[House Hearing, 118 Congress]
[From the U.S. Government Publishing Office]
IDENTITY MANAGEMENT INNOVATION: LOOKING BEYOND REAL ID
=======================================================================
HEARING
before the
SUBCOMMITTEE ON
TRANSPORTATION AND MARITIME SECURITY
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED EIGHTEENTH CONGRESS
FIRST SESSION
__________
DECEMBER 5, 2023
__________
Serial No. 118-42
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.govinfo.gov
__________
U.S. GOVERNMENT PUBLISHING OFFICE
56-715 PDF WASHINGTON : 2024
COMMITTEE ON HOMELAND SECURITY
Mark E. Green, MD, Tennessee, Chairman
Michael T. McCaul, Texas Bennie G. Thompson, Mississippi,
Clay Higgins, Louisiana Ranking Member
Michael Guest, Mississippi Sheila Jackson Lee, Texas
Dan Bishop, North Carolina Donald M. Payne, Jr., New Jersey
Carlos A. Gimenez, Florida Eric Swalwell, California
August Pfluger, Texas J. Luis Correa, California
Andrew R. Garbarino, New York Troy A. Carter, Louisiana
Marjorie Taylor Greene, Georgia Shri Thanedar, Michigan
Tony Gonzales, Texas Seth Magaziner, Rhode Island
Nick LaLota, New York Glenn Ivey, Maryland
Mike Ezell, Mississippi Daniel S. Goldman, New York
Anthony D'Esposito, New York Robert Garcia, California
Laurel M. Lee, Florida Delia C. Ramirez, Illinois
Morgan Luttrell, Texas Robert Menendez, New Jersey
Dale W. Strong, Alabama Yvette D. Clarke, New York
Josh Brecheen, Oklahoma Dina Titus, Nevada
Elijah Crane, Arizona
Stephen Siao, Staff Director
Hope Goins, Minority Staff Director
Sean Corcoran, Chief Clerk
------
SUBCOMMITTEE ON TRANSPORTATION AND MARITIME SECURITY
Carlos A. Gimenez, Florida, Chairman
Clay Higgins, Louisiana Shri Thanedar, Michigan, Ranking
Nick LaLota, New York Member
Laurel M. Lee, Florida Donald M. Payne, Jr., New Jersey
Mark E. Green, MD, Tennessee (ex Robert Garcia, California
officio) Bennie G. Thompson, Mississippi
(ex officio)
Vacancy, Subcommittee Staff Director
Alex Marston, Minority Subcommittee Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable Carlos A. Gimenez, a Representative in Congress
From the State of Florida, and Chairman, Subcommittee on
Transportation and Maritime Security:
Oral Statement................................................. 1
Prepared Statement............................................. 3
The Honorable Shri Thanedar, a Representative in Congress From
the State of Michigan, and Ranking Member, Subcommittee on
Transportation and Maritime Security:
Oral Statement................................................. 4
Prepared Statement............................................. 5
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 6
Witnesses
Mr. Ian Grossman, President and CEO, The American Association of
Motor Vehicle Administrators:
Oral Statement................................................. 7
Prepared Statement............................................. 9
Mr. Jeremy Grant, Coordinator, Better Identity Coalition:
Oral Statement................................................. 11
Prepared Statement............................................. 14
Mr. Hal Wiediger, Senior Vice President, Client Success, Identity
& Security North America, Idemia:
Oral Statement................................................. 18
Prepared Statement............................................. 20
Mr. Jay Stanley, Senior Policy Analyst, Speech, Privacy, and
Technology Project, American Civil Liberties Union:
Oral Statement................................................. 21
Prepared Statement............................................. 23
IDENTITY MANAGEMENT INNOVATION: LOOKING BEYOND REAL ID
----------
Tuesday, December 5, 2023
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Transportation and
Maritime Security,
Washington, DC.
The subcommittee met, pursuant to notice, at 3:08 p.m., in
room 310, Cannon House Office Building, Hon. Carlos A. Gimenez
[Chairman of the subcommittee] presiding.
Present: Representatives Gimenez, Higgins, LaLota, Lee, and
Thanedar.
Also present: Representative Foster.
Mr. Gimenez. The Committee on Homeland Committee,
Subcommittee on Transportation and Maritime Security will come
to order.
Without objection, the Chair may declare the subcommittee
in recess at any point. Today's hearing will examine the status
and challenges of identity management in the United States with
a focus on the implementation of REAL ID.
I now recognize the Ranking Member, the gentleman from
Michigan, Mr. Thanedar, for the purposes of seeking unanimous
consent.
Mr. Thanedar. Thank you, Mr. Chair.
I ask unanimous consent that Mr. Foster be permitted to sit
with the subcommittee and question today's witnesses, please.
Mr. Gimenez. So ordered.
I now recognize myself for an opening statement.
American identity management is fundamentally fractured.
The REAL ID Act of 2005 was passed in response to September 11.
The goal of the Act was to address the fact that hijackers were
able to fraudulently obtain State drivers' licenses, and
thereby enable their heinous acts of terrorism.
Congress decided that there needed to be security standards
for States when it came to identity documents.
Eighteen years later, approximately 52 percent of the
American population possess a driver's license that is REAL ID-
compliant. That means 48 percent do not. Only 4 States require
REAL ID, which leaves 46 States and 5 American territories that
provide non-REAL IDs as an option.
The problem comes to a head on May 7, 2025. On this date,
if you do not have a REAL ID, you will not be able to fly in
the United States unless you happen to have a passport, a
Global Entry card, or some other sort of Government-issued ID
that is approved for air travel. Suffice it to say that May 7,
2025, we're going to encounter utter mayhem at our airports.
Since 2005, the Department of Homeland Security has awarded
over $263 million in grant funding to assist in enhancements to
driver's licenses. While this money has enabled individual
States to update their processes, the REAL ID efforts have come
in behind schedule and over budget.
While all States are now offering REAL ID-compliant
licenses, there's more work to be done to raise awareness and
REAL ID adoption.
