At Spruce, we’re passionate about exploring applications of decentralized identity technology, as we help shepherd a more privacy-centric future where individuals have more control over their identity and data. One such application is through official forms of identification, like those issued by government and official agencies for mobile driver’s licenses (mDL).
We believe that in the modern, technology-driven world, an ID will become much more composable than a piece of plastic that sits idly in your wallet. That’s why we’re excited to share a new solution we’ve been working on with early partners as a part of our new Credible Product Suite.
We’ve put a lot of consideration into how we can best design a Credible mobile drivers license solution in a way that puts privacy and security at the forefront of our decision-making. New technology enabling digital forms of identity requires us to think about the different risks and concerns that may arise, and how we, as a technology company, can foster innovation to help protect the rights of individuals in these decisions.
What is an mDL?
An mDL is a mobile driver’s license, a digital version of the plastic ID card you carry around in your wallet. Many government agencies and institutions globally are exploring digital versions of official identification to provide expanded functionality to meet the needs of our new digital world. With this, a need for a set of global technical standards has emerged to ensure interoperability between different agencies and jurisdictions.
Enter ISO/IEC 18013-5 - the technical standard for mobile driver’s license applications, which was unanimously approved in August 2021. This standard for an mDL application covers how we can represent a digital driver’s license on a person’s smartphone (or other device) and the end-to-end process for how it can be presented in-person. Federal agencies in the United States, namely TSA, have already committed to using ISO/IEC 18013-5, which means that state DMVs will need to build mDLs aligned with the same standard in order for their driver’s licenses to be usable for travel at airports. The ISO working groups, which Spruce is a part of, are still actively discussing methods for how an mDL is issued, presented online (ISO/IEC 18013-7), and refreshed.
With verifiable credentials, mDLs are a secure and trustworthy way to store your driver’s license information and credentials. Verifiable credentials are digital representations of documents, such as a driver’s license, that can be stored securely on a mobile device, using cryptography. These credentials are cryptographically signed by the issuing authority and can be verified by other parties. This ensures that the credentials are authentic and cannot be altered or tampered with in any way and allows individuals to prove their identity for digital interactions in a secure and verifiable way.
With Credible, we are creating a solution to provision mobile driver’s licenses to a smartphone application using ISO/IEC 18013-5, along with the W3C standards for Verifiable Credentials and Decentralized Identifiers, and OpenID for Verifiable Credentials to create secure, privacy-enhancing, and tamper evident identity solutions.
Why should we care about this?
Simply put, the world is moving towards digitization. We spend an increasing amount of our time online, with an ever-increasing number of digital interactions. There is still, however, a massive disconnect between the experiences we are familiar with in the physical world and how accessible (or not) those are online.
There is no straightforward way to verify your identity online right now in order to do basic tasks, such as opening a bank account or applying for an apartment lease, aside from physically typing in a government-issued personal identifier, like an SSN, which comes with major security risks. Online businesses and services have to collect sensitive information from users because, until now, there has been no way to securely present a digital version of your identity credentials in a way that is cryptographically verifiable.
Aside from verifying your identity for digital interactions, having a digital ID, such as an mDL, creates new opportunities for people to access benefits afforded to them by both businesses and governments, at the local, state, and federal levels. Individuals will be able to present their mDL online to prove, for example, they are over 55 to qualify for a senior discount while buying movie tickets online at their local movie theater. Similarly, a college student would be able to prove they are a resident of a local city to qualify for a library card in order to check out electronic versions of their textbooks from their local library. In fact, we’re working to let mDL users be able to log into different government websites to access government services, including social security and unemployment benefits, Medicare and Medicaid, and nutrition assistance programs.
On a grander scale, the ability to prove one’s identity securely and in a tamper-evident way helps to reduce fraud in accessing financial assistance. Since the onset of the COVID-19 pandemic, unemployment insurance (UI) fraud has grown at an astonishing rate. The U.S. Department of Labor's Inspector General states that of, "the estimated $872.5 billion in pandemic UI funding, at least $163 billion in benefits could have been paid improperly, with a significant portion attributable to fraud." The government can have higher trust that the citizens accessing benefits are, in fact, the people who qualify for those benefits, and citizens can trust that their tax money is being used responsibly.
From a security perspective, the user of applied cryptography in our Credible mDL solution ensures the identification is tamper-evident with verifiable authorship. This means that when you present your mDL, either online or in person, it will be clear that the ID hasn’t been tampered with in any way and is, in fact, official identification issued by a specific state or other governing body. This solution, when paired with a complementing data policy approach, can help ensure that your information is used only for the exact purpose specified and no further. We further incorporate support for W3C Verifiable Credentials and W3C Decentralized Identifiers in line with the community’s inputs, to maximize benefits for end users by supporting different types of popular data formats.
With this early use case of Credible, we’re unlocking the hugely untapped potential for how we facilitate trusted interactions in a digital world. The technology is deeply complex, but with Credible, the applications are intuitive and easy to use, bringing verifiable credentials and decentralized identifiers toward mainstream adoption for daily use.
If you’re interested in further explorations of mobile driver’s licenses solutions, please reach out to us at firstname.lastname@example.org.
About Spruce: Spruce is building a future where users control their identity and data across all digital interactions.