A National Digital Authentication App

Digital government identity | Deloitte Insights

by Burhan Rasool  29 November 2020

Marc Goodman, known for his seminal work in law enforcement and technology, writes in his book, Future Crimes, “The cornucopia of technology that we are accepting into our lives, with little or no self-reflection or thoughtful examination, may very well come back and bite us.” These include, but are not limited to, connected home devices, laptop webcams, baby monitors, keyless cars, delivery drones, etc. Impersonation in such a technology-dependent world can lead to frequent financial frauds and data breaches. Hence, while treading on the digital transformation path for Pakistan, we need to be extra careful for our own sake and for the sake of our children and their future that all online traffic is super secure and can be irrefutably traced to its actual initiator and owner in the real world. In order to do this, a National Digital Authentication app is the need of the hour.

Consider a hypothetical scenario where Advocate Mashoor-e-Zamana files a case on behalf of his client, Mr. Seedha Pakistani. The case is about a shady land transaction. Seedha Pakistani claims that he was abroad when this happened and he never sold his land to Mr. Bao Badmash, who has now built a shopping mall with 5 levels on it. On the other hand, Advocate Badnam-e-Zamana contests that his client, Bao Badmash had purchased the land after paying the agreed amount of money to a Mr. Teesra Admi who had an authority letter from Seedha Pakistani to go ahead with the deal on his behalf. The court issues orders for the police to produce Mr. Admi. However, in the next hearing, the court is told that Mr. Admi has flown abroad and hence cannot be produced before the Honourable Court. This leads to multiple hearings, spread across months, adjournments happening due to the unavailability of any of the advocates or parties, out-of-court pressure on the parties to withdraw the case, and perhaps even ‘undue influences’ on the court to dispose-off of the case.

Now, if we proceed with the automation of existing processes without fixing lacunas like these first, we would end up creating new problems instead of solving old ones. For example, if we introduce an electronic case filing initiative without fixing the existing issues of fake power of attorney and fake authority letter, impersonators will have an open field to play havoc upon. In this scenario, we should either be doing business processes re-engineering first and then go for process automation, or institutionalize such a technology-based solution that not only introduces new ways of doing things but also fixes existing loopholes painlessly.

In order to fix these issues, it is imperative that we establish a regime that issues and keeps track of the digital identities of citizens, foreign passport holders having valid Pakistani visas, and business & government representatives. Our National Database Registration Authority (NADRA) has been doing a commendable job in not just giving us our Computerized National Identity Card (CNIC) Number, but also in biometrically verifying each individual Pakistani citizen. The next logical evolutionary step is to establish a link between every citizens’ real NADRA identity with their cyber identity that guarantees non-repudiation. For this, it is proposed that NADRA may use the already available picture of a CNIC holder to initiate the process of registration of citizens for digital identification, which can later be used to authenticate their digital transactions. For non-CNIC holders and for cases wherein the picture available with NADRA does not match with the person’s face against the provided CNIC number, the individual concerned may physically visit nearby NADRA facilities center to get his/her picture updated for digital identification. At that time, NADRA may also take the individual’s Iris data and voice samples (of digits from zero to nine), for giving two additional biometric options for logging-in into the proposed National Digital Authentication app and authenticating an online transaction.

Any software application that requires an authorization check will have to get itself linked with the National Digital Authentication app, which will be randomly generating 6 digit One-Time-Passcode (OTP), refreshed every minute for that linked software application.

Now, let us revisit the scenario of Mr. Seedha Pakistani. The authority letter, which was presented in the court by Advocate Badnam-e-Zamana would not have been generated in the first place. Similarly, there would be no more fake power of attorneys; no more fake guarantors for bail. People like Bao Badmash will not be able to take advantage of others, no matter how seedha (or simple-minded) one is. More importantly, this regime will act as a building block for all e-Services including e-FIR, electronic case filing in courts, e-Payments, e-Voting, e-Office, e-Signatures, and many more.

For services like the disbursement of pensions to the retired civil servants, teachers, and judges, banks require the beneficiaries to be physically present with horribly long waiting-queues at the time of receiving their rightful pensions. This is not how we would like our elderly to be treated. Similarly, for services wherein change in Government Records is required, like transfer of properties and wealth, marriages, divorces, etc., the physical presence of the initiator and/or beneficiary is needed in front of a state functionary. This is called Proof-of-Life. The good news is that we can get this required Proof-of-Life with our National Digital Authentication app without any need for physical presence. For this, we could either use the latest digital face recognition techniques or do a digital voice match, with voice samples stored against each digital ID. In the latter case, beneficiaries may be asked to speak out the randomly generated OTP digits that he/she sees on the screen. Matching these latest voice samples with already stored ones is going to give us a digital Proof-of-Life, which will be more reliable than the corruptible physical one.

This new digital authentication regime will not only address the impersonation issue but will also act as a foundation for a paperless, cashless, and presence-less regime, wherein the frontend bureaucracy will have absolutely no physical interaction with citizens for any transaction or delivery of service. This will not only spell out a doomsday script for the rent-seekers but will allow for a friendlier and easier interaction among the citizens and the government.


The writer is a member Prime Minister of Pakistan’s Task Force on Austerity & Restructuring Government and General Manager, Punjab Information Technology Board, Government of Punjab (Pakistan)

A National Digital Authentication App