It was recently announced that the ISO/IEC 18013-5 international standard for mobile driver’s licenses (mDLs) and mobile IDs (mIDs) was unanimously approved for publication on August 18, 2021. This exciting news was the result of more than six years of effort through an open collaboration of issuers, technology providers, regional authorities (such as AAMVA, EReg, AustRoads, and the African Tripartite), and businesses that accept identity documents to approve transactions.
GET Group North America is pleased to have been integral to the process and has remained steadfastly committed to ensuring our mDL technology for both issuers and verifiers is fully compliant with this standard. The state of Utah is conducting a pilot with our technology, which is the first pilot in the country to fully comply with ISO/IEC 18013-5. This compliance enables completely contactless, unequivocal confirmation of identity information without relying on visual inspection of an ID – which is subjective and difficult. Compliance with the standard will ensure mDLs and mIDs issued in one state will be recognized as legal forms of ID anywhere in the world. This is essential to the continued growth of a global mDL ecosystem.
ISO 18013-5 was developed based on Privacy by Design Principles. It specifies interoperable technical mechanisms to obtain and trust the data from an mDL for in-person transactions. Data transfer is only initiated by the mDL holder after giving affirmative consent. There are pivotal privacy technologies designed into the standard. Using the standard can reduce liability concerns for the verifier associated with storing personal data (such as photocopying and retaining a copy of a physical driver’s license). ISO 18013-5-compliant mDLs provide greater privacy protections than physical ID cards, including:
- Allowing the phone to always stay in the citizen’s control. The phone with an mDL never needs to be handed over for a physical inspection of an ID document.
- Allowing the citizen to share only data that’s relevant to the transaction, such as whether they are over 18 or 21 without disclosing their full birthday or other sensitive information such as their home address.
- Giving the citizen full control to release data elements requested by a relying party (verifier).
- Providing explicit notification to an mDL holder if a verifier intends to retain their information, thus allowing them to know if/when their data is stored. That can also allow verifiers to avoid the liability of retaining ID data.
- Resistance to tracking; there is no unique identifier to see where a citizen has used their mDL. GET Mobile ID rotates any possible identifiers making correlation difficult.
Read more from GET Group North America’s David Kelts about how to use the ISO 18013-5 standard here.