Are Digital IDs Worth It?

Sarah Saadeh, Contributing Member 2024-2025

Intellectual Property and Computer Law Journal

I. Introduction

Have you ever heard of an Apple Pay warrior: someone who walks around without their wallet and relies on Apple Pay or a digital wallet to get around? Digital identification takes this lifestyle a step further. Now, technology giants Apple and Samsung allow consumers to upload their driver’s license or state ID onto their phone’s digital wallet.[1] The Transportation Security Administration (TSA) is even allowing digital IDs to be used for travel at select airports.[2]

While this sounds convenient, consumers might want to wait until there are more regulations protecting their data privacy before they put their whole identity on their phone. This article covers the background of digital government ID on smartphones, followed by relevant state regulations and a comparison of federal regulations to the European Union’s laws surrounding digital IDs in Part II. Part III discusses concerns about consumer data privacy and advocates for federal digital ID protections for consumers. Part IV concludes by stressing the importance of digital protections despite the ease and convenience of such invasive technologies.

II. Background

A digital ID does not replace a physical ID but rather is a digital copy of the government-issued ID. Digital IDs could become the norm as states in the United States (U.S.) continue to introduce these types of IDs. Countries, such as China, have already introduced government trials.[3] As of 2023, 43.2% of smartphone users rely on mobile payments in the U.S.[4] This population would likely be quick to hop on board with a digital ID option. In 2018, Louisiana was the first state to introduce a mobile driver’s license, known as “mID”, on the LA Wallet app.[5] Since 2020, the LA Wallet has been actively used as an equivalent to a physical driver’s license, recognized by the Louisiana State Police and the Louisiana Office of Alcohol and Tobacco Control.[6] Louisiana is not the only state in the union to have mIDs. In fact, other states since then have integrated Apple Wallets to their mIDs. Arizona was the first state to allow residents to have a mID in their Apple Wallet.[7] Currently, residents in Arizona, California, Colorado, Georgia, Hawaii, Maryland, and Ohio can add their mID to their Apple Wallet.[8]  

Other states have also been dabbling in creating their own mobile applications to support a mID– some better than others. Oklahoma’s OK Mobile ID app had to be taken down after the Department of Justice (DOJ) found it in violation of the Americans with Disabilities Act (ADA) since it did not have features allowing for blind people to use the app.[9] Missouri’s mDL app–which was just a pilot app– was taken down for reasons not publicized.[10]

On the other hand, Arizona’s app has features that could increase consumers’ data privacy.[11] These features include a state-sponsored verification app for businesses to check IDs. For example, in cases of buying alcohol a green light will appear on the screen if the consumer is of age.[12] Making it so a consumer does not have to show their full name, date of birth, and address every time they buy alcohol.[13]

Federal vs. EU Regulations

Unlike the European Union’s General Data Protection Regulation (GDPR), the U.S. does not have a federal consumer privacy law framework yet.[14] There is also no federal framework for how states should manage digital IDs. While the EU’s European Digital Identity Regulation (eIDAS 2.0) mandates that all EU member states must make a digital wallet platform that allows all EU residents to hold their digital ID within 24 months after it goes into effect.[15] The digital wallets will have a similar feature to Arizona’s app that allows consumers to avoid having to share all their personal information when making alcohol transactions.[16]

There had previously been a digital ID available in the EU, but it had some defects and was not as streamlined as the eIDAS 2.0.[17] Before, the EU digital IDs had issues when crossing between EU borders, “[o]nly 14% of key public service providers across all Member States allow cross-border authentication with an e-Identity system”.[18] Now, the app should function the same across all EU borders.[19] Previously, digital wallets were not accessible to everyone but moving forward with eIDAS 2.0, the digital IDs are accessible to EU citizens, residents, and businesses, with capabilities for public and private services.[20]

The U.S. should take note from the EU’s trial and error with the digital ID process. While some TSAs are accepting digital IDs, the digital IDs have not yet replaced physical IDs, and passengers still must bring their physical copy with them to the airport, in case verification of their identity with the app is not able to be processed.[21] The U.S’s current system of allowing states to have a patchwork of policies and apps emulates the EU’s outdated digital ID system with lots of issues and lack of functionality to the digital ID outside of the member state’s border.

State Regulations

Since there are no federal U.S. regulations, states are going at their own pace on how they want to approach digital IDs. As digital IDs become more common, more businesses could accept them as a form of identification, even in events where they might not normally ask to see an ID. It is important for consumers to maintain control over their personal information while this happens.

