Expert Speak Digital Frontiers
Published on Nov 06, 2019
Governance by technical standards: Do digital id platforms re-order or reinforce international relations?

If the post-War order was founded on the political identity of nation-states, the proliferation of digital identity platforms challenges this sacred tenet of international relations. The popularity of digital IDs coincides with a curious moment in history. The “liberal, international order” was preoccupied for the most part of the 20th century with the objective of preventing war, but global governance in the 21st century aims largely to serve the individual.

At least 10 of the 17 Sustainable Development Goals (SDG), for example, relate directly to personal well-being. Digital ID platforms position themselves as conduits for fulfilling some of the goals: conferring “legal identity” is itself an SDG. The needs of the individual, broadly identified, are no longer met by states alone: they are often serviced by international organisations, whether in the form of humanitarian aid or access to justice. In fact, the reach of international organisations over the range of human activity has become so expansive that the European legal scholar Jan Klabbers has compared their relationship with states as to that between Frankenstein and his monster: “You are my creator, but I am your master. Now obey!” The Prosecutor of the International Criminal Court, for instance, is empowered to try individuals charged with crimes of grave concern to “the international community,” not nation-states. The hitherto unchallenged authority of the state in designating an act as criminal, and its suzerainty over the individual’s freedoms, are thus simultaneously called into question. In short, “man” is no longer the third “image” of analysis in the Waltzian sense but an actor whose rights and responsibilities today are addressed directly by the international system.

Digital IDs, this essay argues, catalyse the direct interaction between individuals and the international order, without the tempering influence of state-based institutions. Many digital IDs are themselves created by governments, but they may have the unintended effect of blurring the unique status and political identity enjoyed by states.

Some caveats are in order before this thesis is further explained. Digital ID platforms are not going to replace states as the principals of global governance. Multilateral regimes may indeed have become more sophisticated, invasive, and ambitious, but states have shown extraordinary resilience to retain and reinforce their primacy in the international system. The network of regimes in place today to manage the affairs of states continue to privilege their political identities in three distinct and important ways.

Firstly, states are still the primary sources and subjects of international law, with trans-border migration or commerce mediated exclusively by them. The World Trade Organisation, for instance, has long discouraged non-tariff barriers with a view to eliminate political interference in inter-state trade.<2> The provisions of the General Agreement on Tariffs and Trade, however, have not prevented states from imposing protectionist measures that reflect the political, even ideological, preferences of governments of the day.<3> The European Union — perhaps the closest the world has come to genuine, “supra-national” governance — too has recently acknowledged the imprimatur of member-states in areas of “high politics” such as foreign affairs and security policy. The formal creation of the European Council — a “politically independent” gathering of European heads of states and government — through the Treaty of Lisbon in 2007, and its heightened prominence since the 2008 global financial crisis<4> reflects the reality that states and their political interests cannot simply be wished away.

Secondly, the monopoly of states on violence, and protection offered to them — since 1945 — from violent acts by other states represent the ultimate validation of their political autonomy and identity. They are the only units of international relations that can use military force to defend territory. The protections offered to states against aggression is in no way qualified by the type or nature of the government in question. Article 2(4) of the United Nations Charter directs the prohibition against the threat or use of force not only against the territorial integrity of a state, but also its “political independence.” The rule of non-interference contained in Article 2(7) of the Charter similarly requires the UN to stay away from “matters that are essentially within the domestic jurisdiction” of a state. Norms on the use of force, expected to uniformly apply across the board, have responded to political — but state-centric — impulses of the time. In 1973, the UN General Assembly endorsed the use by liberation movements of all necessary means, “including armed struggle”, to overthrow colonial regimes.<5> But those struggles in many instances had to be aligned with the goals of national unity and territorial integrity to earn UN recognition.<6> Since 9/11 and the US invasion of Afghanistan, it is generally accepted among states and scholars that the right to self-defence extends not only to actions against states, but also non-state actors.<7> The balance of power between states and non-state actors — insofar as the use of force is concerned — is still tilted overwhelmingly in favour of the former.

Thirdly, the conspectus of international instruments that codify the civil, political, social, and economic rights of individuals all declare them to be universal, but ultimately leave their implementation to states. Although the intrusive powers of human rights monitoring and reporting agencies have steadily increased over the years, they continue to be subservient to statist, political considerations. Elections to say, the UN Human Rights Council, the Group of Governmental Experts on ICTs, or the Global Climate Fund are even today based on political calculations unrelated, respectively, to the human rights record, size of the digital economies, or emissions reduction efforts of states.

