Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare
There’s been a lot of discussion recently over whether to create a new system of digital vaccine “passports.” But that conversation is just a small part of a much larger movement aimed at creating a digital identity system, including a push by companies, motor vehicle departments, and some state legislatures to digitize the identity card that most Americans carry: the driver’s license.
At first blush, the idea of a driver’s license we can keep on our phone might sound good. Digital is often touted as the “future” and many people cast such a transition as inevitable. But digital is not always better — especially when systems are exclusively digital. There’s a reason that most jurisdictions have spurned electronic voting in favor of paper ballots, for example. And the transition from a plastic ID to a digital one is not straightforward: Along with opportunities, there are numerous problems that such a switch could create — especially if they’re not designed perfectly.
Today we’re releasing a report looking at digital driver’s licenses and their implications for our civil liberties. While not categorically opposing the concept of a digital identity system, we outline the many pitfalls that such a system creates if not done right, and some ominous long-term implications that we need to guard against. We call on state legislatures to slow down before rushing to authorize digital licenses, ask hard questions about such a system, and, if and when they decide to go ahead, to insist upon strong technological and policy measures to protect against the problems they are likely to create.
So what problems could digital driver’s licenses bring? First, they could increase the inequities of American life. Many people don’t have smartphones, including many from our most vulnerable communities. Studies have found that more than 40 percent of people over 65 and 25 percent of people who make less than $30,000 a year do not own a smartphone, for example, while people with disabilities and homeless people are also less likely to own one. If stores, government agencies, and others begin to favor those who have a digital ID or worse, mandate them, those without phones would be left out in the cold. We believe that people must have a continuing “right to paper” — in other words, the right not to be forced as a legal or practical matter to use digital IDs.
Second, a poorly constructed digital identity system could be a privacy nightmare. Such a system could make it so easy to ask for people’s IDs that these demands proliferate until we’re automatically sharing our ID at every turn — including online. Without good privacy protections, digital IDs could also enable the centralized tracking of every place (again, online and off) that we present our ID. It is possible to build in technological privacy protections to ensure that can’t be done, and there’s no reason not to include them. No system is acceptable unless it does.
In some ways, a digital ID could improve privacy — for example, by allowing you to share only the data on your license that a verifier needs to see. If you’re over 21, a digital ID could let you prove that fact without needing to share your date of birth (or any other information). But if not done perfectly, they are likely to do more harm than good.
In the longer term, the digitization of our driver’s licenses could lead not only to an explosion in demands for those IDs (including by automated systems), but also to an explosion in the data that is stored in them. Digital ID boosters are already proclaiming that they will store everything from health records to tax data to hunting, fishing, and gun licenses. And they could very easily turn into something that becomes mandatory, rather than an optional accessory to the physical license.
How close are digital driver’s licenses to becoming real? A secretive international standards committee (which won’t reveal its members but which appears to be made up exclusively of corporate and government representatives) is currently putting the finishing touches on a proposed interoperable global standard for what it calls “mobile driver’s licenses,” or mDLs. The association representing U.S. DMVs is moving to implement that standard, as are federal agencies such as DHS and the TSA.
But the licenses we would get under this standard are not built to include airtight privacy protections using the latest cryptographic techniques. They are not built primarily to give individuals greater control over their information, but to advance the interests of major companies and government agencies in inescapably binding people to identity documents so they can be definitively identified online and off. It’s vital that we only accept a system with the strongest possible privacy protections, given all the potential ways that mDLs could expand.
In our new report we make a list of recommendations for digital IDs. We call on state legislators to insist that the standards for digital driver’s licenses be refined until they are built around the most modern, decentralized, privacy-protective, and individual-empowering technology for IDs; that they make sure that digital identification remains meaningfully voluntary and optional; that police officers never get access to people’s phones during the identification process; and that businesses aren’t allowed to ask for people’s IDs when they don’t need to.
Identification is necessary sometimes, but it’s also an exercise in power. As a result, the design of our IDs is a very sensitive matter. A move to digital IDs is not a minor change but one that could drastically alter the role of identification in our society, increase inequality, and turn into a privacy nightmare. A digital identity system could prove just and worthwhile, if it is done just right. But such an outcome is far from guaranteed, and much work will have to be done to implement a digital identity system that improves individuals’ privacy rather than eroding it, and is built not to enclose individuals but to empower them.