When we store information about ourselves digitally and present it to others, we trust ourselves, in most circumstances, to safeguard that information. That said, even the most technically-savvy people can fall for the most sophisticated phishing scams or other malicious endeavors to trick people into sharing or disclosing their personal information.
We need to be mindful that, as the possibility for digital identity checks become easier to implement into online workflows with mobile driver’s licenses, they may become more frequent. If identity checks online become more frequent, solutions need to be thoughtful of protecting the most vulnerable who might fall prey to phishing attempts that request proof of identity to access one’s “bank,” which may be a seemingly innocuous requirement.
There are ways we can build in guardrails or systems for identifying trusted verifiers. Similarly to how your browser notifies you with a warning when you attempt to access a website without an SSL certificate, there can be an indicator for when an organization, institution, or company is a trusted verifier. There are multiple ways this could be enacted, ranging from registrations with the state or with a non-profit organization, or even a shared list of trusted verifiers with your close circle of friends. An application could, for example, introduce suggested guardrails for easier adoption by providing a list of websites that are appropriate to receive your personal data. More sophisticated users could, however, accept the risks of removing said guardrails and share their information with websites outside of the suggested trusted verifiers, if they choose.
Different solutions might also have different risk levels or grades for different types of information, such as your eye color versus your social security number or home address. With different grading systems for various pieces of information, we can create a more sophisticated identity ecosystem that requires different levels of assurance for verifiers and what they are qualified to ask for. The ultimate goal with a solution like this is to move towards a societal shift of reasonable, minimal disclosure, meaning only sharing information with verifiers that they actually require in order to render their service or comply with applicable laws.
