The Department of Homeland Security (DHS) is currently developing a privacy-preserving digital credential that will use privacy-enhancing technologies (PET) to protect sensitive data while simultaneously allowing only needed information to be disclosed, according to a DHS official.
Mason Clutter, the chief privacy officer and chief FOIA officer at DHS, discussed the department’s efforts to use this new technology during a panel discussion at an event titled “The Future of Identity Management” hosted by GovExec and NextGov/FCW on Dec. 12.
“We are super excited because we have partnered with the Silicon Valley Innovation Program (SVIP) to develop what we are calling a privacy-preserving digital credential … this would be kind of an immigration credential,” said Clutter. “Let’s assume that a person is a legal permanent resident, and they have what is known as a green card they received today, a physical card that includes quite a bit of private sensitive information to identify them and their status.”
“We’re thinking of a way to digitize that credential, but to do so in a privacy-preserving manner that allows for instant selective disclosure of information,” she explained. “So, if an individual wants to use that card to buy beer or wine, the vendor doesn’t need to know their immigration status, so facilitating the ability to share only the information that they need to share to accomplish their goal is a primary goal for us.”
One challenge that DHS is currently running into is avoiding creating a “honey pot” for cybercriminals to target individuals who have been issued such credentials, she said.
“A key component of [it] is security … ensuring that we have appropriate security in place so that these cards themselves don’t become a honeypot where people want to breach them and gather that type of information,” Clutter said.
Additionally, Clutter noted that the agency is also looking to implement an added level of security by avoiding creating a road in which information or people can be traced back.
“We’re also very interested in ensuring that there is no ‘phone home’ capability. We do not want to develop a tracing mechanism or surveillance mechanism,” she said. “[We’re] developing the technology to ensure that it can facilitate the use in travel and immigration [while] supporting individuals in their day-to-day life without tracking them.”