BY KEVIN FREIBURGER
June 27, 2019
Mobile identification is no longer just a digital replica of a traditional drivers’ license or state ID. Today, digital identity management has evolved to take full advantage of security features offered by smart mobile devices. But is the public sector ready to accommodate?
Traditional plastic-card IDs — and their first-generation digital replicas — force users to reveal more personal data than necessary when completing daily authentication tasks. Just to buy a bottle of wine, for example, ID holders must also reveal personal information like their name, address, height and weight, when all the clerk requires is an age-proof check. With modern digital identity management solutions, users need only share the relevant information required in the moment. Today’s savvy mobile ID is a living document capable of adapting to context, not just a digital image of an ID card.
These more sophisticated mobile IDs are in smartphones, where 76% of users in advanced economies already operate. This means mobile IDs also benefit from the advanced security native to smartphones, such as multifactor and biometric authentication (fingerprint and facial recognition). Big players like Google and Apple also have security features built into their devices to process sensitive transactions like secure payments — features smartphone makers are marketing to government organizations for use with credentials.
For example, if users lose a physical ID, it’s gone forever, and so is their personal information. But if they lose their smartphone, no one has complete access to the personal information that lives within it. The ID is encrypted within its own application, and the device’s advanced, native security also protects it.
How can the public sector prepare?
The largest hurdle to public sector adoption of mobile IDs is typically budget, which should come as no surprise. Most public-sector agencies have tight IT budgets with little room for new systems. Because of this constraint, major government technology infrastructure is only getting older, which makes adoption of emerging, innovative software an even greater challenge — both technically and financially.
But mobile ID adoption is more than just pushing out digital IDs to users’ smart devices. It also involves setting up ID verification systems for stakeholders that must verify the credential. To set up a verification system, public-sector agencies need a modern application programming interface that allows other software systems to talk to theirs and, in this case, verify information within their system. Many government agencies lack modern systems with the adequate security and infrastructure that mobile ID verification requires.
Larger agencies typically have more available resources to build modern, mobile-friendly identity management and verification software or to contract outside vendors to implement it. However, these larger agencies also have more complex systems that are spread across departments and branches with many moving parts to consider. Simply put, the scale of the project varies by agency. Before an agency can adopt this new identity management approach, it must analyze the system complexity and its ability to deploy internal or outside resources to implement the solution. Once the agency identifies these variables, leaders can determine what route to take for adoption
The implications of failing to accommodate mobile IDs
Failing to adopt this technology given the rising demand is a customer-service failure for the public sector. Beyond the security benefits, mobile IDs make it easier for customers to update their information and for government agencies to provide services remotely rather than with an in-office visit. Mobile IDs are one of the top ways for government agencies to deliver modern services and better assist their customers.
Mobile IDs, however, can present user experience challenges. While there are international standards like ISO 18013 that guide design format and data content, mobile ID applications and use cases are not uniform across state lines. Personal mobile ID documents like driver’s licenses are state-issued credentials, so cross-jurisdiction discussions (state to state and at the federal level) are happening now. Agencies not participating in these early discussions risk having their voice and concerns ignored as standards develop.
Adoption is happening at the state level on a rolling basis across the United States. Currently, only a handful of states are piloting mobile IDs, including Idaho, Colorado, Maryland, Iowa and Washington, D.C. This means a mobile ID issued in Iowa could be unusable five minutes away in Illinois and on any flight, since the Transportation Security Administration may not recognize mobile IDs. But the TSA roadmap includes work with the Department of Homeland Security to ensure mobile drivers’ licenses are REAL ID compliant and accepted.
As with any large technological change, it’s common for public-sector agencies to struggle with adoption. Red tape and budget constraints slow processes and adoption speed, and use cases across state lines yield additional challenges. However, agencies are nearing the point where outdated technology infrastructure will no longer align with expectations of constituents. Creating a digital identification infrastructure with secure mobile IDs is a way to ensure long-term alignment with stakeholders and create a new era of modern, customer-friendly services.
The article can also be read by visiting GCN.
About the Author
Kevin Freiburger is director of identity programs with Valid.