Florida starts cybersecurity training through university, cyber range partnerships
March 20, 2018
Technology leaders say they're hopeful that this type of collaboration can be replicated in other state governments.
Four states are testing new features on a mobile technology that could someday replace traditional identification cards.
Jason Shueh is a tech editor at StateScoop with a specialty for civic tech and smart city news. His articles and writing have covered numerous subj...
After the announcement of a digital driver's license (DDL) pilot program last year, Colorado, Idaho, Maryland, Wyoming, and Washington, D.C., are fleshing out new features to the apps to make them more accessible and secure.
The localities have partnered with the cybersecurity company Gemalto, which won a $2 million grant to fund the work from the National Institute of Standards and Technology (NIST) in November 2016. Since that time, the work has focused on the development of a mobile app to securely display license details and tools to securely link this information with transportation department databases. The company hopes the technology can make driver's license transactions safer and easier once developed.
Debbie Trojovsky, Wyoming's Department of Transportation program manager for driver services, said staff and law enforcement are testing the digital driver's license apps and data management for a possible adoption, though no timeline has been set.
"We’ll show them how it works, and if it doesn’t work, then we will also be able to provide that information to Gemalto to improve the product,” said Debbie Trojovsky, Wyoming's Department of Transportation program manager for driver services.
The platform's new features leverage transportation department databases to manage the digital licenses. To join the program, users pair their cell phone numbers with their license and use a pin and fingerprint-protected mobile app to display details. Like their plastic counterparts, digital licenses are designed to be accepted by police, liquor stores, casinos and even by airport security. Even so, state legislatures in each of the pilot jurisdictions still need to pass laws to officially procure and use the technology for it to be valid.
Yet unlike regular licenses, digital licenses only show necessary information and can be verified in real time via state databases. For example, a liquor store clerk would only need to scan the mobile app's bar code to see an image of the cardholder and get an age. Unnecessary private information like a home address or license number are not displayed.
Trojovsky said the heightened security, privacy and convenience of the new cards were big selling points for the pilot program. Additional benefits include an option to update details on cards instantly, to renew or revoke them remotely and to the ability to send drivers alerts and push notifications.
“I wanted to participate just to learn how this would work so that if legislators said ‘Yes, we want to move forward with digital driver’s licenses,’ we would know how to implement it, how law enforcement is going to use it and how it’s going to be a secure for our drivers,” Trojovsky said.
Wyoming is in the early stages of its pilot, still introducing the technology to law enforcement, transportation staff and its IT department, but other states are testing the mobile licenses. Maryland has successfully tested DDLs in liquor stores, at stadium concession stands selling alcohol, and at highway patrol stops.
Gemalto spokesperson Steve Purdy said the company is coordinating efforts with law enforcement, policymakers and businesses. Yet, he said assuring DDLs are capable enough for law enforcement use is the critical component.
"Obviously the biggest stakeholder in this is law enforcement," Purdy said. "We’re working with them to try and understand their operations, the processes and steps they go through, and how this technology might help with their needs.”
Gemalto is also using NIST's security standards and reviews to heighten DDL cybersecurity. Purdy said this has given them a unique advantage.
"We’re working very closely with NIST on this, so the architecture in our solution from the device to the platform undergoes a security audit and validation," Purdy said. "We have to put together our plans and get their stamp of approval, not only from a security standpoint but also privacy — that’s one of NIST's biggest concerns."