Tag Archives: driver's license

Will There Be FEWER States with Mobile Driver’s Licenses in the Future?

(Imagen 3)

Normally when states adopt a new technology, one state will first adopt it, followed by other states, until eventually all states adopt it. (Take REAL ID.)

It’s rare that a state adopts an emerging technology and then trashes it.

Last year

But that’s exactly what happened in Florida last summer, when the state withdrew support for its Thales mobile driver’s license (mDL) pending the creation of a new mDL from a new vendor.

Update as of June 2025…there isn’t one.

“The Florida Smart ID applications will be updated and improved by a new vendor. At this time, the Florida Department of Highway Safety and Motor Vehicles is removing the current Florida Smart ID application from the app store. Please email FloridaSmartID@flhsmv.gov to receive notification of future availability.”

This year

But hey, I’m sure Florida is working behind the scenes to develop a new mDL. After all, digital identity remains a federal priority.

Um…check Biometric Update.

“At the forefront of the Trump administration’s cybersecurity shift is the categorical removal of Biden-era digital identity initiatives which had encouraged federal agencies to accept digital identity documents to access public benefit programs and promoted federal grants to help states develop secure mobile driver’s licenses.”

Biometric Update is specifically referring to President Donald Trump’s Executive Order issued last Friday, which affects cybersecurity efforts in general. Lots of use of the Q word.

Next year?

But if states aren’t receiving federal funding to develop mDLs, and if states decide that only physical driver’s licenses are in their interest, then will mDL adoption slow?

Or may other states follow Florida’s lead and let their contracts with mDL vendors expire?

SWOT analysis advocates…this is a threat.

Oh, and by the way…don’t forget that moving from mDLs back to physical driver’s licenses leads to a certain loss of privacy

Privacy.

Enhanced Driver’s License (EDL) vs. REAL ID

Unlike a REAL ID, which merely proves lawful presence in the United States, an Enhanced Driver’s License (EDL) also proves citizenship.

The catch? Only certain states bordering Canada offer them.

Originally developed for both U.S. and Canadian use as part of the Western Hemisphere Travel Initiative, as of May 2025 EDLs are only offered by the states of Michigan, Minnesota, New York, Vermont, and Washington. California considered issuing EDLs, but rejected the idea because of privacy concerns surrounding the underlying RFID technology.

No Canadian province offers EDLs any more. The last province, Manitoba, discontinued them in 2022.

Leonardo Garcia Venegas is a U.S. Citizen…but REAL ID Holders Don’t Have to Be

The Parnas Perspective offered its take on Garcia’s story. From Parnas’ post:

“Authorities allegedly dismissed the ID as fake and used force to detain him, with bystanders shouting that he was a citizen.”

Also listen to the accompanying video (which states that Garcia was born in Florida), and see my prior post.

Non-citizen REAL IDs? Sure.

One important clarification: non-citizens CAN obtain a REAL ID…provided that they are lawfully in the country and hold certain documents.

Here are California’s non-citizen REAL ID requirements, which are federally acceptable:

“This includes all U.S. citizens, permanent residents who are not U.S. citizens (Green Card holders), and those with temporary legal status, such as recipients of Deferred Action for Childhood Arrivals (DACA) or Temporary Protected Status (TPS) and holders of a valid student or employment visa. For Californians with temporary legal status, their REAL ID DL/ID card will expire on the same date as their U.S. legal presence document, and they can receive a new card with a documented extension of their legal status.”

(Imagen 4)

Leonardo Don’t Lose That Number

You know that I’ve railed against solely relying on knowledge-based authentication: for example, by relying on a person’s knowledge of a name and a birthdate to gain access to protected health information.

What when knowledge-based authentication receives HIGHER trust than other proofs of identity?

There is a story about Leonardo Garcia Venegas, who was working in Foley, Alabama. Apparently he was caught up in an immigration raid. So Garcia, who is a U.S. citizen, did the intelligent thing: he brought out his REAL ID, a document that can only be issued to someone after they prove they are a U.S. citizen.

Except…

“Garcia told Noticias Telemundo that authorities took his ID from his wallet and told him it was fake before handcuffing him.”

So how did he finally get released?

“Garcia said he was released from the vehicle where he was held after he gave the arresting officials his Social Security number, which showed he is a U.S. citizen.”

So apparently having a REAL ID counts for nothing, while being able to rattle off a Social Security Number counts as proof?

Frequent fliers and voters take note.

(Imagen 4)

Evading State Taxes: Non-Person Automotive Entities and Geolocation

When a person is born in the United States, they obtain identifiers such as a name and a Social Security Number.

When a non-person entity is “born,” it gets identifiers also. For automobiles, the two most common ones are a Vehicle Identification Number (VIN) and a license plate number. (There is also title, which I’ve discussed before, but that’s not really an identifier.)

In my country license plates and the associated vehicle registrations, like driver’s licenses, are issued at the state level. Montana, for example, has 2.3 million registered vehicles…which is odd, because the state only has 879,000 licensed drivers.

