Rep. Craig Hall is sponsoring HB227 asking the Driver License Division and Department of Technology Services to advise the legislature on the feasibility of allowing electronic driver licenses. I’ll admit, there’s a lot of things in your wallet now that you can store on a phone including credit cards and membership cards. Moving to a driver license, though, gives me some pause.
Similar to the discussion we had with electronic voting last year, any digital ID must obtain parity with existing physical ID. This means it must be universally accepted and relatively difficult to forge. This requires a combination of technical and legal controls to ensure that the system works and will not be abused.
Authenticating an ID would be fairly easy. Digital signature technology really hasn’t changed much in at least two decades and has proven to be very reliable. In such a system, each user or entity has a public/private keypair. The public key is available to anyone and the private key is kept secret. The math is complex, but the basic gist is that someone can sign a document using the secret private key and anyone with the public key can validate that it is authentic. Anyone can build an application to do this verification. This kind of thing is so rudimentary that it could be coded up in an afternoon.
Interoperability is a much bigger issue, though. Yes, Utah can create a simple and workable system for digital driver licenses and have it work successfully in our state. What happens when you need to fly or present your ID elsewhere? This is the kind of thing that requires cooperation on a national level, both with the federal government and other states. That kind of standardization is critical to drive adoption. This says nothing of the myriad private parties who would need to have a way to check IDs with a single system. Can you imagine the chaos of installing 50 unique applications for each state’s IDs?
The biggest challenge, though, is with how the license is presented to a third party. Do you just hand over your phone? That creates a security issue where someone unscrupulous could start looking through your stuff. Would presenting your unlocked device to a law enforcement officer create consent to a search of the device? In many jurisdictions, it’s been ruled as much. There has to be a way to be able to present the ID to an approved third party (QR code? Bluetooth transfer? NFC? Something else?) that doesn’t allow someone to have unapproved access to the device.
I think it’s worth exploring how to make such a system happen. A robust and reliable system of state-issued digital ID would go a long way toward laying a required foundation for greater adoption of digital services including online voting. Let’s just make sure we do it right from the start.