The International Organization for Standardization (ISO) has approved and published ISO/IEC 18013-5 for mobile driver’s license (mDL) and mobile IDs (mID).
ISO/IEC 18013-5
This global mDL standard was the result of over six years of effort for digital identity documents. It offers a secure way to display an ID on a mobile phone screen, something that Apple made possible with iOS 15. ISO says that sharing an mDL is more private than a physical ID through this standard. Benefits include:
- Share Only Relevant Data. Support for data minimization (e.g., to share only the fact that one is older than 21 rather than one’s full date of birth) built into the standard.
- Consent to Share. Controls that allow the mDL holder to release only some of the data elements requested by a relying party and only after explicit consent.
- Phone Stays in Your Control. The phone never leaves your hand, unlike ID cards.
- Know when Your Data is Stored. Explicit notification to an mDL holder if a Verifier intends to retain their information. Verifiers can avoid the liability of retaining data.
- Resistant to Tracking. There is no unique identifier to see where you’ve used your mDL.
- Difficult to forge. Stored and shared documents are cryptographically protected against counterfeit, adding resistance to the creation of fake IDs. Verifiers can easily check authenticity.
- Works when devices do not have connection. When either the mDL device or the Verifier device does NOT have a network connection, data can be shared between devices (offline).
- Provides privacy best practices for Issuing Authorities and Verifiers in the accompanying Privacy Annex with requirements for maximizing mDL Holder privacy.
A criticism of Apple’s Digital ID initiative was the idea that you would have to hand over your iPhone, for example to a police officer. But the officer wouldn’t need your iPhone, instead they would use a special mDL verification device using a wireless connection such as NFC or Bluetooth. “mDL gives the holder control of their ID data on their mobile device, while allowing acceptance via a tap or scan.”
A secure device-to-device protocol for sharing identity information that supports multiple transmission technologies, so that mDL Holders can tap or allow a scan to share their information and Verifiers can accept mDLs quickly according to their customer flows.
TSA Administrator David Pekoske: “TSA considers ISO standards for personal identification documents to be a cornerstone for greater security and privacy. The new standard for mobile driver’s licenses represents a significant step forward and will eventually help ensure a more touchless and efficient airport screening experience for all travelers.”
I am glad they have done this.
I don’t know a lot about the true issues, but it seems like a solid beginning.