360 458 IDrecords1

December 2016

Over the last 20 years, identity management has changed significantly, in large part due to AAMVA’s efforts

When MOVE magazine launched in 1996, a driver’s license had a person’s photo, jurisdiction of residence, street address, height, weight, date of birth and a few other minor elements.

Saying a lot has changed over the last 20 years would be an understatement. In 2016, driver’s licenses now have 2D barcodes, significant physical security features like optical variable devices, radio frequency tags, cryptographic protection and even biometric technology.

Two Decades of Progress

Over the last two decades, AAMVA has worked closely with both industry and jurisdictions to help improve the driver’s license on all fronts, whether that meant improving security measures, figuring out the most effective technology or working to streamline standards across North America.

One of most significant improvements in identity management over the past 20 years has been communication among jurisdictions. There wasn’t interoperability back in 1996—most jurisdictions were doing their own thing with their own licenses. Now, we have reached a point where jurisdictions are working toward a standardized license that is uniform in appearance, has a minimum level of security and has common machine-readable technology on it.

Stephen Leak, executive director of credential programs at the Indiana Bureau of Motor Vehicles and a member of AAMVA’s Card Design Standards Committee, says he thinks some of the biggest improvements since he’s been in the industry have been the credential issuance process and document verification, as well as better card materials and security features that are “far more resistant to tampering and alteration than in the past.”

In addition, a good relationship with federal agencies has led to numerous important standards being put into place and legislation being passed over the last 20 years, including the first official standard for the driver’s license/ID card, which was published in 2000 and has had eight significant revisions since, and AAMVA’s DL/ID Security Framework, which was published in 2005.

Failure to Launch

A feature article in one of the first issues of MOVE magazine in 1996 predicted Smart Card technology would be the future of the driver’s license. In another 1996 column for MOVE magazine, Bart Blackstock, who at the time was the driver control bureau chief for the Utah Department of Public Safety’s Driver’s License Division, wrote that chip technology was not widely accepted in the United States at the time even though it had numerous benefits over magnetic strip and barcode technology.

In 1999, Blackstock tried to get Smart Card technology legally required for the Utah driver’s license with the help of a state representative. “We would have been the first in the nation to get there,” he says. He got the bill through the House, but it failed once it reached the Senate. He believes it failed because people were afraid that their personal information would get stolen.

Ironically (considering how widely chip technology is used in credit cards today), Smart Card technology never took off for driver’s licenses.

“Many people did not understand that any and all information contained in a chip could be fully encrypted,” says Blackstock, who is now the executive vice president of Insure-Rite. “Smart Cards are as easily secured as any technology: your phone, your laptop, your tablet. The benefits [of Smart Cards] are just extraordinary. It baffles me why people are so afraid of the technology, and yet they have no problem putting personal information in barcodes on identification cards or driver’s licenses.”

Geoff Slagle, director of identity management at AAMVA, says he believes Smart Card technology never took off because it was expensive and because there was a lack of infrastructure and reading equipment for it.

Room for Improvement

Despite the exceptional technological and material advances in driver’s licenses and ID cards over the last 20 years, there is still room for improvement, mainly in stopping criminals from making fraudulent IDs.

While the technologies being used to create and issue a better driver’s license have all advanced, the access to them is still problematic when it comes to the bad guys. Because criminals have access to these technologies, they can create counterfeit documents that are far more sophisticated than something produced 10, 15 or 20 years ago.

Another major problem facing identity management is imposter fraud—when the document is legitimate, but the person using it isn’t who they say they are and are not connected to the document.

However, according to Leak, improvements to card materials, as well as more robust security features, allow jurisdictions to offer a credential that is far more resistant to tampering and alteration than in the past. “Improvements in technology and materials certainly will continue and will result in improvements to credential security. And of course you have to add the mobile identity efforts—mobile driver’s licenses as a current topic of a combined AAMVA Working Group—to the list of potential improvements. Given thoughtful implementation, this product has the potential to enhance identity security as well as have an impact on highway safety,” he says.

The importance of Standardization

While interoperability among jurisdictions has improved greatly over the last 20 years, a possible solution to some of the security problems facing identity management is even more standardization, especially when it comes to issuing IDs. By using the same screening process and standards, jurisdictions can work together to fight fraud.

“It’s true that we’ve gotten better as a community in how we go about making our secured documents,” Slagle says. “Yet there’s still the opportunity for more consistency and uniformity in how we proof people.”

There is room for improvement in most if not all jurisdictions. For example, a jurisdiction that has an excellent document that is resistant to any kind of counterfeiting might not have a rigorous-enough process for screening people when they are obtaining the document. On the other hand, another jurisdiction might have an optimal screening process for obtaining the document, but the document itself may be susceptible to counterfeiting.

Blackstock believes there is and will continue to be an ongoing struggle in creating high-quality IDs that are also immune to fraud. “The challenge I see with all of the new security features you can build into documents these days is that if nobody knows what the security feature is, it doesn’t really mean much. And if you tell everybody what the security features are, then you just give the forgers all the information they need to create quality counterfeit documents. It’s a Catch 22.”

The Wave of the Future

The final and most important piece of the identity management puzzle is fighting imposter fraud by ensuring the person who makes a claim about his or her identity is telling the truth. Binding the person to his or her ID can be done through biometrics on mobile driver’s licenses (mDLs), which is the next step in identity management.

An mDL will be on a person’s phone, tablet or laptop. It won’t be a replacement for a driver’s license, but rather it will be supplemental—a way for a person to not only carry one less thing in his or her pocket, but also use to biometrics to further prove one’s identity. Slagle says this will be done either through facial recognition or finger imaging, and he anticipates some states will have mDLs as early as 2017. He predicts that in the next three years, a significant number of jurisdictions will have them, and in five years, more than half of states will issue mDLs.