Yesterday, I had the chance to meet with our Transportation
Security Administration, which is now overseeing REAL ID
efforts, given DHS headquarters' mismanagement of this
important initiative since the beginning.
In 2020, TSA took over REAL ID management and Congress
passed the REAL ID Modernization Act, providing streamlined and
innovative enhancements to REAL ID requirements. Since then,
the work has expanded and become somewhat more efficient.
Furthermore, the TSA's identity management team has sought
to look beyond physical identity documents and engage the
digital realm, bringing together experts from the National
Institute of Standards and Technology, technology companies,
and banks, to conceptualize the future of digital identity in
the United States.
I applaud these efforts, but I'm concerned that this is a
bigger effort than just one agency and one department. It
requires a whole-of-Government approach and leadership from the
highest levels.
Sadly, every American knows somebody or has themselves been
a victim of identity theft. This year alone, the Identity Theft
Resource Center recorded more than 2,800 data-breach notices,
which included over 273 million individuals. The total
financial losses for Americans is over $10 billion.
The average cost for U.S. driver's licenses on the black
market is between $150 and $200. The average cost of a Social
Security number is worth only a few pennies. In other words,
Social Security numbers are easy to forge and not a very secure
way to identify yourself.
There's also a darker side to identity theft. The Identity
Theft Resource Center reports that 16 percent of identity crime
victims contemplated suicide this past year due to the impact
of their stolen identity.
Simply put, this issue is about more--more than simply
getting a driver's license. I firmly believe our current
identity management challenges are solvable and provide us with
an opportunity. However, it will require hard work.
We need to fix the current problems by devaluing the stolen
identity data of Americans that is already out in the open so
that criminals cannot so easily leverage American identities
for nefarious purposes. We must take a hard look at how we can
protect future American identity by providing new ways to prove
that you are, in fact, who you say you are--such as new mobile
driver's licenses that are a digital counterpart to plastic ID
cards and that can be used not only in person but also on-line.
When it comes to the future of identity, Americans are
rightly skeptical and concerned about privacy and civil
liberties, especially the collection of biometric data. This is
why in today's hearings we will draw the important distinction
between biometric verification processes versus biometric
recognition.
As usual, the private sector has had solutions to identify
management for decades, though, because the Government is the
only authoritative issuer of identity, there are limitations on
what the industry alone can deliver.
We have with us today a panel of experts in the industry
that have been involved in this discussion since the beginning
of these discussions.
The American people deserve a robust discussion about the
time line of events, and how it is that we landed here 18 years
after the passage of the REAL ID Act with even greater
challenges than we had before.
I look forward to the discussion and the solutions that are
offered.
[The statement of Chairman Gimenez follows:]
Statement of Chairman Carlos A. Gimenez
American identity management is fundamentally fractured.
The REAL ID Act of 2005 was passed in response to September 11.
The goal of the Act was to address the fact that the hijackers were
able to fraudulently obtain State drivers' licenses and thereby enable
their heinous act of terrorism.
Congress decided that there needed to be security standards for
States when it came to identity documents.
Eighteen years later, approximately 52 percent of the American
population possesses a driver's license that is REAL ID-compliant.
Only 4 States require REAL ID, which leaves 46 States and 5
American territories that provide non-REAL ID's as an option.
The problem comes to a head on May 7, 2025. On this date, if you do
not have a REAL ID, you will not be able to fly in the United States,
unless you happen to have a Passport, Global Entry card, or some sort
of other Government-issued ID that is approved for air travel.
Suffice to say, on May 7, 2025, we are going to encounter utter
mayhem at our airports.
Since 2005, the Department of Homeland Security has awarded over
263 million dollars in grant funding to assist in enhancements to
driver's licenses.\1\
---------------------------------------------------------------------------
\1\ Minimum Standards for Driver's Licenses and Identification
Cards Acceptable by Federal Agencies for Official Purposes; Extending
Enforcement Date, FEDERAL REGISTER (2023), https://
www.federalregister.gov/documents/2023/03/09/2023-04496/minimum-
standards-for-drivers-licenses-and-identification-cards-acceptable-by-
federal-agencies-for (last visited Dec 1, 2023).
---------------------------------------------------------------------------
While this money has enabled individual States to update their
processes, the REAL ID efforts have come in behind schedule and over
budget. While all States are now offering REAL ID-compliant licenses,
there is more work to be done to raise awareness and REAL ID adoption.
Yesterday, I had the chance to meet with our Transportation
Security Administration, which is now overseeing REAL ID efforts given
DHS headquarters' mismanagement of this important initiative since the
beginning.
In 2020, TSA took over REAL ID management and Congress passed the
REAL ID Modernization Act, providing streamlined and innovative
enhancements to REAL ID requirements. Since then, the work has expanded
and become more efficient.
Furthermore, the TSA's identity management team has sought to look
beyond physical identity documents and engage the digital realm--
bringing together experts from the National Institute of Standards and
Technology, technology companies, and banks to conceptualize the future
of digital identity in the United States.
I applaud these efforts but am concerned that this is a bigger
effort than just one agency in one department--it requires a whole-of-
Government approach and leadership from the highest levels.
Sadly, every American knows somebody or has themselves, been a
victim of identity theft.
This year alone, the Identity Theft Resource Center recorded more
than 2,800 data breach notices which included over 273 million
individuals.
Total financial losses for Americans was over $10 billion.
The average cost for a U.S. driver's license on the black market is
between $150 and $200.
The average cost of a social security number is worth only a few
pennies.
In other words, social security numbers are easy to forge and not a
very secure way to identify yourself.
There's also a darker side to identity theft.
The Identity Theft Resource Center reports that 16 percent of
identity crime victims contemplated suicide the past year due to the
impact of their stolen identity.
Simply put: this issue is about more than simply getting a driver's
license.
I firmly believe our current identity management challenges are
solvable and provide us with an opportunity.
However, it will require hard work.
We will need to fix the current problem by devaluing the stolen
identity data of Americans that is already out in the open so that
criminals cannot so easily leverage American identities for nefarious
purposes.
