Connecting state and local government leaders
An electronically signed version of driver’s license information on users’ mobile devices gives them control over what they choose to share.
Utah is testing a mobile driver’s license (mDL) that gives holders more control over the data they share when presenting their identification.
What makes Utah’s mDL different from other efforts, said Christopher Caras, director of the Department of Public Safety’s Driver License Division (DLD), is that it is not a photo or digital version of an ID card. Instead, it uses standards from the American Association of Motor Vehicle Administrators and the International Organization for Standards (ISO) that enable security measures such as encryption and provide privacy protections that allow users to determine the data they share.
Utah’s mDLs are the first in the country to fully comply with ISO’s interface, according to the department. It is working with GET Group North America and its technology partner Scytáles to provide GET Mobile ID, the ISO 18013-5-compliant app that puts a license on a smart phone. Any reader that complies with that standard can verify the document.
“It actually opens the door for how a driver’s license or identification could be used to facilitate even online transactions,” Caras said. “As many states move toward a single-service citizen portal,” they can incorporate the mDL application there, which could be a huge benefit to the state, he added
For now, the biggest boon is to license holders. They download the mobile application, their driver’s license information is transmitted to it via DLD’s infrastructure and it is stored in a secure, encrypted location on the device. To access it, mDL holders open the app using a personal identification number or a biometric.
The end result “is an electronically signed version of your driver’s license information on your mobile device for the citizen to control, and they choose what they’re going to share,” said David Kelts, director product development at GET Mobile ID. “They actively consent to share data.”
Grocery stores, banks, hospitals and law enforcement officials, for example, that ask to see driver’s license information will need readers to accept the mobile credential. These readers typically work in three ways: via Bluetooth, near-field communication or QR codes. For instance, a grocery store clerk may ask to verify the age of someone trying to buy wine. With an mDL, the buyer can tell the app, “Share age,” and only that information is divulged to the store’s reader.
“When you present your driver’s license now, you’re presenting everything: You’ve given the person your name, date of birth, driver’s license number, home address, physical description, photograph. I mean, you’ve really opened a plethora of information to them,” Caras said. “What you have in the functionality of a mobile credential is the ability to meet the needs of the party that’s requesting your identity but not turn more cards than you need to.”
“The reader device makes its request: ‘These are the pieces of data that I need,’ the consumer has consented to those pieces of data and it sends it across,” Kelts explained.
The readers store the information according to state laws, and a flag pops up in the mDL app to indicate what will be saved and for how long.
“All the data is encrypted, and nobody can read any mobile driver’s license without the mDL holder authorizing, or consenting, to that information to be read or consumed by a verifier,” said Scott Vien, director of business development at GET Group North America. “Those sharing options -- share age, share all, share address -- not only do those limit the amount of data being shared by the choice of the user, but it’s also enabling the ability for the data to be shared,” he said.
The app requires an Apple iOS device running at least iOS 12, or iOS 13.2.2 to use NFC. It also works with Android devices running Android 8 or later. These operating systems cover about 95% of the phones in circulation, Vien said.
If a device is lost or stolen, users can wipe the data and mark the devices as lost. If they get new devices, they can reregister with the same phone number and “pick up where they left off,” Kelts said.
Use of mDLs is completely voluntary, said Caras, adding, “I don’t see the hard card going away any time soon. Our goal in this project is to make the mobile credential acceptable everywhere that the hard card is today.”
That includes the Transportation Security Administration’s Real ID requirement for domestic air travel. Caras said Utah is in talks with TSA on a partnership to make the mDL compliant with TSA requirements. TSA does not currently accept mobile or electronic driver’s licenses, but the Real ID Modernization Act, passed at the end of 2020, “helps lay the groundwork for future REAL ID-compliant mobile/digital driver’s licenses to individuals holding a valid REAL ID compliant physical DL/ID.”
Utah’s mDL is currently in the proof-of-concept phase with 100 people testing it, and it will expand into a pilot test within the next two months. The number of testers will grow to 10,000 over the year, and in early 2022, any state resident who wants an mDL will be able to get it, Caras said.
Through the pilot, the app is free. After that, there were will be a nominal annual subscription.
“It is that way for a couple of reasons,” Caras said. “One of them is the state really doesn’t know how many people are interested in this, and having the burden of the cost on those who choose to avail themselves of the product means that the state doesn’t have to build an infrastructure that facilitates it for either 100 people or 2.5 million people, and it allows the cost to be maintained at a low level.”