Utah is working on a state endorsed digital ID which public officials gave a boost on Friday remarking on its top feature: privacy.
Chief Privacy Officer, Christopher Bramwell, spoke at Identity Week America in September on the state endorsing plans to build the digital ID system, stored in a digital wallet. He closed out a fantastic summit on Friday with several states ready to take sample legislation back to their legislators.
The SB 260 Standard passed earlier this year, underpinning the foundation for Utah’s digital ID program.
In comments to KUTV, Bramwell said the “whole point” for users was to give them control over their own identity adopting a policy and privacy-first approach. Utah’s solution will not track users and personal data would be securely stored to prevent breaches.
In September, Bramwell explained the work with stakeholders to establish principles of trust through decentralised data governance, recoverability, and security by design. Governments can take data from verifiable ID, but the “protection of individual digital ID is a state role” and safeguarding citizens is even more of a priority with the onset of AI machine learning automating decisions. Emerging technologies like AI will need formal regulation, said Senate Majority Leader Kirk Cullimore, and this is where Utah’s policies are providing a strong foundation.
‘You can’t have privacy if you don’t have security’ Bramwell said. State endorsed digital identity is critical public infrastructure that has to be made secure or privacy can not be assured to users.
He also said that breaches will always be present and ever evolving but Utah has taken several measures to optimise recovery and most importantly, instil individual control within state-built systems.
They are developing digital IDs against open standards and open protocols and focusing on guardianship controls. Citizens want no government tracking, a sentiment that hundreds of experts echoed in the recent “no phone home” campaign. This highlighted that phone home capabilities can become tools for surveillance when verifiers of credentials interact directly with issuers of credentials.
