The FAQs of a DDL – Chapter Two: Keeping the Thought Police at Bay
It was a bright cold day in April, and the clocks were striking thirteen. So begins Orwell’s classic dystopian novel 1984. Unfortunately for those of us in the business of developing new technology, it seems this haunting tale of totalitarian government oversight is etched in people’s minds since reading the novel in high school.
Quite often when we discuss the implications of a digital driver’s license (DDL), it evokes mental images of a black helicopter tracking our every movement. And while privacy is certainly a concern that weighs heavily on our minds, the DDL is not bringing any new privacy risks or threats to the lives of its users.
The average smartphone user is already releasing information to a multitude of sources regarding their whereabouts – whether knowingly or not. Navigating somewhere with Google Maps? Checking in on Yelp to redeem a promo offer? Tagging your photo locations on Instagram or Facebook? Searching for homes on Zillow or hotels on TripAdvisor? Yep, your location is being broadcast through all of those avenues. Of course these services and actions are all optional and by engaging in them you are receiving some benefit in exchange. Not driving around in circles blindly looking for an address: Totally worth the tradeoff! Having your followers validate your restaurant selection: Debatable.
But does that same sentiment extend to the government ID sector – and therefore to the digital driver’s license? That question is one that will only be answered over time, as we explore the multitude of future use cases. But lucky for you, I will answer some fundamental questions about privacy right here, right now. And I won’t even report you back to Big Brother should you disagree with me!
How does the DDL impact user privacy?
Our DDL puts the license holder in the driver’s seat by enabling them to decide when, where, and how much information they want to share. For example, when someone hands their physical driver’s license to a bartender to validate their age, they are giving them access to all of their personal information – their address, full name and date-of-birth, and even their height and organ donor status. But with a DDL, a user can display only the information needed to confirm they are indeed the license holder and the fact that they are over the age of 21. This offers a much higher level of privacy to the user by not revealing any information that is unnecessary or irrelevant in that situation. The DDL puts the license holder in the driver’s seat by enabling them to decide when, where, and how much information they want to share.
Can any of the DDL information stored on my phone be read by third parties?
No, with Gemalto’s DDL solution all information is encrypted at multiple levels: the application level, the network level, and the server level. Even the exchange of data between the DMV and the handset is encrypted. Additionally, the information on the digital driver’s license is only accessible when a user launches the application and enters their PIN or scans their fingerprint, making it impossible for someone to gain access to your information just because they are within a close proximity. The DDL holder always triggers the verification process or the sharing of their information, and that information is always encrypted.
Will other data on my device be accessible through the DDL application?
No, absolutely not. Often times when a user downloads a smartphone application, there are additional device access rights (contacts, photos, call log, phone status, browsing history, etc.) requested by the application that can occur in the background, sometimes without the user even being aware. But when you download our DDL application, there are no other access rights requested. When you are using your DDL in the field, your device never even needs to leave your hand. So you can rest assured that the remainder of your personal data is left untouched and protected on your device.
To learn more, visit www.gemalto.com/ddlpilot.
Read more blogs in the government sector from Gemalto.