TSA exploring mobile driver’s licenses for REAL ID identity verification
- By Susan Miller
- Apr 22, 2021
With several states exploring mobile driver’s licenses, the Transportation Security Administration is seeking comments on what changes it might need to make so agencies can accept mDLs for REAL ID Act-compliant identification for access to federal facilities, nuclear power plants and boarding federally regulated commercial aircraft.
Typically accessed through a smartphone app, mDLs offer advanced features that provide greater security than physical licenses for verifying an individual’s identity, enable stronger privacy protections and improve health and safety through touchless identity verification.
Like a physical driver’s license, mDL data originates from an individual’s identity information that is maintained by a state Department of Motor Vehicles or equivalent agency. For federal agencies to be able to accept an mDL, they would have to trust that the identity data came from the issuing DMV and that it was transmitted unaltered. For physical IDs, that trust is conveyed through a card’s security features that are designed to deter and detect forgery and counterfeiting. Because mDLs have no physical form, the trust ecosystem must allow for standardized, secure communications between a DMV, a mobile device and a federal agency, according to the proposed rule.
The Department of Homeland Security wants comments on technical approaches, industry standards and best practices for ensuring “that mDLs can be issued and verified/authenticated with features to ensure security, privacy, and identity fraud detection,” the proposed rule states.
According to DHS, use of an mDL for official purposes might work like this: A state DMV would issue an mDL and enable a user's mobile device to store and/or access mDL data. A federal agency would use an mDL reader to retrieve only the information it needed from the user’s mobile device, such as age or state residency. The relevant data would be transmitted via a digital token from the user’s device through a secure wireless or optical communication protocol. For operational use, the reader must be capable of interacting with mDLs issued by any DMV, on any mobile device, operating system or mDL apps.
Additionally, DHS is seeking comments on data storage, data freshness, IT security infrastructure, offline and online data transfer modes, unattended online mDL verification, mDL devices other than smartphones -- along with any quantifiable data on cost benefits of using a REAL ID-compliant mDL rather than a REAL ID-compliant physical driver's license or ID card.
Utah is testing an mDL in which users download the mobile application from the DMV, their driver’s license information is transmitted to the app via Department of Public Safety’s Driver License Division and it is stored in a secure, encrypted location on the device. To access it, mDL holders open the app using a personal identification number or a biometric.
April 19, North Dakota Gov. Doug Burgum signed a bill calling for establishment of a mobile or electronic driver’s license system in the state.
DHS wants comments on REAL ID changes are due June 18.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.