States converge on mDLs
Many U.S. states are launching and expanding mobile driver’s licenses (mDLs) to eventually be equivalent to their physical counterparts. Eventually, these digital ID credentials are likely to be stored in and shared via digital wallets, Intellicheck CEO Bryan Lewis tells PYMNTS.
“Eventually digital wallets will be how we all do everything,” Lewis says. What America needs now to unite its fragmented digital ID landscape, he argues, is a storage format for mDLs that is secure against hacking.
The fragmentation of the landscape, however, appears to be lifting, if gradually.
New York is preparing to launch a pilot, while New Jersey passed legislation for the creation and issuing of mDLs. Illinois has proposed a bill that would allow for those to display licenses on their smartphones alongside, not in place of, their physical counterparts.
As many as 26 states are taking steps toward implementing mDLs, and 66 million people are using mDLs in the 6 states where they are fully available, according to the Secure Technology Alliance.
“State-issued identity credentials should always be perceived as a public good. By implementing mDLs, we’re providing people with a future-focused, highly secure, cryptographically protected, convenient ID that stakeholders can rely on,” said Eric Jorgensen, director of the Arizona Department of Transportation’s Motor Vehicle Division in a keynote address at the Identity and Access Forum Spring Member Meeting.
In Colorado, mDLs can be used as a valid form of identification for some law enforcement agencies, including the city of Denver. The state of Georgia shared messaging on how to keep digital identities secure, while privacy advocates highlight security implications of the California DMV Wallet.
Georgia Driver Services shares security tips for mDLs, EFF reveals concerns
The Georgia Dept. of Driver Services shared steps citizens can take to secure PII from their state mDL, including leveraging biometric authentication.
Citizens should have a DDS Online Account and download the DDS 2 GO mobile app to receive alerts when their license status changes. They should enable 2FA and use unique passwords like a phrase or string of words. Setting up a passcode or biometric authentication will prevent unauthorized access.
Users should also only go browse sites with https, download security software to block malware, and be alert for social engineering attacks.
With the right security measures, digital identities can unite a fragmented ID landscape. Still, while mDLs have biometric authentication, encryption, and verification capabilities, civil liberties organizations have voiced concerns about whether or not the systems are actually secure.
The Electronic Frontier Foundation (EFF) shared security concerns regarding the California DMV Wallet app in a recent article. The app, which is currently being used by roughly 325 Californians, began a pilot last year.
The state contracted digital credential provider Spruce ID for the creation of a wallet app instead of Google Wallet, which accepts mDLs from Georgia, or the Samsung Wallet which accepts IDs in Iowa and Arizona.
The EFF notes California’s move avoids giving control over device compatibility, public messaging, and other aspects of a state mDL to a major tech company.
Californians can add on TruAge, a separate age verification QR code, to share minimal information while verifying age. However, there is already an mDL reader option for age verification. As of right now, there isn’t a selective disclosure option for sharing mDL information, but the California DMV plans to release one in the future. Once it arrives, TruAge will be redundant.
TruAge is being piloted in at least 6 states, the EFF says. The California DMV is considering the possibility of other add-ons, like disabled parking ID, registration, and vehicle ownership, to its digital wallet.
The EFF says unlinkable proofs are a privacy preserving way of using an mDL. Governance is also needed to establish control mechanisms for digital IDs like interoperable open wallets.
Protections need to be put in place to limit the information law enforcement can gather both by mDLs and from the smartphone presenting the ID, as established in proposed legislation in Illinois. Digital identity apps are not and should never be mandatory, the EFF says.
Article Topics
biometrics | data privacy | digital identity | Georgia | Intellicheck | mDL (mobile driver's license) | U.S.A | UL
Comments