None of these realities will likely be upended by the introduction of digital ID platforms. That said, digital IDs take aim at the rare chink in the armour of state sovereignty: the inability or incapacity to govern. The most prominent challenges to states’ sovereignty in recent years have arisen on this account. The norm of Responsibility to Protect, (R2P), for instance, calls on the UN Security Council to protect populations (even through the use of force) from genocide, war crimes, crimes against humanity, or ethnic cleansing, if a state is unable or unwilling to fulfil this solemn duty. Similarly, the recent surfeit of “global administrative law” (GAL) on counterterrorism suggests international organisations have been emboldened enough to manage the security environment of weak and small states.<8> GAL is exemplified in the sanctions regime that the UN Security Council has created through Resolutions 1373 and 1267. These regimes have been created for all 193 UN states by 15 members of the UNSC, with limited room for non-participating members to withdraw or express reservations. What is more, the sanctions regimes affect individuals directly through listing and de-listing decisions by a committee of the Council — for all intents and purposes, they constraint the ability of states, especially weak ones, to govern their own citizens according to their laws.<9> Yet another channel for the dilution of sovereignty has been through “reputational databases” such as the Fragile State Index, Freedom in the World Index, and the Democracy Index, used often as foil for effecting structural changes to the political economies of states.

So far, these encroachments into sovereignty have themselves been politically coloured and inconsistently applied. Moreover, some of them — like the norm of R2P — reflect extraordinary circumstances where the state’s dereliction of duty is so manifest that the international community is left with no choice but to intervene militarily.

Digital IDs take aim at the rare chink in the armour of state sovereignty: the inabiliy or incapacity to govern. The most prominent challenges to state sovereignty in recent years have effectively arisen on this account.

Unfortunately, this approach towards the political sanctity of statehood — “sovereign until they are not” — has resulted in a lack of serious introspection as to the eligibility, in the first place, for continued statehood beyond formal requirements (population, territory, government, etc). In particular, there has been a woeful neglect of state capacity as a determining criterion of sovereign autonomy, and thus, worthiness of primary membership in the international system. The capacity of states to serve their territory or population is not eroded overnight save in exceptional circumstances. In most cases, it is the result of incremental failure of governing institutions. There are good reasons why such a debate is yet to materialise: over just the last six decades, three separate waves of self-determination allowed numerous societies to cast off the yoke of colonialism and claim independence through statehood. It would be premature — not to mention historically unjust — to question the hard-earned autonomy of newly formed states because of systemic constraints they face in developing their economies or improving the livelihood of their peoples. The lack of clear, substantive parameters to assess the effectiveness of a state, and the inevitable politics it will invite, have made such a determination difficult. Digital IDs may help move this needle.

Where do digital ID platforms fit in?

On first glance, digital ID platforms, which have cropped up in almost all major geographies, appear to pose no threats to the supremacy of states. If anything, their application, being confined squarely to territorial limits, would seem to augment the capacity of a state to control the affairs of its people. But the recent embedding of such platforms within the broad rubric of the UN ecosystem and Bretton Woods machinery (note the World Bank’s Identification for Development Initiative) has to be viewed in a political context as well.

Instruments such as the Universal Declaration of Human Rights or the Convention on the Rights of the Child confer individuals, or certain categories of individuals, with inalienable rights. Others such as the UN Refugee Convention confer “status” based on universally accepted parameters. Both the implementation of rights and the conferring of status are often politically coloured exercises — states can well argue, as many have, that a group of individuals have no “well-founded fear of persecution” in their home state and thus do not meet the requirement to be classified as refugees.<10> Digital ID platforms do not confer status but in validating the identity of individuals, they arguably eliminate some of the discretion available to states to renege from their responsibilities under international regimes. They provide an objective and acceptable basis for determining the capacity of a state: the very purpose of giving an individual an digital identity is to confirm her legal existence, and concomitantly, realise those rights or benefits that the state itself has promised to all citizens in her position (these could be universal rights such as the right to vote, or special economic rights accrued to her as a member of a marginalised community).

