In the past, I have gone on ad nauseam about how mobile driver’s licenses are more private than physical driver’s licenses. Here is how I stated it in July 2024:
“When you hand your physical driver’s license over to a sleazy bartender, they find out EVERYTHING about you, including your name, your birthdate, your driver’s license number, and even where you live.
“When you use a digital mobile driver’s license, bartenders ONLY learn what they NEED to know—that you are over 21.”
Which is extremely limited information.
But some age verification systems may provide your age in years, without necessarily revealing your exact date of birth.
That single number—whether it is 17, 27, or 57—reveals a lot more than we realize.
Let’s say that we know that Jill is 57 years old. This means that she was born in either 1968 or 1969. If Jill has lived her entire life in the United States, we immediately know several things about her with some certainty.
First, we know that she is part of Generation X, which means she may exhibit skepticism rather than corporate loyalty, and a comfort level with email rather than Telegram or what we now refer to as “voice calls.”
Second, we know the types of experiences she probably had in her childhood and teenage years. She probably played with Star Wars toys as a kid. She knew a little bit about Billy Carter, the funny Presidential brother. She feared for the lives of the hostages in Iran.
Third, we know the types of experiences she didn’t have. She never saw a cigarette commercial on TV. If she watched Star Trek, she saw it on an “independent” station, not on NBC during prime time. She never feared for the lives of the Israeli Olympians in Munich.
It’s not a lot to go on, and it may not be 100% accurate if Jill grew up in a household that viewed television as demonic.
But it’s enough for a product marketer to shape age-sensitive product marketing.
But if your product appeals to some ages more than others, knowing the ideal age of your target audience personas shapes your content. If your target audience is just out of college, “I can’t believe I ate the whole thing” is meaningless to them.
When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.
Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.
But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.
Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:
“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”
“9 (9) The National Institute of Standards and 10 Technology (NIST) was directed in the CHIPS and 11 Science Act of 2022 to launch new work to develop 12 a framework of common definitions and voluntary 13 guidance for digital identity management systems, 14 including identity and attribute validation services 15 provided by Federal, State, and local governments, 16 and work is underway at NIST to create this guid 17 ance. However, State and local agencies lack re 18 sources to implement this new guidance, and if this 19 does not change, it will take decades to harden defi 20 ciencies in identity infrastructure.”
Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.
But let’s get to the meat of the bill:
“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION 4 GRANTS. 5 (a) IN GENERAL.—The Secretary of the Treasury 6 shall, not later than 1 year after the date of the enactment 7 of this section, establish a grant program to provide iden 8 tity fraud prevention innovation grants to States.”
The specifics:
The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
They can also use the grants to protect individuals from deepfake attacks.
Another purpose is to develop “interoperable solutions.”
A fourth is to replace vulnerable legacy systems.
The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.
But there are some limitations in how the funds are spent.
They can’t be used to require mDLs or eliminate physical driver’s licenses.
They can’t be used to “support the issuance of drivers licenses or identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)
The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.
And everything else
So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.
But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:
The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
The Federal Trade Commission (FTC).
The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.
What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?
Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.
(And yes, I know that the Capitol is not north of the Washington Monument…yet.)
“It is clear that digital-first identity systems are unlikely to become standard. Most governments will still rely heavily on physical credentials through 2026. Physical documents, such as diver’s licenses and passports, have long life spans. Physical security is already a proven technology, making it essential for continued trust and accessibility in the wake of ever-more sophisticated attack methods. ABI Research cybersecurity analysts view mobile ID as more of a companion to physical credentials.”
Oh, and number 12.
“Interest in biometric payment cards has waned due to high costs and complex onboarding. Zwipe’s bankruptcy in March 2025 is emblematic of this latest trend. To extract returns from their prior investments in biometrics, digital payment providers are pivoting to other markets like secure access and cold wallets. Going forward, the technology will shift from mainstream ambition to specialty use cases, with fewer launches expected in 2026.”
To see what these and the other 11 predictions mean, read the ABI Research article.
I finally found a legitimate use for my California mobile driver’s license (mDL) this afternoon.
Ontario International Airport (ONT) allows people without tickets to reserve a day pass to see departing passengers off. The day pass functions as the equivalent of a real passenger’s boarding pass…with appropriate identification.
Both the day pass and my mDL were in my smartphone wallet, so all went smoothly. I wasn’t paying enough attention to know if the Transportation Security Administration (TSA) compared my live face to my mDL, but they probably did.
And I can confirm that Richard Reid rule is gone: no shoe removal required. Belts are another matter.
Normally when states adopt a new technology, one state will first adopt it, followed by other states, until eventually all states adopt it. (Take REAL ID.)
It’s rare that a state adopts an emerging technology and then trashes it.
“The Florida Smart ID applications will be updated and improved by a new vendor. At this time, the Florida Department of Highway Safety and Motor Vehicles is removing the current Florida Smart ID application from the app store. Please email FloridaSmartID@flhsmv.gov to receive notification of future availability.”
This year
But hey, I’m sure Florida is working behind the scenes to develop a new mDL. After all, digital identity remains a federal priority.
“At the forefront of the Trump administration’s cybersecurity shift is the categorical removal of Biden-era digital identity initiatives which had encouraged federal agencies to accept digital identity documents to access public benefit programs and promoted federal grants to help states develop secure mobile driver’s licenses.”
But if states aren’t receiving federal funding to develop mDLs, and if states decide that only physical driver’s licenses are in their interest, then will mDL adoption slow?
Or may other states follow Florida’s lead and let their contracts with mDL vendors expire?
