Author: Steve Pannifer

Managing Director at Consult Hyperion. Steve has worked with card schemes, banks, mobile operators and others developing innovative products and services exploiting new technology. Steve is a well known expert in digital identity having worked on numerous digital identity initiatives around the world.

Making Digital Identity work: The path to interoperability.

17th June 202518th November 2025by Steve PanniferLeave a comment

At the end of February, important interoperability test events took place for Mobile Driver’s Licenses (mDL) in Utrecht, The Netherlands.

The vision and the challenge

The vast majority of mDL solutions are being developed to align with the ISO 18013 series of specifications. This is essential. Like passports, driver’s licenses have utility way beyond their basic function and it is reasonable to assume the same expectations for mobile versions of driver’s licenses. They have the potential to support access to services in travel, hospitality, financial services and many more.

The specifications are not limited to driver’s licenses either. The broader mDoc concept allows any other document or credential type to be defined, such as for identity cards, health cards, travel permits, loyalty and anything else you can think of.

The vision is that in the future we will have digital wallets, accessible from our personal devices, that allow us to present credentials (or assertions derived from credentials) in all manner of online and offline contexts. Globally that could mean hundreds of wallet providers needing to support credentials issued from thousands of issuers and be accepted at millions of locations. That is a lot of potential combinations of issuer, wallet and verifier. When a student from Japan turns ups at a liquor store in Australia, will their mDL just work?

For that to be possible solutions will need to be interoperable from a regulatory, commercial and technical perspective. Achieving that at global scale is a big challenge but not one that is insurmountable. It is something the card payment industry achieved as it evolved over the past decades and provides great learnings for mDL interoperability.

Learning from payments

Focusing on technical interoperability, a key standard in the payments space is ISO 7816. The first part was published in 1987 defining the physical characteristics of “identification cards”. You see, even back in 1987 the connection between identity and payments was evident. This first part was followed by several other parts defining things such as electrical interfaces, transmission protocols, application-level command structures, security and so on. On top of this, the EMV standards emerged to define how card payment transactions between cards and readers would be performed.

Standards were a vital step in enabling payment ecosystems to operate at scale. But standards are always open to some level of interpretation or misinterpretation. To ensure that technologies work in the real world, it is essential to test them thoroughly. For card payments, any card from any issuer must work seamlessly at any terminal from any acquirer – every time. That means a LOT of testing and in particular testing everything against established and approved reference equipment. So, alongside the evolution of standards the payment networks created and formalized certification programs that ensure that cards, readers, hosts, and so on, function consistently and reliably in line with those evolving specifications.

Testing mDLs

So what has this got to do with test events in Utrecht?
Those events brought together dozens of organizations from around the world who are building mDL solutions and need to ensure that they will work in the real world. Those solutions are being built alongside the evolution of the standards. It is very similar to what happened in payments although the timeframes are much more compressed. mDLs will emerge as a key mass-market digital identity technology within years, not decades.

During those events we tested new features in the ISO 18013 specifications with a large number of vendors. And it was not smoke and mirrors. Fime was there with its Digital Identity Test Suite that provides a reference implementation of the specifications and can act as either a wallet or a relying party. We were able to conduct tests with many vendors, performing real transactions (with test data of course), helping those vendors assess the gaps and issues in their implementations of the standards.

I think you can view these test events as the beginnings of the formal certification that will be necessary to ensure interoperability for mDL – and for digital identity more widely.

Who will own the scheme?

Perhaps the single biggest interoperability question today is – who will own the certification scheme?
In payments, the answer to that question is straightforward (at least it is now). The payment networks (especially the international ones) set their rules that apply within the large ecosystems that they own. The mDoc ecosystem will be more fragmented with no obvious single organization with the authority to set rules at a global level.

In the EU, the eIDAS legislation makes member states responsible. Of course, there will need to be a lot of work to gain alignment and we expect ENISA to play role there. For our part, Fime is delighted to be part of the WE BUILD consortium that will be delivering a large-scale pilot for the European Commission. In our role there, we will be making sure that the topic of interoperability is given priority. It is an essential requirement for the ecosystem to be successful.

Learn more how Fime can help deliver a interoperable and international mDL solutions.

Trust in the Future of Finance: Key insights from M2020 Asia.

17th June 202518th November 2025by Steve PanniferLeave a comment

Steve Pannifer, Senior Vice President of Digital Identity at Fime, summarizes the key insights and discussions from Money 20/20 Asia in Bangkok, Thailand – a prominent event that brings together the Asia-Pacific payments ecosystem to delve into the latest opportunities within the industry.

