Digital identity is a sprawling, abstract subject that can be made more tangible. Rather than focus on complex organizational problems, pilot partners wanted to make a manageable user experience case study on how digital identity could look in a concrete form. More specifically, with this pilot, partners wanted:
to develop something of use to the citizens of Amsterdam;
to provide a clear user experience;
to give citizens access to their personal data as stored in the municipal database, and allow them to share these data in a different context, on- or offline;
to develop a pilot that could be approached iteratively, where initial steps could both have a clear impact and also leave room for further development and applications; amd
to demonstrate that these aims are possible, and to inspire further trust and belief in this approach towards citizen identity.
In this short post we describe the Amsterdam Claim Verification pilot, walking through how the product works as well as our future plans to pilot the technology of Amsterdam.
Current status and description of pilot
Claim Verification 18+ is a prototype, consisting of a web-app available at https://decode.amsterdam and a passport scanner. The application utilizes the DECODE technology ‘Zenroom’ (https://zenroom.dyne.org) for encryption. The passport scanner is a physical box that can scan a passport’s RFID-chip, and translate the passport’s data into a QR code. Individual attributes of that data can then be verified (such as ‘I live in x city, or I am above x years of age) without sharing any personal data that is not needed in a given situation.
For example, if a person wants to buy alcohol in the Netherlands, they would normally need to show an ID card which contains their name, photograph, specific address, and date of birth. With a system of attribute based credentials (such as this pilot), a person can provide the same level of proof that they ‘qualify’ for a particular transaction or service without sharing more information than is absolutely needed.
The Passport Box and mobile web app currently verify age, gender, and full name. It could be further developed to verify other attributes, and/or applied to different contexts. Currently, two distinct stages are supported in this pilot: onboarding and attribute based disclosure.
The Onboarding process takes place one time per user, and must be completed before the application can be used. It requires users to be in the presence of a physical Passport Box , and is the moment in which a user’s passport information is transferred onto his or her phone.
Step 1: Go to decode.amsterdam on your mobile device. This screen will appear upon visiting decode.amsterdam
Step 2: Find the passport box. The passport box is a physical unit, pictured here.
Step 3: Place your passport into the box. A physical passport is placed into the Passport Box to be scanned.
Step 4: The passport box will read your passport and generate a QR code.
Step 5: A phone scans a DECODE onboarding code from the Passport Box.
Step 6: Passport data, including the passport image, date of birth, nationality, and full name are loaded onto a user’s phone.
Attribute Based Disclosure
In this hypothetical scenario, Safia is a bartender who seeks verification that Stan, the patron, is over 18 years old. Stan will prove that he is over 18 years old without sharing extra data about himself, including his exact birthday.
Step 1: Safia, the bartender, first must
define her own identity
select which question to ask (in this case: Age)
set the parameters for the question (in this case: Over 18?)
Step 2: Once Safia has defined these terms, a QR code is generated onto her phone, which can be scanned by anybody with the DECODE app.
Step 3: Stan scans the QR code from Safia’s phone with his own phone.
Text appears, repeating the question (“Safia asks: Age > or = 18?”)
Stan can choose to confirm that he wants to share this information with Safia. Crucially, Stan is not choosing to share his specific age at this point. Rather, he is only choosing to share the answer to the question, yes or no, whether he is over 18.
Step 4: When Stan agrees to send this information, both he and Safia receive confirmation that he is above 18 years old. There are two features that help to prove that Stan’s credential is legitimate:
A photo of Stan appears on his phone, which he can show to Safia, in the same way that a normal ID card contains a photo to link it to its owner.
A border appears around the check mark on Safia’s phone, and also around the border of Stan’s photo. In this case, both are yellow, demonstrating that their phones are both referring to the same transaction.
Results and User Engagement
The Passport Box is the main tangible output of the Claim Verification (18+) pilot. It has been publicly tested twice: A soft launch took place on 18 December, 2018 at the CTO office in Amsterdam, with local citizens and public administrations present. A second demo was held at the “State of the Internet” event at Pakhuis de Zwijger on 15 January, 2019, where the Passport Box was tested live with attendees who brought their passports. These public tests were followed by an internal day of usability tests.
Based on the results of this pilot and Waag’s Policy Framework for Digital Identity, the City of Amsterdam has decided to develop an actual, operational implementation of ABC in one of the services the cities offers: A team from the city of Amsterdam has been dedicated to further explore and apply this research through an ABC-based authentication feature, to improve the online participation tools on the "Open City” program. Additional developments may include research into a system of credentials for undocumented citizens, and exploring data minimization via ABC on the local FairBnB registry.
This blog is an excerpt from Decode deliverable D5.5: Deployment of Pilots in Amsterdam. The full report can be found at https://www.decodeproject.eu/publications/deployment-pilots-amsterdam.