Improving the experience of becoming a new Canadian resident
Canada has a well-earned global reputation as one of the most open countries in the world. Over 200,000 people a year become permanent residents here, and roughly similar numbers each year become full citizens.* This annual intake is set to grow by 50-60%, based on the federal government’s latest plans.** In the current fiscal year, Immigration, Refugees and Citizenship Canada (IRCC) is expected to spend $2.7 billion, 80% of which goes to permanent immigration and related documentation** – and that doesn’t include spending by provincial immigration related programs.
A more efficient and effective immigration system would have benefits not only for the clients that rely on it, but for the Canadian businesses who hire them. Digital identity – as applied to visas, permanent residence cards, and citizenship documentation – promises to be a critical element in any such transformation.
Digital identity would improve the experience for users. The immigration process is necessarily information-intensive, but there’s no need to inscribe all of that information on physical paper and for clients to have to wait weeks or months to receive their certifications in the mail. Nor should their lives have to remain on hold while they wait. Digital identity should allow new permanent residents to open bank accounts and look for work as soon as they’re approved.
It promises greater efficiencies for governments. Information on paper forms has to be keyed into computers (and incorrectly-captured information has to be corrected down the line – a potentially expensive process when back-tracking and verification efforts are factored in); it also has to be filed, archived, and maintained. In addition to reducing such processing overheads, digital identity should create opportunities at border points to speed the flow of travellers. Efficiencies would likely accrue to the wider economy, too: banks, for example, would be able to offer online account opening for immigrants without having to verify their documents in person.
By improving the system’s integrity, governments at all levels would have less to fear from fraud (including health, welfare, and mortgage fraud), and law enforcement would have more confidence in the system and in the data it relies on.
In the following pages we’ll review the five guiding principles that we think should lie at the foundation of any broadly-adopted digital identity system, and we’ll look at a couple of examples of how its capabilities – focused, for the sake of simplicity, on permanent residency – could help create the twenty-first century immigration system we all deserve.
Digital identity is easy to theorize about, but architecting and implementing a comprehensive, secure, and sustainable system is another matter entirely – and an important part of getting it right is having a clearly articulated set of principles to guide the effort. We believe that there are five:
User control & convenience
No one wants to entrust a system with their personal details if those details are going to be transferred to and stored by numerous parties – especially if this happens without the user’s control or knowledge. At the same time, an identity system must be convenient and easy to use; if it isn’t, it won’t be adopted by Canadians already used to intuitive apps on mobile devices.
Security risks abound when people have to create different identities and passwords for each public and private service they access: they’ll often default to a single, easy-to-remember (and easy to crack) password, for example. At the same time, a digital identity that only applies to a handful of services will probably not be well adopted. A ubiquitous system is a more convenient and more secure system.
Security via abstraction
Even with the best user controls, a certain amount of identity data must necessarily be part of transactions in any given ecosystem. A highly effective way of securing that data is to “abstract” it, by replacing a private identifier with a publicly available one (like a person’s email address) or by replacing it with a randomized number that serves as an authorized “token” for the purposes of the transaction – and is not useful for any other purpose.
Standards & openness
In any dynamic system, it’s difficult to predict what the future will look like – so it’s important to build today’s solutions on universally-agreed standards. Not only does this reduce costs by eliminating the expense of building and then later having to adapt custom, one-off solutions, but it enables solutions built by others in the future to “plug into” the initial solution. Openness as an approach encourages adoption, innovation, and flexibility.
No user is likely to adopt an identity solution built or maintained by an organization they don’t trust; the question of identity is simply too important, and the impact of identity theft too great, to leave this to chance. Further, building a large scale (and ubiquitous) solution will require the cooperation and coordination of many players, and these players need to trust each other and the organization leading the effort.
Example 1: Residency documentation
Here’s how “onboarding” for permanent resident status could work in a future with digital identities.
