US digital ID regulation coming as feds seek info on mobile driver’s license standards
Rules for minimum technical requirements and security standards for mobile driver’s licenses (mDLs) in the U.S are coming, in a crucial step for digital ID regulation in the country.
The Department of Homeland Security (DHS) Office of Strategy, Policy and Plans and the Transportation Security Administration (TSA) have published a request for information (RFI) to the Federal Register in preparation for “an upcoming rulemaking” to regulate mDLs under the REAL ID Act. The RFI notes that states are moving ahead with pilots of mDLs, and that public interest is high.
REAL ID-compliant mDLs could be stored on any portable device with digital memory, are likely to include QR codes, and may use public key infrastructure (PKI) for offline transactions, according to the document. Unattended online verification is an area the agencies are seeking information on, while attended verification will likely be subject to ISO/IEC 18013-5, currently a draft standard.
Iowa’s Idemia-powered mDL recently passed a conformance assessment to ISO 18013-5 by UL.
Darby LaJoye, senior official performing the duties of the TSA administrator, noted in a comment quoted by Homeland Security Today that the agency is interested in incorporating mDLs into its digital ID verification processes.
One of the 15 questions posed is whether privacy and security solutions that depend on digital identity and have been adopted in other industries should be considered for the REAL ID standards. DHS and TSA have many other questions, including general ones about security and privacy, what performance-based standards should be used, costs to individuals and obstacles to acceptance.
Comments are due by June 18, 2021.