ID Notes

< ID Notes

Discovering the Silver Lining in America's Lack of National Digital Identity Policy

April 10, 2024

In the United States, the lack of a strong national digital identity policy and program has long been a subject of debate and concern, especially among security professionals. However, this apparent gap presents an opportunity, particularly when considering the dynamics of the traditional US identity landscape. The current state-centric approach to identification, where a driver's license serves as the de facto government ID, is a clear indication that a decentralized identity model is not just a possibility but a necessity. This model, aligned with the growing adoption of ISO/IEC standards, offers a promising solution to the challenges of managing complex many-to-many relationships inherent in this type of digital identity ecosystem and promoting greater control, privacy and transparency for individual holders.

Describing the mDL Ecosystem

States like Utah, Arizona, Georgia, Maryland, Colorado, and California are at the forefront, offering ISO-standard-certified digital versions of the driver's license. The American Association of Motor Vehicle Administrators (AAMVA) has stepped forward as the governing body, providing two key elements in the model: First, the definition of rules for play (ISO/IEC standardization on schemas and protocols, certification, registration) and second, a technical implementation of the Digital Trust Service (DTS) and Verified Issuer Certificate Authority List (VICAL) so that Verifiers know whom to trust. 

The mDL Ecosystem can be mapped to the general decentralized identity ecosystem as described in W3C as a practical implementation.

1. Issuers: States are increasingly supporting the issuance of digital driver's licenses, leveraging ISO-standard solutions to provide secure and verifiable digital IDs to residents.

2. Verifiers: A growing diversity of verifiers, including the TSA for airport security and financial institutions for banking services, are recognizing and accepting digital IDs. This early adoption signifies a broader trend towards digital verification across sectors.

3. Holders with Wallets: Wallet providers are essential in this ecosystem, enabling individuals to securely manage and present their digital credentials from mobile devices. These wallets prioritize control and transparency for users, ensuring that individuals have full oversight over their digital identity data and how, when and where it is shared.

4. Verifiable Data Registry: Central to standardizing and securing the decentralized identity model is the American Association of Motor Vehicle Administrators (AAMVA). Through initiatives like the Digital Trust Service (DTS), AAMVA plays a pivotal role in defining trusted entities and ensuring consistency across digital identity implementations.

The Silver Lining

The real silver lining we can see in adoption of the decentralized model is that it brings the individual holder to the fore-front as the director and active party in these interactions. The individual holds the credential and data locally through a direct, trusted interaction with the Issuer and protects the individual from identity theft. The individual presents the credential to interested verifiers, providing transparency around what data has been requested, minimizing the data shared, and ideally removing the need for verifiers to call back to a central authority or data broker in a way that compromises privacy. By leveraging this model, combined with the adoption of global standards for interoperability, the U.S. is uniquely positioned to tackle the complexities of digital identity management in a way that enhances digital security and empowers individuals. 

As we move forward, the focus must be on expanding the adoption of this model, ensuring that all stakeholders — from government agencies to commercial institutions — are aligned with these standards and promoting the user-centric experiences and secure digital and privacy-preserving best practices. The journey towards a more secure, efficient, and user-centric digital identity landscape is complex, but with the foundations already being laid, the future looks promising.