One of the main themes at Money 20/20 Asia this year was “Trust in the Future of Finance”. It is an important topic. Many of the pain points in the digital economy are related to trust, not least the rampant fraud occurring within an ever-increasing number of digital spaces such as social media. People get scammed because they trust people who they shouldn’t. The internet is over 30 years old and yet it still has no trust layer. This is essentially the problem that digital identity is trying to solve.

Alongside colleagues from Fime and Consult Hyperion, I was delighted to be able to contribute to a number of trust related sessions at the event:

Building Digital Trust with Modern Identity Security and Orchestration
Navigating Compliance and Security in Digital Identity
Selling to Robots: The Digital Identity Imperative in Agentic Commerce
Brainstorm: Building Trust with AI in Digital Identity
It Takes a Village – Making Digital Identity Work
Your Face Becomes Your Wallet of Everything: Personalization vs Security

Here are some of my key takeaways:

More friction does not necessarily mean more security

I’ve sometimes heard it said that people are lazy when it comes to online security, and it is this that results in them not taking the steps necessary to protect themselves online. I’m sure there is some truth in that, but I also believe a big part of the problem is to do with the ways systems are designed. If we put a lot of friction into the customer experience, that will also encourage poor behavior. For example, asking a customer for a memorable word is a terrible idea. They will inevitably choose something so obvious that the smallest amount of social engineering will reveal it.

Building a good customer experience is an essential part of creating a trusted service – a point that Linden Dawson, Senior Product Manager of Customer Digital Identity at National Australia Bank (NAB), made during the session “Building Digital Trust with Modern Identity Security and Orchestration”. It’s not that we need to design services with no friction. Some friction can be reassuring to customers and is an important element of building trust.

Regulation needs to address the root cause

In the same session, Natalie Reed, Director at Deloitte, described Australia as the “scam capital of the world”. I think the UK could give Australia a run for its money. Her point was that it is out of control. This report, published by the United Nations’ Office on Drugs and Crime in April 2025, highlights the level of industrialization of the scam business, which employ “multi-lingual workforces comprised of hundreds of thousands of trafficked victims and complicit individuals”. From centers in Southeast Asia and beyond, transnational organized crime is able to target victims across the world.

In some countries (like the UK) regulators are trying to address the scam issue by making the banks pick up the tab but this does little to address the root cause. It does not stop the activity of scammers. Neither does it encourage people to make sure they can trust the person to whom they are sending money. One glimmer of hope, as Natalie explained, is the new scams prevention framework in Australia which places some responsibility on the social media platforms, where many scams originate. We will have to wait to see how far the regulator can go in holding social media platforms to account.
Trust is needed across the whole lifecycle.

Too often the trust conversation has been focused on onboarding, ignoring the need for trust through the whole customer lifecycle – a point well made by Ian Sorbello, Principal Solutions Architect at Transmit Security, in the session on “Navigating Compliance and Security in Digital Identity”. Those initial checks are important but unless they are linked to strong authentication and fraud checks, weaknesses will be exploited and trust will be lost.

Anoosh Arevshatian, Chief Product Officer at Zodia Custody, took this a step further, explaining the connection between digital identity and digital assets. Ultimately digital identity boils down to the private keys under the control of the user (but likely managed by a custodian). The binding of the corresponding public keys to digital assets establishes ownership. Protecting those keys through the customer lifecycle is essential for customers to be able to trust that their assets are safe.

Trust is about to get a lot more complicated

In their session “Selling to Robots: The Digital Identity Imperative in Agentic Commerce”, Dave Birch, Global Ambassador at Consult Hyperion, Consulting by Fime and Victoria Richardson, Partner at ID Partners, highlighted how agentic AI will dramatically change the relationship between organizations and their customers. For example, AI agents will help customers find the best deals, switching as needed – meaning that businesses will no longer be able to rely on customer inertia.

Customers will of course need to trust AI agents to use them. But as Dave and Victoria explained, organizations will need to trust agents too. A key question will be whether organizations will even know that they are dealing with agents rather than actual customers?

Several emerging AI agents use screen scraping to access services through the same interface as human customers, making it difficult to distinguish between the customer and their AI agent. Frameworks such as the Model Context Protocol (MCP), which is seeking to standardize how AI agents access data sources, may help. By giving agents a different end-point to the human customer, organizations will have a better chance of working out what or who they are interacting with.