In conceiving and implementing a digital ID platform, a state has complete autonomy in choosing who to identify, and deciding what entitlements ought to be linked with such identity. But once conferred, the performance of a state in meeting its governance commitments to those identified is held to a technical standard as opposed to politically pliable interpretations or macro-indicators of development. In other words, state capacity is no longer determined solely by formal parameters that have so far languished in procedural purgatory.<11> A digital ID platform would assess it through the prism of technical standards that determine or confirm whether the individual has indeed been the rightful recipient of governance. This is a sea change to extant paradigms of global governance, which has flagged under-performing states for want of capacity, but ultimately left them to be arbiters of their own development. So far, unless such “incapacity” has exceeded an improbably high threshold — as with failure to prevent famine or mass atrocities — political censure, or stronger measures like sanctions, has been few and far in between. Digital IDs ensure that the penetrative gaze of the “liberal, international order” extends to the individual directly than through the collective of race, community, gender, or ethnicity, whose grievances have thus far provided the limited grounds for infringements of sovereignty. In some cases, digital IDs can indeed point to systemic exclusions of civil, social, or economic rights for a community, exposing states to scrutiny. But for the most part, they are likely to invite the international community’s attention to issues that are less politically visible but important nevertheless. Through its absorption into the SDG framework — Goal 16.9 promises “legal identity for all” — for example, the UN has been offered an enabling framework to help pilot digital ID projects in developing countries. But the same framework allows the UN and other international agencies to assess, using digital ID-based statistics, whether said states have made progress in meeting the rest of the SDGs: for example, access to justice, clean water, healthcare, and education can all be enabled and monitored through a digital ID platform.

Can a state’s inability to meet the needs of individuals who have been given a digital identity be grounds for “creeping monism,”<12> i.e., international regulations that directly address those unmet requirements? Arguably not, and were such a norm to be mooted, it would likely take many years, even decades, to gain currency among governments for fear of its implications for their sovereign powers. But digital IDs provide room for a technocratic assessment of governance, and curtails the ability of a state to offer a “justificatory discourse” for compliance with international human rights treaties, SDGs, or other norms.<13> Most importantly, in focusing on the individual, digital ID-based metrics of global governance will offer rich micro-indicators of development, eschewing broad parameters that reveal little. For instance, a country’s impressive performance in the World Bank’s Ease of Doing Business Index does not reflect the extent of financial inclusion (in practice) among small and medium-size entrepreneurs, or the qualitative nature of their access to banking institutions. An evaluation of state governance based on digital identity admittedly cannot avoid subjective or politically agitated prescriptions that follow a verdict of poor performance. Current debates around the “right” path of development that a state ought to follow will likely be replicated in such a case.

The exposure of its incapacity is, however, not the only way in which digital ID platforms may catalyse a move away from state-centric global governance. It could also be through the “transfer” of sovereign functions. Take Estonia’s digital ID programme, the e-ID kaart, whose raison d’être is the need to meet the requirements of the country’s tiny population spread over a (relatively) large territory. Effecting private or public transactions (transferring money or casting a vote) over secure digital ID infrastructure is therefore more viable than setting up brick-and-mortar institutions (banks, polling booths) across Estonia.<14> But the e-ID kaart is also premised on a model of a country as a “service” and not physical territory as defined by international boundaries.

“Country as a service is the new reality. For example, if the UK says unequivocally that it will not issue a secure, government-backed digital identity to its subjects, or if states fail to greatly simplify the machinery of bureaucracy and make it location-independent, this becomes an opportunity for countries that can offer such services across borders,” Taavi Kotka, formerly Estonia’s Chief Information Officer, has argued.<15>

The e-ID kaart effectively allows Estonians anywhere in the world to avail governance benefits, but the functions that it serves could well extend to other countries. Today, a citizen of Myanmar can apply to become an “e-resident” of Estonia, which would grant her access to banking services (making and receiving payments from anywhere in the world), authenticate digital transactions, and register and run businesses remotely. Estonia’s digital infrastructure is leveraged to make available governance benefits that Myanmar or another less developed economy is unable to provide. For example, entrepreneurs from those countries can raise capital in EU markets, which would be otherwise difficult without physical residency permits. The service would not just be for entrepreneurs, but also local businesses in say, Turkey, using gateways like PayPal that have stopped operations in that jurisdiction, but not in the EU.<16> Estonian e-residency is also based on the e-ID kaart.<17> By offering an identity-based residency as a service, the e-ID kaart (and future ID platforms based on the Estonian model) diminishes the autonomy of states to govern the affairs of its citizens who cannot vote with their feet, but can do so through digital networks.

