Mobile ID privacy concerns and privacy-enhancing opportunities
14 November, 2017
category: Digital ID, Government, Transit
Are you ready to have your physical ID also available as a mobile ID? Issuers across the country and around the globe are preparing for this inevitable step and early results have been extremely positive. In this four-part podcast series, experts at secure identity provider HID Global help us explore how different our lives can be if we do just that.
In episode one, we explored the basics of Mobile ID 101. In part two, we address mobile ID privacy and security.
A smartphone offers a privacy enhancing opportunity that doesn’t exist with a traditional card. Within the mobile ID app, data is encrypted and can be stored only on the phone rather than in an external database
As the concept of mobile ID is new, some degree of consumer or citizen apprehension should be expected. But as they see the technology’s potential, it becomes clear that mobile ID’s can actually safeguard the user’s privacy and security. So says Steve Warne, Director of Solutions Marketing in HID Global’s Citizen Identification business. But, Warne stresses, issuers must first tackle the inevitable concerns that come with the technology.
“There are a number of concerns. The most common one we hear is, ‘If I have this app on my phone, am I going to be tracked by someone?’” he says. “Citizens want to know what happens to their data when they use a mobile driver’s license, for instance. Is there a ‘Big Brother’ somewhere taking that information and using it for whatever means?”
Warne says a smartphone actually offers a privacy enhancing opportunity that doesn’t exist with a traditional plastic ID card or paper identification document. Within the mobile ID app itself, identifying information is encrypted and can be stored only on the phone rather than in an external database.
When it comes to mobile ID privacy, the actual use of the handset can also be more privacy enabling. Bluetooth (BLE) can be used for a potentially safer experience for both sides involved in a transaction, such as at a traffic stop. An exchange of keys between the officer’s ID reading device and the citizen’s mobile device would secure the information as it passes over the air via Bluetooth. The phone would never leave the hand of the citizen.
“The police officer can check who’s in the car without approaching the car,” Warne says. “On the citizen’s side, we’re exchanging information that this is a real police officer. By sharing only the information you want over BLE – like your driver’s license –you can be sure that the police officer doesn’t have access to your e-mails, your browsing history, your text messages.”
Physical documents usually require face-to-face interactions, while a mobile ID allows for secure online and over-the-air transactions. For example, a unique passcode generated on an app could enable proof of identity over the phone. A mobile ID can also be updated and renewed through a secure channel instead of the citizen having to drive to a government office to show paper identifying documents, such as a birth certificate.
“With the advent of mobile technology – using selfie technology or even a fingerprint – you could build in a lot of security to a remote enrollment, which means that the citizen could potentially do that from the comfort of their own sofa,” Warne says.
Listen to the podcast to learn more about mobile ID privacy, and stay tuned for future installments of our four-part series Investigating Mobile IDs and Credentials.
Listen to other episodes from the series:
- Episode 1
Mobile ID 101: Establishing rules of the road for mobile driver’s licenses and IDs - Episode 2
Mobile ID privacy concerns and privacy-enhancing opportunities - Episode 3
State of the states for mobile driver’s license pilots - Episode 4
Mobile ID use cases beyond mobile driver’s licenses
