balance on government. So I think this, too, needs to be hand in hand.

Amazon and Google, they have a lot of data on us but they do not run a government. They don't have parliament to back them up, you know. Our governments can do all these things to us. There needs to be a check and balance when we have this information. If it's a government with I.D. that is mandatory it means we need a check and balance. Tech companies should help even within the framework that can I control my data? Can I see what government has on me? Can I take it back and one of the questions we had in our country is as a user do I have a public access portal that I can take back my content? I'm withdrawing content. That's not available in any platform and it's not user friendly or human-centric.

>> MODERATOR: Very good. Sebastian.

>> SEBASTIAN HUFNAGEL: Usability. I agree that digital identity doesn't have a chance if oats not attracted to a service people don't want to use. If you want to overcome the issue of certain companies having a big influence or creating lock-in markets for them through their own identities I think governments have a task here to come together and to work on just kind of open standards and to create a critical mass which should be easy to achieve when you have certain public services that can only be accessed or that can also be accessed through the digital channel and that creates significant benefits for the citizens. I think then such identity can be adopted quite rapidly and when you get to that point, it will also make sense for companies to take that mechanism to use that as a practical way of authentication that doesn't have to rely on passwords and ideally much easier for citizens to use and I think for that it is important to have a dialogue also with the citizens and to see them as customers. See what kind of digital services to they expect from the government and what's necessary to provide those services. It will often require some painful adjustments in the government processes. They have to digitize everything from end-to-end, break down data silos, and also change some laws, some restrictions on data localization or even privacy in some cases. It is a very complex issue and we're experiencing this also in Germany for a long time now.

>> MODERATOR: Very good. Panel. Mike, did you want to say something before we clos

>> MICHAEL BULTMANN: I heard you saying nobody cares about privacy, it is only about usability. We do see globally a bit of a trend that people, societies are more matter of really understanding what they're doing in the light of certain experience collected in the context of some votes and we see that in other parts of the world there is more appetite and interest to take privacy and people more serious. I think for the business now I'm back on with my business glasses, I think the opportunity for a bit of differentiability. If you can provide the required transparency and provide trust in what you are offering, I do see opportunity in that.

>> MODERATOR: Have good, panel. Thank you very much. This is your chance to participate and to share your ideas. My quick reckoning is there are about 60 of us in the room and we have five break-outs and we'll do 15 minutes at each break-out. So you have a choice of two of five break-outs. The panel are going to moderate one of the break outs. Let me just try to summarize what the break-outs are. They are on the screen so you can see the titles. Break-out one, which is user agency, is on this flip chart here. The break-out on vendor neutral identity and data approaches with Sebastian is in the middle. And on the far right-hand side as I look down there we've got user cases and high consumer value with Dirk. What user agency, neutrality and consumer high-value cases down there. On this side with Michael, group four will be looking at collaboration and then group five is going to be with Salana and we'll look at particularly how to get engagement across our stakeholder community. Consumer, Citizen and Civil Society. Could you go to the flip chart that most interests you. I will shout in 15 minutes and then we'll rotate and then what we'll do is summarize conclusions from each of the groups towards the end. Thanks very much indeed.

(First break-out session)

>> MODERATOR: Ladies and gentlemen, it will be time to change. If you want to stay where you are, feel free to stay. Otherwise now is the moment to change and go to another group. And we've got 15 minutes in the second round and then we'll come back together again. So feel free to change or stay where you are if you want to.

(Second break-out session)

>> MODERATOR: If we could begin to wrap up and come back and take your seats, that would be great. We'll have a little bit of a debrief. If the moderators could come back to the front. And if we could retake our seats. Thank you.

>> MODERATOR: Thanks very much for the engagement, everyone. That was excellent. Let's get a quick summary from our moderators on some of the key points that came out of the groups. What we're looking for are insights around key points in the discussion, examples that came out, ideas that we should be looking at going forward. I know a number of you were taking photographs of the flip charts. We'll make sure if you want to take photographs of the flip charts they'll stay there. Linda, let me start with you. You were looking at how to get meaningful consent. A couple minutes on some key points that came out of your discussion.

>> LINDA BONYO: My team was very intelligent. The most intelligent in the room. Please let's exchange business cards afterwards. But we had issues come up especially on how to be -- how do we get consent especially from governments? There was a general feel when we go into elections we already give government consent to do anything they want. Digital I.D. can you opt out of government-issued I.D. The suggestion was only for elections or when we have government come in place but within the government-issued idea. The issue of optionality and identification online on how that will help on consent. We the general idea there needs to be education that we would have education on what meaningful content entails and this continuous education should be done hand in hand with the rest of the interventions. Then we also had an idea on platform cooperatives and digital identity unions where people come together and actually give consent within their union or platform. That was a great idea rather than face the big tech companies, you can do it through a union. And then also I just turn on user modification of global rules so that it can be modified for individuals but on the other hand we could have regional modification that a company would actually issue global rules but countries can choose to opt in or out as a country on this particular issue. The various platforms have issues and advice and suggestions. But I will stop there for today.

>> MODERATOR: Thank you very much. Sol Anna, thank you for joining us at the top table. You were looking at the whole question of engagement across consumers and Civil Society and citizens.

>> As you might expect most of the people who came to our group it was to have Civil Society engagement in processes that the end to be me opaque and closed. A lot of the conversation was surrounding the implementation of new digital I.D. systems and how frustrating it can be to see them rolled out without having a chance to give consent, without understanding properly what is going on, and as Civil Society finding it very difficult to engage actually in the process. So when we were discussing best practices, it's about openness in terms of the process. It's about building a culture of trust, and I think we were also discussing both in terms of the companies and what kinds of best practices they adhere to when it comes to how to do business in a part of the world where there might not be data privacy regulation but also technologically what kind of access does both Civil Society and government have to the technology that is being rolled out? How can you have insight or considered feedback on something that you can't fully see or understand? So that was -- we discussed cases in a number of different countries but I think it was common finding for all that it is important for these processes to be open.

