“We’ve been working on MOSIP since 2020. In fact it was in 2019, the first time we heard of it – in Johannesburg,” said Yodahe Zemichael, executive director of Ethiopia’s National ID Program in an ID4Africa 2022 session featuring three countries at different stages of integrating the Modular Open-Source Identification Platform. ID4Africa 2019 was the arrival on the world scene for the Tata Trusts and Bill & Melinda Gates Foundation-backed free-to-use system designed to prevent vendor lock-in.
Ethiopia has already enrolled 75,000 people in the ongoing digital ID pilot, and aims for 10-12 million by the end of 2023, 70 million by the end of 2025.
ID4Africa 2022 was, in many ways, MOSIP’s conference, a tribute to the spotlight the movement can shine on a participant. In the three years since Johannesburg, preventing vendor lock-in has flipped to a scramble among vendors to achieve partnerships, compliance and, most recently, a form of product certification from the Bangalore-based organization.
Vendors have moved through any initial concerns about losing out on lock-ins to seeing which way things are going and joining forces. However, suspicion lingers around MOSIP’s proximity to Aadhaar, among vendors and the wider identity community.
MOSIP and Aadhaar: siblings or distant cousins?
“MOSIP is inspired by Aadhaar,” said Arun Gurumurthy, head of Strategy and Resourcing at MOSIP, keen to put a little distance between the two after Biometric Update put it to the MOSIP team that links with India’s vast biometric ID system are the one persistent area of doubt of the modular system among attendees.
Relations with UIDAI, which operates Aadhaar, are formal rather than friendly, said Gurumurthy, to differentiate between the proprietary Aadhaar system and the open-source, open-standards MOSIP. Former UIDAI Chief Product Manager Sanjay Jain is chairman of MOSIP’s Technology Board, among others who transitioned from the authority.
Speaking to Biometric Update alongside Sanjith Sundaram, head of Biometric Ecosystem, in a discussion after the organization’s informal catch-up with MOSIP countries, present and prospective, Gurumurthy said “it was only natural it appeared in India,” adding that Indian government officials are partial to proudly mentioning MOSIP in speeches.
Aaron Martin of the European Centre on Privacy and Cybersecurity at Maastricht University further questions the relationship between the two programs. “Proponents of foundational identity initiatives are keen to depict the MOSIP solution as a pre-packaged version of India’s identification system, ‘Aadhaar in a box,’ as it’s often described. Unfortunately, this characterization oversimplifies the complexities of digital identity, including the economics, politics and values, that ought to be top of mind among decision makers.”
MOSIP’s advisory board includes the World Bank’s ID4D, UNHCR, ID2020 and ID4Africa.
Country and code expansion
As Aadhaar continues to court controversy on a regular basis and shows little progress with international expansion (UIDAI officials have visited Myanmar and Russia, but whose governments appear otherwise occupied), its younger, more up-to-date cousin is already well on with adoption in the Philippines, Togo and ID4Africa 2022 host Morocco (the first to pilot it). It is also being piloted in Guinea, Ethiopia, Sri Lanka and Sierra Leone. Barely four years since MOSIP began, more than 67 million people have been enrolled.
Feedback from adopting countries is helping speed up implementation in new members, said Gurumurthy, but local conditions mean there is still no way of saying how long it takes to get a system up and running in a country. Speeches from the MOSIP countries during ID4Africa 2022 also detailed how differently a country can implement the system. While Morocco ensured it had a legal framework already in place for every step of the process, Ethiopia is in advanced digital identity pilots, aiming for 100,000 real enrolments by August while its legislation is in the draft stage.
This element is noted in an assessment of MOSIP by Privacy International. It finds the platform effectively prevents vendor lock-in and is a good step towards privacy-based identity. The platform even comes with documentation to support countries in planning legal frameworks for the system, but there is no way to enforce that laws be in place before the system is active.
With more than 1.4 million lines of code, the open-source project continues to expand, also supported by Norad and the Omidyar Network. It has more than 60 commercial partners, of whom 25 were exhibiting in Marrakesh, with over 50 products self-assessed as compliant on show. From introductory speeches to delegates in Johannesburg, this year vendors arrived with MOSIP logos for partnerships and compliance built into their stands. Compliance trophies stood next to individual products.