And we must take a hard look at how we can protect future American
identities by providing new ways to prove that you are--in fact--who
you say you are, such as new mobile driver's license that are a digital
counterpart to plastic ID cards and that can be used not only in person
but also on-line.
When it comes to the future of identity, Americans are rightly
skeptical and concerned about privacy and civil liberties--especially
the collection of biometric data.
This is why in today's hearing we will draw the important
distinction between biometric verification versus biometric
recognition.
As usual, the private sector has had solutions to identity
management for decades. Though, because Government is the only
authoritative issuer of identity, there are limitations on what
industry alone can deliver.
We have with us today a panel of experts in the industry that have
been involved in this discussion since the beginning of these
discussions.
The American people deserve a robust discussion about the time line
of events and how it is that we landed here--18 years after the passage
of the REAL ID Act--with even greater challenges than we had before.
I look forward to the discussion and the solutions that are
offered.
Mr. Gimenez. I now recognize the Ranking Member, the
gentleman from Michigan, Mr. Thanedar, for his opening
statement.
Mr. Thanedar. Good afternoon.
Thank you, Chairman Gimenez, for calling today's hearing
and thank you to our witnesses for sharing your expertise.
A record number of passengers are traveling through
Transportation Security Administration security checkpoints
with TSA, recently screening a record 2.9 million people in a
single day. TSA is charged with verifying the identities of
each and every passenger entering a checkpoint and ensuring
each passenger receives the appropriate level of screening
based on the risk that they pose.
As TSA approaches the deadline for requiring passengers to
show REAL ID-compliant identification in May 2025, the agency
must enhance public awareness efforts to ensure all passengers
have compliant IDs.
Our crowded aviation system cannot afford the challenge and
the chaos of thousands of thousands of passengers arriving to
TSA checkpoints without acceptable identification. Recently,
TSA has begun piloting next-generation technologies for
managing and verifying identities.
In 8 States, passengers can now use mobile driver's
licenses to access screening checkpoints, and in 25 locations,
TSA's using facial recognition technology to match passengers
to their IDs. Digital IDs and facial recognition technology
both offer the potential for security enhancements and
convenience, but the potential downsides are grave.
TSA must prioritize protections for privacy, civil rights,
civil liberties, and even to an extent, extreme degree. TSA's
efforts to advance these technologies may set the standard for
other sectors. So TSA must go out of its way and take the time
to do the things the right way.
TSA seems to be in a hurry to fast-forward into the future
with these technologies, even as it allows vulnerabilities
within existing identity verification process to persist.
Last year, TSA notified Congress of security incidents that
have occurred within the Registered Traveler Program operated
by Clear. The program has allowed some travelers to enter
security checkpoints using fraudulent identity. In one
instance, an individual picked up a boarding pass out of a
trash can and was able to use it to go through screening
because a Clear employee falsely told TSA they had verified the
individual's identity.
Addressing these vulnerabilities does not require any
futuristic technology or creative solutions. It simply requires
TSA to stop outsourcing identity verification functions to a
corporation seeking to make profit.
Vetting and verifying passenger identities are inherently
Governmental functions. For nearly a year, Ranking Member
Thompson has been calling for TSA to require all passengers to
go through TSA's own identity verification processes. TSA could
mandate such a requirement today.
I urge TSA to spend a little less time fast-forwarding into
the future, and instead, focus on addressing security
vulnerabilities that threaten the aviation system today.
I look forward to hearing from our witnesses on these
critical topics.
Chairman Gimenez, I thank you for our witnesses again.
I yield back.
[The statement of Ranking Member Thanedar follows:]
Statement of Ranking Member Shri Thanedar
December 5, 2023
Record numbers of passengers are traveling through Transportation
Security Administration security checkpoints, with TSA recently
screening a record 2.9 million people in a single day. TSA is charged
with verifying the identity of each and every passenger entering a
checkpoint and ensuring each passenger receives the appropriate level
of screening based on the risk they pose.
As TSA approaches the deadline for requiring passengers to show
REAL ID-compliant identification in May 2025, the agency must enhance
public awareness efforts to ensure all passengers have compliant IDs.
Our crowded aviation system cannot afford the chaos of thousands of
passengers arriving to TSA checkpoints without acceptable
identification.
Recently, TSA has begun piloting next-generation technologies for
managing and verifying identities. In 8 States, passengers can now use
mobile driver's licenses to access screening checkpoints. And in 25
locations, TSA is using facial recognition technology to match
passengers to their IDs. Digital IDs and facial recognition technology
both offer the potential for security enhancements and convenience--but
the potential downsides are grave.
TSA must prioritize protections for privacy, civil rights, and
civil liberties, even to an extreme degree. TSA's efforts to advance
these technologies may set the standard for other sectors--so TSA must
go out of its way and take the time to do things the right way. TSA
seems to be in a hurry to fast forward into the future with these
technologies, even as it allows vulnerabilities within existing
identity verification processes to persist.
Late last year, TSA notified Congress of security incidents that
have occurred within the Registered Traveler program operated by CLEAR.
This program has allowed some travelers to enter security checkpoints
using fraudulent identities. In one instance, an individual picked a
boarding pass out of a trash can and was able to use it to go through
screening because a CLEAR employee falsely told TSA they had verified
the individual's identity.
Addressing these vulnerabilities does not require any futuristic
technology or creative solution; it simply requires TSA to stop
outsourcing identity verification functions to a corporation seeking to
make a profit. Vetting and verifying passenger identities are
inherently Governmental functions. For nearly a year, Ranking Member
Thompson has been calling for TSA to require all passengers to go
through TSA's own identity verification processes. TSA could mandate
such a requirement today.
I urge TSA to spend a little less time fast-forwarding into the
future and instead focus on addressing security vulnerabilities that
threaten the aviation system today.
Mr. Gimenez. Thank you, Ranking Member.
Other Members of the committee are reminded that opening
statements may be submitted for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
December 5, 2023
The title of this hearing references ``Looking Beyond REAL ID''--
but in my opinion, we should not be focusing on the future of identity
management until we address the glaring vulnerabilities present at
security checkpoints today.
