I was originally planning to create a single blog for mDL, but after doing some research, I have come to realize that there is an abundance of valuable material to share with the audience. Because of this, I've decided to split the blog into 6 parts:
Part 1 - Basics, key stakeholders including their benefits and concerns
Part 2 - Provisioning and verification of mDLs
Part 3 - Standards and their components
Part 4 - Operational modes (attended vs unattended) and transaction types (online vs offline)
Part 5 - Current vs future state, state vs non-state wallets, SWOT analysis
Part 6 - Global mDL initiatives (Europe, Australia, Japan and others)
Section 1: Understanding mDLs and its comparison with physical DLs
Imagine never having to fumble around for your driver's license again - because it's right on your phone! The mobile driver's license (mDL) puts you in the driver's seat, giving you complete control over your personal information. This digital version of your license offers enhanced security and allows you to easily manage who can access your details. It's not just a picture of your license on your phone - it's a whole new level of convenience and security.
AAMVA defines mDL as “a driver's license that is provisioned to a mobile device with the capability to be updated in real time. It is comprised of the same data elements that are used to produce a physical driver's license, however, the data is transmitted electronically to a relying party's reader device and authenticated.”
Feature | mDL | Physical Driver License |
Personal Identifiable Information (Name, address, physical characteristics etc.) | Yes | Yes |
Driving privileges | Yes | Yes |
Driver license data (number, issue and expiry dates) | Yes | Yes |
Identity claims (Over X years) | Yes | No |
Security | High mDL data on a device is cryptographically signed by trusted issuing authorities (DMVs), making it extremely secure, just like e-identity documents (ePassports, eID cards) | Low
|
Privacy |
| When you hand over your physical card, verifiers gain access to more personal information than necessary |
Tracking by DMV or governments | No | No |
Data refresh | Get ready for this: The mDL app can update the data automatically or manually based on the app configuration. | The physical card either contains outdated information and needs to be updated in person at the DMV or online. |
Use-cases | Primary use-cases for in-person verification include airport security and purchasing age-restricted items. As mDL standards continue to develop, they will also support in-person and eCommerce scenarios, similar to physical DLs. | Purchasing age-restricted items, opening bank accounts, renting or sharing cars, accessing secure locations, and more |
Section 2: mDL stakeholders, their benefits and concerns
Creating a reliable, user-friendly, and interconnected system requires the cooperation and collaboration of various public and private entities. To keep it simple, let's focus on three key stakeholders, forming the so-called "trusted triangle":
Holder: a person who uses a digital driver's license (mDL), for example, you and me - users of an mDL.
Issuer (also known as Issuing Authority): an entity responsible for securing the provisioning, storage, and authentication of mDL, for example, DMVs.
Verifier (also known as relying parties): an entity that needs to verify the identity of a Holder before providing their service, for example, businesses (TSA - the biggest verifier, bars, alcohol vendors, etc.).
Holder
Benefits
Convenience - Imagine never having to worry about carrying around a physical driver's license again! With the advanced mDL ecosystem, you can enjoy contactless transactions and manage your driver's license remotely from the comfort of your home. Even if your phone gets stolen, your data is safe and secure with encryption and additional authentication methods. Say goodbye to long lines at the DMV – the future of driver's licenses is here!
Privacy - you have the power to control your own privacy! With mDLs, you get to choose which data to share with each Verifier, and you can even decline verification requests if a Verifier asks for more data than necessary for a specific use-case. Your data, your rules!
Security - Any data exchange between Holder and Issuer or between Holder and Verifier will be end-to-end encrypted and verified using secure cryptographic keys (PKI).
Concerns
Limited Acceptance - Until the mDL ecosystem is mature, the network of Verifiers accepting mDLs is limited. Holders would need to carry their physical driver's license as mDL is optional.
Data Retention - it is one of the key features of the mDL standard ISO 18013-5. Verifiers have the option to declare their intention to retain the data when they send a request to connect with the mDL application. However, it is currently unclear how long Verifiers can keep the data or whether they can share the data with third-party vendors. This is an area that should hopefully be addressed in future standard work, which is actively underway.
Security and Privacy concerns - based on a poll about mDLs that I conducted on LinkedIn, 59% of participants said they are excited to use mDLs. However, 14% of respondents, from both technical and non-technical backgrounds, expressed concerns about the security of their mDL. Additionally, 14% of participants also worried about the privacy of their mDL data. Due to these apprehensions, the remaining participants indicated that they would continue to use physical driver's licenses instead of mDLs. In the next part of this blog, I will address these concerns. Participants were asked to choose only one option.
