Digital IDs under fire: Privacy advocates warn of government surveillance embedded in mobile licenses

• Privacy advocates warn that mobile driver’s licenses (mDLs) contain hidden tracking features that allow governments to monitor citizens.
• The ISO/IEC 18013-5:2021 framework, used globally, mandates remote data retrieval capabilities in digital IDs.
• Over 80 groups, including the ACLU and EFF, launched the “No Phone Home” campaign to demand privacy-first digital ID systems.
• States promise not to activate tracking, but advocates argue technical safeguards — not just policies — are needed.
• As digital IDs expand, experts urge action now to prevent mass surveillance and abuse.

The rise of surveillance-ready digital IDs

As states and nations rapidly adopt mobile driver’s licenses and digital identity systems, a coalition of privacy advocates, technologists, and lawmakers is sounding the alarm: These tools are being built with built-in surveillance capabilities. The “No Phone Home” campaign, backed by heavyweights like the ACLU, Electronic Frontier Foundation (EFF), and Center for Democracy & Technology, warns that the technical standards governing digital IDs — particularly ISO/IEC 18013-5:2021 — allow governments to remotely access user data, even if the feature is initially inactive.

The issue came to light after a state government (unnamed in disclosures) accidentally left tracking functions enabled in its mobile ID app, only disabling them after public scrutiny. “If this capability exists, it will eventually be used,” said Jay Stanley, ACLU senior policy analyst.

How digital IDs “phone home”

The core concern lies in the ISO standard, which requires mobile IDs to support server-side data retrieval—meaning issuers (like state DMVs) can silently pull location and usage data from a user’s device. While proponents argue this aids fraud prevention, critics compare it to a backdoor for mass tracking.

• Corporate origins, government risks: Digital ID standards were first developed in corporate environments where privacy was secondary. Now, governments adopting these systems inherit the same risks.
• Policy promises aren’t enough: States pledge not to activate tracking, but as Timothy Ruff, a campaign organizer, noted: “Policies change. Policymakers change.”

Alexis Hancock of the EFF added: “You shouldn’t have to choose between privacy and usability. The standard was written for verifiers—not individuals.”

From bars to browsers: The expanding surveillance net

The threat isn’t limited to physical spaces. Louisiana’s LA Wallet app, used for online age verification, could let the government log which websites residents visit. “This could be weaponized against protesters or political dissidents,” Stanley warned. Similar concerns apply to OpenID Connect (OIDC), another standard enabling silent data transmission.

The campaign draws comparisons to post-9/11 surveillance expansions, where initially limited powers grew into broad data collection regimes.

The fight for open standards

A key demand of the coalition is transparency in standard-setting. The ISO process is closed, dominated by corporations and governments — not civil society. Hancock cited HTTPS as a success story of open development, contrasting it with Google’s Accelerated Mobile Pages (AMP), which critics say prioritized corporate control over user rights.

Some supporters, like former Maryland CIO Michael Leahy, are drafting laws to ban surveillance features in digital IDs.

A tipping point for privacy

As digital IDs gain traction—from Apple Wallet integrations to EU-wide systems — the window to enforce privacy protections is closing. “We have to act now,” Hancock urged. Without technical safeguards, these systems risk becoming tools of centralized control, eroding the very freedoms they claim to modernize.

The “No Phone Home” campaign isn’t just about driver’s licenses—it’s a stand against the normalization of surveillance in everyday life. For citizens, the question remains: Will convenience trump liberty, or can a coalition of advocates rewrite the rules before it’s too late?

Sources for this article include:

ReclaimTheNet.org

StateScoop.com

ACLU.org