TSA exploring mobile driver’s licenses for REAL ID identity verification
With several states exploring mobile driver’s licenses, the Transportation Security Administration wants to know what changes it might need to make so agencies can accept mDLs for REAL ID Act-compliant identification.
With several states exploring mobile driver’s licenses, the Transportation Security Administration is seeking comments on what changes it might need to make so agencies can accept mDLs for REAL ID Act-compliant identification for access to federal facilities, nuclear power plants and boarding federally regulated commercial aircraft.
Typically accessed through a smartphone app, mDLs offer advanced features that provide greater security than physical licenses for verifying an individual’s identity, enable stronger privacy protections and improve health and safety through touchless identity verification.
Like a physical driver’s license, mDL data originates from an individual’s identity information that is maintained by a state Department of Motor Vehicles or equivalent agency. For federal agencies to be able to accept an mDL, they would have to trust that the identity data came from the issuing DMV and that it was transmitted unaltered. For physical IDs, that trust is conveyed through a card’s security features that are designed to deter and detect forgery and counterfeiting. Because mDLs have no physical form, the trust ecosystem must allow for standardized, secure communications between a DMV, a mobile device and a federal agency, according to the proposed rule.
The Department of Homeland Security wants comments on technical approaches, industry standards and best practices for ensuring “that mDLs can be issued and verified/authenticated with features to ensure security, privacy, and identity fraud detection,” the proposed rule states.
According to DHS, use of an mDL for official purposes might work like this: A state DMV would issue an mDL and enable a user's mobile device to store and/or access mDL data. A federal agency would use an mDL reader to retrieve only the information it needed from the user’s mobile device, such as age or state residency. The relevant data would be transmitted via a digital token from the user’s device through a secure wireless or optical communication protocol. For operational use, the reader must be capable of interacting with mDLs issued by any DMV, on any mobile device, operating system or mDL apps.
Additionally, DHS is seeking comments on data storage, data freshness, IT security infrastructure, offline and online data transfer modes, unattended online mDL verification, mDL devices other than smartphones -- along with any quantifiable data on cost benefits of using a REAL ID-compliant mDL rather than a REAL ID-compliant physical driver's license or ID card.
Utah is testing an mDL in which users download the mobile application from the DMV, their driver’s license information is transmitted to the app via Department of Public Safety’s Driver License Division and it is stored in a secure, encrypted location on the device. To access it, mDL holders open the app using a personal identification number or a biometric.
April 19, North Dakota Gov. Doug Burgum signed a bill calling for establishment of a mobile or electronic driver’s license system in the state.
DHS wants comments on REAL ID changes are due June 18.
NEXT STORY: States wary of privacy-protected census data