Texans are approaching the day they will have the option to carry a virtual version of their driver’s license on their smartphone as a result of a state law by Rep. Terry Canales, D-Edinburg, that is now in the development stage by the Texas Department of Public Safety.
“Under my legislation, which was contained in Senate Bill 1934 and became law on September 1, 2015, the Texas Department of Public Safety was required to conduct a study concerning the use of a digital mage for identification and proof of licensure purposes,” Canales reported. “As a result, five major proposals on how to achieve this goal have been submitted for the first time to the DPS.”
Canales’ idea would result in Texas developing a system where such digital driver licenses could become a reality in Texas within the next few years.
“Other major states are looking at this option, and my proposal, which came as an amendment to SB 1934, gives the DPS until the fall of 2016 to come up with the pros and cons, anticipate and fix any shortcomings, and protect the privacy of individuals who prefer to have a digital version of their driver license, rather than the plastic type,” said Canales.
An amendment is a proposed change – either by adding new language and/or deleting existing language – to a bill or resolution as it moves through the legislative process.
Canales was successful in adding the entire text of his House Bill 640 to the language of Senate Bill 1934, by Sen. Donna Campbell, R-New Braunfels, which deals with changing requirements for driver’s licenses, personal ID information.
Iowa and Delaware are the first two states to study such a system, while since the spring of 2015, other states were also looking at similar measures, including Arizona, California, Illinois, Louisiana, Kentucky, New Jersey, North Dakota, and Tennessee.
Under Canales’ amendment to SB 1934:
• The DPS would be required to conduct a study determining the feasibility of establishing a system to allow a person to use a digital image displayed on an electronic device for identification purposes or to prove that the person has a driver’s license;
• The DPS would evaluate risks to personal information security that such a system might create;
• The DPS would survey and evaluate digital identification and proof of licensure policies in other states; and
• The DPS would be required, not later than September 1, 2016, to submit a detailed report of its findings and recommendations to the Legislature.
VIRTUAL DRIVER LICENSE ACTION IN OTHER STATES
Other states besides Texas are considering similar mobile/digital ID systems , according to Canales.
Some direct the appropriate state agency to develop a plan; others direct the agency to study the feasibility of such a system.
This list is up-to-date as of May 18, 2016:
Arizona — The Legislature considered Senate Bill 1237 that directs the Arizona Department of Transportation to develop, pilot or implement virtual or electronic credentials, records, procedures, processes and systems as the director deems necessary to carry out the functions and duties of the department. SB 1237 was passed by the Legislature on May 6, 2016 and signed into law by the governor on May 11, 2016.
California — The Legislature was considering a bill that authorizes the Department of Motor Vehicles to develop a mobile application to access a digital ID. This bill specifies that a PIN (personal information number) is required to obtain access to their digital DL or state-issued ID. The California Legislature approved this measure, but Gov. Jerry Brown, a Democrat, in October 2015, vetoed the measure, concerned that “it poses numerous technical difficulties. Give the new responsibilities that the Department of Motor Vehicles is already dealing with, I don’t believe this bill is advisable.”
Delaware — The Legislature in 2015 passed a resolution that directs the Division of Motor Vehicles to study the issuance of optional driver’s licenses to Delaware motorists. Delaware and Iowa appear to be in competition to create the first digital ID program. However, the Delaware bill specifically mentions the Iowa plan to experiment with digital ID and it also states that “Iowa and Delaware use the same driver’s license vendor.”
Kentucky — The Legislature was considering a resolution that directs the Transportation Cabinet to study the feasibility of a system to allow operators to “display their license on a portable device.” The measure did not receive a legislative hearing.
Lousiana – As of May 17, 2016, the Louisiana Legislature was considering legislation to use a digitized license in lieu of a physical license when stopped by law enforcement. The proposed law provides that the electronic credential shall not be a substitute for a physical license when a law enforcement officer requires a person to produce a physical driver’s license. But the display of the digitized license would not serve as consent to search the mobile device.
