The postal network is, by definition, universal. As mail delivery and addresses (senders and recipient identification) become omni-channel, the extension of the postal service provision into new means of digital communication at national and global level demands standards defining the necessary trust frameworks.
Across the world, states and businesses are tackling the issue of identification; they need to know who their clients are, and ensure that people only get access to the information and services to which they are entitled.
Identity is rapidly becoming the central organizing principle in any modern society, and managing identity in a proper manner is vital. Work currently under way at the UPU to Address the World, in accordance with its Standards S42 and S53, is paving the way, laying the foundations for combining the physical delivery address and the personal identity.
Extending the postal service provision into new means of communication, and enhancing the ability of posts to manage the postal electronic identity (PeID) across the universal postal network, will allow senders and recipients to securely interact and use services any time, any place and anywhere.
When high quality PeID management at global postal level (UPU) is made available to the public or private sector, new commercial electronic services requiring identity management can be established.
The PeID acts as an enabler for innovative public and commercial services and is designed to benefit citizens and businesses, especially small and medium-sized enterprises, in all UPU member states. PeID becomes a building block for the net-generation postal network.
Putting a trust framework such as PeID into practice needs a powerful shared vision, one driven by real user needs and public interest, and aligning actors in the field.
Just as the postal address is core to several levels of postal In-Person-Proofing services offered by most postal service providers today (whether for secured delivery, first class or second class mail, parcel services or postal financial services), so user identification and authentication are essential if many cross-border services are to become successful and secure.
Success lies in the interoperability of national postal identity management systems.
Most individual member states have their own user identification and authentication solutions. The efficient use of cross-border services demands that these eID solutions be interoperable.
In other words, the member states must be aware of, and trust, each other’s solutions. This trust reflects the level of assurance that is associated with an authentication solution. Where there is common understanding about the levels of assurance, then interoperability is ensured.
A major part of our economy is driven by personal data. Knowledge of who the customer is, their preferences, profiles, and predictions about how they might behave, are the new digital currency.
The more customers are willing to share with third parties in order to pay for services in the digital and social society, the more defined this digital identity becomes. A digital identity enables the user to act (or to be serviced in a digital environment) according his/her profile:
Fig 1: Explanation used by EC DG Connect for eIDAS WS
When it comes to personal electronic identification, each EU state has established its own national identification framework, issuing trusted assertions or credentials at a national level.
This electronic identification is an infrastructure provided by a national government; it identifies a particular person and is the digital representation of that person. An electronic identification empowers the user to prove their identity:
Fig. 2: Explanation used by EC DG Connect for eIDAS WS, September 25, 2013
Applying the electronic identification and the digital identity together provides a trust framework, where the proof of the entity is provided by a national government, and the (digital & social) profile is provided by several identity providers.
Proof of electronic entities and digital identities must be regulated globally.
Extending postal service provision into new means of communication requires a stable and sound framework for upgrading the universal address system. In a data-driven, next-generation postal network, (analogue) addresses must be developed further, becoming identifiers for authenticating senders and recipients.
Postal operators have traditionally acted as trusted mediators, based on universal rights enshrined in the acts of the UPU guaranteeing secured communication and the right of transit of mail. These rights are currently being extended to the new postal service provision.
Postal identity management, to identify and authenticate the participants in any communication, demands core framework infrastructure which is regulated by the UPU.
This was as equally true in the past, when the global postal network was an item-driven, analogue network, and as it is today and in the future, as postal service providers extend their service provision into the digital world, covering hybrid and digital (e-commerce) postal services.
The UPU officially adopted its data protection compliance framework at the 25th UPU Congress in Doha, 2012, forbidding personal data gathered to provide a physical, digital or financial postal service to be made available to 3rd parties or used for any other purposes without the express permission of the user.
Confidentiality, protection and security of personal data are the cornerstones of the UPU service provision.
Postal services have already begun implementing their own postal identity management solutions. Here 2 examples:
The United States Postal Service (USPS) is leveraging its assets to evolve in the digital space by creating secure digital solutions. According to the USPS, these are:
The USPS has identified three major areas of customer demand:
1) Privacy & Security: According a study by the U.S. Department of Justice (2005 – 2010), the estimated annual value of data stolen by cyber thieves was $ 114 billion. 86% of Americans say internet companies should ask permission to use personal information, 54% of Americans believe website tracking invades their privacy.
2) Trust: When it comes to US consumers trusting online companies with their personal information, the USPS has been the most trusted government agency over the past seven years.
3) Convenience: The average US online user has 6.5 unique passwords and 25 online accounts, but limited options for managing sensitive, medical, financial and governmental documents online.
The U.S. government has a national strategy for postal identity management in cyberspace. The goal is to develop a comprehensive Identity Ecosystem Framework: build and implement, enhance confidence and willingness to participate, and ensure the long-term success and sustainability of such an identity ecosystem.
USPS’s product offerings and services are focused on:
Fig. 3: USPS: Allowing federal agencies in the USA to securely interact with a single trusted “broker” to authenticate customers
Today US federal agencies require the issue of more than 250 million digital credentials to access their respective website applications in support of eGov initiatives. This requires integrating with multiple Identity Service Providers (IDPs), each independently paying for authentication services.
USPS’s solution – Federal Cloud Credential Exchange (FCCX) – creates a centralized interface between agencies and credential providers. This aims at reducing costs and complexity, and speeding up the integration timeline for new IDPs.
This is important for consumer privacy, as IDPs do not know which agency the consumer is logging into. This is important for the federal government, as the authentication costs are decreased through centrally negotiated rates with the USPS.
In 2011, only 15 – 20% of all Italian users bought goods and services online or sent electronic communications to public administrations – the EU average, in contrast, was 40%. The main reason holding back users was the belief that digital channels are less secure than the traditional, analogue channel.
Poste Italiane S.A. manages the whole process of certifying a user’s electronic identity, using its own physical (14,000 post offices) and digital (cyber security centre) assets.
Fig. 4: Poste Italiane S.A. combines electronic identification with verified personal identities
The Poste Italiane Group has developed a trusted and secure ecosystem, integrating postal identity management by verifying the identity of the users and linking users to verified personal profiles (including attributes such as shipping preferences, payment options, preferences, etc.).
The result is Poste Italiane’s “Postal Digital Identity”. The platform is designed to enable users to make online transactions and access different e-services, securing Poste Italiane’s leading position as trusted mediator used by senders and recipients alike.
Walter Trezek is the Chairman of the Consultative Committee (CC) of the Universal Postal Union (UPU).