Written Evidence Submitted by Onfido (C190014)

The role of Digital in Immunity

The Challenge: Enabling a person to safely and securely prove their immunity to the COVID-19 virus through a digital representation of their self - digital identity

Summary and table of contents

 Safely re-opening access to activities and institutions is crucial to the economic recovery of the UK

 Immunity passports – a presentable proof of immunity combined with the certainty that it belongs to the specific individual – will play a significant role in the re-opening

 The successful implementation of immunity passports requires a digital identity solution to ensure that:

o Immunity passports cannot be traded;

o Consumer and rights are upheld;

o The system is easy for individuals to use;

o The system can operate at scale.

 How Onfido is positioned to address these four challenges of identification and within the immunity programme

 Key identity components and considerations when building an immunity passport programme

 Example immunity passport flow and how it utilises digital identity

 Privacy of personal data enabling the protection of civil liberties and human rights is integral to a digital identity strategy About Onfido

Onfido is the new standard for digital access. The company uses AI to verify any photo ID and then compares it with the person’s facial . Our approach, underpinned by the use of AI, is designed to empower organisations without asking them to compromise on user experience, inclusion, privacy or security.

Recognized as a global leader in artificial intelligence for identity verification and authentication, Onfido is backed by TPG, Salesforce Ventures, M12 (Microsoft) Ventures, and others. With approximately 400 employees spread across seven countries, Onfido has raised £160m in funding and powers digital access for over 1,500 companies globally.

The role of immunity passports in re-establishing a ‘new normal’

Immunity passports – a presentable proof of immunity – are the linchpin of a new normality. Over the last 2 months, the COVID-19 pandemic has significantly restricted access to the activities and institutions on which our economy and society runs. Offices, schools, places of worship, shops and restaurants are closed. Domestic travel is down by more than 60% since February1. On 14 April 2020, the Office of Budget Responsibility predicted a 35% fall in real UK GDP between April and June2.

Re-opening access through the safe movement of people is critical to the economic growth and recovery of the UK. At the heart of this: immunity passports.

With this come a number of considerations. In particular, it is imperative that immunity passports cannot be traded, allowing at-risk individuals to continue the proliferation of the virus. As such, a robust system to bind the identity of an individual to their immunity passport is crucial.

The role of digital identity in immunity passports

The identity strategy is one piece of the immunity passport puzzle. It is separate to the testing kits and operational strategy that will dictate how, when and on whom the tests will take place. It is the association of immunity certification, granted by health authorities, with the person’s digital identity, created by Onfido, that creates the passport. The ongoing authentication by Onfido that the

1https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/880546/COVID- 19_Press_Conference_Slides_-_21_04_2020.pdf 2https://www.ftadviser.com/your-industry/2020/04/14/obr-warns-economy-could-shrink-35-in-3-month-lockdown/ passport belongs to the person in question is what allows them to partake in activities and access institutions previously unable to reopen to the public.

Digital identity Onfido

“Me” Immunity aka real self passport

National Immunity health body certificate

4 factors of a successful immunity passport programme & why digital identity is crucial

A return to pre COVID-19 normality is not expected for many months, even years. Immunity passports are not a quick fix, but a long-term scalable solution for our ‘new normality’. As such, the solution must be robust, uphold privacy and become a seamless part of our everyday lives – not a clunky additional process.

Digital identity ensures an immunity passport programme that is:

 Trade-proof: A successful implementation of immunity passports is predicated upon the fact that they cannot be traded. As the programme is implemented there is a significant risk that individuals will attempt to circumvent the system. In order to ensure a downwards infection curve, the government and authorities must be able to verify, at any point in time, that an individual is the legitimate owner of their identity passport.

 Privacy-centric: Privacy and the protection of individuals must be at the fore-front of this initiative to instil trust in the government. People should not have to make a choice between freedom and privacy. There should be no doubt around how an individual’s personal data is used. Every person should feel comfortable that they can use the immunity passport without suffering inadvertent consequences - for example, a challenge to their identity or immigration status based on the presentation of their immunity passport.

 User-friendly: An identity solution must provide a seamless positive experience for that majority of honest users while blocking abuse. In the immunity passport scenario, a ‘bad actor’ is an individual impersonating another to use their immunity passport for themselves. We expect this to remain a small minority. For the majority, authentication is a means to an end; the priority is to deliver a smooth and quick experience. They may be trying to gain access to their office or drop off their children at school. Their immunity passport will be authenticated multiple times a day and cannot take 10 minutes each time. It should be integrated as seamlessly as possible into their existing experiences.

 Scalable: The immunity passport programme will need to be rolled out to millions of individuals residing in the UK over a short timeframe. The digital identity system underpinning it must firstly facilitate a rapid rollout; the process for attaching an immunity certificate to your digital identity must be quick, intuitive and easy for all individuals to do. Secondly, the system must be able to support thousands, and eventually, millions of authentications a day.

Government Individual

Experience Scalable User friendly

Trust Trade-proof Privacy-centric

Figure 2: The four conditions of a successful immunity passport programme

How Onfido can partner with the UK Government to address these challenges

Backed by technology heavyweights including Microsoft (M12) Ventures and Salesforce Ventures, and with £160m in funding, we already solve these challenges for some of the world’s leading brands including 4 of the top 5 largest banks in the UK. We are experienced in working collaboratively with institutional players to co-develop identity solutions. In 2019, we received the Innovation of the Year in the Barclays Bank Supplier Awards.