The technology and standards to deliver trusted digital identities exist. These can address the issues of fraud, friction, inclusion and privacy we see all around us today. The task of building a trusted internet may be complex, requiring the commitment of many stakeholders but it is not unachievable. Examples around the world have shown that with the right incentives, real progress can be made – the key point from my session.

Stay ahead of key market trends

Attending conferences such as Money 20/20 Asia allows us to keep our finger on the pulse of the key challenges and opportunities faced by each player in the market. It isn’t just the main conference programme that offers these insights; it’s getting the chance to speak directly with the banks, merchants, and service providers that operate within each region and finding out what matters most to them. Trust remains the cornerstone of a secure digital future. Events like Money 20/20 Asia show us that while the challenges are complex, the solutions are within reach – if we work together.

Learn more about Fime’s expertise across the digital identity ecosystem.

The Evolving Role of Digital Wallets and Consult Hyperion’s Expertise in Driving Innovation.

24th January 202518th November 2025by Steve PanniferLeave a comment

Digital wallets are transforming how we pay, interact, and secure our digital identities. As smartphones become indispensable, consumers worldwide are using digital wallets for transactions, peer-to-peer payments, and even managing digital identities like driver’s licenses and health credentials. However, behind the convenience of digital wallets lies a complex network of technology, security, and regulatory challenges.

At Consult Hyperion, we specialize in navigating these challenges, using our expertise at the intersection of identity, payments, and cybersecurity to help clients innovate securely and effectively in the digital wallet space.

Digital Wallets: Expanding Beyond Payments

While digital wallets initially gained traction as payment tools, they have evolved into multi-functional platforms that can store not only debit and credit cards but also digital identities, health passes, travel documents, loyalty cards, and more. Wallets are increasingly integral to the digital identity ecosystem, empowering people to prove who they are, access services seamlessly, and control their personal data with security and transparency.

One emerging trend is the integration of mobile driver’s licenses (mDLs) into digital wallets. As mDLs gain adoption, digital wallets can provide a secure, portable means of identity verification, allowing users to authenticate their identities for various purposes while retaining control over their personal information.

Regional Approaches: United States, Europe and Australia

The adoption of mDLs into digital wallets varies significantly across regions, influenced by differing regulatory environments, market demand, and technological infrastructure. Here’s how digital wallet innovation and mDL adoption is evolving across North America, Europe, and Australia.

United States

The U.S. has been at the forefront of mDL adoption with several state DMVs already rolling out mDLs and several others with programs underway. These digital credentials are starting to be accepted for in-person use cases such as domestic air travel and liquor purchases. And going forwards, they will also be accepted online. Like physical driver’s licences, mDLs will have a lot of utility.

Many states are choosing to work with the large platform wallets, like Apple Wallet and Google Wallet, issuing mDL credentials into the wallets consumers already have. Those wallets are increasingly becoming “digital hubs” where users can store a variety of credentials. But this is not the only solution. Some states have also launched mDL specific apps. These provide consumers with the option of a standalone mobile driver’s licence.

In the middle of all this progress is the American Association of Motor Vehicle Administrators (AAMVA) which is playing an important role coordinating stakeholders and promoting standardized and interoperable approaches.

Europe

Some European countries have local proprietary mobile driving licences…

In the EU, the eIDAS 2.0 regulation requires each country in the EU to provide at least one digital wallet to its citizens, residents and businesses. Those wallets will be required to support for the ISO 18013 standard that underpins mDLs. In parallel, the EU plans to make driving licences mobile by default.

The situation is however complex.

• The EU is developing a rich but complex wallet architecture, of which support for mDL is just one part.
• Many wallets – which will require robust certification processes if interoperability is to be achieved
• Role of OEMs unclear – providing wallets or providing the secure technology to support wallets over the top

The EU wants all of this to come together over the next couple of years, which seems very ambitious.

So whilst wallets look set to play an important role in the EU digital economy, it will be some time before they provide the straightforward utility of US mDLs.

Australia

Australia has also been a leader in mobile drivers licences, several states issuing them.
Austroads, an intergovernmental organization, is driving the development and standardization of mDLs in Australia. They are working with state and territory governments to develop a consistent framework for mDLs, ensuring interoperability and security. This includes alignment with both ISO 18013 (mDL) and the more generic ISO 23220 (mDoc). This should allow the mDL apps issued in Australia to hold other digital credentials in the future. So instead of issuing mDLs into wallets, the mDL will become the wallet.
Austroads is going one step further by building a “Digital Trust Service” – providing the means to check the authenticity of the issuers of digital credentials held in those “mDL wallets”.

