During the lockdowns that typified the COVID pandemic, there was a roughly two-year period during which it was only under very special circumstances that a person could leave their house to visit a government office, a bank or cross a border. This accelerated the requirement for validating someone’s identity remotely. Of course, this ‘person-not-present’ form of ID authentication was prevalent and growing before 2020, but the pandemic accelerated its acceptance.
As restrictions to movement were lifted, the notion that digital ID was somehow ‘dematerialising’ the mechanisms of ID management persisted. We talk about ‘ID data in the cloud’, ‘virtual identity’, ‘cybersecurity’ as though these things are ethereal, without physical substance.
On the other hand, physical documents relating to identity are characterised as old- world tokens printed on wasteful sheets of paper or environmentally damaging slabs of plastic.
Governments around the world are racing to initiate electronic ID cards with the promise that digital equivalents and virtual credentials will dematerialise the business of identity verification 1.
But then, a recent study 2 on the rapid growth in the biometric sensors market got me thinking. What about all of the physical equipment, plant and consumables needed to set up, run and maintain digital ID management and civil registry systems? What about the energy embedded in those physical assets and the kilowatt hours needed to push the ID-related data through that physical network?
To illustrate this, I conducted one of my (in)famous handwaving experiments to compare the energy cost of providing and using two types of identity credentials at
scale: one a physical ePassport, the other the virtual identity credentials you might find on mobile apps, digital wallets, or cloud-based ID services. And to play fair, I left out the parts that overlap the two approaches, like biometric enrolment.
In addition to the cover and visa pages, an ePassport has an embedded chip, polycarbonate layers, machine- readable zones, and security features. Authentication typically occurs at border kiosks or ID readers, using low-power sensors or optical scan technology.
At first glance, creating a virtual ID might appear to require nothing more than issuing an alphanumeric identifier and gathering some personally identifiable information to set up a credential for logging in. In practice, it involves cryptographic key generation, secure server provisioning, databases, distributed storage, and regulatory audit logging – all backed by energy-hungry cloud data centres.
I’m not going to try and put numbers to these energy assumptions, but I will make an observation that indicates how I believe the numbers would fall out if I did.
An ePassport sits inert in your pocket until it’s used. A digital identity lives on a server – synchronised, encrypted, backed-up, and perpetually ready for real-time authentication. In that sense, and to its credit, digital identity is more active, more connected, more convenient, and I would estimate, more energy- expensive. There is an energy price to be paid for the convenience of ‘always-on’ digital identification.
You might, rightfully, object that my thought experiment is indeed more handwaving than experiment. Surely the identity data that ePassports need to be tested against are held as a digital record, somewhere?
True, but the attraction of virtual identities is that the digital record isn’t held by just one department or agency. Once the identity of an individual has been collected as digital attributes, everyone wants their own record, or so it seems. I’ll take the example of the US identity ecosystem, as the information was readily available. Biometric identity management is distributed across a complex array of federal agencies and systems.
The FBI manages the Next Generation Identification system, which stores over 160 million identity records including fingerprints, palm prints, facial images, and iris scans for criminal justice and civil purposes 3.
The Transportation Security Administration and US Customs and Border Protection employ fingerprint and facial recognition in the PreCheck and Biometric Entry/Exit systems to manage air travel and border security 4 .
The Department of Homeland Security operates IDENT and is rolling out Homeland Advanced Recognition Technology. The Department of Defense oversees the Automated Biometric Identification System, collecting biometric and DNA data from military personnel, foreign nationals, and detainees for defence and intelligence applications. The US Department of State uses biometrics within the Consular Consolidated Database, supporting visa and passport processing for millions of travellers. I could go on, but I think you get the point!
Each of these systems operates on large server farms, high-resolution sensors, secured data centres, and real-time authentication networks – all powered by electricity and supported by hardware.
A growing number of researchers are pushing back on the notion that digital identity is somehow ‘weightless’. In an empirical study published on ResearchGate 5 in early 2024, researchers examined the energy footprint of decentralised identity management systems – those that operate on blockchain or distributed ledgers which are often assumed to be more energy-efficient than legacy ID systems.
Their findings point in a different direction. Even when deployed at modest scale, the acts of registering a new user, verifying a claim, or rotating cryptographic keys, all consumed measurable quantities of power.
When added together the power usage is substantial. Electrons are material. They must be mined, moved, stored, powered and protected. Don’t get me wrong; I accept the many advantages of digital ID management when it comes to widescale authentication of people-not-present.
But let’s not kid ourselves… saving the environment isn’t one of them.
1 - https://arynews.tv/pakistans-first-dematerialized-digital-identity-card-launched/
2 - www.openpr.com/news/3905793/biometric-sensors-market-expected-to-reach-us-36-1-by-2030