Illinois — The Legislature approved a resolution that created an Electronic Driver’s License Task Force to study the feasibility of a digital/mobile DL and report its findings by May 1, 2016. The Task Force recommended that the Secretary of State continue to monitor advancements in technology pertaining to the creation and implementation of electronic drivers’ licenses, the anticipated costs of implementing and electronic driver’s license program, and the availability of appropriations by the General Assembly. Furthermore, the Task Force recommends that the Secretary of State continue to monitor the progress of Iowa’s mobile driver’s license pilot program, the Governor’s State of Illinois Enterprise Licensing and Permitting working group, and the American Association of Motor Vehicle Administrators as they develop functional requirements, which will set standards that should be incorporated into an electronic driver’s license.
Iowa – According to the Boston Globe, a digital driver license is currently being piloted in Iowa, where a test group is using a downloadable iOS mobile app that requires identity verification before the mDL is rendered on the phone. Use of the mDL is entirely optional, and the pilot will allow MorphoTrust to test the product for a wide range of uses, from verifying a driver’s age if the person is buying alcohol, to reducing trips to the motor vehicle agency to update a driver’s address or to become an organ donor.
New Jersey — The Legislature was considering a bill that directs the Motor Vehicle Commission and the Office of Information Technology to submit to the Governor and the Legislature a report concerning the feasibility of electronic driver’s licenses. According to PhillyVoice.com, New Jersey would become the second state in the U.S. to experiment with electronic licenses (MDL) after Iowa began testing a mobile driver’s license (MDL) developed by biometrics firm MorphoTrust, which already operates in the Garden State. In Iowa, 100 members of the state’s Department of Transportation opted into the 90-day pilot through an iOS application requiring strict identity verification to load the MDL (http://www.phillyvoice.com/new-jersey-considering-move-electronic-drivers-license/)
North Dakota — In 2015, the Legislature was considering a resolution to direct the Legislative Management to study issues related to authorizing and issuing digital driver’s licenses. However, the measure, although approved by the Legislature, has not been considered as of May 2016 by Legislative Management.
Tennessee — The governor on May 20, 2015, signed into law a bill that authorized the Department of Safety to develop a “secure and uniform” system to be known as the “electronic driver’s license system.” The legislation included language that encourages public/private sector partnership to allow the state agency to accept grants/donations to pay expenses incurred in development of the system), there is no “study” aspect associated. Rather, the agency is given the authority to create a system.
DIGITAL IDENTIFICATION AND PROOF OF LICENSURE VENDOR RESPONSE SUMMARY
In Texas, according to the DPS, the following proposals have been submitted for review and action as part of the requirements of the new state law that contains Canales’ measure:
Summary on Digital Identification and Proof of Licensure Responses Overview
The Driver License Division (DLD) of the Department of Public Safety established a cross functional working group to conduct the Digital Identification study and prepare the legislative report.
The working group conducted a Request for Information (RFI) allowing vendors to present their vision of existing and potential digital driver license solutions.
A total of five (5) vendors responded to the RFI with four (4) vendors demonstrating potential solutions.
The following lists the vendors and provides a summary of the 5 responses received as part of the RFI.
Technology: Virtual Mobile Infrastructure
Solution overview: Hypori offers a “virtual mobile infrastructure” consisting of a centrally located Hypori Server that would be used to host DPS applications and associated data, and “thin” client software installed on mobile devices to connect to the Hypori server. This creates a “virtual mobile infrastructure” that is analogous to a virtual desktop infrastructure that has been optimized for smartphone and tablets. Hypori’s proposal is to install the virtual mobile infrastructure platform and create citizen and law enforcement mobile applications that would be a “branded” Hypori thin client to retrieve driver license data on the central DPS Hypori server per DPS specifications. The solution provides a minimum 2-factor authentication and utilizes VPN software to connect to the Hypori servers over encrypted network interfaces.
Assessment: Hypori’s “virtual mobile platform” has broader potential than just a digital driver license as it could host all DPS applications requiring remote access and make user provisioning easier to manage. The “thin” client on the mobile device is not an application but provides a “window” to the application on the central server no DL data would ever reside on the mobile device. While the mobile infrastructure is in production, this solution would require development of the citizen and officer applications that run on the VMI platform.
