The Case for eIDs Over Mobile Driver’s Licenses
As of October 2023, the landscape of mobile driver’s licenses (mDLs) in the United States has seen substantial growth with several states adopting this digital form of identity. States like Arizona, Colorado, Georgia, Oklahoma, and Maryland have successfully integrated mDLs into commercial wallets provided by Apple and Idemia (1). Why is this a big deal? Because the driver’s license is the most common identity-proofing tool we have in the US — in real life or otherwise. Try getting into an elevator in an office building these days let alone on a plane and you’ll confront the necessity of owning a state-issued driver’s license. In other words, DL’s are not just for driving!
This evolution by state governments towards digitized mDLs underscores a broader trend of embracing digital solutions by governments for identity verification, while also highlighting the critical need for discussions around privacy, security, and the decentralization of personal data. The pivot to mDLs is likely just the precursor to the rollout of broader applications for digital identity; the electronic ID (eID).
In the digital age, the pursuit of more secure, private, and versatile forms of identification is paramount. While the mobile driver’s license is a step forward in the on-going digital transformation of government services, their utility falls short in comparison to the broader potential offered by eIDs, especially when mDLs are confined to the proprietary ecosystems. I’m proposing why state governments should prioritize the development and adoption of eIDs over mDLs for the benefit of citizens and the future of digital identity — one that’s built on privacy preserving open standards.
Limited Utility of mDLs
At their core, mDLs represent a digital translation of a physical driver’s license onto mobile platforms. While this digital version offers certain conveniences, the scope remains narrowly focused on delivering driving-related identification, and depending on the technical design and wallet architecture, selective disclosure of age (see LA Wallet is a great example: https://lawallet.com). The utility of mDLs is inherently limited by their singular purpose, offering little in the way of addressing the broader identity verification needs in a world where commerce, education, and access to government services are largely all digital. All of which must be done in a privacy preserving manner so that identity authentications are not tracked like breadcrumbs. Moreover, when mDLs are stored in commercial wallets provided by one of the technology giants, they introduce dependency on proprietary, highly centralized platforms. This not only restricts user choice, but also raises concerns regarding privacy, data security, and the potential for misuse of personal information.
In contrast, eIDs can represent a more holistic approach to digital identity and be developed to leverage either centralized, decentralized, or hybrid systems. An eID framework can serve multiple identification and authentication purposes beyond driving, including secure access to government services, holding of multiple credentials (e.g., business license, driver’s license, benefits qualification) related to that identity, and electronic signatures. The versatility of eIDs makes them a more strategic choice for state governments aiming to streamline services, enhance citizen privacy, and bolster security in the digital domain.
eID — the “e” stands for Europe
The European Union is making significant strides in eID deployment through the eIDAS — Electronic Identification, Authentication, and Trust Service regulation. eIDAS 2.0 establishes a framework of standards and specifications for the creation and use of eIDs. The initiative aims to provide EU citizens, residents, and businesses with a unified and secure digital identity and wallet that can be used across the EU for a wide range of digital services, both online and offline. Central to this initiative is the emphasis on privacy, security, and user control, allowing individuals to manage what data they share and with whom. (2) This is achieved by the EU regulation and the government supporting open standards for a decentralized framework for identity and trust services. The private sector is incentivized to create an entire marketplace of services and products based on these standards — which were co-created with industry and not entirely by bureaucrats. The lack of centralization of data and eID issuance is one of the key features of eIDAS as to enable cross-border authentication and cross-platform trust services, no matter that an eID originated in another country.
What’s important, and the primary takeaway for the US, is the promotion of open standards, decentralization, and interoperability. By ensuring that digital identity solutions are built on open specifications and protocols, the EU is encouraging the private sector ecosystem to develop new services and applications that leverage these secure, interoperable digital identities. The ultimate goal is to overcome the current limitations of digital identification systems, which may not be universally available and often do not support cross-border and cross-system transactions smoothly.
In parallel with the eIDAS are the World Wide Web Consortium’s (W3C) specifications for verifiable credentials — like a license to drive. Verifiable credentials are digital claims that can be used to represent aspects of an individual’s identity or qualifications across platforms through cryptographic methods, without revealing unnecessary personal information. The W3C guidance enhances the eID ecosystem by offering open specifications on how to issue, validate and hold credentials, to be stored in the same digital wallet as the eID. In fact European Digital Identity (EUDI) Wallet framework incorporates open protocols to support eIDs and verifiable credentials in the same wallet including the OpenID Connect for Verifiable Credentials and their issuance (OID4VCI) and presentation (OID4VP). (3)
Summary
While mDLs offer a step towards digitization, their limited scope and the risk of centralization highlight the need for a more comprehensive, open specification, approach to digital identity. State governments have the opportunity to learn from and adopt the best components of decentralized frameworks like the eIDAS and open specifications from W3C and OpenID Foundation. Moreover, eIDs present a strategic alternative that addresses the multifaceted challenges of digital identity in our modern era and how best the public and private sectors can jointly co-create solutions.
By pursuing eIDs, state governments can lay the foundation for a secure, open, and flexible digital identity ecosystem that fosters innovation by the private sector and emphasizes privacy and security. Moreover, prioritizing eIDs over mDLs is not merely a choice; it’s a strategic imperative for the future of digital identity.
References:
(1) https://upgradedpoints.com/travel/digital-drivers-licenses/; and https://idscan.net/mobile-drivers-licenses-mdl-state-adoption/
(2) https://www.european-digital-identity-regulation.com/ and https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG
(3) https://www.linkedin.com/pulse/eudi-wallets-openid-verifiable-credentials-igrantio-pkqgf; and https://openid.net/specs/openid-connect-4-verifiable-credential-issuance-1_0-05.html[2]