Last December, TSA informed the committee of security incidents
that have occurred within the Registered Traveler program. As carried
out by the private sector, the Registered Traveler program has allowed
some passengers to enter security checkpoints using fraudulent
identities. In at least one known instance, the Registered Traveler
program allowed a passenger to enroll in its program using a fake ID.
In another case, a passenger found a boarding pass in an airport
trash can, and a private-sector employee escorted the passenger into
the security checkpoint without verifying their identity. Enough is
enough. TSA must act to close these critical security gaps and regain
control of identity verification. Vetting and verifying passenger
identities is a core layer of TSA's approach to security. It should be
carried out by Federal employees who are trained to a rigorous
standard--not outsourced to a private company seeking to profit off the
inconvenience of security screening.
For the past year, I have called on TSA to require all passengers
to go through TSA's identity verification processes. But instead of
acting to address existing vulnerabilities that place travelers at risk
every day, TSA has focused on developing next-generation technologies
like digital IDs and facial recognition. These technologies are trendy,
and they may offer some security and convenience benefits, but they
also pose significant risks to privacy, civil rights, and civil
liberties. Racial biases of some facial recognition algorithms have
been well-documented.
Though TSA has put its technologies through testing to prevent
against bias, mass deployment of facial recognition threatens to
normalize technology that could be easily abused in sectors not subject
to such testing standards. Similarly, because of the breadth of TSA's
operations, which screen millions of passengers each day, the agency's
adoption of digital ID standards may drive the future of the identity
industry. TSA must act responsibly to prioritize privacy protections
above small improvements to passenger convenience.
I also remain concerned that TSA is ill-prepared to enforce
requirements for passengers to present REAL ID-compliant identification
at TSA checkpoints. Though the current deadline for enforcement is not
until May 2025, TSA must act now to push for increased REAL ID adoption
rates to avoid major disruptions at checkpoints.
Mr. Gimenez. Again, I am pleased to have a distinguished
panel of witnesses before us today on this critical topic. I
ask that our witnesses please rise and raise their right hands.
Do you solemnly swear the testimony you will give before
the Committee on Homeland Security of the U.S. House of
Representatives will be the truth, the whole truth, and nothing
but the truth, so help you God?
Let the record reflect that the witnesses have answered in
the affirmative.
Thank you, and please be seated.
I will now like to formally introduce our witnesses. Ian
Grossman serves as president and CEO of the American
Association of Motor Vehicle Administrators.
Jeremy Grant serves as the coordinator for the Better
Identity Coalition.
Hal Wiediger serves as the senior vice president of Client
Success at IDEMIA.
Jay Stanley serves as senior policy analyst at the American
Civil Liberties Union.
I thank each of our witnesses for being here today.
I now recognize Ian Grossman for 5 minutes to summarize his
opening statement.
STATEMENT OF IAN GROSSMAN, PRESIDENT AND CEO, THE AMERICAN
ASSOCIATION OF MOTOR VEHICLE ADMINISTRATORS
Mr. Grossman. Thank you, Mr. Chairman, Mr. Ranking Member,
Members of the committee. Thank you for the opportunity to
appear before you today and discuss this important issue of the
future of identity management.
The American Association of Motor Vehicle Administrators,
or AAMVA, is a nonprofit organization representing motor
vehicle agencies and jurisdictional highway safety law
enforcement.
In plain speak, our association's primary members are the
State DMVs and the State police throughout the United States
and Canada. We enable collaboration to ensure safe drivers,
safe vehicles, secure identities, all together to save lives.
When first contemplated, driver's licenses were issued
solely to indicate a person as having been granted the legal
authority to operate a motor vehicle. Now the driver's license
has become the de facto primary identity document in the United
States. It serves as a document of choice for public services,
financial institutions, and other entities seeking identity
assurance.
Americans use their State driver's license or
identification card in countless everyday activities including
making age-limited purchases, entering schools, visiting
doctor's offices, and, of course, boarding an airplane.
This is why driver licensing agencies has become the
foremost trusted authority in identifying whether people are
who they claim to be.
As we live through the age of digital transformation,
rapidly evolving in a post-COVID world of touchless
transactions, it comes as no surprise that your driver's
license is being transitioned to an electronic format. This
improvement is the mobile driver's license, or MDL.
The MDL is the future of licensing and proof of identity.
In MDL, the driver's license hosts it on mobile device with the
capability of being updated in real time. It contains the same
data used to produce a physical license. However, MDL data is
securely transmitted to a relying party's reader.
The MDL is a significant advancement over physical
credentials, which can easily be lost or stolen, become
damaged, become outdated as information changes, or offer too
much information. Unlike a physical credential which can easily
be replicated by counterfeiters, the MDL offers a completely
touchless transaction with selective information release, data
protection, and so much more.
The physical credential is limited by being a snapshot in
time. The information it represents may change. But, once
produced, it cannot be updated until it is reissued. Reissuance
typically occurred infrequently, sometimes only after many
years.
Additionally, with a physical credential, the person
inspecting the credential may be forced to draw conclusions
about the validity of the document based on a visual
examination. By comparison, a relying party authenticating an
MDL, using a reader, will immediately know that the MDL was
issued by a bona fide issuing authority, it was issued to the
person presenting it, and the data is no more than 90 days old.
Currently, to have adequate inspection of a physical
credential, a relying party has to have extensive knowledge of
security features or have tools to confirm that the security
features are included in the correct places on the credential.
In the case of an MDL, the authentication process can
happen seamlessly behind the scenes so the relying party does
not need to know what security features are part of the MDL.
They only need to possess the public key, the encrypted public
key which is used to authenticate the MDL, and if
authenticated, the data is transmitted and displayed to the
relying party. Without the authentication, no data is sent,
protecting the credential holder's data and protecting the
relying party from fraud.
In the future, State driver licensing agencies will each
publish their own public key. To support this, AAMVA has
developed a Digital Trust Service to provide relying parties a
trusted, central site to obtain all issuing authorities'
public-issuing certificates.
