FB pixel

Widespread adoption of mDLs in US remains a slow slog

Widespread adoption of mDLs in US remains a slow slog
 

The push to implement a mobile driver’s license (mDLs) throughout the U.S. continues to be fraught with a variety of problems that has caused a much slower rollout than had been expected by its advocates. Between technical and legal issues, problems with misuse, the limited places where mDLs can be used, and the slowness of the U.S. Department of Homeland Security (DHS) to itself widely implement digital ID capabilities, it will be some time before mDLs see widespread use across the nation.

The ecosystem of users, those who issue credentials, and the entities that accept digital IDs, is only now beginning to take shape. Based on authoritative estimates, it could be 10 years before there’s widespread adoption of mDLs across the U.S., although ZKTeco USA President Manish Dalal is more bullish, forecasting 50 percent of the U.S. adult population will have access to digital credentials and mobile IDs in the next 12 to 18 months.

As it stands now, only 13 states have adopted a mDL, other states are planning to introduce mDLs sometime in the future, and two states dropped their mDL program entirely.

The mDL movement has largely been driven by two things: The REAL ID Modernization Act which allowed DHS to accept electronic transmission of user identity information, opening the possibility that novel digital technologies could be used to verify and maintain identity, and market-driven initiatives to develop secure, privacy-protecting, easy-to-use technologies for managing digital identities.

But, as DHS has said, the mDL “is an early front-runner, consisting of standardized technologies and processes that enable a digital-identity ecosystem that replicates and potentially improves upon physical identity credentials.”

Even though DHS through its Next Generation Identity: Mobile Driver’s License project – a collaborative effort of DHS’s Science and Technology Directorate (S&T), Transportation Security Administration (TSA), and National Institute of Standards and Technology (NIST) – has been working to develop a standardized framework of security, privacy, and authentication protections, as well as standards so DHS and its components can accept mDLs, it continues to struggle with development.

Meanwhile, S&T’s Biometric and Identity Technology Center continues to conduct industry studies to assess the integrity, risk, and trustworthiness of digital identities for potential DHS acceptance and use, and is working alongside NIST on the standards-development process and conducting interoperability testing and development of privacy and security recommendations.

But, DHS isn’t there yet. As TSA pointed out in its Fiscal Year 2025 budget justification document, it “is not currently able to ingest data from, or authenticate, digital identities during security operations,” even though “aviation is one of the largest identity use cases in the world” and “passengers and airlines are continually looking for contactless options in their travel journeys.”

TSA said “many industry stakeholders” have reached out to inquire about digital identity acceptance and is currently working with a few industry partners through Cooperative Research and Development Agreements to conduct digital identity pilots.

TSA’s mobile driver’s license research and development (R&D) was only funded at $4.2 million in both FY 2023 and FY 2024. And, surprisingly, it did “not continue funding for the mDL project in [its] R&D appropriation” request for FY 2025. Yet, TSA admits that its “digital identity research and collaboration with industry will … inform the rest of DHS components on the benefits that digital identities provide, as well as key considerations and obstacles that come with implementing and integrating a new capability with existing identity verification systems.”

“Properly executed,” TSA said, its “efforts in this space will inform other agency/component strategies and yield best practices and infrastructure that will catalyze or accelerate their efforts, thus resulting in economies.”

It would appear then that until TSA is able to authenticate any digital ID, all DHS components are on stand-by. But, even when mDLs and other digital IDs are able to be accepted by TSA and other DHS-wide agencies, the technical standards that are finally established for digital ID acceptance throughout DHS may not necessarily be compatible with what states and private sector companies and organizations earlier rolled out, according to two former senior TSA officials now working in the private sector Biometric Update spoke to.

Meanwhile, TSA continues to develop, test, and deploy a digital identity reader for use at the Travel Document Checker (TDC) that can accept and authenticate digital identities. The reader will be compliant with the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 18013-5 standard to ensure interoperability and must be able to operate seamlessly in the checkpoint environment.

TSA said the development and testing of the digital identity reader and the necessary infrastructure will require collaboration between TSA and external stakeholders. Through a standards-based approach, collaboration with interagency partners as well as industry stakeholders, and robust testing, TSA said it “will be able to qualify, accept, and authenticate digital identities using the digital identity reader at the checkpoint.”

In parallel with TSA’s development of the reader and the underlying technical infrastructure to enable core functions, such as terminal authentication and certificate management/distribution, it will also establish a technical and policy trust framework relative to issuing authorities.

