Nein telefon heim: Germany aims to quell fears about server retrieval in EUDI wallet

The “phone home” debate over digital identity systems that could use server retrieval continues, as Germany’s government faces questions about data protection and traceability in its European Digital Identity (EUDI)-compliant digital wallet.

A report from Heise says that civil rights organizations such as the American Civil Liberties Union (ACLU), the Center for Democracy and Technology (CDT), the Electronic Frontier Foundation (EFF), the Electronic Privacy Information Center (EPIC) and Epicenter.works have expressed concern that issuing authorities for digital IDs such as mobile drivers licenses (mDL) could have the ability to track their use through so-called phone home models.

In server retrieval, when a request is made, an access token ends up going back to the issuing authority infrastructure to retrieve data. In a recent webinar from Dock Labs, Andrew Hughes, VP of global standards for FaceTec, explains that, at a very high level, server retrieval is exactly what it sounds like: “simply online data retrieval from an internet server.”

But allowing relying parties to “call back” to issuing parties means those issuing parties now know where the ID is being used – opening up the capability for a sort of soft surveillance.

The worries have kicked off a campaign, No Phone Home, which aims to sound the alarm that mDLs can comply with the international standard and still represent a major surveillance risk.

A specific concern of critics is that the ISO/IEC mDL/mDOC 18013-5 standard, which “virtually pre-installs such a server retrieval option,” is “prescribed in the reference architecture for the EUDI wallet and is also widely used in North America.” They don’t want supposed flaws with international standards baked into European systems.

The German government, meanwhile, insists that its system does not phone home. According to the lead digital ministry, “the wallet planned in Germany for the EUDI will only use direct communication between the corresponding app and the receiving verifier.”

In this – the device retrieval model – the relying party requests specific claims or attributes directly from an app on a mobile device, and the app provides whatever data the user chooses to share.

“The German wallet is designed in such a way that signed data is used, the government assures,” says the report. “This means that the issuing authority is not involved in the ID card process. This principle of data sovereignty and purpose limitation is guaranteed by a targeted technical architecture, open standards and comprehensive data protection regulations. This ensures that the movements and activities of users cannot be tracked or disclosed by the issuing authority.”

Article Topics

data privacy  |  digital ID  |  digital wallets  |  EU Digital Identity Wallet  |  Germany  |  ISO 18013-5  |  mDL (mobile driver's license)  |  No Phone Home