Membership three ways
“We don’t have the legal wherewithal to certify,” said Gurumurthy as he explained the latest way to be linked to MOSIP, “the aim is an open-source framework for certification.” The organization has already begun a process with BixeLab, which is accredited to certify biometric vendor hardware. What the process involves is checking that the hardware meets the requirements MOSIP’s Secure Biometric Interface, a triangle of software, hardware and system management, explained Sundaram.
The idea for the framework is to avoid bottlenecks for governments making sure the components are secure and compatible while implementing MOSIP, said Sundaram. An individual government using MOSIP can decide on the specifications of its own labs, while MOSIP’s frameworks will give labs worldwide the information to check compatibility and standards. Products would still need to go to field tests.
Alongside upcoming hardware certification, there is already MOSIP Compliance for software and the MOSIP Partnership Program (MPP) for system integrators which deploy components in a country. Joining the MPP brings training opportunities for the integrators to learn more about working with the system.
The growing network of MOSIP Experience Centres allow digital identity adopters to see how integration of a system might look; how it might interact with health records, for example.
Marketplace and partnerships
MOSIP took the opportunity of the gathering to launch its Marketplace. It brings together all the compliant products, software, hardware and approved partners (system integrators) to allow a country to see what the options are for each part of the modular system.
The Marketplace listings link back to the vendors, meaning any prospective customers deal directly with the suppliers. MOSIP intends to stay neutral, simply listing which products have been through an approval process.
The idea is to close the gap between MOSIP partners and adopters, said Sundaram.
Civil registry – as an add-on
MOSIP is not moving into civil registration and vital statistics as such, as it aims to keep its focus on identity systems, said Gurumurthy. However, it has been working with OpenCRVS as an integration. OpenCRVS is an open-source, free-to-use civil registry system, aiming to help with reaching the UN SDG 16.9 of a legal identity for all by 2030.
Reference integration documentation is already available on the MOSIP site as the two organizations develop ways to work together.
Views from the vendors
The overall consensus from vendors at Marrakesh is that they are keen to become official partners of the scheme or have their software recognized as compliant or hardware certified.
“It has become a standard,” said product lead at Neurotechnology, Denis Kačan, summarizing the mood that companies have to be in it to win it.
Some vendors are mid-way through these processes for certain products, and the majority, including Suprema ID which has had two fingerprint scanners self-certified, that Biometric Update spoke to on this issue plan to have all new products approved. Sundaram explained that there will be a way for minor updates or different casings for equipment to not require the full rigors of initial certification to help firms and adopting countries speed up implementation.
Integrated Biometrics said that it had seen three African tenders where MOSIP compliance was a prerequisite. With their sensors used by vendors such as Innovatrics and Neurotech, a MOSIP partner, Integrated Biometrics sales director for EMEA, Robert Jones, explained that MOSIP approval and the Marketplace can make choice easier for adopters: “We want people to choose us, not be forced to use us.”
Gopa Kumar, EVP of Protean (formerly NSDL e-Governance), said that being a MOSIP partner is not just about keeping competitive, but about being part of something bigger and making a contribution to the scheme.
Big deals are coming for vendors. Ethiopia has a population of 114 million, the Philippines 115 million, Morocco 37 million. A vast amount of equipment is needed not just for biometric enrolment, but at the point of service provision, whether private sector banking or government welfare.
IriTech, which works with system integrator Thales in the Philippines, shipped an initial order of 10,000 L1-certified iris scanners. Its next order looks to be ten times that, said CEO Daehoon Kim. The firm is also working with Sri Lanka.
MOSIP vs OSIA
MOSIP is not the only system intending to end vendor lock-in. Also introduced onto the scene in Johannesburg was OSIA from the Secure Identity Alliance. It too was present at ID4Africa where it unveiled its own compliance process.
While there were plaques denoting OSIA recognition on vendor stands, MOSIP had clearly caught the momentum.
Perhaps the most inciteful observation on MOSIP came from (long-time MOSIP-compliant) Tech5’s Yulia Bibikova who said that OSIA comes across as being organized by vendors, while MOSIP is driven by vendors, that OSIA is a collective of vendors, while MOSIP is its own thing that vendors are part of.
A community of adopting countries is developing, Arun Gurumurthy said after a country meeting in Marrakesh. Feedback from each country makes each new implementation a little easier.
From the fringe to the forefront, MOSIP may soon need its own conference.
biometrics | digital identity | ID4Africa | ID4Africa 2022 | identity management | MOSIP (Modular Open Source Identity Platform) | national ID | open source | privacy | vendor lock-in