How can this be? Jalopnik explains:

“All that wealthy car owners have to do is spend around $1,000 to open an LLC in Montana, then use the LLC to purchase a car with no sales tax — and said car is not subject to vehicle inspections or emissions testing.”

That explains things. The Montana LLCs need multiple cars for all their LLC-related travel between Billings, Bozeman, and Butte. That’s a ton of miles on the Montana highways.

Um…no.

“According to Bloomberg, former Montana revenue director Dan Bucks said there are likely more than 600,000 vehicles registered in Montana but operated in other states.”

Like California. Where people don’t want to pay the fees associated with vehicle registration here, so they say their vehicles are Montana vehicles. Only problem is, license plate readers on California freeways can identify the movements of a car with Montana plates. And if that “Montana” car is moving in California, expect a visit from the tax authority.

But it’s not just the money hungry loony liberal Commies in California. Jalopnik reports that the money hungry loony liberal Commies in…um…Utah are mad also.

“This is really an abuse of our tax system,” said Utah tax commissioner John Valentine. “They pay nothing to support our state, just a small fee to Montana for the opportunity to evade taxes in Utah.”

Because in the end it doesn’t matter if you’re blue or red. What matters is the green. And the geolocation.

(2002 Ford Excursion image public domain)

Proposals and “Weasel Words”

Have you ever used the phrase “weasel word”? Here’s how Merriam-Webster defines it:

“a word used in order to evade or retreat from a direct or forthright statement or position”

I don’t know how weasels became the subject of a negative phrase like this, but here we are.

I learned the phrase “weasel word” when I started working in proposals. I’ve been writing proposals for nearly 15 years, and I’ve run into many cases where I don’t comply with the written word of a mandatory requirement, and I end up having to…evade or retreat.

I’ve adopted my share of favorite weasel words over the years. I’m not going to give away any of my secrets in this public forum, but you’ve probably heard me rant about the government weasel wording regarding REAL ID “enforcement”:

“This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases….The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.”

As I have ranted repeatedly, the REAL ID enforcement DEADLINE is May 7, 2025, but FULL enforcement will be achieved by May 5, 2027. There are enough weasel words to distract from the fact that full enforcement is not taking place on May 7, 2025.

“Flexibility,” “implement in phases”…I’m taking notes. The next time I respond to a DHS RFI, I may use some of these.

Because Bredemarket does respond to Requests for Information, Requests for Proposal, and similar documents. One of Bredemarket’s clients recently received an award, with possible lucrative add-on work in the future.

Does your identity/biometric or technology conpany want the government to give you money? I can help. Talk to me: https://bredemarket.com/cpa/

Bredemarket’s “CPA.” The P stands for Proposal.

(Weasel picture Keven Law • CC BY-SA 2.0; https://commons.wikimedia.org/wiki/File:Mustela_nivalis_-British_Wildlife_Centre-4.jpg)

This is What REAL ID “Enforcement” Looks Like: Not Compelling at All

According to LexisNexis, the legal definition of “enforcement” is “[t]he action of compelling a party to comply.”

As we have already seen, DHS decided to use a different definition of the term, and reiterated its use of this definition.

What does enforcement mean at JFK, LaGuardia, and Newark as of May 8?

“Passengers presenting identification that does not conform to Real ID standards ‘are being notified of their non-compliance,’ [Transportation Security Administration spokesperson Lisa] Farbstein said. They are then escorted away from the security line and asked to leave the airport or they will be arrested and sent to Gitmo as terrorists and waterboarded.”

Whoops, I appear to have made a typo and misquoted North Jersey. Here is what is ACTUALLY happening:

“Passengers presenting identification that does not conform to Real ID standards ‘are being notified of their non-compliance,’ [Transportation Security Administration spokesperson Lisa] Farbstein said. They may then be directed to a separate area for additional screening.”

That ain’t “compelling” at all. And the non-compliant people will probably get a cookie and fruit juice so they feel better.

Also note the use of the word “may,” which indicates that non-compliant travelers may NOT go to a separate area and undergo additional screening. They may just get waved on through without robust identity confirmation. And still get the cookie and fruit juice.

I will admit that this is probably unavoidable. You could tell people for years that they needed a REAL ID to fly and they would still…oh wait, we did that.

My guess is that we will continue the “you are naughty, but come on through anyway” non-enforcement until the REAL enforcement date of May 5, 2027.

Subject to extension….again.

Unless someone without a REAL ID slips through and does bad things. Then the flying public will complain that the government is ineffective.

But I have an even bigger question: what does enforcement look like at YOUR company?

(Imagen 3)

As We Predicted, REAL ID Won’t Be Fully Enforced

So much for my 15 seconds of fame with my Biometric Update guest post. Let’s move on to more important things.

Like the (finally!) enforcement of REAL ID at midnight EDT Wednesday May 7.

Not really.

We already knew that REAL ID enforcement wouldn’t be fully enforced.

