Framing the conversation: a call for clarity and collaboration
Recently, the "nophonehome" movement sparked an important conversation about digital identity systems, privacy, and control. These conversations are timely and essential.
At the heart of these discussions is the "no-phone-home" principle, the idea that identity systems should not require every verification to contact the original issuer or a central authority. This principle is rooted in the desire to minimize tracking and surveillance risks. It ensures that when someone presents their proof of identity, it does not automatically notify the issuer of where, when, and potentially why it was used. This is particularly relevant as we design digital identity systems, where the technical architecture can either reinforce or mitigate these privacy concerns. The movement highlights real concerns about how digital identity solutions are designed and implemented. Concerns that anyone working in this space should take seriously.
However, as the discussions unfolded, much of the dialogue shifted from addressing the root problems to debating the technical details of specific standards or features. While critique is vital, it risks missing the forest for the trees if it focuses too narrowly on implementation details without acknowledging the broader challenge: how do we build identity systems that protect people’s privacy while meeting the practical and evolving needs of society?
This is not about defending one approach or attacking another. It is about recognizing that there is a problem to solve. And we all share a responsibility to solve it thoughtfully. Collaboration, rather than conflict, will be the key to building better systems.
It is of utmost importance to recognize that our task is not to build a single application or solution. We are creating an infrastructure that will shape how organizations and individuals interact, establish, and maintain trust in the near and distant future. The systems and architecture we build together will shape all our lives. So, let’s get it right.
Establishing our shared assumptions
To have a productive conversation, we need to establish a few shared starting points:
- Identity systems exist for a reason: Societies and economies rely on mechanisms to verify who people are. Without them, many critical functions of daily life, from accessing healthcare to voting, simply wouldn't work.
- Governments will be issuers: For foundational credentials like driver’s licenses and passports, a central authority, typically the government, will remain an important issuer and source of truth. Whether or not everyone agrees with this model is a broader philosophical debate, but it is outside the scope of this discussion.
- The goal is privacy-preserving trust: The challenge is not whether we need identity systems but how to make them trustworthy, privacy-preserving, and fit for a digital age.
A brief history of the plastic driver’s license
Much of the commentary offered recently has centered around physical drivers licenses and the more recent introduction of mobile drivers licenses in the US, hence its probably worthwhile briefly reviewing, how things have come to be.
Plastic driver’s licenses were first introduced in the US in the 1950s and 1960s, replacing fragile paper documents. The shift to plastic was driven by three main goals:
- Durability: Plastic was longer-lasting and more resistant to wear.
- Security: Plastic cards could embed photos, holograms, and eventually barcodes, making forgery harder.
- Standardization: A common form factor helped law enforcement and businesses recognize and accept IDs across jurisdictions.
Over time, the humble plastic card evolved from a credential that was about proving your entitlement to drive, into one of the most commonly used identity documents for travel, banking, age verification, and more.
Interestingly, as we now transition to digital credentials, we face a similar set of challenges. How do we make digital identities durable in the face of evolving technology? How do we embed the right security features to protect against forgery and fraud? And how do we create standardized systems that are interoperable across borders and industries?
The same core principles that drove the evolution of the physical driver’s license apply today as we shape the future of digital identity. The difference now is the scale and complexity of the digital world, and the heightened importance of privacy and data minimization in every interaction.
The plastic license in the digital age: not so humble after all
Many people see the physical driver’s license as a simple, offline proof of identity. But today’s licenses are far from analog. Most US driver’s licenses, for example, contain a PDF417 barcode on the back, a machine-readable format designed for digital systems.
It may seem obvious, but it’s worth stating: the presence of a barcode signals that the license is meant to interact with digital systems. After all, barcodes are designed for machines, not bartenders.
When that barcode is scanned, it reveals a wealth of personal information: your full name, address, date of birth, license number, and more. This means that even when you present a physical card, you are often sharing far more than you need to for a given purpose. And in many cases, the systems scanning your license record or transmit that data elsewhere, creating precisely the kind of traceable identity solutions we should be avoiding.