India’s biometrics-driven platform, Aadhaar, offers yet another model of governance based on digital identity. It is not so much the collection of biometric or personally identifiable information that is relevant to this context as the model by which “Aadhaar-enabled” services are offered. Apps using Aadhaar are built on application programming interfaces (APIs) — “stacks” — that help them query its database. The working principle behind this API-based platform is that any institution, regardless of its function (profit / not-for-profit) or legal character (public / private entity), should be able to use the unique, digital ID to authenticate the identity of an individual. UPI, or the Unique Payments Interface, is also built on the same principle, and lets Indians send and receive money to and from banks, online vendors or other commercial establishments. UPI relies on a unique digital ID called the Virtual Payment Address — “johndoe@upi”— that becomes the source and destination address for transactions. The VPA obviates the need for remembering cumbersome bank account numbers or routing codes. To be clear, UPI applications do not need Aadhaar to effect payments, although until recently, they could be made to users through their Aadhaar numbers as well. UPI places a premium on the interoperability of systems: the individual only needs a Virtual Payment Address — a unique identifier — and as long as she relies on a banking or payments app that runs on UPI, she can effect payments between any two entities, no matter how different they are.

The individual therefore becomes the manager of money flows, a scenario that banks and other financial institutions that previously played this role have readily accepted, because it saves them time and resources from trying to verify the bonafide credentials of customers. Were this platform to be transposed onto a regional or even international context, it would deprive states of one of their biggest levers of sovereign autonomy: controlling money within their borders. Since the 9/11 attacks, the international regime on capital controls has been some of the strongest ever, with a view to target the illicit financing of drugs, arms, and terrorist activities.<18> States have been caught in the cross-hairs of this restrictive regime, and asked to implement tough measures to regulate the flow of money into their economies. Those with the institutions and the political will necessary to perform such oversight have stepped up, while states with poor capacity continue to be safe harbours for money laundering. A UPI-like platform would allow international organisations and law enforcement agencies to track money flows without the aid of states.<19> (Even if unique identifiers were based on a platform developed by one state, it would be relatively easy to set up a coordinating body that keeps track of international transfers, as long as a critical mass of states accept that technical standard). Such a digital ID model too would diminish the autonomous agency of states.

What is more, an individual’s digital ID is arguably the nucleus of personal information that she is willing to offer online. States traditionally have borne the responsibility of physically protecting its citizens, but in this case, individuals may migrate to alternative, state-run or private platforms that offer better protection from cyber-intrusions.<20>

With the advent and scaling up of these platforms, will digital identities of individuals really eclipse, or at the very least, blur the political identity of states? At first blush, it may seem unrealistic to believe the state, among the oldest and most resilient units of international relations, will simply wither away. But digital ID platforms pose a potent threat precisely because they do not challenge the state by offering a grand or comprehensive alternative to Westphalian governance. Instead, digital IDs create micro-regimes around individuals, throwing into relief their socio-economic status and making it possible to draw a straight line from the development goals of global governance to the persons whom it was articulated for. That connection is not mediated by the state, although the digital identity is conferred by it. Is it conceivable that the UN High Commission for Refugees will in the future disburse cash transfers to “stateless” individuals through a digital ID platform built by it? Such a scenario is well within the realm of possibility. Moreover, platforms like the e-ID and UPI dilute the principal-agent relationship between the state and citizen, because many of their features allow individuals to interact with entities and other individuals across borders without needing the government’s vouching for their legal existence and “good standing.” This takes away from one of the important features of a state, which is its capacity to enter into relations with other governments.

If digital ID platforms threaten to erode — or in other cases, highlight the lack of — state capacity, it is likely that some governments will use them to concentrate even more power to control its citizens or monitor its critics. The misuse of digital IDs for mass surveillance is an outcome the international community should therefore guard against.

