How Digital Documents Can Improve Cross-Border Travel and Security
SpruceID is advancing privacy-preserving Verifiable Digital Credentials (VDCs) to enhance security, streamline verification processes, and protect user privacy in international travel and immigration.
Digital credentials are on the road to broad availability in the U.S. These cryptographically signed digital documents are one variety of VDC, or Verifiable Digital Credential. They enhance user privacy while making credential checks faster and more trustworthy, using unforgeable cryptographic signatures to prove their authenticity and accuracy.
As VDC usage continues to grow within the United States and other nations, a new challenge rises ahead: creating digital versions of passports and international travel documents with the same privacy and security benefits as the mobile driver’s license. SpruceID is now contributing to the effort to push VDC-based digital identity beyond U.S. borders. Read on to learn more about the benefits of digital identity for travelers, immigrants, and the world.
User Privacy and National Security
Digital passports, immigration, and work authorization documents are still almost entirely analog documents – paper, usually backed up by a database. The next generation of these credentials, though, will be able to “live” on your smartphone or other mobile device. Cryptographic signatures will prevent them from being copied or altered while making it possible to verify them without checking a separate database.
Read More: Digital Signatures
These Verifiable Digital Credentials (VDCs) are sometimes also known as privacy-preserving digital credentials (PPDCs), highlighting how central privacy is to their technical design. One major privacy benefit of travel and immigration documents based on VDCs is selective disclosure – proving your citizenship, for instance, without sharing less relevant data like your spouse’s name. Similarly, part of the stated goal of the push for digital travel documents is to minimize the system’s reliance on biometrics, such as face-scanning, which can generate high-risk data. The potential to verify digital credentials without contacting a central server for confirmation also means VDCs can be used without leaving “footprints” that could be used for surveillance.
This doesn’t just serve individual privacy: the broader stakes for national security have also become increasingly clear. State-affiliated hacks targeting infrastructure and data are becoming larger, more frequent, and more pernicious. Though it sounds extreme, it’s not difficult to imagine a long-term compromise of digital travel control systems giving a foreign enemy or other bad actors detailed visibility into the movements of government officials or high-ranking business leaders.
Such a compromise could be a very powerful intelligence advantage for America’s enemies. That’s one reason for a recent U.S. government push for privacy-preserving data tools. If travel systems are digitized in a privacy-first way, the current moment is an opportunity to spread the privacy advantages of digital credentials around the world.
More Secure Processes and Borders
In addition to enabling more private verifications, VDCs are also more trustworthy compared to paper documents – particularly in situations where remote verification isn’t available or practical. Fully verifying a paper document generally requires access to a central database, but access to that database is often restricted. Just as regional driver’s license databases are often restricted to law enforcement, insurers, and a handful of other entities, passport information is even more strictly limited – in the U.S., to the State Department and Department of Homeland Security.
Somewhat surprisingly, passports have in recent years been the most frequently forged identity documents around the world, according to Identity Week. This is driven not by individuals hoping to travel on a fake passport, as airport security checkpoints are far more likely to use a remote database for confirmations. Instead, forged passports are most often used to deceive employers trying to determine a job applicant’s work eligibility. For instance, forged British and Irish passports are widely used to circumvent eligibility requirements to work in France and mainland Europe – a situation where the document itself must stand as the final source of trust.
Thanks to physical security features, paper passports are difficult to forge—but clearly, not impossible. In fact, it appears that we are on the cusp of a potential flood of fake paper documents unleashed by AI: reports in 2024 found that AI is making forged identity documents much less expensive to produce.
Read More: AI is the Final Blow for an ID System Whose Time Has Passed
The signature scheme behind VDCs is vastly superior to paper documents in this and similar cases. While identity database access is constricted, a directory of valid signatures on a digital document can be entirely public, and the signature cannot be forged by anything short of a physical attack on the servers where a document issuer’s digital “keys” are securely stored.
Faster and More Convenient – Online and Off
Using digital signatures instead of paper documents to verify passports can also dramatically speed travel processing. Without access to a central database, individual screeners will often have to devote considerable time to evaluating individual documents. Verification of a digital document using cryptographic signatures is near-instant while also eliminating the ambiguities and risks of physical document review.
Another emergent benefit of digital credentials for migrants and travelers is the ability to store and manage virtual documents on the mobile phone you already carry. In regions where payments and identity tools are already available on smartphones, consumer preference is quickly shifting towards being able to leave the house with a phone but without physical credit cards or ID. While it’s a radical shift from as little as a decade ago, smartphones have become ubiquitous enough that the same habit is likely to become common worldwide. It seems likely to be particularly appealing for refugees or other migrants in unstable situations when keeping track of one smartphone is easier than a large sheaf of paperwork.
Finally, VDCs are a step-change in the accuracy and ease of verifying documents online. Physical documents are particularly vulnerable to forgery when presented online, particularly in the post-AI era. Presenting a passport as a digital photo, for instance, makes it impossible to accurately check physical security features like a hologram. A digital signature, by contrast, can be confirmed by a website or kiosk as quickly and accurately as by a human operating a scanning device. This dramatically increases the reliability of immigration and travel management through remote online portals.
A Safer, Freer World
The United States is pursuing VDC-based international travel systems in significant part because the technology comports with Western democratic values. VDC technology is easy to use to work outside of omnipresent surveillance while surpassing the trustworthiness of paper documents.
SpruceID’s work with the Department of Homeland Security is part of a broader U.S. national strategy to push VDCs and other privacy-preserving digital technology forward. We hope to help drive adoption outside of the U.S. as well, with potentially substantial benefits for privacy and security worldwide.
About SpruceID: SpruceID is building a future where users control their identity and data across all digital interactions.