AAMVA's primary focus has been developing international
standards and supporting early adopters of the process of
issuing MDLs. However, regular interaction with relying parties
will be critical in the future of identity management MDL
proliferation. Educating and onboarding those who seek to
access the data in the MDL must be prioritized.
We urge Congress to consider investments critical to
establishing these trust networks. This can include grant
awards to States who invest in the foundational systems that
support mobile driver's licenses or the expansion of identity
transaction architecture.
I appreciate your time and the opportunity to testify. In
the realm of digital identity administration, the primary goal
of State licensing agencies remains the preservation of
identity as integrity as a public good by continuing for the
DMVs to be the most secure, trusted, privacy-preserving, and
convenient source of that identity.
Thank you again for the time today, the commitment to this
conversation, and I look forward to your questions. Thank you.
[The prepared statement of Mr. Grossman follows:]
Prepared Statement of Ian Grossman
December 5, 2023
Chairman Gimenez, Ranking Member Thanedar, thank you for the
opportunity to submit testimony on the important issue of identity
management innovation and the future of identity credentialing.
The American Association of Motor Vehicle Administrators (AAMVA) is
a tax-exempt, nonprofit organization that develops model programs in
motor vehicle administration, law enforcement, and highway safety. The
association also serves as an information clearinghouse in these areas.
Founded in 1933, AAMVA represents the State and provincial officials in
the United States and Canada who administer and enforce motor vehicle
laws. AAMVA's programs encourage uniformity and reciprocity among the
States and provinces.
Since the advent of the driving credential, State driver licensing
agencies have worked diligently to find effective ways to connect an
individual's driving record to a specific individual. Because roadway
safety is critical to the Nation's overall public safety, State driver
licensing agencies have consistently sought to solve a complex issue--
ensuring that the person is who they say they are. This seemingly
simple, yet critical and highly technical question, is the foundation
of States' efforts in identity management.
AAMVA members serve at the critical nexus of public safety and law
enforcement by working to reach the goal of ``one driver, one license,
one record'' for every individual operating a motor vehicle in the
United States. What began simply as credential displaying a legal
authorization to operate a motor vehicle has evolved over time to the
becoming the de facto identity document. It is the State-issued
driver's license and identity card that serves as the access document
of choice for State services, financial institutions, and other
entities seeking identity assurance.
To support our members' evolving role in identity management, AAMVA
provides guidance, standards, and best practices for the vetting of
identities and issuance of a secure and interoperable identity
credential. AAMVA is expanding members support with the fundamental
understanding that identity management is not a commodity but the
conveyance of a public benefit.
The development of future credentialing cannot be performed in a
vacuum. AAMVA is part of both national and international bodies that
develop standards defining the identity ecosystem. AAMVA has provided
leadership in the work within the bodies of the International
Organization for Standardization's (ISO) which is responsible for the
development and maintenance of the Personal Identification--ISO
Compliant Driving Licenses international standard (18013) establishing
guidelines in the format and content of motor vehicle driver licenses
(DLs). AAMVA published and maintains the DL/ID Card Design Standard
which localizes the international standard for use by North American
jurisdictions. These documents create a common basis for international
use and recognition of driver's licenses and identity cards across
State and international borders.
The most recent addition to the ISO 18013 standard is the Mobile
Driving License (mDL) Application. This part provides the interface and
data model requirements for safe, secure, trusted, and interoperable
mobile driving licenses and IDs. AAMVA drafted the functional
requirements that were used as a basis for the published standard and
has served as convenor of the ISO working group for many years.
The development of new standards in the identity space has been
spurred by drastic technology change. As the world continues to become
more technologically enabled and interactions shift toward digital
channels, there is an obvious need for advancement of Government-grade
identity management to address these new domains. It is becoming
increasingly clear that the future of identity management lies in the
credential's ability to be integrated onto a mobile device. It is for
this reason that AAMVA and its membership have been thought leaders in
transitioning the credential to a mobile driver's license, or mDL,
platform. Within the realm of digital identity administration, the
primary goal of issuing authorities remains the preservation of
identity integrity as a public good by continuing to be its most
secure, trusted, privacy-preserving, and convenient source.
The mDL is the future of licensing and proof of identity. An mDL is
a driver's license that is provisioned to a mobile device with the
capability to be updated in real time. It is comprised of the same data
elements that are used to produce a physical driver's license, however,
the data is transmitted electronically to a relying party's reader
device and authenticated.
The mDL is a significant improvement over physical credentials
which can easily be lost or stolen, become damaged, become outdated as
information changes, offer too much information (including personally
identifiable information not related to specific transactions), and
more easily be replicated by counterfeiters. The mDL offers safe,
secure, and trustable technologies that allow for completely touchless
transactions, selective information release, data protection, and so
much more. The mDL operates on the premise that the identity's owner is
always in full control of what data is shared with the option of only
providing those data elements (such as age) that are necessary for that
particular use case.
A physical credential represents a snapshot in time. It is a
credential subject to change with no faculty for updating the
credential once it has been issued until it is reissued, revoked, or
modified (sometimes over the course of many years). Additionally, with
a physical credential, the person inspecting the credential may be in a
situation where they are making assumptions on the validity of the
physical document by the very nature of visual examination. When the
relying party authenticates an mDL using a reader, they immediately
know that the mDL was issued by a bona fide issuing authority, was
issued to the person with whom they are transacting, was issued to that
specific holder's device, that the data is less than 30-90 days old,
and that the data hasn't changed since it was provisioned to their
device.
Currently, for a relying party (or end-user) to adequately inspect
a physical document's validity, they must meet complex conditions. They
need intricate knowledge of security features the State uses on the
credential, and they need the tools to confirm that the exact same
security features are included in the document in the places they need
to be. In the case of an mDL that authentication happens seamlessly
behind the scenes, so the relying party does not have to know what
security features are part of the mDL--all they need is the public key.
The public key is used to authenticate the mDL data on the device, and
if authenticated, the data is displayed on the relying party's device.
