Threat Modeling and Risk Mitigation for Digital ID Systems

Last updated: March 2025

Overview

Digital identity systems are already being adopted, or are currently being developed, in many countries, including India, Japan, Estonia, South Africa, Myanmar, the UK, and Taiwan, just to name a few. In some ways, digital ID could provide privacy-preserving frameworks for selective disclosure around personally identifiable information using cryptographic technologies such as zero-knowledge proofs. At the same time, these systems can also develop into a mass state surveillance tool, especially when state mandated or requiring biometrics, as well as further exclude vulnerable communities who are already historically disenfranchised, such as those who are unhoused, undocumented, sex workers, transgender, and more. 

This project explores risks and mitigations in digital identity system design in public infrastructure with a focus on protections for vulnerable communities. Outputs of the project include research and threat modeling on countries adopting digital identity systems as digital public infrastructure, analyzing their risks, considerations, and mitigations around surveillance and exclusion; policy recommendations; compiled educational resources for best practices; design interface mockups; prototype technical proofs of concept; and public-facing reports providing guidance for the general public, policymakers, technologists, and more, with a focus on accessibility and education.

Objectives

This project involves conducting research and threat modeling on countries adopting digital identity systems as digital public infrastructure, analyzing their risks, considerations, and mitigations around surveillance and exclusion, as well as propose policy recommendations, compile educational resources for best practices, design interface mockups, and prototype technical proofs of concept. 

Related Work

Main efforts in this space often come from technical researchers and techno-optimists, who are excited by the feasibility and technical aspects of digital id systems and may possibly lack the necessary caution in considering community needs in their approaches; and from community advocates who are organizing for anti-surveillance measures and may be harmed with the way digital ID systems are forced upon them, locking them out of basic public services or becoming a form of state control.

While digital ID systems have the potential to be implemented to be privacy-preserving, having this become the default may require advocacy work, standards development, and public and policy-directed guidance. Furthermore, best practices for inclusion and equity must be explicitly designed for as well. Without exhaustive and holistic considerations for all, digital ID systems can further state surveillance mechanisms and exclude already vulnerable populations. 

As many countries are investigating and implementing digital ID systems, proper guidance around best practices, collective consent, selective disclosure, and data privacy may be crucial for supporting those who are already vulnerable. 

Scope

The deliverables for this project include: 

  • publishing a whitepaper and/or report with policy and technology recommendations

  • publishing a series of educational blog posts with accessible language for the general public

  • publishing design mockups for digital ID interfaces and consent controls

  • conducting and publishing learnings from participatory co-design sessions

  • open-sourcing a technical prototype for an inclusive and privacy-preserving digital ID system.  

Target audiences for this work includes researchers, policymakers, urban planners, technologists, and the general public, with hopes to  influence policymakers and civic technologists to consider the risks and ramifications of digital ID systems as well as their mitigations. 

Ideal outcomes would be for civic and technical institutions to integrate recommendations to avoid building a mass surveillance system and create infrastructure that is voluntary, consentful, inclusive, and publicly beneficial for all; and for the general public to feel empowered to make informed decisions, advocate for their communities, and give targeted input on topics related to digital ID systems. 

Outcomes

  1. Literature Review and Expert Interviews 

    Starting with a broader literature review would grant a high-level overview of the space so far, as well as provide some historical context of existing systems being adopted and prior work and research. Expert interviews with those who have implemented or are exploring implementations of digital ID systems, including with surveillance experts, can give insider knowledge of this domain. Potential discussions may include with those involved with Anon Aadhaar, Taiwan’s Digital Wallet, the Surveillance Resistance Lab, the Human Rights for Digital Identity (HR4ID) Coalition, and other experts in this field as well as impacted community members. The deliverable for this step involves documenting and summarizing some of these analyses in a publicly accessible way to synthesize and share collected knowledge. 

  2. Threat modeling, UX research, and participatory co-design

    This step involves threat modeling, UX research, and participatory co-design sessions with vulnerable communities who are potentially most directly impacted by digital ID systems, especially groups who are already disenfranchised from existing public infrastructure or struggle with navigating state legibility. Some communities in mind may include groups who are unhoused, undocumented, transgender, sex workers, refugees, and more. 

  3. Technical and design prototyping, system design proposals 

    With the given findings and partnerships, the next step is to investigate possible system designs for privacy-preserving digital ID systems and explore their potential tradeoffs. Deliverables likely would include publishing:

    • mockups for interface designs 

    • a technical proof of concept for a privacy-preserving cryptographic ID system 

    • a public policy proposal with recommendations for a holistic ecosystem that considers multiple aspects of consent controls, data storage and sharing, and more.

  4. Publish findings and educational resources for policymakers and the general public 

    This step involves publishing resulting findings and research in a publicly accessible way, including publishing research and writing as whitepapers and layperson-friendly blog posts, with audiences including the general public, policymakers, and technologists.