Some states have added regulations surrounding their digital IDs that protect data privacy in the instance of communicating with law enforcement.[22] For example, Texas specifies that if a driver is showing law enforcement their digital ID, the driver is not required to give up possession of their electronic device.[23] California–a state with very strong consumer privacy laws–stipulates that showing a digital ID would not give law enforcement consent to conduct a search of the device.[24] Louisiana, Alabama and Wyoming also have similar laws limiting law enforcement access.[25]

To conduct a search on a phone, law enforcement would typically need a warrant, even if a person is arrested. The Supreme Court even recognized the immense amount of personal information contained in someone’s phone in Riley v. California.[26] But these protections do not apply when someone gives their phone to law enforcement willingly. In State v. Bowman, the Supreme Court of Washington found there was no illegal search of the defendant’s text messages since the defendant consented to law enforcement searching his phone, giving law enforcement the right to look at his texts and anything else on the phone.[27]

In short, unless a state explicitly has a law protecting people from consenting to a search of their phone or relinquishing possession of the phone–like Texas and California–then law enforcement could potentially search someone’s phone when they just meant to give a form of ID.[28] This would only occur if the phone was unlocked since law enforcement cannot force you to input your password.[29] Apple allows consumers to show their digital ID without having to unlock their phone.[30] This would protect consumers from a search of their phone but would not stop officers from seeing notifications as they pop up on the screen.[31]

Using a digital ID opens a person up to a greater chance for a breach of their privacy. It is very easy to accidentally hand over your phone to law enforcement unlocked or if you have your biometric data saved on your device as a method of unlocking your phone, the Supreme Court of Minnesota held that it is “not a testimonial communication protected by the Fifth Amendment” for a law enforcement officer to compel someone to use their finger-touch ID to unlock their phone.[32]

III. Discussion

This patchwork state-by-state digital ID system raises many concerns: namely, (1) government surveillance, (2) businesses collecting consumer data, and (3) possible inequalities. All these concerns are exacerbated by the threat of possible cyber-attacks.

Government Surveillance

Digital IDs are an added form of government surveillance that can lead to an increase of policing. Not only does it give police more access to people’s data, but it could also serve as a way for the government to track citizens.[33] There are concerns that the Chinese government is overstepping by using digital IDs as another form of monitoring their citizens, but if there are no federal protections regulating the collection of information related to digital IDs, then who is to say that the U.S. government will not do the same?[34] 

With IDs being on phones, the government would hypothetically be able to trace every action on a phone to the resident as well as locations the resident went to with the phone, as the digital ID would create a unique identifier to the resident tied to the phone.[35] Without set regulations and resources allocated to protecting these systems for cyber-attacks, it leaves this added information at risk. In the past three years, U.S. government organizations have faced 246 ransomware attacks.[36]

Businesses Collecting Consumer Data

To create digital IDs, many states collaborated with third-party businesses either to create their own app or allow for their state IDs to be visible on existing platforms like the Apple Wallet.[37] This brings a concern with these businesses having access to all this consumer information because when more entities are involved, there are more points of access for a breach of consumer information.[38] Further, without regulations protecting consumer data, there is no telling how a corporation could be using all the data such as selling consumer data or using it for advertising purposes.

Possible Inequalities

Without a federal framework for how states should make digital IDs, it leaves a lot of room for states to be un-inclusive. For example, if a state only has a partnership with Apple, this partnership leaves consumers without an iPhone unable to participate. Or if a state makes an app, it would be accessible only to people who can download the app by it being compatible with their phone. There is also the risk of more states making inaccessible apps like blind people being unable to use Oklahoma’s app.[39] As digital IDs become more normalized, they might also be used to automate processes of applying for government programs and lead to new reasons for people being denied.[40] When Indiana digitized their welfare system, over 700,000 citizens were denied needed services which led to many lawsuits.[41]

IV. Conclusion

The future is digital, and the rest of the world seems to be moving that way as well. It is imperative, therefore, that a federal framework and regulation be made surrounding digital IDs. For digital IDs to be safe for consumers’ data privacy and highly functioning, the federal government needs to make regulations that protect the collection of consumer data and limit law enforcement’s access to only the ID and not the rest of the phone.

If the federal government makes one app rather than all 50 states using different platforms, it would also make the digital IDs more functional in all airports and a valid form of identification when driving or buying alcoholic beverages. Having one app for digital IDs will alleviate the stress on businesses to have multiple types of apps they would need to learn how to verify as well. It is important that digital IDs do not become mandatory and are just optional; otherwise, that would lead to inequality of people not able to get the application or use it and would unnecessarily highlight government surveillance. Lastly, having one government platform would make it easier to protect and safeguard rather than worrying about a plethora of different data breaches.

With the little protections consumers have surrounding digital IDs as of right now, it might be best to wait it out till there are more regulations and safer platforms to add your ID on your phone. The level of convenience it can currently bring does not outweigh the potential downside.

---

[1] Add your driver’s license or state ID to Apple Wallet, Apple Support, https://support.apple.com/en-us/111803 [https://perma.cc/UPV4-BUFH]; Samsung Wallet – Digital ID, Samsung.com, https://www.samsung.com/us/apps/samsung-wallet/digital-id/ [https://perma.cc/4VTN-X5Q6].

[2] TSA Digital ID, Transportation Security Administration, https://www.tsa.gov/digital-id [https://perma.cc/6EVJ-KMHM].

[3] Joel R. McConvey, China Starts National Digital ID Trial Barely a Week After Releasing Draft Plan, Biometric Update (Aug. 6, 2024), https://www.biometricupdate.com/202408/china-starts-national-digital-id-trial-barely-a-week-after-releasing-draft-plan [https://perma.cc/6F8T-RZRB].

