Digital IDs Must Not Phone Home

Without stringent safeguards, the broad deployment of digital IDs presents numerous risks to civil liberties, online and offline, including new risks that we don’t see with plastic licenses. One particular surveillance threat would be the ability for a government issuer – your local DMV, passport issuer, or university, say – to learn where and when you use your digital ID. In other words, whenever you present it for inspection, your ID would “phone home”. Through either intentional surveillance, collusion between businesses and law enforcement, or as a side effect of certain configuration choices, the government could learn every time you entered a bar, confirmed your identity to pick up a medication, or accessed a website with adult content. This scenario is all the more chilling in the context of rising authoritarianism, including in the United States.

The Center for Democracy & Technology (CDT) is joining others across the digital identity community — including civil society, industry, and individual technical experts — in signing the No Phone Home statement. It is a necessary, although not sufficient, condition for a rights-respecting digital ID system that there not be any capability for phoning home and tracking usage of a digital ID because of the enormous potential for abuse.

Governments and technical implementers should take care in the design and deployment of these systems that phoning home cannot happen.

Read the full statement.