With Apple’s recent announcement that eight states intend to adopt its digital driving license technology, it appears that digital credentials are gaining traction. Digital IDs aren’t a particularly novel concept. People have been storing everything from movie tickets to flight boarding passes on their smartphones, so why not government IDs and driver’s licenses?
Unfortunately, it isn’t as simple as that. While the technology exists to create digital credentials, there are still technological and regulatory issues to be resolved. Finally, we must figure out a way to make digital IDs universally acceptable while also making the process of issuing and using them as simple as possible.
The Drive Toward Digital IDs
Physical driver’s licenses have been in use for decades. With holographic watermarks and other features that ensure that a license serves as an identifier unique to the bearer, issuers have found ways to make driver’s licenses more difficult to counterfeit. The adoption of a digital driving license is motivated by convenience. People prefer to use their smartphone wallets for Google Pay or Apple Pay transactions, and they find it easier to use a digital ID on their phone.
You have more control over your identity and the personal information you choose to share with a digital driving license. When you give someone your physical driver’s license, they have access to a lot of personal information, including your address and birth date. You can limit the amount of information shared with a digital ID to basic questions like whether your license is current or if you have any outstanding traffic violations.
Creating a digital driving license that is compatible with your smartphone seems a logical approach. According to Pew Research, Although we still have Apple iOS and Google Android as dueling smartphone platforms, 85 percent of Americans now have smartphones. Some argue that having a digital license stored on your smartphone is more secure because unlocking the phone requires a passcode, fingerprint, or facial recognition.
Even with the growing adoption of mobile IDs, there are still some states, like Arizona and Delaware, that require you to carry your physical license as well as your digital license. One of the challenges of moving to digital licenses is ensuring that mobile IDs are available anywhere and on any device.
The Downside of Digital IDs
The critics have a number of issues with the adoption of digital driving licenses. Here are a few examples of the dangers of relying on smartphone technology for secure identification.
Giving your phone to a cop or a TSA agent could put your personal information at risk if you need to unlock your smartphone to access your digital ID; giving someone an unlocked phone gives them access to everything on it. This raises the question of whether handing over your digital ID to a government official or law enforcement officer constitutes consent for them to view the contents of your phone or if such a search would be considered illegal under the law.
There are also those who fear that digital IDs will make citizen tracking too easy. When you scan a digital license, you leave an electronic trail. Some people are concerned that digital IDs will be linked to online activities, preventing anonymous speech.
Not all states will use the same validation technology, so they may not be able to read out-of-state licenses. While Apple is offering its version of a digital license reader, Arizona, Delaware, and Oklahoma are using apps developed by Idemia, the company that created the technology for the TSA PreCheck frequent traveler program.
There are also more practical issues to consider, such as who has access to validation protocols. Can police officers use facial recognition or your fingerprint to unlock your phone and look for an ID if you’ve been in an accident? What if you need your digital ID, but the battery on your phone is dead? What if you don’t have the financial means to purchase a smartphone? Is this to say that digital IDs are discriminatory against those who can’t afford or don’t want to own a smartphone?
Forging Digital Credentials
Because digital documents are easy to forge, one of the most serious concerns about digital driving licenses is security.
Anyone with an iOS developer account, for example, can get a signing certificate for wallet passes with the new Apple digital license, which means anyone can create a valid license by signing their own signing certificate. Fake IDs are virtually indistinguishable from those issued by the government. Android licenses have no way of verifying the signature, making them very easy to tamper with.
The adoption of mobile IDs in Iceland demonstrates their vulnerabilities. The Icelandic government took a long time to release scanner technology to go along with digital IDs, making it easy for teenagers to alter their digital IDs by using screenshots to make them appear older in order to gain access to bars and clubs. The Icelandic government took a long time to release scanner technology to go along with digital IDs, making it easy for teenagers to alter their digital IDs by using screenshots to make them appear older in order to gain access to bars and clubs.
Simplifying Secure Digital IDs
All of these stumbling blocks and objections to digital identification can be overcome. It’s just a matter of figuring out the best strategy for creating a secure, frictionless digital credential.
The necessary security is provided by distributed ledger technology. A cloud-based distributed ledger system shares data across multiple points across the internet, unlike most database systems, which have a single data repository that can be hacked. To authenticate a driver’s license, all of the data sources in the ledger must agree. It’s nearly impenetrable. Furthermore, all data sent over the internet is encrypted.
The consent of the license holder is required when setting up a digital driving license. Each verification requires the owner’s consent, and because they must sign in to verify the license, the license owner can verify the identity of the person asking to see it. Furthermore, because the digital signature expires after a short period of time, it cannot be used by anyone else.
There needs to be a common database where users can register for access to eliminate the problem of proprietary license readers. A QR code scan is all that is required to gain access to the system. Not only is the system secure, but it can also provide an audit trail. The same system can be used to store other credentials, such as professional credentials or special training certificates, in addition to a digital driving license.
We have the technology to make secure digital IDs like a digital driving license possible. Only the creation of a shared system that is both secure and accessible stands in the way of widespread adoption. A secure infrastructure can be built using distributed ledger technology. To share driver’s license data, individual states must still agree to join as a consortium. Individual states can still impose their own laws and regulations on driver’s licenses, even if they are part of a common consortium. Simply put, creating a shared database means that digital IDs can be used anywhere.