Issuer
Benefits
Prevent fraud - The use of mDLs can play a crucial role in preventing billions of dollars in fraud. mDL data is securely provisioned, stored on the user's device, and can be shared with verifiers. This makes it significantly more difficult to create counterfeit driver's licenses, ultimately enhancing security and reducing fraudulent activities.
Cost and operational benefits of remote management for mDLs - Issuers will have the ability to update mDLs remotely, which will reduce costs and improve efficiency, especially at DMVs across the country. This eliminates the need to print hundreds of millions of physical DLs with different formats and designs. While some people may still choose to use physical DLs, the number of users relative to the current usage would be smaller. By updating mDLs remotely, Issuers can also minimize the use of invalid and expired DLs by revoking their validity.
Environmental benefits - An estimate suggests that if 50 million people use mobile driver's licenses (mDLs), it could save approximately 250 metric tons of plastic (50,000,000 cards × 5 grams). In addition to reducing plastic usage, mDLs can also reduce the environmental impact of producing, transporting, and eventually disposing of physical cards. Traditional cards require energy for manufacturing and emit greenhouse gases during production and shipping.
Concerns
Establishing trusted infrastructure for providing public keys to Verifiers - Issuers must ensure that a secure infrastructure is in place to securely and accurately issue trusted mDL public keys to Verifiers. This will help Verifiers to trust the authenticity and integrity of the mDL data. Issuers have established a Digital Trust Service (DTS) to address this issue, which will be covered in future blogs.
Expanding the mDL ecosystem - The success of mDLs depends on the scale of the ecosystem involving Verifiers, Holders, and other Issuers. Issuers need to partner with Verifiers to understand and address their concerns regarding accepting mDLs, so they could adopt mDLs. Issuers also need to raise awareness about mDLs to address the concerns of the Holders. The California DMV is leading the way in this effort by partnering with Verifiers, Holders, and developers through activities such as conducting hackathons, webinars, and podcasts.
Verifier
Benefits
Reducing identity fraud - Did you know that businesses in the US lose over $3.5 billion each year due to fraud involving fake identity documents? This impacts major sectors like banking, financial services, telecom, and healthcare. By ensuring the end-to-end security of mobile driver's license (mDL) data and using biometrics to unlock the mDL app before sharing data, there's potential to greatly reduce this issue and provide significant return on investment for verifiers.
Costs benefits - By implementing the principle of data minimization, verifiers can reduce costs and become more efficient. They'll only request the necessary data to run a service, thus saving money and ensuring the protection of irrelevant data. This also helps in meeting the increasing legal and compliance requirements. Furthermore, verifiers will be able to instantly check if a driver's license has been revoked before providing age-restricted products or services, a capability that's currently not available with physical licenses.
Security benefits - If the digital signature on the mDL data does not authenticate, Verifiers can simply reject the service as it could be a fraudulent transaction
Concerns
High deployment costs - based on data from NACS, for over 152,000 retail locations, would be significant. Assuming an average cost of $250 for each mDL Reader with two checkout registers per store and an installation fee of $500 per reader, the initial hardware upgrade costs alone would exceed $228 million USD. This doesn't even include the expense of point of sale software development and integration, making it a major obstacle for Verifiers, particularly for small- and medium-sized businesses.
Limited coverage of identity documents - the mDL standard only covers driver's licenses, but Verifiers need to verify other types of identity documents like passports and military IDs. The cost of upgrading their systems to verify only driver's licenses doesn't seem justified.
Supporting customers with no smartphone access - As of 2023, approximately 15% of the U.S. population (roughly 50 million people) do not have access to a smartphone. This could be due to reasons such as affordability, age, and living in rural areas. Verifiers would need to support the existing infrastructure to cater to the needs of this segment of their customers.
Limited interoperability - until mDL initiative is launched nationally and internationally, Verifiers would need to support the existing infrastructure to verify global identity documents
Disclaimers
I truly appreciate your understanding that the content is based on my secondary research.
Although the blog contains detailed information on several concepts, I have deliberately presented the content at a high level to ensure that it is easily comprehensible to everyone without compromising its accuracy.
Your feedback is invaluable, so please do not hesitate to share your comments if you come across any inconsistencies in the content.
Additionally, the images featured in the blog are original and are the exclusive property of my company, Demystify Biometrics.
To ensure the information's accuracy and tone, AI-based tools have been utilized for research and content refinement. Your support and understanding mean a lot—thank you for being part of this journey.
Comments