With thorough back-office auditing, false positives are reduced, ensuring fraud-proof document verification processes.
Lights, shadows and challenges of digital identity projects
Various initiatives around the world are continuing to explore digital identification methods that put control in the hands of users, although large-scale implementation presents technological and security challenges. Two of the most recent examples are found in New York State and France.
New york bets on digitizing driving licences
M
ichaelle Solages, a democrat in the New York Assembly, has promoted a pilot project to develop mobile driver’s licences, in collaboration with the New York Department of Motor Vehicles (DMV). These licences would be digital versions of traditional licences that would be stored on users’ smartphones.
To work on the project, Solages met with legislators and organisations from different states, as well as with representatives of digital identity companies, Google and the National Institute of Standards and Technology (NIST). Although the DMV had a contract with the biometric technology company IDEMIA to build a digital identity platform, which would also include the issuance of mobile driver’s licences (or mDLs), the initiative proposes that the State be the one to control the digital wallets that would contain the documents, instead of a private provider, which has aroused the suspicions of some sectors.
Doubts about the security of data storage
These concerns have led to opposition. Groups such as the New York Civil Liberties Union and Surveillance Resistance Lab have expressed concerns about the risk of increased government surveillance, as similar programs can lead to mobile tracking and digital records of activities, such as alcohol purchases or medical visits. These groups have not hesitated to propose that the project be paused and insist on the need to develop strong technical protections, such as encryption and regular checks, to preserve user privacy. The implementation of digital identity wallets should never be subject to centralised control or produce any kind of tracking.
Request a free demo of TrustCloud Wallet, a robust and privacy-friendly credential management solution.
The information contained in mDLs, such as driving history or medical and financial information, could be used to discriminate against certain groups of people and, ultimately, could be used to deny access to certain places or services, such as car rental or entry to a stadium. The most critical voices warn that there is a lack of transparency in the way mDL data will be collected, stored and managed.
At the other extreme, legislators argue that the adoption of the new system will be voluntary and will offer greater convenience and security, while also acting as a barrier against counterfeiting and theft. In addition, its uses could be extended to other identity verification scenarios.
The successful implementation of mDLs will depend on effective collaboration between governments, businesses and privacy organisations. Security and transparency in data handling will be crucial aspects to gain public acceptance. Legislation and public policies will need to be adjusted to adequately regulate the use of these identity credentials, thus ensuring the protection of user privacy.
Other states, such as Georgia and Tennessee, are working on similar projects to digitise identity credentials such as driving licences.
France Identité: control of identity attributes in a large-scale national programme
The French government has just launched another ambitious plan called to revolutionise the identity management of its citizens. France Identité is an application that allows all citizens of the country to identify themselves online securely and reliably, according to its promoters, and has been available to all French people since February 14th.
To start using it, France Identité requires users to go through an identity verification process that includes downloading the application to a smartphone and facial recognition to confirm identity.
France Identité promises greater security, by allowing users to prove their identity without the need to reveal sensitive data from their official documents and with minimal information exchange. It is also in line with the precepts of the European Union’s eIDAS regulation, which means that the French digital identity will be recognised in other member states.
The data collected, as expressly stated on the French programme’s website, must always be for a specific purpose. Only data necessary to achieve that purpose will be used. In addition, sensitive data, such as biometric information, enjoy special protection. When data is no longer needed, it must be securely deleted. Users retain the right of revocation at all times, an essential factor for the success of such projects.
In addition, France Identité users will be able to add their driving licence to the application. This digital version does not replace the physical licence, but rather complements it. In the future, the French wallet could be used to sign electronic documents securely, make online payments faster and access public services such as applying for scholarships or renewing passports. France Identité has Bug Bounty, an application developed in parallel for any user to report errors.
Transparency, responsibility and oversight
Because of its significance, it is essential that national identity projects be subject to thorough scrutiny by the public. Civil society must be involved in the design and implementation process of these projects to ensure that they are transparent, accountable and respect human rights. In addition, independent mechanisms must be created to oversee the operation of these systems and prevent abuses.
Contact our digital identity specialists.