GLOBAL ENTERPRISE TECHNOLOGIES CORPORATION (THE GET GROUP)
Technology: Combined physical DL with microprocessor chip and digital DL
Solution overview: DPS would issue digital DL cards that contain both a contact and contact-less chip that contains the digital certificates and corresponding private keys which are protected through a PIN code known exclusively to the user. The contact-less chip could allow an officer’s mobile application running on a laptop, NFC reader, or smartphone to exchange data on the card through the encrypted near field communication chip (NFC) with a reading range of up to 5 inches. The authenticity of the card/data would be validated against “back-end” cloud services with data sources from DPS. Mobile OS vendors now support Host Card Emulation (HCE) which provides secure NFC communications allowing the digital DL card following the same data structure and behavior.
Assessment: This approach provides a trust model that binds the driver’s identity to the digital DL card leveraging existing standards issued by the International Civil Aviation Organization (ICAO). ICAO is operating a global interoperable system for authenticating electronic passport documents for international travel. This trust model and secure digital DL card could support additional use cases such as federated authentication, web-based signatures, and web-based decryption.
MORPHO TRUST TECHNOLOGY (mDL): mDL technology and associated platform of workflows and interfaces.
Solution overview: mDL is a software-based solution that ties the individual’s identity to the smartphone. The mDL application retrieves the latest system of record data and renders the mDL on the device for display or transmission. Consumers download the application after completing a short registration process that requires identity verification to create a trusted identity credential. The application renders the DL when individuals need to prove their identity and the rendered image will include encrypted security information. Counterparties will use a mobile device with a separate Reader application to establish authenticity beyond visual inspection. MorphoTrust is currently evaluating verification and transmission of the identity via other available technologies, such as Bluetooth, near field communication (NFC), voice technology, and other technologies which could support a transmission to a law enforcement application.
Assessment: The mDL application has been piloted in Iowa allowing many technical issues to be addressed making it the current market leader. Because the solution is software based, it doesn’t require the use of subscriber identity module (SIM) cards or secure elements on mobile devices which eliminate these hardware parties from the issuance stream. The mDL application can be expanded to add additional identity attributes, other state credentials, or offer in –app purchases such as duplicate DLs and driving records.
MAPR TECHNOLOGY: Beacon Bluetooth Low Energy (BLE) technology and Hadoop framework.
Solution overview: A Digital DL Application is downloaded on a person’s mobile device that would have the ability to “listen” for beacons and respond accordingly when the phone comes into range. When a person wants to use the DDL, they activate the app which asks permission to send the officer a beacon. After validation at app level via a biometric marker, the beacon is sent to the officer in proximity requesting to use the DDL process. The officer hears the request for the DDL Beacon; it communicates the relevant data to the DDL server which triggers an action to validate identity across multiple databases owned by DPS. The response information would send confirmation to the officer of the individual’s identification and a token via SMS text & email is sent to the person with the officer’s name, location, and title. The person would then be able to validate id by the token, if needed. Upon the officer approaching the vehicle, both parties are aware of the identity of the other.
Assessment: Beacon technology allows mobile application to understand their position on a micro-local scale, and deliver contextual content to users based on location. Geofencing and GPS data could be capture to provide additional information and improve safety of officers and citizens. This data can be streamed to provide real-time analytics on “live” operational data and immediately deliver outputs through the use real-time analytics software and Hadoop’s distributed processing.
OBERTHUR TECHNOLOGIES TECHNOLOGY: mDL mobile applications for consumer and department.
Solution overview: Similar to other proposed solutions, a Digital DL application is downloaded on a person’s mobile device. The application is used to scan the 2D bar code that is validated against DPS data binding the DL to his/her device through the mobile device number (IMEI) if approved. Whenever the Mobile DL application is accessed, a onetime dynamic code is created and rendered on the DL. Law enforcement could use their own mobile application to validate the driver license by scanning the 2Dbar code, QR code, digital watermark, or manually entering the onetime dynamic code.
Assessment: Oberthur highlights the options to encrypt personal data on the mobile device or store personal data in a secure area of the device, such as an embedded element chip or removable micro SD, to ensure security of the DL data. The proposed solution is to encrypt the personal data and use multi-factor authentication to access. Ultimately, the data conveyed and stored on the mobile device depends on DPS requirements; however, a digital watermark based solution would require sending and storing a picture on the device.