Announcing CitizenKey® providing Small Data, eIDAS 5.2 Id & Citizen-Centric OnceOnly in Denmark

In may 2017, we announced the intention to launch a new Identity & Security Foundation in Denmark based on Privacy / Security by Design principles in a new technical framework called CitizenKey®.
Since then we have been working with institutions, organizations and others to assess the interest and value from such an initiative. The massive buy-in from both public and private sector makes it obvious that this is now going to happen.

What we are going to do

An independent self-owned institution is being set up to – on a non-profit basis – provide and permanently host purpose-specific identities in Denmark according to eIDAS article 5.2 on top of National Id Structures.

This is the first step in establishing a National Id 2.0 structure where data are collected and stored according the Small Data Principles. With the Small Data Principle data are free to share as Citizens and organizations retain control even when sharing as data can only be related to Identity created and adapted to the specific context.

The identity infrastructure services will on a trustworthy basis, i.e. no trusted party, provide citizens with a steady stream of identities each created for a single purpose. Each Identity will be able to Sign, Pay, Communicate, Provide cryptographically verifiable Assertions about the citizen and Share data WITHOUT Identifying.

The first aim is to establish full eIDAS articel 5.2 (“Pseudonymous Digital Signature”) and GDPR article 20 (“Data Portability”) support so that Citizens themselves can act as data broker sharing validated data across purposes without loosing control as each identity can be isolated from each-other. Thereby establishing full OnceOnly support based on strong Privacy by Design.

What is important is that both of these are fundamental rights deeply engraved in EU regulation but never before applied in real-world solutions.

Each of these Identities is customized to purpose based on a concept of cryptographically linked building blocks applying functionality and security assertions adapted to the specific purpose. The background identity model is based on a model of models principle so we can have backward compatibility to existing application systems and structures while enabling security models of the future all-connected, always-on, mobile and heavily integrated digital world.

Within this structure we are able to establish identities covering anything from strongly anonymous but validated identities for e.g. healthcare research over two-way trustworthy identities (accountable but technically non-identifiable) for e.g. trade and public sector services to cross-border payments with PSD2 support and anti-money-laundering validation still maintaining the Security / Privacy by Design and Small Data Principle.

At this point three assurances are important.

1. Applying the Small Data Principle, i.e. separating data into small in themselves non-identified and often even non-identifiable data sets, does not mean we loose the ability to do “BigData” analysis. You can always take a Bigdata problem and split it up into to a number of Distributed Small Data Problems, i.e. where citizens themselves collect data from otherwise non-linkable sources and anonymouse the result for the research.
2. Eliminating Digital Identification in transactions provide much stronger CyberSecurity and anti-crime than otherwise possible. You cannot attack an entity you cannot identify and target providing a strong defense for even DDOS or weak IOT device attacks. When you cannot identify we build identity on verifiable proofs not on some “trust” illusion providing strong protection against identity theft, man-in-the-middle etc. And finally, unless the transaction stakeholders explicitly have agreed not to, the conditional identification mechanisms will act as a catch-all anti-crime on fraudulent actions.
3. The Small Data Principle will make it much simpler and easier to deploy even complex ICT solution and IOT services as you can break them down into smaller logically isolated micro services that are each free to third-party hosting, outsourcing and integrating with third-parties. Combining one-stop-access to semantic data through citizens as the data broker as well as both the security and open integration from the contextual isolation provides a powerful framework for fast agile processes, trial-and-error and citizen-choice driven innovation.

The implications of the above may appear profound. But essentially this is simply about re-creating the fundamentals for fair competition / Digital Markets and democracy / Public Sector services while activating the best of digitization.

For one simple agenda – putting citizens back in control to re-enable individual sovereignty and choice lost due to bad infrastructure security design and standards in the first decades after Internet.