Conceptualised by the UNDP Accelerator Lab in Bogota, Colombia, Plataforma de Identidad Digital (PID) is both a physical ID card that offers proof of identity and Temporary Protected Status, as well as functioning as a digital key card which uses NFC to unlock personal data records, digital government services, and physical spaces.
Colombia is host to 1.7 million Venezuelans, which represent more than 37 percent of the estimated 4.6 million Venezuelan refugees and migrants in Latin America and the Caribbean. More than half of the Venezuelan population in Colombia lack regular status, affecting their ability to access essential services, protection and assistance.
Globally, at the end of 2020, some 26.4 million people were externally displaced persons (refugees) due to armed conflict, generalised violence or human rights violations, according to the UN’s refugee agency (UNHCR), including 11.2 million newly displaced people in 2020 alone. Additionally, at the end of 2020, another 45.7 million internally displaced people (IDPs) were forced to flee their homes to other areas within their own country. According to UNHCR and ICAO, less than 1 in 5 of these displaced people have access to identity documents issued in accordance with international standards.
Identification documents are vitally important for displaced people both internally and externally. During a recent voluntary interview conducted by UNHCR in Diffa, Niger, Mohammed, an internally displaced man, emphasised: “having an identification document makes life more dignified. The community respects you and knows you are somebody”. He elaborated that his ID helps him pass through security checkpoints in the conflict-affected area where he lives, allowing him to safely arrive at his job.
However, relying on host countries to supply these ID cards, to collect and manage huge refugee databases containing explicitly personal data, while trusting that these records will be maintained to global privacy standards set by GDPR or the WFP Guide to Personal Data Protection and Privacy is undeniably risky. In the wrong hands, this collected data could facilitate religious, economic, racial, or gender-based discrimination and other risks of marginalisation. The new standard for personal identity, identity protection, and data ownership requires a system in which the physical ID card is not only a printed tool for identification, but also a key to both digital and physical services and personal digital identity, allowing the refugee to maintain control and ownership over large aspects of their own digital data.
Conceptualised by the UNDP Accelerator Lab in Bogota, Plataforma de Identidad Digital (PID) is a secure and low-cost way to offer Venezuelan refugees an identity document, proof of protected status, access to government services, as well as a digital repository for medical or educational records and certifications. The resulting PID cards would unlock government services and cloud-based pseudonymised records, and offer international end-to-end data ownership, with no involuntary access to this data from host governments or the UN.
The UNDP Accelerator Lab spoke with Karakoram in March, 2021 about the need for an urgent prototype within a 3 month timeframe, including high security concept NFC ID cards, encrypted digital data storage which could only be accessed through the ID token stored physically on the PID card, on-card embedded data storage for the most important personal data, and a mobile application which when physically connected to the PID cards, could display and authenticate the user data. The challenge was designing a secure system in a rapid Sprint which could validate both operational and technical challenges, and prove to the Colombian government that the PID system would be fit for purpose in solving many of their challenges with Venezuelan refugees in-country. Within 3 months, an entire custom physical/digital identification system needed to be developed and deployed, working within the budget constraints and security requirements of both the UN Development Program and the Colombian Government.
Each PID card is manufactured with a large capacity NFC chip which holds the user's most sensitive encrypted data such as Name, Date of Birth, and ID Photo. Keeping these identifiable and personal data fields stored physically on the PID card only (rather than on a remote PID server) ensures that even if the high security PID server was compromised, there would be no risk to the individual.
The encrypted server data includes a wide variety of data fields, such as PID Expiration Date, Authorising Authority, and others, as well as medical and educational documents stripped of identifiable details. These server-based data sets, wiped of individually identifiable information and encrypted to government standards, are considered fully pseudonymised data for the purposes of GDPR and UN data protection policy. Pseudonymised data is tied to the individual through a hashed ID number stored both on the physical ID and on the cloud server, only unlocked and personalised again after physically tapping the PID card on an Android phone running the Plataforma de Identidad Digital mobile application.
Splitting and pseudonymising the data fields between physical storage on the PID card and the PID server has the advantage of ensuring that no central authority has complete control over the an individual's entire data set, reducing chances of accidental, incidental, or purposeful discrimination or abuse if the data set fell into the wrong hands.
In order to access the pseudonymised data in a real world setting (such as applying for a job, bank account, or in order to offer his or her medical record to a doctor), the individual can download the PID Android Application onto any NFC enabled mobile device and tap their PID card on the back of the phone. Using the card as a physical decryption key unlocks and downloads server data, mixing with the secure data physically stored on the card’s NFC chip, re-personalising the server data and seamlessly displaying the documents in-app.
The PID card also can be used as a key to unlock physical spaces such as temporary emergency housing units or provide access to basic services including the national health system and COVID-19 vaccination plans.
The PID initiative was not solely digital, but also focused on a low cost physical way to provide high quality secure ID cards to Venezuelan refugees using the same standard of quality used for Colombian passports. In partnership with global secure ID company HID, the Plataforma de Identidad Digital cards were manufactured and printed at the high security HID print facility in Italy, and included security features such as holograms and hidden UV ink stamps.
As part of an initiative to provide ten-year Temporary Protected Status to Venezuelans in the country, the cards needed to be durable over this period while remaining affordable to a limited budget for migrant registration.
Plataforma de Identidad Digital returns both the rights to data privacy and dignity of access to government services for Venezuelan refugees in Colombia. Prolonged lockdowns due to COVID19, loss of livelihoods and increased poverty are forcing many refugees to depend on emergency humanitarian assistance to survive without clear proof of status or access to digital copies of their medical or educational records. The pandemic has also resulted in rising rates of evictions and homelessness, as well as a dramatic increase in reported cases of gender-based violence and mental health needs which otherwise could be mitigated with an adequate data and identification solutions. PID consequently serves to lessen the dependency of refugees on humanitarian assistance while also contributing to the country’s post COVID-19 socio-economic recovery and ongoing development. With the completion of the functional prototypes, next steps are a large-scale deployment of the Plataforma de Identidad Digital across a wider cohort of Venezuelan refugees to finish user testing and begin preparation for a nation-wide rollout for all those forced from their homes and claiming Protected Status in Colombia. Ultimately there are early stage discussions about using a similar platform to upgrade and improve the existing National ID card for Colombian citizens, offering citizen data ownership and improved access to government services.