“We exceeded that initial number within the first three weeks of our go-live date,” says Ajay Gupta, chief digital transformation officer for the California Department of Motor Vehicles. “We requested that the legislature extend the pilot to about 1.5 million people, so that’s the scope now. We’re hoping, based on what we’ve seen, to request an additional extension.”
California’s experience points to growing public interest in digital identities — even though current uses are limited and the ecosystem of users, credential issuers and organizations that accept digital IDs is just now taking shape.
The familiar plastic driver’s license and paper identity documents won’t disappear. But Gupta and others expect mDLs and other digital identity credentials to become mainstream sooner rather than later.
The benefits of digital IDs are too compelling for most people to ignore. Compared to the physical card, a mDL offers more privacy and security. No longer would you hand over a goldmine of personal information — your name, address, driver’s license number, etc. — to a stranger who just needs to know if you’re over age 21. Instead, merchants would use a reader to verify your age from the mDL and nothing more. In addition, mDLs can be instantly wiped from a lost or stolen mobile phone and quickly replaced when the user gets a new device.
But perhaps the biggest reason for adopting digital IDs is the potential for safer and smoother online transactions — everything from creating a bank account to getting a home loan to applying for government benefits. Digital credentials issued by trusted sources like state motor vehicle agencies would simplify and strengthen the process of verifying someone’s identity online, improving remote interactions for legitimate users and potentially putting the brakes on billions of dollars in identity fraud.
Yet, even though multiple agencies and officials across state, local and federal governments are working toward making digital IDs an enabler for virtual transactions, we’re not there yet. Americans continue to rely on paper and plastic identity credentials that weren’t designed to be used online.
Jeremy Grant, coordinator of the Better Identity Coalition, calls this the identity gap. He says the lack of authoritative, government-issued digital credentials makes verifying identity online harder and less accurate than it should be.
“In the U.S., we’re dependent on an entire cottage industry that’s trying to guess what only the government really knows,” says Grant, managing director of technology business strategy at Washington D.C. law firm Venable LLP and leader of the Obama Administration’s digital identity initiatives.
He says government needs to take a stronger role in guiding the development of digital identities. “When you get into things that are inherently governmental, issuance of identity is very much in that category.”
Fred Greaves
WHAT'S THE PLAN
In 2018, the Better Identity Coalition — which helps people conduct online business securely — released a policy blueprint to strengthen online identity verification. The report called on agencies like the Social Security Administration and state motor vehicle departments to move toward digital identity credentials. To speed the transition, the report recommended the creation of a five-year, $1 billion federal grant program to help state motor vehicle agencies become digital identity providers.
At its core, the report urged federal policymakers to set a national vision for developing digital identities that are more convenient for consumers, less susceptible to fraud, trusted by service providers and better at protecting individual privacy. This modernization would be done in partnership with identity and security companies, but government would play a prominent role in laying out the roadmap and establishing critical standards and best practices.
In January, the coalition released a five-year progress report on the blueprint. The grades are mixed.
The group applauded progress around reducing the use of easily stolen Social Security numbers to authenticate online transactions. It also praised efforts by the Biden Administration and the Cybersecurity Infrastructure and Security Agency (CISA) to promote the use of multifactor authentication (MFA), especially phishing-resistant forms of MFA.
But the new report says both the Trump and Biden administrations have failed to take a strategic approach to digital identities. Although the federal government has spent more than $1 billion on identity verification over the past five years, those dollars have largely been targeted at specific government departments and programs like login.gov, unemployment insurance and the Internal Revenue Service.
“Rather than build siloed solutions, the government should be investing more broadly in robust, privacy preserving digital identity infrastructure,” the progress report says. “The goal should be to close the gap between physical and digital credentials, so that anybody can ask a state or federal agency who issued them a credential to validate that information and ‘vouch’ for them online.”
Ultimately, the nation lacks a clear vision for doing that.
The coalition renewed its call for federal grants to support state mDL initiatives. It also urged the creation of a federal, state and local government task force to develop a coordinated plan for digital identities, and it said the National Institute of Standards and Technology (NIST) and the Department of Homeland Security should accelerate efforts to issue standards and guidance for mDLs and other digital credentials.
“A lot of good people are approaching this from different perspectives but it needs to be elevated as a priority,” says Grant. “There’s just been a general lack of recognition around how big the problem is and how we should be solving it.”
Fred Greaves
THE STATE OF STATE mDLs
The nation may still have an identity gap, but state motor vehicle agencies are determined to help fill it. The mDL is poised to become perhaps the most used digital identity credential among Americans.
The American Association of Motor Vehicle Administrators (AAMVA) expects a wave of state mDL deployments this year. AAMVA Identity Management Director Michael McCaskill says about a dozen states issue mDLs today, with more jurisdictions poised to launch mDL initiatives soon. His group is staffing up to support this growth, and it’s launching new services to expand the mDL ecosystem.
“There’s a definite uptick in activity,” McCaskill says. “The conversation around mDLs will be very different a year from now.”
“The Digital Trust Service is the center of the trust framework for an mDL ecosystem,” says McCaskill.
That’s one piece of making mDLs mainstream. States are working on other parts of the puzzle.
Eric Jorgensen is director of the Arizona Motor Vehicle Division (MVD) and chair of AAMVA’s mobile driver’s license subcommittee. His state has issued about 900,000 mDLs since launching its program a few years ago. Like other states, Arizona is trying to expand the ways people can use mDLs.
“We run into a chicken-and-egg scenario,” says Jorgensen. “It’s hard to get reliant parties to accept a mobile driver’s license when nobody has one. And it’s hard to get people to sign up for a mobile driver’s license when there’s no place to use it.”
