Driver’s Licenses on a Smartphone: Roadside Implications for Law Enforcement
Paul Steier, Law Enforcement Program Manager, American Association of Motor Vehicle Administrators (AAMVA)
The ability of a law enforcement officer to identify the driver of a motor vehicle and the status of the individual’s driving privileges by virtue of a plastic driver’s license is a typical occurrence during a traffic stop. Physically touching and feeling and visually examining security features on a driver’s license to attempt to authenticate the credential are skills officers learn with training and experience. In addition, the plastic license can be conveniently placed in a shirt pocket to take it back to the patrol vehicle, providing the officer the ability to keep his or her hands free. This law enforcement experience has been the norm, but is a plastic, stagnant driver’s license the best method of proving identity and driving privileges?
Imagining a world where an officer stops a motorist whose driver’s license information is contained on a smartphone or similar electronic device is a concept that may sound far-fetched. However, much like what happened in the financial industry, technology is driving a movement for a potentially more secure and more efficient method of providing and authenticating a person’s identity and verifying his or her driving privileges. Some experts believe technology can lead the charge to a more secure driver’s license, and research is under way to test the concept of containing the driver’s license and identification information on a smartphone. This concept, known as a mobile driver’s license (mDL), will impact traffic stops and many of the other transactions for which driver’s licenses and identification cards are used.
Since the early 1900s, driver’s licenses have evolved from a paper-based credential to one composed of plastic or a similar substrate material. Through the years, licenses have been enhanced to contain photographs along with detailed overt and covert security features. Today, counterfeiting and altering these credentials is increasingly difficult—yet not impossible—due to the security features that have been bolstered by technological innovations. Many law enforcement officers can use machine-readable hardware in their patrol vehicles to scan the bar code on a driver’s license. This technology allows officers to populate records on their mobile data terminals and provides another source of verification of the information contained on the credential. However, even with sophisticated security features and enhanced substrate materials, driver’s licenses continue to remain vulnerable to attack by skilled counterfeiters who are highly motivated to capitalize on the financial value of recreating these credentials.
Understandably, law enforcement officers have questions about how driving privileges and identification information contained on smartphones would operate in real-world scenarios, particularly during roadside interactions, when officers must focus on their safety while verifying the credentials of those involved.
Identity Source Verification
Law enforcement officers understand the value of source verification when presented with a driver’s license and should not accept the driver’s license solely on its face value. At a roadside stop, the normal course of action for an officer is to check and verify the information contained on the identity document with the issuance source. The adage, “trust, but verify,” stands true for good reason.
A check of the state motor vehicle records by law enforcement generally does one of the following: confirms information on the license as valid, alerts the officer of more current information, or gives the officer reasonable suspicion to dig further when the identity is not on file or does not match the identification presented. From there, the officer can take appropriate action. However, there are other entities that need to examine a driver’s license or state-issued identification credential to establish proof of identity. Examples of those entities are as follows: Transportation Security Administration agents, financial institutions, firearm retail stores, auto rental facilities, alcoholic beverage and tobacco retailers, casinos, medical professionals such as pharmacists, and entrance guards at secure facilities such as nuclear sites, courthouses, and military bases.
The people checking identification for non-law enforcement purposes typically examine the driver’s license or identification credential with their hands and eyes, trusting the credential is valid and legitimate based on this very brief review and their experience with similar credentials. The burden to prove validity is a decision made by the individual based solely on his or her observation of what is presented and the cardholder’s behavior, which leaves a vulnerability that can compromise the integrity of the identification process. The current identification system provides the holder of a fraudulent identification credential enhanced potential to commit numerous crimes under an assumed identity, making apprehension more difficult and continued counterfeiting highly likely.
Anyone responsible for authenticating identity credentials and granting access or rights based on these credentials will benefit greatly from knowing, in almost real time, whether information contained on the identity credential is valid and reliable and, optimally, that the cardholder is in fact connected to the identity credential. This enhanced knowledge might be able to be facilitated by the use of biometrics.
Validity of Identity Information
Motor vehicle agencies work diligently to ensure that the information contained on a driver’s license or identity credential is correct and up to date at the time of issuance. A significant challenge arises when the identity or driver’s license information changes between the date of issuance and when a law enforcement officer is validating the credential during a traffic stop. During this interaction, the officer must be aware that the driver’s license presented is a stagnant credential that could contain inaccurate or outdated information. For example, the driving privileges of the holder may no longer be valid, endorsements or restrictions may have changed, personal identifying information may be inaccurate, or the license itself may have been cancelled due to an issue such as fraud. The holder of the driver’s license is required to notify the local motor vehicle agency when information changes, but people often fail to follow through on this required notification. This challenge illustrates how important it is for officers to verify the driver’s license information with the issuance source, and it reveals the vulnerability of a credential when it is not validated with the issuance source.
