Comment on page
Increased Privacy in Identity Checks
The big questions surrounding privacy related to mobile driver's licenses that we need to consider are:
- Verifier Collusion: As we previously discussed, how can we limit two Verifiers (or a Verifier and an Issuer) from combining their information about a Holder and learning more than they were meant to?
- Selective Disclosure: Are Holders only sharing the information that is necessary to share for this interaction?
- Issuer Phone-Home: How can we limit issuers from tracking holders' movements as they use digital credentials?
One of the significant concerns related to introducing easier digital identity checks is that we might inadvertently introduce a surveillance state where people are unwittingly profiled based on geographies and behaviors.
With advances in technology and cryptography, we are able to build solutions for digital identity and mobile driver's licenses that actually afford more privacy in interactions than existing physical driver's license cards.
Selective disclosure occurs when an individual makes an informed decision about precisely what information to share about themselves in an interaction. For example, if a person is 25 years old, they only need to tell a bartender they are over the age of 21 (if they're in the United States) for entry. They should not, however, need to disclose their home address or other extraneous pieces of information that may actually make the person feel unsafe in the interaction. Here are a few examples of what this might look like in regular life interactions:
- Alice goes to a bar with some university friends. The bartender begins making suggestive comments as soon as she enters the bar, which makes her uncomfortable. In order to be served a drink, Alice would like to be able to show she is over 21, without disclosing her full name and her home address to the bartender.
- Samantha lives alone as a graduate student and cares a lot about her personal privacy and safety. She doesn't like to disclose her home address to people she doesn't know personally after a stalking incident at her previous apartment. She needs to prove to her local library that she is a resident in order to enroll for a library card to check out research materials, but would prefer to do so without sharing her exact home address with the library staff.
- Steve hates public attention and on his birthday, he wants to treat himself to a nice meal, without fear of the waitstaff erupting into a public rendition of the "Happy Birthday" song, after showing his identification to order a glass of wine in celebration.
With the adoption of mDLs, people will be able to selectively disclose the minimal required information in the context of that specific interaction. The mDL issuer, the DMV, can create digital signatures for specific attributes (like date of birth) or grouped attributes (like driving privileges) that the holder can choose to disclose.
Selective disclosure can be implemented in every form of digital identity, beyond just mobile driver's licenses and state-issued identity. For example, when applying for a job, a person should be able to present their verifiable credential digital diploma to prove they hold a bachelor's degree in a certain domain, without disclosing what university they graduated from, which may introduce bias into the hiring process.
Every time a holder decides whether to share their personal information, they should be fully informed of:
- the entity requesting their information,
- what information is requested to share to proceed,
- and the purpose for sharing this information.
Aside from legal terms of service, these policies can be enforced on the technical level.
Selective disclosure and user-controlled identity will allow us to level the playing field a bit more for the power dynamic between individuals and the companies that aggregate and track information on them. This approach is aligned with recent data protection regulations, as outlined in Relevant Laws & Regulations, but with enforcement through technical architecture, rather than fines imposed for noncompliance. Both are strong incentive structures and can work hand-in-hand to reintroduce individual privacy protections into the modern digital world.
There are additional considerations related to the implementation of digital identity solutions, which we will explore further next.