Rich, a software developer from the Philippines, has been working in his global employer’s head office in Canada for a year, and decides he wants to live here on a permanent basis. Visiting the Government of Canada’s website, he first follows an online dialogue to ensure he’s eligible to apply for Permanent Residency. He’s pleased to discover that he is indeed eligible, and moves to the site’s application page.
There, he fills out the majority of the application questions online, but still has to visit a commercial photographer to have his photograph taken. The photographer provides him with an image file – digitally signed by the photographer and encrypted – to upload with his application. He uses Interac to pay the processing fee, and then hits “submit”.
The government receives his complete application and photo immediately, and begins its review and approval process. After a couple of weeks, Rich receives an email saying that his application has been approved, and directing him to a webpage that allows him to book an in-person interview with an immigration officer. He schedules and attends the interview, which allows the government to verify that nothing has changed since his application and that he remains eligible for permanent residency.
At the end of the interview, the officer signs off on his immigration process, and before Rich even stands up, within seconds he receives a notification on his mobile device saying that a digital Permanent Resident card is now available for his use. Following a link, he downloads a government app and uses it to install his Permanent Resident card on his device. The app prompts him to take a selfie so it can verify his identity against the photo he provided with his application, and once this is done, it activates the card in the app’s digital wallet.
As he walks out of the immigration office, he is a permanent resident – and he’s able to prove it in order to access financial and government services, and to leave and re-enter the country.
Example 2: Registration for services
As mentioned in our previous example, Rich is now able to use his digital Permanent Resident card to easily access a range of services.
To open a bank account, he downloads the financial institution’s app to his mobile device. As proof of his residency, he authorizes the app to transfer the “tokenized” information from his digital Permanent Resident card held within the government app. Tokenization replaces private data in the card with randomized data used only to authenticate that one transaction – and useless afterwards or elsewhere. The app auto-fills certain fields in his account application from data in his Permanent Resident card, and Rich completes the rest. The bank receives the application, and its systems use the tokenized card to authenticate his identity and his residency status against a secure database maintained by the government or a trusted third party. It then opens an account for him within seconds of his submitting the application forms.
As the use of digital identity expands, Rich will one day be able to register for government services just as easily as for financial services. Instead of having to visit a provincial ministry in person to present his identification documents (birth certificate, driver’s licence, etc.) and his proofs of residency (utility bills or the like), he’ll simply pull up the government services website and use his digital Permanent Resident card to prove his identity and his residence status and to securely sign his completed registration. Since he’ll be digitally authenticating himself, the ministry may well be able to source his address and other necessary details, with his express consent, from other government agencies, eliminating the need for him to fill in many of the fields in the registration, and as mentioned, removing the need for him to stand in line at a ministry office. Should he ever decide to change provinces, he would be able to access local provincial services in his new home in an equally simple fashion.
With the potential it has always held for improving economic growth and enriching the lives of Canadians, immigration is important to get right. Digital identity is probably one of the most effective mechanisms we have for achieving this goal:
Improving client experiences, by speeding application processes and eliminating post-approval wait times for crucially needed documents.
Driving efficiencies for both governments and private-sector institutions, eliminating paperwork, errors, and needless effort.
Strengthening security and reducing fraud, by erasing a point of vulnerability to forgery and other identity-based crimes.
As we’ve noted in previous papers, digital identity systems can – and should – be rolled out incrementally, building on the capacities and the trust embedded in existing systems and processes. Yet while following a step-by-step plan, governments should develop a holistic strategy, keeping their eye on an ultimate vision that encompasses as many services as possible, establishing a rigorous structure of user control and consent, and using open standards to ensure that other levels of government – federal, provincial, municipal – can connect easily into the emerging framework when they’re ready to do so.
If you’re interested in collaborating with Interac on the future of Digital ID, drop us a line at firstname.lastname@example.org
* Source: Statistics Canada
** Source: Government of Canada, IRCC Departmental Plan