If the data doesn't authenticate, no data renders for the relying
party, protecting the credential holder's data.
The process of authenticating a digital identity credential
includes the technical trust point of relying party possessing an
issuing authority's public key certificate. In a future environment
where many issuing authorities (State driver licensing agencies) are
each publishing their own public key certificate, it will be
challenging for relying parties to obtain and trust all the issuing
authorities' public key certificates. AAMVA's work in the mDL
environment includes the development of a ``Digital Trust Service''
(DTS). The established AAMVA DTS collects public key certificates from
vetted issuing authorities and ensures each key and the corresponding
mDL product meets minimum international standards. The DTS aggregates
the public keys so relying parties can easily access them in a singular
and trusted location. The DTS provides validation that the State is a
vetted issuing authority, validation that they are creating and
maintaining their public and private keys per industry standards and
comply with the ISO 18013-5 interoperability standard. Without the
assurance of 18013-5 standard compliance, the credential may not be
interoperable, the customer is not ensured control of their data, and
there is no certainty that the mDL adheres to appropriate privacy
protections.
While AAMVA anticipates the mDL will eventually be used as a
singular identity credential, we recognize for the immediate future
both the physical card and the mDL must coexist for redundancy and
operationally significant reasons. This includes the lack of available
readers in all situations, including potential law enforcement
interactions (or other unanticipated scenarios where a reader is
absent). For these reasons, the mDL is currently viewed as an extension
of the physical card rather than an immediate replacement.
Additionally, AAMVA emphasizes that mDL interaction with relying
parties will be a critical component in the future of identity
management. Relying parties represent the other half of the identity
equation, and in the sensible progression of identity management, the
education and onboarding of those who seek access to the data
provisioned on a device must be prioritized. While AAMVA and its
members continue to work toward common goals in terms of public
benefits, relying parties must also work collaboratively to fulfill the
tenants and best practices of identity protection.
As Congress continues its consideration of the future of identity
management and its impact on constituent-Government interactions, AAMVA
emphasizes trust as the determining factor for success. As we seek
shared solutions on how to best build that trust, AAMVA urges Congress
to continue studying what the future looks like and consider
investments that will be critical to establishing trust networks. This
includes availability of grant awards to States who invest in the
foundational systems that support mobile driver's license platforms or
expansion of identity transaction architecture. These investments will
help ensure that as citizens make the transition to new identity models
in the very near future, they are reassured that the Government is
supporting that transition in the best way possible. Just as we have
seen with traditional driving credentials, the purpose and opportunity
of identity management extends well beyond the driving credential
itself.
AAMVA thanks the subcommittee for the opportunity to testify and
stands ready to continue the important conversation of how we can help
further the shared interests of security and identity management.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mr. Gimenez. Thank you, Mr. Grossman.
I now recognize Jeremy Grant for 5 minutes to summarize his
opening statement.
STATEMENT OF JEREMY GRANT, COORDINATOR, BETTER IDENTITY
COALITION
Mr. Grant. Chairman Gimenez, Ranking Member Thanedar,
Members of the committee, I appreciate the opportunity to
testify today. I'm here on behalf of the Better Identity
Coalition, an organization that's focused on working with
policy makers to improve the way that Americans can protect and
verify their identities when they're on-line. Our members
include leaders in sectors like financial services, health,
technology, fintech, payments, and security.
Our 26 members are united by a common recognition that the
way we handle digital identity today in the United States is
broken and by a common desire to see both the public and
private sectors each take steps to make identity systems work
better.
Five years ago, we released a blueprint for policy makers
on how to improve digital identity infrastructure in America.
The blueprint highlighted the ways the Government can play a
role in delivering more secure, inclusive, privacy-preserving
digital solutions by closing the gap between the nationally-
recognized authoritative credentials that we have here in the
United States that work in the physical world, driver's
licenses, passports, and birth certificates--and the lack of
any digital counterpart to those credentials that can be used
when Americans need to prove who they are on-line.
Digital driver's licenses, also known as mobile driver's
licenses, or MDLs, play a big role in the blueprint by virtue
of the fact that driver's licenses and State ID cards are, by
far, the photo ID that's most commonly obtained by people in
the United States, and are thus the documents that are most
commonly used to prove one's identity today in the physical
world.
We're thrilled to see this subcommittee focusing on the
issue of digital identity and what is needed beyond the REAL ID
Act.
There's five key points we'd like to emphasize today:
First, when it comes to mobile driver's licenses the
Government's prioritizing the wrong-use cases. There's
essentially two core-use cases for digital versions of States'
driver's licenses and digital ID cards. The first are in-person
cases such as clearing the TSA security checkpoints or proving
age at a bar to buy alcohol. This is where you're presenting a
digital version of a plastic card in your wallet that's instead
stored on your phone.
The second is remote or on-line use cases where you need to
prove who you are on-line, say, to open a bank account or apply
for Government services. Of these two, the first is a ``nice to
have,'' while the second addresses a critical cybersecurity
priority, a wave of identity-related cyber crime that's
impacting millions of Americans and costing us hundreds of
billions of dollars each year. This has been documented by
agencies like FinCEN and the GAO.
Now, this is not to say there aren't some tangible benefits
to the in-person use cases. But given what's happening in the
on-line world, it's time we get our priorities straight.
Second, our understanding is that the reason DHS and the
States have been focused on the in-person use cases is because
work is still on-going in the International Standards
Organization, known as ISO, to craft a standard for the on-line
use cases of MDLs. This is a terrible reason for the Government
to avoid focusing on solving a problem that leads to hundreds
of billions of dollars in identity-related cyber crime, most of
it perpetrated by organization crime or hostile nation-states.
If ISO's moving too slowly, the United States should take
the lead on creating its own standard and work to advance it in
ISO, rather than sit back and hope that ISO eventually figures
it out.
Now, while DHS does not create standards typically, DHS or,
even better, the White House or Congress, should request that
NIST lead an effort to create the standards and guidance needed
to accelerate the deployment of secure, privacy-protecting MDL
apps that Americans can use to better protect and assert their
identity on-line. There's actually a precedent for this here.