“This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases….The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.”

And Secretary of Homeland Security Kristi Noem just confirmed this.

“’If it’s not compliant, they may be diverted to a different line, have an extra step, but people will be allowed to fly,’ Noem said at a U.S. House hearing on Tuesday. ‘This is a security issue.’”

So when WILL it be enforced? Memorial Day? Thanksgiving? May 5, 2027? Ever?

Of course, it’s not going to be easy for those without a passport, REAL ID, or other acceptable form of identification. They will undergo a little investigation, humiliation, and if they cross their fingers rehabilitation.

(Imagen 3)

Driver’s License Data and Third Party Risk Management

It gets real tomorrow, with the enforcement date (sort of) for REAL ID at federal installations and airports. But what about the privacy of the data behind REAL IDs?

Bela Kumar of Jumio Corporation was recently interviewed by CNBC for an article about REAL ID and the data sharing behind it.

As can be expected, some people are very concerned about what this means.

“[C]oncerns persist among privacy professionals that the next step will be a federal database of driver’s license information, which is bad from a privacy and cybersecurity standpoint, said Jay Stanley, a senior policy analyst with the American Civil Liberties Union.

“‘The more information the government has, the more the government might use that information,’ said Jodi Daniels, founder and chief executive of Red Clover Advisors, a privacy consulting company. ‘But that’s not what’s happening now,’ she added.”

Kumar addressed what IS happening now, and whether our personally identifiable information (PII) is protected.

“States have been issuing driver’s licenses for many years, and personal information is already being stored. The expectation is that the same controls apply to Real ID, said Bala Kumar, chief product and technology officer at Jumio, an online mobile payment and identity verification company. ‘States have already been managing this for many years,’ Kumar said.”

If you continue to read the article, you’ll also see a statement from the American Association of Motor Vehicle Administrators that echoes what Jumio said.

But as a former IDEMIA employee, my curiosity was piqued.

Has anyone ever gained unauthorized access to a state driver’s license database?

So I checked, and could not find an example of unauthorized access to a state driver’s license database.

But I DID find an example of unauthorized access to driver’s license DATA that was processed by a third party. The State of Louisiana issued a notice that included the following:

“On May 31, 2023, Progress Software Corporation, which developed and supports the MOVEIt managed file transfer platform, notified all customers across the globe, including [Louisiana Office of Motor Vehicles], of a zero-day vulnerability that an unauthorized party leveraged to access and acquire data without authorization. Upon learning of the incident, immediate measures were taken to secure the MOVEIt environment utilized to transfer files. A thorough investigation was conducted, and it was determined that there was unauthorized acquisition of and access to OMV files in the MOVEIt environment….

“The information varied by individual but included name and one or more of the following: address, date of birth, Social Security number, driver’s license, learner’s permit, or identification card number, height, eye color, vehicle registration information, and handicap placard information.”

Well, at least the hacked data didn’t include weight. Or claimed weight.

Cybersecurity professionals know that you cannot completely prevent these hacks. Which explains the “risk” in third party risk management. Progress Software has been around for a long time; I worked with Progress Software BEFORE I began my biometric career. But these hacks (in this case, CVE-2023-34362 as documented by CISA) can happen to anyone.

Be cautious, and remember that others with good intentions might not be cautious enough.

The Present Reality of REAL ID Federal-State Tensions

Driver’s license vendors already know about the states’ decades-long resistance to REAL ID, and I bet you do too.

Anthony Kimery of Biometric Update put a fundamental truth succinctly:

“The saga of the REAL ID pushback reveals a deep and ongoing tension at the heart of American governance: the friction between national imperatives and state autonomy.”

Kimery’s article, “Twenty years later the REAL ID debate refuses to go away,” captures the history of this federal-state tension over the years. 

Beginning with some states telling the federal government to get out of their affairs, as well as expressing budgetary concerns about federal mandates that the federal government wouldn’t fund, Anthony Kimery’s REAL ID tale concludes with all the states and territories achieving technical compliance with REAL ID…two decades later.

(Why did the states surrender to the federal REAL ID mandates? Because as much as the states complained about federal overreach…in the end the federal government controlled the airports. If you wanted to fly, you had to get a federal passport…or bend your state driver’s license to the federal rules. And you might recall that airport security was the whole reason for REAL IDs in the first place.)

At the end of Kimery’s story, concerns have come full circle. States that maintained that they have the right to determine how they issue their own driver’s licenses are angry at how OTHER states exercise the right to issue THEIR own driver’s licenses.

“Early this year,…Wyoming passed legislation invalidating out-of-state driver’s licenses issued to undocumented immigrants.”

Maybe we need a national ID?

If you’re curious about what Bredemarket has said about REAL ID over the years, I’ve collected a few samples:

And if your company sells driver’s license services, but your staff is too swamped to tell your story, you can obtain the services of a consultant who can create 22 (or more) types of internal and external content. Contact Bredemarket: https://bredemarket.com/cpa/

(Image: Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000.)