Discovered a song about privacy (by John Maus) and had to create a reel that used the song. Note the mDL privacy-preserving features toward the end of the reel.
In my country, the issuance of driver’s licenses is performed at the state level, not the national level. This has two ramifications.
REAL ID
The U.S. government wanted to tighten down on identification cards to stop terrorists from hijacking planes and crashing them into buildings.
But it couldn’t.
When it told the states to issue “REAL ID” cards by 2008, the states said they wouldn’t be told what to do.
Today all of them support REAL ID cards as an option, but use of REAL IDs for federal functions such as plane travel won’t be enforced until 2027…if then.
mDLs
For years there has been a move to replace physical driver’s licenses with mobile driver’s licenses, or mDLs.
Again, in my country this has been pursued in a piecemeal basis on the state level. Louisiana has its own mDL, with a separate one in Oklahoma, one in California, others in other states, and none in other states. And one state (Florida) that had one, then didn’t have one.
Some mDLs are in custom wallets, while others are or are not in wallets from Apple, Google, and Samsung.
Oh, and don’t try using your Louisiana mDL to buy a beer in Arkansas.
Meanwhile, in the UK
Things are different in other countries. Amit Alagh shared a BBC article with me.
“Digital driving licences are to be introduced in the UK as the government looks to use technology to ‘transform public services’…. The new digital licences will be introduced later this year….”
Throughout the entire United Kingdom, including Scotland and Northern Ireland, apparently.
In part because when I first tried to get a mobile driver’s license (mDL), I used my OLD physical driver’s license AFTER I had renewed my driver’s license online (but before I received the new physical license). Data mismatch. Rejected.
And in part because I kept on forgetting to perform the additional steps to confirm my identity.
And in part because I didn’t truly NEED the mDL—I haven’t flown anywhere since April 2023, and for some strange reason no vendor of age-controlled products has insisted on carding me.
California mobile driver’s license (mDL).
But I now have a California mDL. After talking about mDLs for years as a former IDEMIA employee.
I’ve previously espoused the benefits of mDLs. For example, when a retailer DOES check my age before I buy a beer, the retailer doesn’t learn my address or my (claimed) height and weight. The retailer only needs to confirm that I am old enough to buy a beer.
Oddly enough, I had to block out certain information on my displayed mDL in the image above. Because MY privacy requirements obviously don’t conform to California’s privacy requirements.
When marketing digital identity products secured by biometrics, emphasize that they are MORE secure and more private than their physical counterparts.
When you hand your physical driver’s license over to a sleazy bartender, they find out EVERYTHING about you, including your name, your birthdate, your driver’s license number, and even where you live.
When you use a digital mobile driver’s license, bartenders ONLY learn what they NEED to know—that you are over 21.
I should properly open this post by stating any necessary disclosures…but I don’t have any. I know NOTHING about the goings-on reported in this post other than what I read in the papers.
However, I do know the history of Thales and mobile driver’s licenses. Which makes the recent announcements from Florida and Thales even more surprising.
Gemalto’s pioneering mobile driver’s license pilots
Back when I worked for IDEMIA from 2017 to 2020, many states were performing some level of testing of mobile driver’s licenses. Rather than having to carry a physical driver’s license card, you would be able to carry a virtual one on your phone.
Some of these states were working with the company Gemalto to create pilots for mobile driver’s licenses. As early as 2016, Gemalto announced its participation in pilot mDL projects in Colorado, Idaho, Maryland, and Washington DC. As I recall, at the time Gemalto had more publicly-known pilots in process than any other vendor, and appeared to be leading the pack in the effort to transition driver’s licenses from the (physical) wallet to the smartphone.
Thales’ operational mobile driver’s license
By the time Gemalto was acquired by and absorbed into Thales, the company won the opportunity to provide an operational (as opposed to pilot) driver’s license. The Florida Smart ID app has been available to both iPhone and Android users since 2021.
One of the most important pieces of new information was a revised set of Frequently Asked Questions (or “Question,” or “Statement”) on the “Florida Smart ID” section of the Florida Highway Safety and Motor Vehicles website.
The Florida Smart ID applications will be updated and improved by a new vendor. At this time, the Florida Department of Highway Safety and Motor Vehicles is removing the current Florida Smart ID application from the app store. Please email FloridaSmartID@flhsmv.gov to receive notification of future availability.
Um…that was abrupt.
But a second piece of information, a Thales statement shared by PC Mag, explained the abruptness…in part.
In a statement provided to PCMag, a Thales spokesperson said the company’s contract with the FLHSMV expired on June 30, 2024.
“The project has now entered a new phase in which the FLHSMV requirements have evolved, necessitating a retender,” Thales says. “Thales chose not to compete in this tender. However, we are pleased to have been a part of this pioneering solution and wishes it continued success.”
The new vendor and/or the State of Florida chose not to begin providing services when the Thales contract expired on June 30.
Thales and/or the State of Florida chose not to temporarily renew the existing contract until the new vendor was providing services in 2025.
This third point is especially odd. I’ve known of situations where Company A lost a renewal bid to Company B, Company B was unable to deliver the new system on time, and Company A was all too happy to continue to provide service until Company B (or in some cases the government agency itself) got its act together.
Anyway, for whatever reason, those who had Florida mobile driver’s licenses have now lost them, and will presumably have to go through an entirely new process (with an as-yet unknown vendor) to get their mobile driver’s licenses again.
I’m not sure how much more we will learn publicly, and I don’t know how much is being whispered privately. Presumably the new vendor, whoever it is, has some insight, but they’re not talking.
Bredemarket 