“Long-term, issuer trust will be established through a process governed by REAL ID rulemaking and TSA enforcement of those rules; and it will be technically enabled through a Digital Trust Service, such as the one developed by the American Association of Motor Vehicle Administrators (AAMVA),” TSA said.

In the interim, TSA said, it “will coordinate with DHS policy, DHS S&T, NIST, AAMVA, state DMVs, and other stakeholders as needed to codify best practices and standards that will inform the long-term solution and associated regulatory strategy.”

In other words, it’s going to be a while before digital IDs of any kind are able to be accepted by TSA, or even DHS-wide.

TSA said once the mDL R&D process is complete and digital identity technology has been tested in the field, it will begin transition to the Credential Authentication Technology (CAT) Program after its Acquisition Decision Event-3 for mDL. At the same time, TSA will leverage the newly established Identity Management Capability Integration Council (CIC) to develop the internal governance for accepting digital IDs and facilitate the approval of policy needed to implement digital ID acceptance at scale across the nation’s airports.

Current CAT-2 readers only allow TSA security officers to capture a real-time photo of the holder and compare it to the holder’s photo on the ID against the in-person, real-time photo. Once the CAT-2 confirms the match, a TSA officer verifies it and the traveler can proceed through the checkpoint without the need to show a boarding pass.

Even at the state level it’s been discovered – often the hard way – adoption of a mDL isn’t easy. Implementation requires an entire ecosystem of reader devices, cyber infrastructure, security, privacy standards and controls, Public Key Infrastructure services, etc., to support the provisioning, issuance, acceptance, and authentication of mDLs.

Only 13 states have an active mDL program: Arizona, California, Colorado, Delaware, Georgia, Iowa, Louisiana, Maryland, Mississippi, Missouri, New York, Ohio and Utah, as well as Puerto Rico. Only eight states, however, issue IDs that are interoperable with TSA’s existing CAT-2 readers, and TSA’s CAT-2 approved digital ID offered by Apple is only available in 5 states: Arizona, Maryland, Colorado, Georgia, and Ohio.

Ten states and Washington, DC have announced plans for a mDL: Alaska, Hawaii, Illinois, Indiana, Kentucky, New Mexico, North Carolina, Pennsylvania, and Virginia.

Two states, Oklahoma and Florida, have “decommissioned” their use of a mDL. Oklahoma was forced to abandon its mDL program in February in response to the U.S. Department of Justice (DOJ) having found in November 2023 that Service Oklahoma, the state agency responsible for creating the mobile ID app, had violated Title II of the Americans with Disability Act (ADA) by “denying people with disabilities equal access” and for “failing to ensure that its communications with people with vision disabilities are as effective as its communications with others.”

In announcing its termination of the program, Service Oklahoma did not mention DOJ’s lawsuit. It only said that “Service Oklahoma remains committed to meeting the accessibility needs of all Oklahomans,” and that “like their other online products and services, any future mobile applications will adhere to the Web Content Accessibility Guidelines.”

“Oklahoma’s failure in digital IDs highlights lesson in building accessibility from the start,” said Alex Ambrose, a policy analyst at the Information Technology

& Innovation Foundation. “Given that more than 19 states are in the process of implementing digital IDs, Oklahoma serves as a cautionary tale on the importance of building accessibility into the system from the beginning. Oklahoma should have fixed the digital ID service to be accessible, not shut it down. As more state and federal government moves to mobile and web applications, it is crucial that everyone, regardless of ability, receive equal access to critical government services.”

Ambrose said “the OK Mobile ID app demonstrates the pitfalls of failing to consider accessibility when designing digital government services. The best path forward as states build out their digital ID systems and other digital government services is to focus on accessibility from the start.”

Ambrose also pointed out that there was a lack of adoption of the mDL by Oklahoma state agencies. “For example, Oklahoma’s unemployment insurance system was not compatible with the OK Mobile ID app and users had to use a separate digital verification system. Individuals are not going to bother to get a digital ID if they cannot use it.”

In June, the Florida Department of Highway Safety and Motor Vehicles (FLHSMV) also abruptly halted its mDL, after it spent at least $1.5 million. FLHSMV said only that it is “revising its Florida Smart ID application” and that “once a new vendor is selected [the] improvements will be made.” FLHSMV said it doesn’t expect the new app to be developed until early next year.

Related Posts

Article Topics

 |   |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events