The Transportation Security Administration (TSA) accepts Arizona’s mobile ID at the Phoenix Sky Harbor International Airport. Arizona has also expanded its support for digital wallet platforms, now offering its mDL on wallets from Apple, Google and Samsung, as well as the state’s own mobile ID app.
In addition, both Arizona and California are developing free software applications that let merchants read encrypted mDL information. Reader software will ultimately be built into point-of-sale equipment used by large retailers. But the state-sponsored readers give organizations an easy way to start accepting digital credentials — and they could be especially valuable for small businesses, nonprofits and government programs that need to verify age or other aspects of identity.
Along with the TSA — which accepts mDLs at a growing number of airports — state and local law enforcement agencies are seen as important anchors for mDL growth. The Utah Driver License Division, which is part of the state’s Department of Public Safety, is forging those relationships now, says division director Chris Caras. The state’s mDL is already accepted by the Utah Highway Patrol and the Salt Lake County Sheriff’s Office, Caras says, and he’s reaching out to other local departments.
Utah has also worked with a broad group of businesses — including supermarkets, liquor stores, credit unions and healthcare providers — to accept the credential.
“I won’t say we have a lot of each type of business, but we’ve tried to go broader because I think adoption is directly linked to the number of use cases where the mDL is applicable,” Caras says.
Although in-person uses are valuable, state motor vehicle officials say online identity verification is what will push the entire mDL ecosystem into the mainstream. As an official government-issued digital identity credential, mDLs would fill a void in the current online identity verification process.
“There’s just nothing quite like it today. There’s nothing that connects directly back to us and the biometrics that we collect and does it in a way that protects the customer’s privacy,” Jorgensen says. “The state cryptographically signs every mobile driver’s license so reliant parties know the credential was issued by a trusted organization to that person and that device.”
Arizona’s MVD and other state motor vehicle agencies are priming the pump for online mDL use by becoming their own biggest customers. For example, Arizona residents can use their mDL as identity verification for online title transfers when they buy or sell a vehicle.
California’s DMV also intends to use its mDL to verify constituents’ online transactions, says Gupta. And the DMV is working on what Gupta describes as an open credential platform that will make it easier for other California state agencies to accept the mDL online.
Motor vehicle officials say mDLs will get an important boost when the International Organization for Standardization (ISO) releases standards for online use of the credentials. ISO published standards for in-person use of mDLs in 2021, spelling out criteria for reading encrypted mDL data and authenticating the origin and integrity of that information. The rules helped make mDLs interoperable among states and acceptable to governments in other countries. ISO is expected to release standards for online mDL use later this year.
“It’s really important to finalize those online standards,” says Christine Nizer, administrator of the Maryland Motor Vehicle Administration. Maryland will be among the first to make its mDL public decryption key available through AAMVA’s Digital Trust Service.
“As a government entity, there are things we can help customers do securely online,” Nizer says. “This is the next step forward from a security perspective.”
MORE WORK REMAINS
Although the nation hasn’t closed the identity gap yet, it’s getting narrower. mDLs are gaining momentum as more states launch initiatives. That activity will accelerate when new ISO standards are solidified.
The Better Identity Coalition sees other opportunities for government agencies to provide authoritative digital identity credentials, too. The group urges the State Department to create a digital passport that, like an mDL, could be stored in a digital wallet for online use. In addition, it says the Social Security Administration’s existing system for electronically verifying Social Security information should be opened for broader use beyond the financial industry.
An overall vision for coordinating these and other actions still needs to be worked out, but in a collaborative way. State officials say they welcome federal help on identity issues — but not federal control.
“Identity forever has been a state responsibility, and there are good reasons for that. We’re set up to serve our customers and be responsive to them,” says Arizona’s Jorgensen. “I agree there’s a need for organization, and I think we’re doing that at a good level. Part of [the Better Identity Coalition’s] arguments have been that it would be nice to have federal funding for this because it is difficult to do some of these integrations.”
All levels of government must be engaged around creating an identity roadmap for the future. And they’ll need guidance from NIST, the Department of Homeland Security and other experts, adds Grant.
“Whether it’s a local vital records bureau for a digital birth certificate, a state DMV for a digital driver’s license or the State Department for a digital passport, they need standards and best practices to follow,” he says.
Ultimately, authoritative digital credentials issued by trusted agencies will be important building blocks for stronger online identity, and governments must lead on this issue.
“For a long time, we’ve accepted the fact that we are the de facto identity experts in state government,” says Jorgensen. “Now we see that as probably the most important thing that we do — preserving identity as a public good.”
Driver's Licenses: Why the Future Is Digital
“I don’t want to overstate it, but this is moving us toward an end to identity theft in the forms that we know today. You won’t be able to use stolen information to pretend to be another person. Criminalswill find new ways to defraud. But in the meantime, this reduces the economic costs of identity theft.” — Eric Jorgensen, Director, Arizona Motor Vehicle Division
2. Better privacy protection
“You use your physical driver's license or ID card for all kinds of identification purposes today. People make copies of it and get all kinds of data they don't need. How many times have you had your license scanned just to see a doctor? With the mobile driver's license, you only share data that’s needed for a transaction.” — Christine Nizer, Administrator, Maryland Motor Vehicle Administration
3. Lower identity verification costs
“Today, we do manual identity verification, or we pay third-party providers to help verify each transaction. If we have a decentralized digital identity like a mobile driver’s license as a trusted source of information, it's near zero cost for identity verification.” — Ajay Gupta, Chief Digital Transformation Officer, California Department of Motor Vehicles
