By Ken Macon – Reclaim The Net
Welcome to a new privacy-first initiative challenging the digital identity status quo, urging a sharp turn away from the surveillance-ready infrastructure embedded in mobile driver’s licenses.
The campaign, called No Phone Home, brings together a broad alliance of civil liberties groups, privacy experts, technologists, lawmakers, and public officials who are resisting the ways digital IDs compromise people’s rights.
What’s fueling the campaign is concern over how mobile driver’s licenses, increasingly adopted in the US and abroad, are built atop a technical framework that allows them to silently transmit data back to issuing authorities. While this function may not be active by default, it exists; and that, privacy advocates argue, is a serious vulnerability.
Even if unused, if the architecture allows for data to be sent back to government servers, it eventually will be the campaign’s statement warns.
At issue is a largely under-the-radar international standard: ISO/IEC 18013-5:2021.
This specification has become the foundation for digital ID systems used in several US states and internationally, including those compatible with Apple Wallet and Google Wallet. It mandates that mobile IDs support server-side retrieval of data; a feature that can open the door to mass tracking.
Digital identity tools were initially developed inside corporations where privacy wasn’t a major concern.
The campaign is making a political and ethical case. The core principle is simple: digital credentials, like physical ones, should not expose a person’s movements or behaviors. While many states have promised not to use the tracking features built into digital ID standards, this is a policy decision, not a technical safeguard
Indeed, a state government recently realized it had mistakenly left the tracking capability active in its mobile ID app and only turned it off after the fact. That incident has added urgency to the campaign’s message.
The concern extends beyond physical spaces. With digital IDs increasingly used for online age verification, privacy advocates worry about how web activity could be logged and linked back to individuals. In Louisiana, for example, residents must verify their age using the LA Wallet app to access adult content online.
Other standards, like OpenID Connect, face similar criticism. Though different in design, OIDC also supports silent data transmissions. ISO’s structure in particular favors verifiers; businesses and agencies verifying identity, rather than individuals trying to safeguard their privacy.
While digital driver’s licenses remain optional and relatively uncommon today, their growth is accelerating. More states are rolling out digital wallets, and countries in the European Union and elsewhere are moving quickly toward official digital identity systems.
We’re at a critical moment. If we don’t demand safeguards now, we’re going to end up with digital identity systems that fundamentally undermine privacy.