[4] Mobile Payment Statistics Detailing the Industry’s Growth, MoneyTransfers.com, https://moneytransfers.com/sending-money/mobile-money/mobile-payment-statistics [https://perma.cc/PU8T-T6ST].

[5] LA Wallet – Louisiana Division of Administration, Louisiana.gov, https://www.doa.la.gov/doa/ots/tech-spotlight/la-wallet/ [https://perma.cc/8EKP-6BA8].

[6] Id.

[7] Bill Lamoreaux, ADOT MVD is first in the nation to offer four digital ID platform options, Arizona ADOT (Jan. 8, 2024), https://azdot.gov/adot-blog/adot-mvd-first-nation-offer-four-digital-id-platform-options#:~:text=ADOT’s%20Motor%20Vehicle%20Division%20first,driver%20license%20or%20ID%20cards [https://perma.cc/8998-5PHS].

[8] Present Your ID With a Tap, Apple, https://learn.wallet.apple/id#states-list [https://perma.cc/3BBV-DRNL].

[9] Alex Ambrose, Oklahoma’s Failure in Digital IDs Highlights Lesson in Building Accessibility From the Start, ITIF, Apr 19, 2024, https://itif.org/publications/2024/04/19/oklahoma-failure-in-digital-ids-highlights-lesson-in-building-accessibility/ [https://perma.cc/689J-75N8].

[10] Missouri mDL Goes Live, IDScan.net, https://idscan.net/state-digital-id/missouri-mdl-goes-live/ [https://perma.cc/763T-WTEB].

[11]Davidson Nikki, Digital IDs Are Here, but Where Are They Used and Accepted?, GovTech, Mar 12, 2024, https://www.identity.com/why-are-governments-developing-digital-id-systems/ [https://perma.cc/Y2JJ-3DVA].

[12] Id.

[13] Id.

[14] What is the GDPR?, Proton Technologies AG, https://gdpr.eu/what-is-gdpr/ [https://perma.cc/NJ2Y-REPJ].

[15] European Digital Identity (EUDI) Regulation, European Commission https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en [https://perma.cc/ZK2C-WQGG].

[16] Id.; Missouri mDL Goes Live, supra at 10.

[17] Id.

[18] Id.

[19] Id.

[20] Id.

[21] TSA Digital ID, supra at 2.

[22] Tex. Occ. Code § 2402.110.

[23] Id.

[24]California Consumer Privacy Act (CCPA), California Office of the Attorney General, https://oag.ca.gov/privacy/ccpa [https://perma.cc/23XM-ZR8F]; Cal Veh. Code § 13020.

[25] See La. R.S. § 51:3212; Ala. Admin. Code r. 760-X-1-.22; Wyo. Stat. § 31-8-101.

[26] Riley v. California, 573 U.S. 373 (2014).

[27] State v. Bowman, 198 Wn.2d 609 (2021).

[28] Tex. Occ. Code § 2402.110; Cal Veh. Code § 13020.

[29] Seo v. State, 148 N.E.3d 952 (2019).

[30] Present your driver’s license or state ID from Apple Wallet, Apple, https://support.apple.com/en-us/118237#:~:text=You%20don’t%20need%20to,the%20side%20button%20to%20authenticate. [https://perma.cc/HKW9-5TGR].

[31] Id.

[32] State v. Diamond, 905 N.W.2d 870, 871 (2016).

[33] Luke Hogg, Government Wants to Control Your Digital Identity, Reason, https://reason.com/2023/07/25/government-wants-to-control-your-digital-identity/ [https://perma.cc/FD5M-Y7X9].

[34] Katie Wright, China’s Nationwide Digital ID Proposal Stokes Fears of Government Overreach, Time (July 10, 2024) https://time.com/7006850/china-national-digital-id-proposal-privacy-overreach-criticism/ [https://perma.cc/4W8D-D4PW].

[35] Understanding the Risks of Digital IDs, Immigrant Defense Project, https://www.immigrantdefenseproject.org/wp-content/uploads/Digital-IDs-FAQ.pdf, [https://perma.cc/5Y7N-SD5L].

[36] Rob Sobers, Ransomware Statistics, Data, Trends, and Facts [updated 2024], Varonis (Sep. 13, 2024), https://www.varonis.com/blog/ransomware-statistics [https://perma.cc/AQ4X-KAQ4].

[37] Add your driver’s license or state ID to Apple Wallet, supra at 1.

[38] Why Data Breaches Are Bad, PIRG (June 8, 2023), https://pirg.org/articles/why-data-breaches-bad/  [https://perma.cc/G7KD-L4GB].

[39] Ambrose, supra at 9.

[40] Understanding the Risks of Digital IDs, supra at35.

[41] Virginia Eubanks, Caseworkers vs. Computers, Virginia Eubanks (Dec. 11, 2013), https://virginia-eubanks.com/2013/12/11/caseworkers-vs-computers/ [https://perma.cc/V2VY-LSYH].