The Core Elements of Digital Wallet Success

Digital wallets that can hold both payment credentials and other digital credentials will have huge utility. They will increase convenience, reduce fraud and improve privacy.

Successfully implementing and scaling digital wallets requires expertise in several key areas:

Security: Security is crucial when handling sensitive information such as cryptographic keys, payment details or digital identity credentials. Consult Hyperion has decades of experience of building and testing secure payments services with expertise in strong cryptography, mobile application security and tokenization.
Identity: Digital wallets often serve as digital IDs. Users can store verifiable credentials, such as mDLs or health passes, giving them control over personal data. Integrating these digital identity solutions requires navigating regulatory frameworks and ensuring interoperability with existing systems. At Consult Hyperion, we leverage our deep knowledge of standards like Decentralized Identifiers (DIDs) and Verifiable Credentials to design privacy-protective and compliant solutions.
Payments: Wallets gained popularity as payment solutions, and understanding payment intricacies is essential. This includes managing multiple payment types and adhering to regional regulations. Our expertise spans EMV, contactless, and real-time payment systems, enabling us to help clients integrate and scale secure wallet-based payments globally.

Why Consult Hyperion?

Our ability to bridge the gap between theory and real-world application makes us a trusted advisor for organizations building digital wallets. Our expertise encompasses:

Strategic Partnerships and Innovation: Trusted by financial institutions, tech companies, and governments, we’ve helped design systems that meet stringent security, usability, and regulatory standards. We understand the strategic goals behind digital wallet projects, allowing us to guide clients in creating solutions aligned with long-term objectives.
Deep Technical Knowledge: Our technical expertise across identity, payments, and cybersecurity enables us to develop robust solutions, from designing secure protocols to implementing advanced authentication methods.
Proven Track Record: Our history of delivering projects in both private and public sectors demonstrates our ability to execute at scale. Clients rely on us for our technical capabilities, dedication to quality, and innovative approach.

The Future of Digital Wallets: Shaping the Next Generation

Digital wallets are evolving with advances in biometric security, decentralized identity, and blockchain technology. As wallets move beyond payments, businesses must adapt to new standards for security, privacy, and user experience. Apple, Google, and government-led solutions worldwide are positioning themselves as leaders in the wallet space, each bringing unique strengths to the ecosystem.
Consult Hyperion remains at the cutting edge, helping organizations navigate this dynamic landscape. Whether you’re looking to launch a new digital wallet, expand an existing platform, or secure sensitive data, we offer the expertise and insight needed to support your goals.

Final Thoughts

Digital wallets are becoming vital gateways to secure payments and digital identities across the world. At Consult Hyperion, we’re excited to help shape this future, enabling our clients to create secure, compliant, and user-centric solutions. With our expertise in identity, payments, and cybersecurity, we look forward to partnering with organizations worldwide that share our vision for a secure, interconnected digital world.

Identity really is the new money

16th September 20222nd September 2024by Steve PanniferLeave a comment

Today is International Identity Day supported by the many organisations around the world seeking to address the huge inclusion issues caused by a lack of digital identity. It is tempting to think that this is a mainly developing world issue and that in the developed world the lack of digital identity services is more of an inconvenience than a real problem. Here in the UK, however there are still up to 5m people who struggle to access financial services because they do not have the right documents or data. More on that in our recent report.

Something I’ve been thinking about quite a bit this year is interplay between Digital Identity and Central Bank Digital Currency (CBDC). What’s that got to do with the pressing need to give effective digital identity to those that need it most? Two things really:

Firstly, a significant factor in the development of a CDBC will be to ensure it is inclusive. After all one of the main objectives in CDBCs is to provide a digital alternative to cash. The financially excluded rely on cash and so a CDBC may have an important role to play in addressing their needs.
Secondly, whilst the need is pressing, making it happen will take time. The UN Sustainable development goal 16.9 calls for the provision of legal identity for all by 2030. Many CDBC initiatives are operating on a similar timeframe.

The beauty of CDBCs is that, in the main, central banks are starting from a blank sheet of paper, which creates the opportunity to design something well from the start. A big problem in digital identity has been trying to retrofit it into a digital world after the fact.

Another interesting thing is that the emerging model for CDBCs has close similarities to the decentralised model for digital identity, which is the direction of travel in that space. Let me explain a little.

