The discovery that mobile driving licences are being produced against an outdated specification, misleading vendors as to the “latent surveillance by design” claims about these systems, has been made by the Internet Identity Workshop. Mobile Driving Licences are rapidly accelerating across states based on the ISO 18013-5 standard, which promised greater user convenience and a reduction in fraud concerning governments and businesses. The group uncovered that surveillance capabilities that were meant to be squashed in the official specification had been kept in – unbeknown even to vendors creating the systems and experts on MDLs.
During the 40th IIW gathering to discuss the future of identity systems, Steve McCown, a Digital Identity Architect and Utah Privacy Commission Advisor reviewed the specification in depth, discovering the privacy implications that had been overlooked.
The ISO mDL standard includes “phone home” capabilities that are activated in the mobile driver licence to enable government tracking. Nearly 100 opponents of phone home capabilities have signed a public statement against allowing surveillance of digital identity systems to track data back to governments.
In a statement, the signers agreed that “eliminating phone home capabilities is a requirement in building a privacy-protective identity system”.