Privacy and Personal Identifying Information
A driver’s license card contains significant personal identifying information (PII) such as a photograph, address, name, date of birth, and driver’s license number. When a driver’s license card is lost or stolen, the holder is susceptible to becoming a victim of identity fraud or theft. In fact, just in the course of normal usage, there is nothing to prevent personal data from being viewed. Many times, there is no need for the holder of the driver’s license or identity credential to display all of the PII contained on the credential, but there is no convenient or secure means of concealing portions of this information if it is not needed. Showing all the PII contained on the credential when not required, as with the current practice, leaves the holder of the credential more susceptible to fraud and other criminal activity by someone who may use the information for illegal activity.
The Mobile Driver’s License (mDL) Takes Flight
An mDL allows anyone who needs to validate a driver’s license or identity credential to do so with the issuance source while also allowing the holder to protect some of the PII on the credential from being viewed and compromised. With technological advancements and heightened concerns of identity and privacy security, some state motor vehicle agencies began exploring the concept of an mDL. In December 2014, the Iowa Department of Transportation announced an mDL pilot to test the concept of a driver’s license on a smartphone.1 The pilot enrolled employees into the mDL program via a smartphone app and recorded their photographs. The portrait could then be checked through facial recognition technology for validation of the mDL holder’s identity. The result was a verified image of a driver’s license, including all relevant data displayed on the employee’s smartphone. Testing included the reading of the mDL bar code, authentication of an integrated mDL watermark verifying the age of the holder, real-time source validation, application, and updating information contained on the app, and app revocation.
In 2016, the state of Virginia tested an mDL in retail liquor establishments using a QR code displayed on the mDL to validate the age of the holder.2 This study demonstrated that the mDL correctly validated the presenter’s age at the time of sale, and it verified that this could be done securely without displaying non-relevant PII. Much work still needs to be done, but because of the success of mDL pilot testing, it is anticipated that within the next year, fully functioning mDLs will be issued by some motor vehicle agencies in the United States and other countries.
mDL Standards and Interoperability
For successful acceptance and interoperability of the mDL, standards are needed for motor vehicle agencies to follow in development and implementation. Standards provide authentication and validation by consistent, reliable methods and technologies, much like those that driver’s license cards adhere to today. The American Association of Motor Vehicle Administrators (AAMVA), which developed and maintain driver’s license card design standards for motor vehicle agencies across the United States and Canada, developed a Mobile Driver’s License Functional Needs WhitePaper.3 This document describes what an mDL needs to do, provides technology, privacy, and use requirements, and serves as a basis for further discussion and research. As advancements are made in technology and research is gleaned from mDL testing, this document will be updated to provide the most current information on mDL development.
Law Enforcement and mDLs
What does the mDL mean for law enforcement officers when conducting traffic stops, and how soon will this implementation take place? Will officers be required to physically handle smartphones? How will officers validate mDLs? What about wireless connectivity issues? These are just a few questions expressed by law enforcement officers. First and foremost, the plastic driver’s license credential is not going away any time soon. It is anticipated that when fully functioning mDLs are initially issued, they will be in addition to the plastic credential. Customers will be instructed to always carry the plastic credential with them when operating a motor vehicle. There is an anticipated transition time to allow for continued mDL testing, jurisdictional law and rule updates, development and enhancement of mDL verification tools, and technology enhancements. It is also anticipated that some customers will choose to not have an mDL and maintain only a plastic credential.
How law enforcement officers will interact with mDLs continues to be discussed and tested. AAMVA has partnered with the Netherlands Motor Vehicle Authority (RDW) to create a proof of concept mDL based on the AAMVA Mobile Driver’s License Functional Needs White Paper, which includes law enforcement mDL testing. Contactless wireless technology is being used to allow an officer to capture and validate driver’s license information from the vehicle operator’s mDL without having to physically contact the smartphone. For example, one use case shows an officer gathering driver’s license information from the vehicle operator without leaving the officer’s patrol vehicle. Other use cases illustrate the mDL when it is in a non-connected state or offline.4
Pilot testing involving law enforcement officers’ interaction with mDLs and other means of obtaining law enforcement input is important for a system that will be robust, secure, and acceptable. Using a smartphone to display a driver’s license or identity credential is no longer simply a speculative concept, but is quickly becoming reality. User acceptance will influence the pace at which the technology moves forward, however, in the meantime, there is much work to be done in perfecting methods for law enforcement roadside interactions with drivers using mDLs.
Paul Steier is the Law Enforcement Program Manager for the American Association of Motor Vehicle Administrators (AAMVA). Prior to joining AAMVA in January 2017, Paul served 25 years as a commissioned officer with the Iowa Department of Transportation, including as a major in the Motor Vehicle Enforcement Office and director of Iowa DOT’s Bureau of Investigation & Identity Protection.
Input for this article was also provided by Geoff Slagle, AAMVA Director of Identity Management, and Brian Ursino, AAMVA Director of Law Enforcement.