Tech companies developing mobile driver’s license technologies, and the cities and states testing mDLs, face questions from citizens and public safety officers on the practicalities, logistics and security of using them. These key stakeholders need assurance that mDLs for use in government-issued identification services are developed in a secure, encrypted and trusted way.
But beyond making sure the technology is easy to use, secure and broadly accessible for business, mobile driver’s license innovators are on point to make clear why Joe and Jenny Citizen should welcome it, and why public safety agencies and government services should consider the benefits.
While many questions are still being answered, one mobile driver’s license professional and government service veteran believes five years is a reasonable time frame to expect more states -- in addition to Iowa -- to be issuing them. He also said that the physical driver’s license isn’t going to go away quickly.
mDL Use Case 1: The Road Side Stop
Some public safety officers raise their eyebrows in caution at the suggestion of a virtual driver’s license:
I don’t like the idea of walking up to a car I just stopped and the driver points out this rectangular shaped dark object (like a gun or an iPhone),” said one public safety professional when asked about mDLs.
Scott Vien, director of business development for Massachusetts-based GET Group NA, which offers a mobile identification application, indicated law enforcement is the number one stakeholder in mDL adoption, and believes certain challenges that generally come with the adoption of new technologies can be addressed by piloting mDL technology.
While the mDL holder will have to present their identification “in a similar way” as they do a physical driver’s license -- the technology presents an opportunity to increase situational awareness, according to Vien.
It’s possible to know who is in the vehicle before they go over to it,” Vien said. “It’s an added safety benefit, if done correctly.”
While some in law enforcement ponder if the individual phone can be hacked and the mDL corrupted, Vien explained that hackers would have to go through multiple levels of security. The application hosting the mDL has log-in specified requirements. So hackers would have to get into the phone -- including getting passed a potential biometrics layer -- to get into the mDL application.
Multi-factor authentication can be easily required of user mDL apps. “Every DMV takes your photo,” said Vien. With faces already on file, unlocking the mDL app with facial recognition -- a selfie -- on an individual phone enhances security.
It’s “an extra layer of security to make sure the right person is opening the application,” he said.
The second later would be the app user setting a secret PIN code.
Another benefit of mobile license technology is the ability for the government issuing entity to deactivate a stolen license immediately -- there isn’t that capability with a stolen physical license today, he noted.
The mDL indicates status. That’s also true when a license is revoked because of a driving under the influence (DUI) offense. If the driver has an mDL, that change is obvious, and the postal service can’t be blamed for lack of knowledge.
There will be no doubt their privileges are revoked or suspended,” said Vien.
If the phone battery is dead, or the phone screen is cracked, the individual’s physical license serves as the back-up.
Getting Law Enforcement on Board with mDLs
Some law enforcement prefer not to hold, possess or touch a phone at a stop, Vien said. With mDL technology, “there is no need for them to take possession of the phone.”
Law enforcement can request access to an mDL before approaching a vehicle they’ve stopped.
What mDL technology offers law enforcement, are points of validation that can’t be checked today -- even when going through a Transportation Security Administration checkpoint:
- The ability to validate with a system of record that an ID is authentic.
- The ability to have the person biometrically log-in so that you know that mDL is tied to that person.
- The ability to validate that it was issued to that phone, which is based in secure certificates and encryption.
“Imagine how great it would be if you could scan your passport and driver’s license at the same time?” Vien suggested.
To encourage law enforcement consideration, government agencies must ask their law enforcement stakeholders what is important to them. There is always different feedback on needs, but police officers will want to know, can they utilize their current on-board system?
In his former role as director of the Delaware Division of Motor Vehicles (DMV), Vien helped lead the state agency in becoming one of the first states to test mobile ID technology, earlier this year.
That was one of our big pushes at the DMV – can we do this in a way so law enforcement doesn’t need anything else on their belt or in their car,” said Vien.
Cruiser laptops may communicate via Bluetooth, and near field communication (NFC), which allows a device to create a radio frequency current that communicates with another NFC-compatible device or an NFC tag holding information, to access an mDL.
It’s permission-driven technology, so when public safety detects an mDL, they then request permission for the information. The mDL holder then accepts or denies the request, which is why some law enforcement officers may prefer to look at a driver as they request ID.
Only time will tell what is the best option for law enforcement, said Vien.
mDL Use Case 2: Business Validation Requirements
Vien expressed enthusiasm about the technology’s potential to address citizen feedback he’d heard while with the Delaware DMV. Chief among concerns are the risks physical driver’s licenses present in sharing unnecessary personal identification information to private business agents that only need to verify certain data, like name or age.
The driver’s license is the most common ID Card. “Folks use their license and identification for many, many things,” he said.
With a mobile driver’s license application on their phone, there is no need for a person to show their address, license number and birth date . The mDL will verify if the person is over 18 or 21 and display a photo -- if that is all that is required by a business.
“Relying parties” to mDLs have different needs -- stores, in contrast to law enforcement, have fewer needs. A store employee verifying age requirements for an alcohol or cannabis purchase, for example, only needs the age and photo information. But a physical license shares a home address, birth date and more with any business’s employees.
With an mDL, the customer can keep more of their data safe. “The bouncer doesn’t see the address,” said Vien.
He said that he received many requests to hide addresses on Delaware’s drivers’ licenses when he served as chief of driver services for five years. It was a regular request from citizens concerned about their safety, he said.
Mobile driver’s licenses can provide more security, he said.
The mDL technology’s data minimization ability is a privacy gain for citizens. “You get to choose the information you can share,” said Vien.
Control is built on the user and the verifier ends, he noted. That’s why it’s important for government-issuing entities to involve businesses like banks and restaurants in developing good use cases and real life scenarios for individual mDL systems.
Addressing Connectivity Challenges & Service Delivery Improvements
Access in places that have poor broadband connectivity and data privacy are also top concerns for implementation of mDLs.
Vien, who has served the American Association of Motor Vehicle Administrators board of directors and chaired working groups, explained how technical execution can address certain practical limitations of mDLs -- with degrees of certainty.
To address feasibility in rural locales and urban areas with poor connectivity, mDL technology allows for validation offline -- the app will show the last validation from the system.
With license updates in real time, the mDL application on a user’s smartphone needs to be updated with frequency, Vien explained, noting that mDL systems could be built in which licenses become deactivated if the user’s app isn’t updated on a specified threshold.
To improve DMV service, GET Group NA is working on additional functionality to improve customer interactions. In the case where a license is deactivated, the app could immediately offer the mDL holder another option: ‘Would you like to purchase a valid personal ID card instead?’
The mDL app can also share helpful information with residents, engaging customers more regularly than the current pace -- when a license or registration needs renewing.
When you have a connection to the customer in the palm of their hand…there is a lot of reason to communicate with the customer,” Vien said.
About GET Group NA
GET Group NA’s mID™ platform combines identity security compliance specifications and standards with a mobile application that allows users to convert to digital identification. The company also offers identity management and other products and services.