Kantara stands up working group for mDL privacy protections

Created by Marc L Aronson
Nov 24, 2021
2 min read

Nov 23, 2021 | Chris Burt

As the mobile driver’s licenses (mDLs) that will likely be the first digital ID for many Americans begin to roll out, the Kantara Initiative is taking further steps to make sure they fulfil their potential for privacy protection.

Kantara has formed a working group for privacy-enhancing mobile credentials after polling 31 Pennsylvania residents about how they use their driver’s licenses. This exercise revealed a broad range of use cases for the ID document, including visiting notaries, cashing checks at a retail establishment, buying age-restricted products and applying for other credentials. As in many places around the world, driver’s licenses have become de facto standard identity documents, Kantara notes.

The Privacy Enhancing Mobile Credentials (PEMC) working group will address the trustworthiness and security of mDLs, and work to address them with privacy and security standards that go beyond the single-transaction scope of ISO/IEC 18013-5:2021. New standards should address the privacy of identity and personal information after the transaction is completed, according to the group.

“We need a robust level of debate in this area. We need to understand what makes for a good, trustworthy experience from the perspective of wallet provider, credential issuer and verifier AND the user,” says Kantara Chairman John Wunderlich.

“As an industry, we need to create an environment that rebuilds consumer confidence at a time when data security and privacy are really under the spotlight.

“To do that we need to use standards as the building block – and assessors that can independently monitor compliance to those standards. That is where Kantara excels.”

The announcement notes further issues that must be dealt with, such as what will happen if a person holds multiple credentials, such as mDLs from different jurisdictions.

Kantara also published a report with recommendations for how vendors and other stakeholders can support user control of mDLs.