Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare
There鈥檚 been a lot of discussion recently over whether to create a new system of digital vaccine 鈥減assports.鈥 But that conversation is just a small part of a much larger movement aimed at creating a digital identity system, including a push by companies, motor vehicle departments, and some state legislatures to digitize the identity card that most Americans carry: the driver鈥檚 license.
At first blush, the idea of a driver鈥檚 license we can keep on our phone might sound good. Digital is often touted as the 鈥渇uture鈥 and many people cast such a transition as inevitable. But digital is not always better 鈥 especially when systems are exclusively digital. There鈥檚 a reason that most jurisdictions have spurned electronic voting in favor of , for example. And the transition from a plastic ID to a digital one is not straightforward: Along with opportunities, there are numerous problems that such a switch could create 鈥 especially if they鈥檙e not designed perfectly.
Today we鈥檙e releasing a report looking at digital driver鈥檚 licenses and their implications for our civil liberties. While not categorically opposing the concept of a digital identity system, we outline the many pitfalls that such a system creates if not done right, and some ominous long-term implications that we need to guard against. We call on state legislatures to slow down before rushing to authorize digital licenses, ask hard questions about such a system, and, if and when they decide to go ahead, to insist upon strong technological and policy measures to protect against the problems they are likely to create.
So what problems could digital driver鈥檚 licenses bring? First, they could increase the inequities of American life. Many people don鈥檛 have smartphones, including many from our most vulnerable communities. Studies have that more than 40 percent of people over 65 and 25 percent of people who make less than $30,000 a year do not own a smartphone, for example, while people with disabilities and homeless people are also less likely to own one. If stores, government agencies, and others begin to favor those who have a digital ID or worse, mandate them, those without phones would be left out in the cold. We believe that people must have a continuing 鈥渞ight to paper鈥 鈥 in other words, the right not to be forced as a legal or practical matter to use digital IDs.
Second, a poorly constructed digital identity system could be a privacy nightmare. Such a system could make it so easy to ask for people鈥檚 IDs that these demands proliferate until we鈥檙e automatically sharing our ID at every turn 鈥 including online. Without good privacy protections, digital IDs could also enable the centralized tracking of every place (again, online and off) that we present our ID. It is possible to build in technological privacy protections to ensure that can鈥檛 be done, and there鈥檚 no reason not to include them. No system is acceptable unless it does.
In some ways, a digital ID could improve privacy 鈥 for example, by allowing you to share only the data on your license that a verifier needs to see. If you鈥檙e over 21, a digital ID could let you prove that fact without needing to share your date of birth (or any other information). But if not done perfectly, they are likely to do more harm than good.
In the longer term, the digitization of our driver鈥檚 licenses could lead not only to an explosion in demands for those IDs (including by automated systems), but also to an explosion in the data that is stored in them. Digital ID boosters are already that they will store everything from health records to tax data to hunting, fishing, and gun licenses. And they could very easily turn into something that becomes mandatory, rather than an optional accessory to the physical license.
How close are digital driver鈥檚 licenses to becoming real? A secretive international standards committee (which won鈥檛 reveal its members but which appears to be made up exclusively of corporate and government representatives) is currently putting the finishing touches on a interoperable global standard for what it calls 鈥渕obile driver鈥檚 licenses,鈥 or mDLs. The association representing U.S. DMVs is to implement that standard, as are federal agencies such as .
But the licenses we would get under this standard are not built to include airtight privacy protections using the latest cryptographic techniques. They are not built primarily to give individuals greater control over their information, but to advance the interests of major companies and government agencies in inescapably binding people to identity documents so they can be definitively identified online and off. It鈥檚 vital that we only accept a system with the strongest possible privacy protections, given all the potential ways that mDLs could expand.
In our new report we make a list of recommendations for digital IDs. We call on state legislators to insist that the standards for digital driver鈥檚 licenses be refined until they are built around the most modern, decentralized, privacy-protective, and individual-empowering technology for IDs; that they make sure that digital identification remains meaningfully voluntary and optional; that police officers never get access to people鈥檚 phones during the identification process; and that businesses aren鈥檛 allowed to ask for people鈥檚 IDs when they don鈥檛 need to.
Identification is necessary sometimes, but it鈥檚 also an exercise in power. As a result, the design of our IDs is a very sensitive matter. A move to digital IDs is not a minor change but one that could drastically alter the role of identification in our society, increase inequality, and turn into a privacy nightmare. A digital identity system could prove just and worthwhile, if it is done just right. But such an outcome is far from guaranteed, and much work will have to be done to implement a digital identity system that improves individuals鈥 privacy rather than eroding it, and is built not to enclose individuals but to empower them.