This following picture illustrates 2-tier model for CDBC:

Senders and receivers will have wallets that interact with each other. They will hold the identifiers (backed by private keys) that allow the parties to control the use of their CDBC value. The actual system of record will be a ledger provided by (or on behalf of) the central bank. Wallets will use tokens, which are cryptographic representations of the value managed by the ledger, which are bound to the identifiers (and keys) belonging to the parties.

Now look at the standard model for decentralised identity:

Identity information is sent from holders to verifiers. The information is sent in the form of cryptographic credentials (you could think of them as identity “tokens”) that are bound to identifiers which can be checked in a registry. Of course for those credentials to have any value they need to come from a trusted source – an issuer.

So you can see there is a strong correlation between CDBC and decentralised identity systems. The content of the two grey boxes is basically the same.

Furthermore, CDBC systems will have some very particular digital identity and privacy requirements:

There will need to be controls in place to prevent AML.
The CDBC must not become a mass surveillance system.
The system must allow anonymous transactions in some circumstances but not all.
Users must have control over how much data is shared (and in some cases if the user is not willing to share data the transaction will not be able to be completed).

These requirements could be met very well through the use of decentralised identity technologies such as those being developed in W3C, which support the presentation of verifiable identity information whilst employing strong privacy controls. There seems to be a strong case for the CDBC community to collaborate with the identity community. We have a foot in both camps and are working hard to ensure that the years of work put into decentralised identity is leveraged effectively in CDBCs.

It really is the case that Identity is the New Money.

Will the UK identity framework support decentralised identity?

7th September 20212nd September 2024by Steve PanniferLeave a comment

In our Live 5 for 2021, we said that governance would be a major topic for digital identity this year. Nowhere has this been more true than in the UK, where the government has been diligently working with a wide set of stakeholders to develop its digital identity and attribute trust framework – the rules of road for digital identity in the UK. The work continues but with the publication of the second iteration of the framework I thought it would be helpful to focus on one particular aspect – how might the framework apply to decentralised identity, given that is the direction of travel in the industry.

Continue reading “Will the UK identity framework support decentralised identity?”

Digital Identity Wallets are coming

17th June 20212nd September 2024by Steve PanniferLeave a comment

I was delighted to be asked to present a keynote at the FIDO Authenticate Summit and chose to focus on digital identity governance, which is something of a hot topic at the moment. Little did I know that the day before my session was recorded the European Commission would propose a monumental change to eIDAS, the Europe Union’s digital identity framework – one of the main examples I was planning to refer to. I hastily skimmed the proposed new regulation before the recording but have since had the time to take a more detailed look.

Continue reading “Digital Identity Wallets are coming”

Internet voting – challenging but necessary

10th November 20202nd September 2024by Steve Pannifer3 Comments

What did you think of the US election? I don’t mean the candidates and the outcome. What did you think of the election process? Should it be possible for national elections of this type to be done online? Last week the IET published a paper on internet voting in the UK, led by our good friend at the University of Surrey, Professor Steve Schneider. It’s well worth a read. As the paper explains, internet voting for statutory political elections is a uniquely challenging problem. Firstly voting systems have exacting requirements and secondly, the stakes are high with the threat of state level interference.

Continue reading “Internet voting – challenging but necessary”

The best definition of Digital Identity

24th September 20202nd September 2024by Steve PanniferLeave a comment

Our friends at Smartex challenged its readership to define Digital Identity the other day, with a bottle of wine on offer for the best definition. I’m pleased to say that the bottle of wine was won by Consult Hyperion, with a couple of competition entries submitted.

Coming up with a definition for digital identity is not easy. It can refer to quite a number of different things, making the task of encapsulating it in a sentence next to impossible. For my attempt I thought that rather than try to describe what it is, it would be better to describe what it does. I came up with this:

Digital identity allows us to trust each other by enabling us to share the minimum amount of verifiable information needed for the thing we want to do.

In one sentence I was trying to capture several points:

Digital identity is a means to an end not an end in itself
It’s bi-directional – in any transaction both parties need to have confidence in the other party
It’s about the information you need to share, which will vary considerably between contexts.
It protects privacy by only sharing the information (or claims) necessary.

Continue reading “The best definition of Digital Identity”

Would you use the NHSX app?

7th May 20207th May 2020by Steve PanniferLeave a comment

I listened with interest to yesterday’s parliamentary committee on the proposed NHSX contact tracing app, which is being trialled on the Isle of Wight from today. You can see the recording here.