There's a lot of ISO cybersecurity standards that are more or
less based on work that NIST led first.
Third, TSA alone should not be in the lead here in that
there's things that TSA's responsible for with regard to
identity. But there are a relatively smaller subset of issues
with regard to the broader set of issues that's at play. It's
not TSA's mission to ensure a safe and privacy-preserving
foundation for, say, digital transactions in banking or health
or Government services.
While I admire a lot of the work TSA's doing here,
particularly how their team is taking some very forward-looking
steps in their proposed draft regulations on MDLs to look ahead
to maybe solving these other issues, there's just a bigger
structural issues where TSA's going to be limited in what they
can accomplish.
This brings up my fourth point which is that digital
identity is critical infrastructure and needs to be treated as
such. DHS said as much in 2019 when it declared identity as one
of 55 national critical functions defined as those services so
vital to the United States that disruption, corruption, or
disfunction would have a debilitating impact on security.
But compared to the other critical functions in that list,
identity has gotten scant investment and attention. It's a
little puzzling that DHS, after calling out digital identity as
critical function, has then opted to focus so narrowly here as
it implements the REAL ID Modernization Act of 2020.
Finally, on that note, the White House could and should
play a bigger role here by launching a whole-of-Government
effort to address critical vulnerabilities in our digital
identity fabric. President Biden actually had language on this
in the March 2023 National Cybersecurity Strategy. But when the
implementation plan for that strategy was published in July, it
inexplicably skipped over the identity section entirely.
In the wake of that White House inaction, Congress can
force the issue. There's a bipartisan bill--I know Congressman
Foster will be here in a bit, who was a lead sponsor--called
the Improving Digital Identity Act that cleared key House and
Senate committees last year, but fell just short of package--
short of passage.
As currently drafted, it falls under jurisdiction of the
House Oversight Committee and not this committee, but we'd
welcome the bill to explore ways this committee might be able
to drive action forward. It was also actually sponsored by
Democrats and Republicans on this committee.
I appreciate the opportunity to testify today. Note that I
have submitted some lengthier testimony for the record, as well
as a copy of our policy blueprint. I'll look forward to
answering your questions. Thank you.
[The prepared statement of Mr. Grant follows:]
Prepared Statement of Jeremy Grant
December 5, 2023
Chairman Gimenez, Ranking Member Thanedar, and Members of the
committee, thank you for the opportunity to testify today.
I am here on behalf of the Better Identity Coalition--an
organization focused on working with policy makers to improve the way
Americans establish, protect, and verify their identities when they're
on-line.
Our members include leaders in sectors like financial services,
health, technology, FinTech, payments, and security. Our 26 members are
united by a common recognition that the way we handle digital identity
today in the United States is broken--and by a common desire to see
both the public and private sectors each take steps to make identity
systems work better.
Identity does not always get much attention, but is an important
topic, in that the way we handle identity in America impacts our
security, our privacy, and our liberty. From an economic standpoint,
particularly as we move high-value transactions into the digital world,
identity can be the ``great enabler''--providing a foundation for
digital transactions and on-line experiences that are more secure, more
enjoyable for the user, and ideally, more respectful of their privacy.
But outdated identity systems enable a set of great attack points
for criminals and other adversaries, such as hostile nation-states that
are seeking to steal data and money and compromise American systems. As
these threats grow--and new systems are put in place to try to guard
against them--they often create new burdens for consumers, businesses,
and Government agencies who need to accurately verify identity to
enable high-value transactions to be delivered on-line.
Five years ago, the Better Identity Coalition released a
``Blueprint'' for policy makers on how to improve digital identity
infrastructure in America. The Blueprint highlighted the ways that
Government can help deliver more secure, inclusive, privacy-preserving
digital solutions--by closing the gap between the nationally-
recognized, authoritative credentials that work in the physical world--
like driver's licenses, passports, and birth certificates--and the lack
of any digital counterpart to those physical credentials that can be
used when Americans need to prove who they are on-line.
Why is Government action needed here? Well, at the end of the day,
Government is the only authoritative issuer of identity in the United
States. But the identity systems Government administers are largely
stuck in the paper world, whereas commerce has increasingly moved on-
line. This ``identity gap''--a complete absence of Government-issued
credentials built to support digital transactions--is being actively
exploited by adversaries to steal identities, money, and sensitive
data, and defraud consumers, governments, and businesses alike.
And while industry has come up with some decent tools to try to get
around this identity gap, adversaries have caught up with many of them.
Moreover, with the rise of artificial intelligence (AI) now
enabling new types of attacks on digital identity (such as cheap and
highly convincing deepfakes that can fool remote identity verification
tools), the security and economic risks are more acute than ever. It is
imperative that the United States develop a strategy to ensure we have
digital identity infrastructure that can mitigate and stay ahead of
these threats.
Indeed most of our peer countries have either created robust
digital identity infrastructure or has launched a national initiative
to do so. Each year that passes without a comprehensive initiative to
prioritize more robust, privacy-preserving digital identity
infrastructure puts Americans at greater risk than the rest of the
world and threatens our international competitiveness.
Going forward, Government will need to take a more active role in
working with industry to deliver next-generation remote identity
proofing solutions. This is not about a national ID--and we do not
recommend that one be created. We already have a number of nationally-
recognized, authoritative Government identity systems--the driver's
license, the passport, the SSN. But because of the ``identity gap''
these systems are stuck in the paper world, while commerce is
increasingly moving on-line.
To fix this, America's paper-based systems should be modernized
around a privacy-protecting, consumer-centric model that allows
consumers to ask an agency that issued a credential to stand behind it
in the on-line world--by validating the information from the
credential.
Digital driver's licenses--also known as ``mobile'' driver's
licenses or mDLs--featured prominently in our Blueprint. This is by
virtue of the fact that driver's licenses and State ID cards are by far
the photo ID that is most commonly obtained by people in the United
States, and are thus the documents that are most commonly used to prove
one's identity today in the physical world.
