A digital form of identification should have the same privacy and security protections as physical ones. More so, because the standards governing them are so new and untested. This is at the heart of comments EFF and others submitted recently. Why now? Well, in 2021 the DHS submitted a call for comments for mobile driver’s licenses (mDLs). Since then the Transportation Security Administration (TSA) has taken up a process of making mDLs an acceptable identification at airports, and more states have adopted mDLs with either a state sponsored app or Apple and Google Wallet.

With the TSA’s proposed mDL rules, we ask: what’s the hurry? The agency’s rush to mDLs is ill-advised. For example, many mDL privacy guards are not yet well thought out, the standards referenced are not generally accessible to the public, and the scope for mDLs will reach beyond the context of an airport security line.

And so, EFF submitted comments with the American Civil Liberties Union (ACLU), Center for Democracy & Technology (CDT), and Electronic Privacy Information Center (EPIC) to the TSA. We object to the agency’s proposed rules for waiving current REAL ID regulations for mobile driver’s licenses. Such premature federal action can undermine privacy, information security, democratic control, and transparency in the rollout of mDLs and other digital identification.

Even though standards bodies like the International Organization for Standardization (ISO) have frameworks for mDLs, they do not address various issues, such as an mDL potentially “phoning home” every time it is scanned. The privacy guards are still lacking, and left up to each state to implement them in their own way. With the TSA’s proposed waiver process, mDL development will likely be even more fractured, with some implementations better than others. This happened with digital vaccine credentials.

Another concern is that the standards referenced in the TSA’s proposed rules are under private, closed-off groups like the American Association of Motor Vehicle Administrators (AAMVA), and the ISO process that generated its specification 18013–5:2021. These standards have not been informed by enough transparency and public scrutiny. Moreover, there are other more openly-discussed standards that could open up interoperability. The lack of guidance around provisioning, storage, and privacy-preserving approaches is also a major cause for concern. Privacy should not be an afterthought, and we should not follow the “fail fast” model with such sensitive information.

Considering the mission and methods of the TSA, that agency should not be at the helm of creating nationwide mDL rules. That could lead to a national digital identity system, which EFF has long opposed, in an overreach of the agency’s position far outside the airport.

Well meaning intentions to allow states to “innovate” aside, mDLs done slower and right is a bigger win over fast and potentially harmful. Privacy safeguards need innovation, too, and the privacy risk is immense when it comes to digital documentation.

Related Issues

Real ID
Privacy

Related Updates

Privacy issue banner, a colorful graphical representation of a padlock
Deeplinks Blog by Maira Sutton | April 12, 2012

UAE Signs Deal to Integrate National IDs Into Mobile Phones

The United Arab Emirates signed a deal with telecommunications company, Etisalat, to embed citizens' national ID information into mobile phones. They will now be exploring a system that would utilize an NFC or Near Field Communication application, which allows cell phones to communicate data via radio frequency within very...

Deeplinks Blog by Kevin Bankston | December 22, 2010

2010 Trend Watch Update: Congress

At the beginning of this year EFF identified a dozen important trends in law, technology and business that we thought would play a significant role in shaping digital rights in 2010, with a promise to revisit our predictions at the end of the year. Now, as 2010 comes to...

Deeplinks Blog by Tim Jones | January 13, 2010

12 Trends to Watch in 2010

It's the dawn of a new year. From our perch on the frontier of electronic civil liberties, EFF has collected a list of a dozen important trends in law, technology and business that we think will play a significant role in shaping online rights in 2010.
In December,...

Privacy issue banner, a colorful graphical representation of a padlock
Deeplinks Blog by Richard Esguerra | August 20, 2009

PASS ID: REAL ID Reanimated

In February, the opponents of REAL ID were given a bit of hope when Homeland Security Secretary Janet Napolitano said that she wanted to repeal the REAL ID Act, the federal government's failed plan to impose a national identification card through state driver's licenses. But what has taken place...

Privacy issue banner, a colorful graphical representation of a padlock
Deeplinks Blog by Richard Esguerra | March 11, 2008

Real ID Rebellion Roundup

Pedro Nava, a prominent California Assemblymember, introduced a non-binding resolution today that asks California's members of Congress to oppose Real ID, the unfunded federal mandate to turn driver's licenses into a national ID card. It highlights the state's growing opposition to Real ID as legislators and citizens begin to...