Much of the discussion concerned the decision to follow a centralised approach, in contrast to several other countries such as Germany, Switzerland and Ireland. Two key concerns were raised:

1. Can a centralised system be privacy respecting?
Of course the answer to this question is yes, but it depends on how data is collected and stored. Cryptographic techniques such as differential privacy are designed to allow data to be de-indentified so that is can be analysed anonymously (e.g. for medical research) for example, although there was no suggestion that NHSX is actually doing this.

The precise details of the NHSX app are not clear at this stage but it seems that the approach will involve identifiers being shared between mobile devices when they come into close proximity. These identifiers will then be uploaded to a central service to support studying the epidemiology of COVID-19 and to facilitate notifying people who may be at risk, having been in close proximity to an infected person. Whilst the stated intention is for those identifiers to be anonymous, the parliamentary debate clearly showed there a number of ways that the identifiers could become more identifiable over time. Because the identifiers are persistent they are likely to only be pseudonymous at best.

By way of contrast, a large team of academics has developed an approach called DP-3T, which apparently has influenced designs in Germany and elsewhere. It uses ephemeral (short-lived) identifiers. The approach is not fully decentralised however. When a user reports that they have COVID-19 symptoms, the list of ephemeral identifiers that user’s device has received, when coming into close proximity to other devices, is shared via a centralised service. In fact, they are broadcast to every device in the system so that risk decisioning is made at the edges not in the middle. This means that no central database of identifiers is needed (but presumably there will be database of registered devices).

It also means there will be less scope for epidemiological research.

All of this is way beyond the understanding of most people, including those tasked with providing parliamentary scrutiny. So how can the average person on the street or the average peer in Westminster be confident in the NHSX app? Well apparently the NHSX app is going to be open sourced and that probably is going to be our greatest protection. That will mean you won’t need to rely on what NHSX says but inevitably there will be universities, hackers, enthusiasts and others lining up to pick it apart.

2. Can a centralised system interoperate with the decentralised systems in other countries to allow cross border contact tracing?
It seems to us that whether a system is centralised or not is a gross simplification of the potential interoperability issues. True, the primary issue does seem to be the way that identifiers are generated, shared and used in risk decisioning. For cross border contact tracing to be possible there will need to be alignment on a whole range of other things including technical standards, legal requirements and perhaps even, dare I say it, liability. Of course, if the DP-3T model is adopted by many countries then it could become the de facto standard, in which case that could leave the NHSX app isolated.

Will the NHSX app be an effective tool to help us get back to normal? This will depend entirely on how widely it is adopted, which in turn will require people to see that the benefits outweigh the costs. That’s a value exchange calculation that most people will not be able to make. How can they make a value judgment on the potential risks to their civil liberties of such a system? The average user is probably more likely to notice the impact on their phone’s battery life or when their Bluetooth headphones stop working.

There’s a lot more that could be said and I’ll be discussing the topic further with Edgar Whitley, Nicky Hickman and Justin Gage on Thursday during our weekly webinar.

The “isRecovered?” attribute

17th March 202028th May 2020by Steve PanniferLeave a comment

So far the tech giants seem to be the coronavirus winners, with a massive surge in digital communications and online orders. The impact on lift sharing companies is less clear.

The guidance from both Uber and Lyft says that if they are notified (by a public health authority) that a driver has COVID-19 they may temporarily suspend the driver’s account. It is not exactly clear how this would work.

That got us wondering whether digital identity systems, that we spend so much time talking about, could help. It seems to me there are two potential identity questions here:

1. Is the driver who Uber or Lyft thinks it is?

2. Does the driver have coronavirus?

The first question should be important to Uber and Lyft at any time. Ok, for the moment they want to be sure that they know who is driving to give them a better chance of knowing if the driver has the disease. But there are all sorts of other reasons why they might want to be sure that the driver is who they think it is – can the person legally drive for one.

The second question is harder. Just because the driver doesn’t have the virus today, doesn’t mean he or she won’t have it tomorrow. Maybe, perhaps the ability to share an isRecovered? attribute that says “I’ve recovered from the illness” would be useful when we start to see the light at the end of this tunnel we are entering. And the ability to share that anonymously might be helpful too – providing assurance to both driver and passenger.

All this to one side, the guidance from both Uber and Lyft outlines financial measures they are putting in place to provide security to drivers that self-isolate. That is a great example of responsibility providing the incentive and support required to allow their drivers to do the right thing.