The combination of our partner network and proprietary technology put us in a unique position to solve this challenge.  Trade-proof: Using facial recognition, we match biometric facial information captured at registration with real-time facial data (i.e. when a person walks into a building) to confirm that a person’s real self is tied to their digital self. This ensures that the holder of the immunity passport is the same person that received the immunity proof. Our Face Matching accuracy rate is approaching the one in a million error rate, providing a higher assurance that the two faces “match” in a live environment. Our team of 25 machine learning scientists have built proprietary fraud detection technology—such as sophisticated texture analysis and digital tamper detection—to detect even the smartest fraud attacks, evolving with emerging techniques.

 Privacy-centric: Privacy is one of our four key principles and as such, baked into our engineering practices and services, including our core identity services and the open source identity platform to which we are contributing, and can be hosted by anyone. We have also been working closely with the UK Information Commissioner’s Office (ICO) in their new privacy sandbox to tackle algorithmic bias in facial recognition technology. We are committed to serving the public good and doing so in the most privacy conscious way. Here, we would continue to operate with the same rigour and dedication to privacy. We would actively seek out advice and guidance from the ICO, to the extent available. More specifically, we believe any immunity passport programme must be built to enable three core privacy requirements, these being a) the ability for individuals to utilise their immunity passport, as frequently as they want, without divulging any personal information other than the fact that they are immune; b) storage of data whose access is securely controlled and managed by the individual; and c) the secure transport of data to/from a individual’s device.

 User-friendly: Through rigorous data-driven testing, we have built the most intuitive way to verify your identity online. Our product gives people access to thousands of digital services across financial services, transportation, healthcare, online marketplaces and other industries. Each use case is tailored, so that with just a photo of an identity document and a selfie, people can gain access in seconds. Our solution is also designed to be inclusive – we have collaborated with the Digital Accessibility Centre (DAC) and the Royal National Institute of Blind People (RNIB) to audit and user test our Software Development Kits (SDKs), helping us understand how to successfully serve those with visual impairments and other disabilities.

 Scalable: We process hundreds of thousands of identity verifications per day for businesses based in over 60 countries across multiple time zones, supporting over 4,600 document types from 195 countries. To expand our footprint, we have partnered with some of the world’s largest identity companies including ForgeRock, SecureKey Technologies and Okta.

Key digital identity components and considerations in building an immunity passport programme

1. Taking a real-life identity to create a digital identity. 2. Associating that digital identity to an immunity certificate. 3. Confirming the original person is the one claiming to own the immunity certificate in the real world by authenticating their biometrics when presenting the immunity certificate.

Within the context of a digital identity solution, different successive configurations could be adopted to solve multiple problems while considering the choices of individuals and government alike:

1. Biometrics only, i.e. tying to the physical self by associating a user’s face to an immunity certificate stored on their personal device; 2. Enabling remote authentication via a registration process tied to a decentralised network; 3. Adding a legal identity document for greater trust as to the authenticity of the person claiming immunity.

In the immunity passport use case the cost of bad actors is high, meaning a digital identity solution built to serve it must be trusted. Within the above framework, Option 3. - i.e. a combination of photo ID (what you have), bound to your facial biometric (who you are) - offers the highest level of assurance that the person is who they claim to be at enrolment.

Throughout each step, it is still essential to consider the trade-offs required to uphold the individual’s privacy rights as it relates to data creation, storage, use and ultimately, deletion.

Example (Option 3): Immunity passport flow and how it utilises digital identity

Alice works for a consultancy firm and has been working from home during the lockdown period. She now wants to go back to work from the office and must prove her immunity from COVID-19 in order to do so.

1. She signs up for an immunity test with the 2. She goes to an NHS centre to be tested. Her NHS. She is asked to register and verify her picture is taken via a hands-free camera and is identity ahead of her appointment. She can do compared to the image of her face taken this via her smartphone or , using the during registration, to prove that she is the in-built camera on either device to take a same person who originally signed up for the picture of her face and associate it with her test. The images match, and the test is registration. administered.3

3. When complete, the immunity certificate is 4. She uses this digital identity, now associated created and connected to her digital identity. with her immunity certificate, as a passport to access her office. 4

2 Final considerations

Our aim is to collaboratively build a solution that helps establish a ‘new normal’ in which individuals can start to move more freely and safely. A successful solution will be used at scale and be trusted by those who use it. We believe that immunity passports should promote freedom and privacy. There is no choice to be made.

In designing a privacy-centric solution, there are some important elements to consider. These will need to be collaboratively reviewed together with the government, regulatory bodies, partners, and individuals’ rights in mind:

 Digital representation of a unique individual: There may be members of the public who do not want to reveal their legal identity (for example, illegal migrants) or are concerned about multiple identity checks, yet could still spread the virus. Likewise, others might feel wary of a system built upon biometrics.  The mandatory versus voluntary nature of the programme: If a programme is mandatory, privacy by design and default becomes ever more critical as participation should be possible without further intrusion on a person’s civil liberties and freedoms.  The role of data privacy, storage and usage: How the data of both the individual and any check is used and stored must be clearly defined and put in control of the person. For example, will it be used exclusively for the authentication of immunity or for other purposes.

This document outlines some of the key identity challenges and considerations when building an immunity passport scheme. Fundamental to our business and product strategy is that we have the flexibility to accommodate multiple approaches. We welcome feedback or questions on any of the points raised in this document, and look forward to supporting the UK government on this important initiative in any way we can.

(April 2020)

3 Storage: Individual’s personal information shared privately and stored securely. 4 Flexibility: Individuals can either show immunity on their own device or 3rd party can check it without storing or revealing personal information