But for now, the onward march of digital ID platforms appears unstoppable. States themselves are queuing up to develop these platforms, without perhaps being fully cognisant of their potential to bite the proverbial hand that feeds them. Digital ID platforms may be put to different uses depending on the socio-economic context in which they operate. But it is likely they will all subscribe to a shared, core set of technical standards to ensure interoperability, robust data protection or ease of adoption within economies. In other words, digital ID platforms are not likely to be drastically different across geographies. If technical standards have had a harmonising effect on the physical features and capabilities of handheld consumer devices all over the world, it is reasonable to believe this will be true of digital ID platforms as well, which in any event are run on economies of scale. It is notable that the first comprehensive, collated set of technical standards for digital ID platforms was published by the World Bank (the standards were themselves variously developed by other entities such as the ISO and the International Telecommunications Union).<21> The interoperability of digital ID platforms could facilitate the shift in user bases, further eroding the ability of a state to retain its “client” base.

State-based institutions, norms and regimes of global governance probably will not face an existential challenge from digital identity platforms. But by re-orienting the locus of international relations to the individual — often without mediation by traditional, domestic institutions — digital IDs will trigger reactionary measures from governments. Some of those compensating tendencies may be positive, with states clamouring to offer better services to their citizens for fear of international criticism, or of individuals choosing electronic services in non-native jurisdictions. Some measures will invariably be repressive, and governments could try to exclude some communities from digital ID projects, limit their interoperability or end-uses, or misuse them for surveillance.

One thing is clear: digital ID platforms may currently be conceived as technocratic interventions, but their roll-out and widespread adoption will also have political implications that go well beyond their “stated” uses.


This essay originally appeared in The Raisina Files


Endnote

<1> The author is a PhD candidate at the Fletcher School, and currently on a sabbatical from ORF. He is grateful to Srinath Raghavan, Urvashi Aneja, and Sanjay Anandaram for inputs and feedback on this article. <2>Non-tariff barriers: red tape, etc”, WTO. <3> See generally: Paola Conconi, David DeRemer, Georg Kirchsteiger, Lorenzo Trimarchi, Maurizio Zanardi, “Suspiciously Timed Trade Disputes”, CEPR Discussion Paper 10582, May 42, 2015, <4> Wolfgang Wessels, “Economic Governance: Towards a ‘gouvernement économique’?” in The European Council (UK: Palgrave Macmillan, 2015), 187-210. <5> Julio Faundez, “International Law and Wars of National Liberation: Use of Force and Intervention,”African Journal of International and Comparative Law 85 (1989): 85-98. <6> General Assembly Resolution 3070 (XXVIII). <7> Christine Gray, International Law and the Use of Force (UK: Oxford University Press), 192-253. <8> See generally Benedict Kingsbury, Nico Krisch and Richard B. Stewart, “The Emergence of Global Administrative Law,” Law and Contemporary Problems68 (Summer 2005): 15-62. <9> Stefan Talmon, “The Security Council as World Legislature,”American Journal of International Law 99, no. 1: 175-193. <10> Barry, Sautman, “The Meaning of “Well-Founded Fear of Persecution” in United States Asylum Law and in International Law,”Fordham International Law Journal 9, no. 3 (1985): 483-539. <11> Matt Andrews, Lant Pritchett, and Michael Woolcock, Building State Capability: Evidence, Analysis, Action (UK: Oxford University Press, 2017), 30-52 <12> See generally:Melissa A. Waters, “Creeping Monism: The Judicial Trend Toward Interpretive Incorporation of Human Rights Treaties”, Columbia Law Review (April 2007); Washington & Lee Legal Studies Paper No. 2006-12. <13> Abram Chayes and Antonia Handler Chayes, The New Sovereignty: Compliance with International Regulatory Agreements (Cambridge, MA: Harvard University Press), 1998. <14> Taavi Kotka, “Country as a Service: Estonia’s New Model”. <15> Ibid. <16>PayPal to halt operations in Turkey after losing license, impacts ‘hundreds of thousands’”, TechCrunch. <17>Estonian eID scheme: e-Residency Digi-ID — Technical specifications and procedures for assurance level high for electronic identification”. <18> Anne L.Clunan,“The Fight against Terrorist Financing,”Political Science Quarterly 121, no. 4 (2006): 569–596. <19>NPCI plans international remittance on UPI platform”, The Economic Times, March 30, 2018. <20> I am grateful to Urvashi Aneja for this argument. <21>Catalog of Technical Standards for Identification Systems”, The World Bank Group.

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.