NIST Should Be Tasked With mDL Standards, Experts Tell Congressional Hearing

December 7, 2023

Jeremy Grant, Coordinator of the Better Identity Coalition, urged the US government to task the National Institute of Standards and Technology (NIST) with establishing security and privacy guidelines for mobile driver’s license apps in a hearing this week.

The hearing was concerned with innovations in identity management, and featured discussion about the impending implementation of the REAL ID Act in 2025, which is meant to impose new security standards for state-issued IDs. Just a little more than half of US citizens possess REAL ID-compliant credentials, prompting Rep. Carlos Gimenez, R-Fla., Chairman of the House Homeland Security Subcommittee on Transportation and Maritime Security, to predict “utter mayhem” at US airports when the REAL ID deadline arrives.

Another problem, according to Grant, is that the Department of Homeland Security made implementation of REAL ID the responsibility of the Transportation Security Administration. The TSA has indicated that it plans to follow the International Standards Organization’s lead on digital ID before setting guidelines for setting its own standards for REAL ID-compliant digital ID. Jay Stanely, a policy analyst with the American Civil Liberties Union, told the hearing that the ISO sets standards “behind closed doors” through “a secretive committee”, adding that it would not sufficiently protect Americans’ privacy.

Grant emphasized that the NIST has longstanding expertise in digital identity and mDL technology. “While DHS does not create standards, DHS – or even better, the White House or Congress – should request that NIST lead a timeboxed, one-year effort to create the standards and guidance needed to accelerate the deployment of secure, privacy-protecting mDL apps that Americans can use to protect and assert their identity online,” he said.

Of course, several states have already rolled out mDLs, in some cases based on technology platforms designed by IDEMIA, a France-based multinational. As for American pioneers of mobile IDs, Apple established itself as a leader early on, though the pace of its rollouts has been gradual. For its part, the TSA has been working to deploy new ID-scanning kiosks that are able to read the mDLs circulating in parts of the US.

 

 

Marc A.

 

Marc L. Aronson
President & CEO

Pennsylvania Association of Notaries
p: 800-944-8790 x113 | f: 800-707-7075
maronson@notary.org | www.notary.org 
One Gateway Center, Suite 401
420 Fort Duquesne Blvd., Pittsburgh, PA 15222-1498
We'd love to hear about your experience with us here!
    

This message (including any attachments) is confidential and may be privileged. If you have received it by mistake, please notify the sender by return e-mail and delete this message from your system. Any unauthorized use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. The Pennsylvania Association of Notaries (PAN) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. PAN does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference.

From: Tom Jones <thomasclinganjones@gmail.com>
Sent: Friday, December 8, 2023 14:58
To: wg-riup <wg-riup@kantarainitiative.org>; pemc kantara <Wg-pemc@kantarainitiative.org>
Subject: [WG-PEMC] which federal agency should create Identifier standards?

 

'TSA Is Not the Right Agency to Lead' REAL ID Implementation, Security Experts Say

Security and identity management experts urged Congress to direct the National Institute of Standards and Technology to play a bigger role in developing standards for digital identity management ahead of a looming 2025 deadline for domestic air travellers to comply with security requirements outlined in the REAL ID Act.

"While DHS does not create standards, DHS - or even better, the White House or Congress - should request that NIST lead a timeboxed, one-year effort to create the standards and guidance needed to accelerate the deployment of secure, privacy-protecting mDL apps that Americans can use to protect and assert their identity online," Grant testified.

Jay Stanley, a senior policy analyst with the American Civil Liberties Union's Speech, Privacy, and Technology Project, warned that the TSA has proposed to adopt the ISO standards, which he said were "created behind closed doors by a secretive committee" and are "inadequate and incomplete when it comes to the protection of our privacy."

 

Sounds like Jeremy Grant is involved somehow.  ..tom