>> MODERATOR: And would there be one or two countries that you would point to where there may be some glimmers of best practices?

>> We talked about Estonia as having a good case. There was some mention of Japan. We discussed aspects of both the U.K. and Brazil. I think it's -- when you are talking about Civil Society engagement, I think the work is never done so to speak. It is something where not just implementation process has to be open but there has to be a dialogue and a method of accountability that continues over time. It is not just a static thing. It keeps evolving and moving.

>> MODERATOR: What becomes very interesting we can all learn from what's going on in different countries, no one has quite got it right. How can we keep on learning best practice when we see bits of ways that engagement is taking place? Thank you very much for sharing that. Let me go to Sebastian. I would like to go next to the neutrality question and hear a little bit more about what was coming up from your group.

>> SEBASTIAN HUFNAGEL: Yes, thank you. There were two main things that I would summarize from our discussion. Protecting users and enabling portability in order to protect users, anonymous identification was mentioned. Being able to identify yourself without revealing who you are and as being part of a sub group of data. And that can be linked but is not necessarily linked to blockchain. Decentralized identification. Another way to protect users is to use trusted gate keepers. For instance, government verification of privately-issued identities. There are already some examples for that. Also to enable what we call multiple direction access which would protect users from being -- taking away their -- identity being stolen and closed down and blocking them from accessing.

Then on portability, open source was mentioned repeatedly. Also the need to work on interoperable standards. Variety of standards out there already. Some of them in their early version. But some good work already existing and then we also discussed a bit on how to get there, how to get these standards adopted and further spread. One proposal was to -- there was a need to engage with the intermediaries that are relevant here including, for instance, the mobile operators, but also the large platforms that are dominant with the identities at the moment. And creating incentives for businesses as well to use -- make use of open identities.

>> MODERATOR: Very good. Thank you for that. Michael, in terms of collaboration, were there any interesting insights that you picked around models for collaboration going forward or examples you can point to?

>> MICHAEL BULTMANN: We had two or three interesting observations. It is important to stress out. It is clearly about nobody can do it alone. So you need to have the government clearly on board in the regulation when it comes to certain activities around identities. So it is not new but confirmed by everybody. We heard about one case from the U.K. which I would call very interesting case in the sector of banking. The traditional banking is preventing certain population is getting access to money clearly to loans. And students if there is a startup working together with the university and the public authorities allowing actually that these students are without the traditional banking approach getting wire platform money. Loans that can be paid back in the financial services is a good one. Blockchain technology is playing a certain world. Trust you heard the name in the first row there Michael who in France developed digital identity kind of showed us an example working together with Interpol, very interesting case. If you have time after the session, please maybe you raise your hand shortly. Very interesting discussion with him. Thanks a lot.

>> MODERATOR: Thank you for that. And you had a very animated discussion down there about high value use cases and particularly as I say how do you get that user centricity into all we're doing? What was your key take-out?

>> DIRK WOYWOD: Thank you. It was a really nice discussion. Actually we identified two examples that all Estonia example everyone likes it. I don't -- I like it as well but so no word about that. Another good example was actually transportation. When we have a ticket and you have a long-term ticket that costs a few hundred or Euros or dollars you have to prevent that someone else is using that. So you have to show it and there is a good example from -- it is called Yelli. A roll-out in Berlin effort. But also we discussed sort of future use cases which are not really sort of soft yet but will be stuff that we push the identity to digital identity maybe in the market and that everyone accepted it more that one is the voting. Voting is one of the crucial things, yeah? We discussed how difficult it is to come up with a good E-boarding system. Another one is we discussed a lot about sort of getting back your serenity and control and sort of taking back for instance the eCommerce sector. It is lost already in my opinion. Everyone has at least 100 accounts in some shops and they have your data for the next 5,000 years at least. So you have no control about that data. And your content you are giving. So getting that back and saying please delete that. I don't want to get your emails anymore. That is really hard. These use cases are coming up. A nice digital identity solution and then it would give us a good push.

>> MODERATOR: Very good. And let me just wrap up with a few sort of thoughts for all of you. If you think about digital identity going forward, then I would like you to go away thinking a little bit about the hardware side and the software side. It seems to me as we talk about digital identity it is very easy to get into a discussion about standards, interoperability, how can we leverage technology, roll the blockchain. That is clearly very important and we can use technology to help us with how we're going to take digital identity forward. But it seems to me you can't have the hardware without the software. And so we talked a lot about the importance of getting the dialogue right, the right people in the room, the way that we have those dialogues, the importance of collaboration going forward. And I think the key message that I hope you'll take away from this is that this is a complex area. There are lots of contexts that need to be understood. There isn't a one size fits all model. If we go forward in a constructive way we have to get the hardware components right with the software components and if we look at the end result of what it is that we bring together, ultimately the user centricity is critical. If they don't buy in they won't use them at the end of the day. Dirk gave us one or two warning signals if we don't get that right going forward, there are some potential consequences in the longer term which we might have to deal with and that usually ends up with a hammer trying to hit a knot. I want to thank the panel for your insights. Thank you very much too all of you for contributing. We'll take these ideas away and we'll work on them and I know that I can't end this particular session without Linda saying to me there is a law tech festival going on in Nairobi in March. Thanks very much indeed and enjoy the rest of IGF. Thanks a lot.

(Applause)