The authors comment that -
Authenticating onto systems, connecting to mobile networks and providing identity data to access services is common ground for most EU citizens, however what is disruptive is that digital technologies fundamentally alter and upset the ways identity is managed, by people, companies and governments. Technological progress in cryptography, identity systems design, smart card design and mobile phone authentication have been developed as a convenient and reliable answer to the need for authentication. Yet, these advances are not sufficient to satisfy the needs across people's many spheres of activity: work, leisure, health, social activities nor have they been used to enable cross-border service implementation in the Single Digital Market, or to ensure trust in cross border eCommerce. The study findings assert that the potentially great added value of eID technologies in enabling the Digital Economy has not yet been fulfilled, and fresh efforts are needed to build identification and authentication systems that people can live with, trust and use. The study finds that usability, minimum disclosure and portability, essential features of future systems, are at the margin of the market and cross-country, cross-sector eID systems for business and public service are only in their infancy. This report joins up the dots, and provides significant exploratory evidence of the potential of eID for the Single Digital Market.They go on to argue that -
It is true that trusted and reliable online identity management and authentication are the gateway to the digital economy now in the making. They create enormous potential for
advanced, high quality and efficient services. Though eID systems and processes have been developing over decades, they are still not particularly trusted or fit for the many activities that European citizens expect to conduct in their everyday digital lifestyles. Strong authentication based on cryptography is one of Europe's strength, but has not yet found fertile ground in business and government applications. Equally, secure tokens such as smart cards and digital credentials, are under-utilised and the growth of awareness and use among consumers and small businesses is sluggish. Additionally, the market for eID products and services is fragmented, far from efficient and lacks viable business models. Services based on mobile authentication and identity management have not yet realised their huge potential value. There are great engineering and legal differences between industry- and governmentsupported identity management systems across the EU. As a result, the evolution of intercountry, interoperable, user-centric eID systems and processes is slow.
On the other hand, there is the realization that eID technologies and authentication services are essential for transactions on the Internet in both the private and public sectors. Trusted, secure and interoperable eID is a key enabler of the Single Digital Market. The fulfilment of several objectives of the Digital Agenda and of the Granada Declaration rests on the possibility to convert personal identity data into usable, safe and trusted credentials for the implementation of cross-border, interoperable public and business services. The outcome of both agendas will depend on the capacity to understand, measure and monitor, with valid and reliable gauges, the consequences of this eID conversion in Europe.
Effective regulation of the personal identity space and its economic externalities requires a clear understanding of how the market for identity functions. But very little is known about emerging identity markets and the business models that support the use of personal identity data in transactions. Outcomes go well beyond issues regarding technical systems for identification and authentication. Identity has never been monetised to the extent that it is today: targeted profiling based on personal identity data is used for behavioural tracking; the lead business model for online free services is focused advertising; significant savings are achieved in the delivery of public services. Revenues in these fields are significant, taking the ideas of authentication for access to services to a different level. At the moment, we know very little about eID as an enabler of the Digital Economy. Intelligence on market and innovation dynamics is needed to sustain market growth, improve service quality for citizens and offer a more cost-efficient and competitive identity framework for Member States. In this context, this report explores the trends, barriers and dynamic evolution of the European eID market, the roles of key public and private stakeholders within the eID marketplace and the processes which these use to create value. The report finds that:
1. eID infrastructure technologies, embedded in operational applications and services, will be critical to the development of broader eID applications, which are likely to emerge as a ‘critical mass’ of infrastructure becomes available. Whilst development of this infrastructure is a commercial issue, governments may be able to accelerate the process by providing incentives and framework conditions for standardisation, open development platforms and innovation.
2. Increasingly advanced eID services, that take the existing infrastructure and technologies as a starting point and build on them, so as to create novel added value services, are needed. These need to be accompanied and complemented by 'softer' services; for instance, consultation, training and risk or credit management. Moreover, a more flexible offer of products and services, which would allow customer companies to 'mix and match' the most relevant components according to their particular demands, would make the eID market more dynamic and better able to adapt to changing economic conditions. While most of the above are expected to be offered commercially, governments may be able to enhance the ability of companies to offer valuable eID solutions by motivating intercompany partnerships, where each company specialises in the activities they are most proficient in.
3. Interoperability and credential portability are key issues in eID market development. Currently, the eID market is relatively fragmented, with several standards and procedures across the EU. Increased portability of credentials and use of federated identity schemes would result in higher take-up and more extensive use of eID solutions, thus contributing to market growth. Future online public services will rely on effective and interoperable credentials. For this to happen, appropriate Certificate Authorities, and permitted use of government root certificates and regulations to permit certificate use in mobile devices, would be needed.
4. Self-asserted credentials are gaining significant public trust and must be taken into account by eID interoperability initiatives. Self-assertion and volunteered personal information are shifting the balance of power in identity relationships away from traditional providers, initially national authorities and lately companies, towards data subjects. This may result in disintermediation for third parties that are no longer required, and lead to new business models for eID. However, governments have yet to make widespread use of self-asserted eID schemes; therefore a centrally-regulated, identity assurance framework for government use of commercial credentials, both within and between EU Member States, may be needed.
5. The availability of enhanced token devices that consolidate existing multiple tokens, and offers users additional functionality through local card readers (or embedded equivalents) would lead to greater adoption of certificate-based services, as would the incorporation of two-factor authentication into a wider range of identity processes.
6. Governments are in a key position to drive the development of the eID market, in
many respects:
a. As the largest customers of eID, governments have a significant influence on what solutions will be developed, what features and functionalities will be required, and what identification technologies will be used;
b. As market regulators, governments may procure a common legal framework enforcing the trust new eID services need to flourish. Moreover, governments may encourage relevant industry standardisation bodies to work on the rollout of interoperable digital certificates;
c. Innovation in the public sector, particularly in citizen-centric public services, will be a catalyst for eID market growth. More rigorous enforcement of existing regulatory frameworks to ensure a 'level playing field' may favour market growth.