Even in physical settings, phone-home behaviors already happen. Many venues scan your ID at the door, leaving a digital trace long before you hand your license to a bartender who might not scan it at all.
And even if there is no technology involved and you merely flash an ID, this might not leave a digital trace, but still reveal far more data than necessary. For instance, during an age verification check, a bartender or venue might see your full name, address, what vehicle classes you are licensed to drive, and even whether you have any medical endorsements or restrictions, all irrelevant to proving you are over 21. This oversharing happens whether the verifier records the information or not. In the digital future, we have an opportunity to improve this by allowing individuals to share only the specific piece of information required for a transaction, and nothing more.
So in reality, this so-called “humble plastic card” is not as privacy-preserving as some would describe it to be. In fact, one could argue that it laid the foundations for the phone-home pattern we as an industry are trying to prevent. For example, when a law enforcement officer or bartender doubts a license's authenticity, they contact the DMV or a third-party service to validate it. The card itself does not carry enough trust. The issuer's confirmation does.
The growing demand for high assurance identity verification
The use cases for ID verification have also evolved dramatically. Increasingly, people need to prove who they are online, whether accessing government services, opening bank accounts, or complying with age restrictions on digital platforms.
Here is the problem. A physical card is difficult to verify online. There is no way for a website to look at an image of a driver’s license and know it is genuine. This creates a real and growing need for verification systems that check the credential against the issuer. In other words, systems that "phone home."
Why is this necessary? Because physical credentials are incredibly easy to forge. With cheap tools and AI-driven image manipulation, creating a convincing fake ID can cost less than a real one.
As trust in the authenticity of the plastic card declines, reliance on "phone home" verification grows. Relying parties, unable to confidently verify the physical document alone, increasingly turn to the issuing authority or third-party services for assurance. Businesses and regulators demand greater assurance that the person on the other end of an online interaction is who they claim to be. A wide range of industries, including finance, healthcare, social media, and more, face increasing fraud risks and evolving regulatory requirements. They need ways to establish trust online that go beyond the limitations of physical credentials.
This demand is legitimate. Ignoring it does not make it go away.
So what should we build?
The challenge is not whether we should build identity systems built for the modern digital world. We must. The question is how we do it in a way that protects privacy, limits surveillance, and restores confidence in the system.
Despite the amount of criticism leveled at the ISO 18013-5 standard specifically, there has been surprisingly little discussion about how its dominant pattern for in-person sharing actually works, and how impressive its privacy characteristics are. Device retrieval, the core interaction pattern in the standard, enables both the wallet and the relying party (reader) to operate entirely offline during verification. It does this while ensuring physical proximity between the two devices is required and prevents unnecessary data leakage or tracking by external parties through the use of end to end encryption and other cyrptographic techniques.
Furthermore, mDLs and other digital credential technologies support a crucial privacy-preserving feature known as selective disclosure. This allows users to share only the specific information needed for a particular transaction. For example, in an age verification scenario, a person can prove they are over 21 without disclosing their name, address, or license number. Nothing more than what is required.
It is important to acknowledge that no solution is perfect. mDLs and similar technologies may have areas that warrant discussion and improvement. But let the discussion focus on how we solve the broader challenge and what the practical alternatives are. Dismissing an entire solution because of disagreement with a single feature risks losing sight of the progress we need to make. Let’s have the debate about how to build better systems, not whether we should build them at all.
The path forward: a call for practical, privacy-preserving solutions
There is real demand for trustworthy, privacy-preserving identity verification from financial services to healthcare to online gaming. Ignoring that need does not protect people. It leaves a vacuum that will be filled by less transparent, less privacy-respecting solutions.
Instead of tearing down potential solutions based on misunderstandings or partial truths, let's:
- Acknowledge the real-world use cases and risks.
- Collaborate across sectors to build interoperable, secure, privacy-first systems.
- Focus on solving the problem, not fixating on the features of one proposed standard.
Identity systems with the properties we desire are within our reach. But we only get there through open, honest, and collaborative work, not by romanticizing the flaws of yesterday’s solutions.