Digital ID Systems Should Not Be Centralized (original) (raw)

In many states, Americans can now ditch their physical wallet and verify their identity simply by tapping their device on a scanner. And just as digital wallets from Apple and Google have made commerce more convenient, digital ID systems could potentially make government interactions faster and more efficient. But they also raise the ominous specter of government surveillance. Can we have the efficiency of a digital ID without letting government track our every move?

Yes, but that's not the path we're on.

Take Colorado. Since 2019, Coloradans have been able to use a digital ID as a legal form of personal identification throughout the state. Users download an application to their smartphone, enroll in the service, and have their identity authenticated by taking photos or videos of a valid ID card or other government issued documents to prove that they are who they claim to be. Then that information is encrypted, and the user is granted a digital ID and an associated key or code that serves as an identifier.

Colorodans can simply show their digital ID to verify their identity in much the same way as you would show your driver's license to a bartender to prove you are over 21. That means of verifying identity is relatively private. However, many services, both public and private, are increasingly turning to electronic verification, which requires pinging a government server. This ping creates a data record outlining who, what, when, and where. Over time, these records create a government-controlled ledger of information about its citizens.

Built and maintained by third-party vendors, Colorado Digital ID collects troves of information from users. As outlined in the privacy policy for myColorado, the app collects data "including, but not limited to your IP address, device ID and browser type," and information on the "general geographic area" of the user. The privacy policy further details that the government shares information with third-party service providers and, much more concerningly, with law enforcement and other government agencies upon request.

The fundamental flaw in digital ID systems like Colorado's is that they are centralized. In order to work, citizens must trust the government to protect their data from malevolent actors and from the state itself, despite the fact that government agencies have not been good stewards of citizen data.

When implementing digital ID systems, many states claim they will respect the privacy and civil liberties of their citizens, essentially promising that they will not use their newfound power for evil. But far better than Google's longtime motto "Don't be evil," is the idea of "Can't be evil." It's easier to trust state actors to respect our privacy when they lack the ability to violate our privacy.

And yet, digital IDs do show promise. These systems could streamline and modernize archaic procedures by introducing secure, easily verifiable credentials that work seamlessly across our physical and digital lives. Digital IDs can help make governments more accessible and efficient, reducing costs and increasing civic participation by automating many processes that would otherwise require physical interactions. For example, digital ID systems can allow citizens to securely apply for permits online, eliminating the time and hassle of doing so in person.

How do we get the good and not the bad? For inspiration, we should look to the cypherpunks of the late 1980s and early 1990s who had a clear vision centered around robust privacy secured by encryption. "We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence," wrote Eric Hughes in A Cypherpunk Manifesto. "The technologies of the past did not allow for strong privacy, but electronic technologies do."

Decentralized networks now make it such that there need not be a trusted intermediary in a digital system, so digital IDs could theoretically cut the government out entirely. Similarly, advanced cryptographic methods such as zero-knowledge proofs allow information to be verified without the verifier needing access to the information. Combining these two characteristics, we can create systems that grant us all the benefits of digital IDs and are resistant to surveillance. In fact, several projects already have protocols and products that operate based on these principles.

Hughes is right that governments, by their very nature, resist privacy and are more than willing to exploit new technologies to surveil citizens. Thus, as more states and localities choose to implement digital ID systems, it is up to the citizens to demand that those systems be built in ways that protect their civil liberties. The technology exists. All that is left is for it to be implemented.