January 22, 2019
Our days of reaching into a wallet to show identification to board a plane, open a bank account or vote might soon be numbered. Instead, reach for your smartphone – because, in the not-too-distant future, your personal identification, such as a driver’s license or passport, will be available with the tap of a touchscreen.
With the number of smartphone users at an all-time high – projected to hit usage rates in 2019 of more than 2.5 billion people globally – more and more aspects of daily life have moved to mobile devices, enabling greater convenience. The digitization of personal identification represents the latest step in this growing trend.
“Everything we can do on our smartphone – things that most people in society wouldn’t have dreamed of doing on their phone even five or 10 years ago – we’re doing today,” said Dave Holmes, UL’s strategic lead for its digital driver’s license initiatives. “The development of mobile driver’s licenses fits in with the growing trend of commerce and transactions moving to the mobile device.”
Unlike payment credentials stored on a secure card chip, plastic identification cards have historically lacked security features. Oftentimes, private information is printed in clear view on the card. However, advances in secure storage capabilities on mobile devices pave the way for mobile driver’s licenses (mDL).
“When we look at taking personal information found on an ID card and transforming it for mobile, we’re able to layer security on top of it,” said Holmes. “Beyond just following the trend and the promise of another convenience, the mDL provides the ability to preserve individual privacy in a way that can’t be done today with a plastic card.”
While the first application of mDLs might involve simply showing a credential on the face of a smartphone, the use of reading devices promises to open up many new conveniences. Different environments, such as banks, restaurants, airports, etc., will soon have dedicated reading devices set to only scan smartphone information pertinent to their environment and nothing else.
For example, imagine ordering dinner at a restaurant and the server uses a reading device to scan your phone to confirm a legal drinking age. Or linking your ID to the airline app on your phone and airport security uses the device to automatically verify your identification.
“There are so many different directions this could head in when you start to consider all the places where you show an ID today,” Holmes commented. “Because of how all-encompassing a mobile ID can be, we’re really just at the very beginning of a wave of possibilities.”
Countries around the world, including the U.K., Netherlands, Japan and Canada, are investing heavily in the development and adoption of mDLs. One of the leading-edge implementations and rollouts of this technology has been in the U.S. The size of the country and state-based ID system has created a “Wild West” environment for mDLs, according to Holmes.
“The interest level and hunger for mDLs varies by state – while some have forged ahead as trailblazers, many have yet to think about it for their jurisdiction,” Holmes added. “The majority are in the wait-and-see camp, anxious to observe neighboring rollouts first. That makes the success of these initial implementations even more important.”
While mDL systems provide efficiency and financial benefits, security and privacy remain paramount challenges. UL applies its expertise in identity management to help early adopters – such as the Iowa Department of Transportation – safeguard consumer privacy and sensitive information as they roll out mDLs.
Keeping mDLs safe, and operable
To help realize the promise of mDLs, Holmes notes a few critical areas that governments and organizations should address to proactively navigate the associated technological advances, regulatory concerns and compliance requirements, including:
- Functional testing to gauge whether the mDL technology works properly and as intended, even in an offline environment;
- Interoperability testing to help determine if the mDL technology works from one environment to the next, such as from one state or one retailer to another, which is essential for mDL apps to gain momentum;
- Security testing to identify any potential vulnerabilities in the system, both in the apps and in the backend infrastructure; and
- Public education to increase awareness of the personal privacy benefits of moving to a digital identification system and assuage concerns that can accompany the digitization of individual personal information
Even with mDLs rolling out soon, we are still years away from leaving our plastic cards at home altogether, according to Holmes. The work currently underway to plan, design, test, integrate and support the first implementations, however, will lay the groundwork for how we share our personal identification information in the future.
“We’re focused on how to help make the world a safer place, and our work with mDLs is no different,” Holmes said. “We’re helping to ensure that implementations are done in a way that keeps a person’s identity and privacy out of harm’s way.”