Imagine all of your information and documents – all of it – stored on your phone. We’ve grown accustomed to carrying around our banking and payment systems, address and phone books, and our social media apps on our phones, but now imagine even your passport and your driver’s license taking the form of a personal QR code. Imagine being asked to verify your identity not with a physical ID, but with the phone in your pocket.

Thales Group, a French-based technology company, is asking you to imagine just such a reality.

In October 2020, Thales posted a video to YouTube, showcasing their digital ID wallet and boasting of its many convenient qualities:

The idea of storing your information in one easily-accessible location might be convenient, but security and privacy concerns should not be overlooked or diminished. Hackers and data-sharing are real threats to personal information that we presently face with how much data we already keep stored online.

For instance, just last week a vulnerability was discovered in a popular software tool. Experts are calling it “the single biggest, most critical vulnerability of the last decade.” NPR explains:

The vulnerability, dubbed “Log4Shell,” was rated 10 on a scale of one to 10 [by] the Apache Software Foundation, which oversees development of the software. Anyone with the exploit can obtain full access to an unpatched computer that uses the software[.]

“Security experts race to fix critical software flaw threatening industries worldwide” at NPR

In her November article at Tech Republic, Veronica Combs points to John Evans, the chief technology advisor at World Wide Technology. Evans advises that these platforms use designs like blockchain technology that include cryptology, distributed data, and multi-factor authentication. That way, if a hacker were to get a hold of one piece of information, they would not have an open door to every other piece of information stored digitally in the same “wallet.”

Aaron Ansari, Vice President of cloud security at Trend Micro, is pessimistic about companies taking the needed security precautions. “I don’t see that as something that is happening,” he told Combs, “in fact I see exactly the opposite. It seems more and more that there is overreach from a state and federal POV.”

Government Concerns

Speaking of state and federal overreach, the first example Thales provides in its video of the many qualities of its digital ID wallet is the ability to facilitate easier communication between governments and citizens. “Right now, I’m reminding Lucy of the appointment she needs to schedule for her mandatory vaccination,” says the voice of the digital wallet.

Thales is a global company with “more than 80,000 employees on five continents.” That number includes 2,400 employees located in eight Chinese cities. The Chinese Communist Party is known for its many human rights abuses (for instance, the surveillance and imprisonment of Uyghur Muslims and the “disappearing” of critics).

Does Thales have any safeguards in place to ensure that this technology is not abused by governments like China? Further, do they have any stipulations to ensure that even governments of free societies cannot abuse the direct access they are being given to citizens?

Thales has not responded to questions for comment.

Thales isn’t the only party looking to replace the physical wallet. Earlier this year, Apple announced efforts to transition its users to digital IDs. Several states as well as the federal government are also exploring the option of digital IDs. 

Earlier this year, the ACLU published a report on the privacy, equity, and freedom concerns of the advent of digital driver’s licenses. Most of the report is dedicated to “seven immediate potential privacy problems” and “a number of other, longer-term potential implications and problems.” 

The potential problems the ACLU identified include police access to people’s phones, centralized ID tracking, lack of personal control over ID data, and susceptibility to hackers. Looking further into the future, the ACLU expressed concern about an expansion of information contained in the digital IDs and digital IDs being made mandatory. 

Comments on the Thales’ YouTube video have been disabled.