The single best way to prevent identity theft and identity-related
cyber crime is to give Americans tools that they can use to protect
themselves from identity thieves. mDLs have much to offer here, as they
can enable Americans to reuse a high assurance credential they already
have--their driver's license or State ID card--when they need to prove
who they are on-line for high assurance transactions. And because the
REAL ID Act of 2005 established a Federal standard for a robust, in-
person identity-proofing process for States to follow, consumers can
derive significant benefit if REAL ID-compliant driver's licenses are
enhanced to support digital transactions.
By binding proof of identity to a digitally-signed mDL app housed
securely in a smartphone, a mDL can help Americans be better protected
against identity thieves. And if designed properly, a mDL can offer not
just better security, but also better privacy and increased convenience
when Americans need to prove who they are on-line.
We're thrilled to see this subcommittee focusing in on the issue of
digital identity and what is needed beyond the REAL ID Act.
I expect a good deal of this hearing will focus in on the role that
TSA is playing with regard to mobile driver's licenses and REAL ID. And
I think it is important to say that I admire the work TSA is doing
here, at least in regard to the subset of issues around identity that
are a part of TSA's mission.
The more important question for this hearing to explore, in my
view, is whether TSA alone should be in the lead? In that the things
that TSA cares about with regard to digital identity are a relatively
small set of issues relative to the broader set of issues at hand.
There are five key points we would like to emphasize today:
First, when it comes to mobile driver's licenses, the Government is
prioritizing the wrong use cases.
There are essentially two core use cases for digital versions of
State driver's licenses and ID cards:
The first is in-person use cases, such as clearing a TSA
security checkpoint, or proving age at a bar to buy alcohol.
This is where you are presenting a digital version of the
plastic card in your wallet that is instead stored on your
phone.
The second is remote or on-line use cases, where you need to
prove who you are on-line, say, to open a bank account or apply
for Government services.
Of these two use cases, there are certainly some tangible benefits
to the in-person applications--I discuss those later in my testimony--
but viewed against the backdrop of a wave of identity-related cyber
crime that is costing Americans hundreds of billions of dollars each
year, the in-person applications look like a ``nice to have.''
This is because the numbers on the cybersecurity side are
staggering, and they are impacting many different sectors:
FinCEN recently revealed that $212 billion in transactions
flagged in 2021 Suspicious Activity Reports (SARs) filed by
banks were tied to some form of breakdown in the identity
verification process.\1\
---------------------------------------------------------------------------
\1\ https://www.nextgov.com/digital-government/2023/09/212b-
suspicious-activity-reports-fin- cenin-2021-concerned-identity-
officials-report/390279/.
---------------------------------------------------------------------------
The Government Accountability Office (GAO) reported that
between $100-$135 billion in pandemic Unemployment Insurance
(UI) benefits was lost to fraud during the pandemic. Funds were
stolen both by organized criminals and State-sponsored actors,
with compromised identities being used to enable the bulk of
the theft.\2\
---------------------------------------------------------------------------
\2\ https://www.gao.gov/assets/gao-23-106696.pdf.
---------------------------------------------------------------------------
The Identity Theft Resource Center (ITRC)--a non-profit
which helps victims of identity theft--has stated that 2023 is
shaping up to be the worst year ever for identity theft and
data breaches.
Why are there so many problems here? As I stated earlier, attackers
have caught up with many of the ``first-generation tools'' we have used
to protect, verify, and authenticate identity on-line, to the point
that it is an anomaly when a major breach happens and some sort of
identity compromise is not the attack vector. There are many reasons
for this--but the most important question is: What should Government do
about it now?
With nearly $350 billion in identity-related cyber crime documented
in just two sectors--banking and Government benefits--the deficiencies
in digital identity infrastructure that enable most of this crime
should be getting a ton of attention.
Instead--inexplicably, in my opinion--the U.S. Government has been
prioritizing the in-person use cases for mDLs while giving little
attention to the on-line use cases that could address this massive wave
of identity-related cyber crime.
This is not to say that the in-person use cases have no value; on
the contrary, there are notable improvements to security, privacy, and
convenience that can be delivered by a properly-designed mDL that is
used for in-person use cases. The ability, for example, to let someone
share elements of their ID such as age or State of residence on a
granular basis--without revealing all of the information printed on
their ID--can improve privacy. Likewise, having digitally-signed data
in a mDL app can offer security and anti-counterfeiting benefits above
and beyond the security features that are built into plastic cards.
However, when weighed against our most pressing problems in digital
identity, these in-person use cases should not be the lead priority.
There is some background here worth sharing:
The initial pilots of mDLs were funded by the National
Institute of Standards and Technology (NIST) between 2012-2015,
as part of the National Strategy for Trusted Identities in
Cyberspace initiative. It's worth sharing here that I ran that
program, and served as NIST's Senior Executive Advisor for
Identity Management. The pilots were focused on the ways that a
mDL could be used to help people when they had to prove who
they were on-line for a high-value service like banking or
Government benefits.
However when Congress passed the REAL ID Modernization Act
in 2020 to reflect the emergence in the market of mDLs,
Congress did not specify which use cases were a priority. The
law just more generally directed DHS to update regulations for
REAL ID driver's licenses to support digital mDLs. Rather than
focus on the applications of mDLs that can prevent identity
theft and identity-related cyber crime, DHS instead delegated
implementation of the law to TSA, who has largely focused on
in-person use cases such as using a mDL to clear a TSA
checkpoint.
One question to consider is if TSA alone should be in charge--
especially when DHS originally led the REAL ID regulations out of its
policy office back in 2005? We assume DHS made this decision because
the ``core use case'' for REAL ID that impacts most Americans is
whether they can use their driver's license to clear a TSA checkpoint.
However, that's a small subset of the use cases where digital
identity matters, and many of these use cases are well outside of TSA's
jurisdiction--among those, the on-line identity use cases that are not
getting much attention.
Second, our understanding is that the reason DHS and the States have
both been focused on in-person use cases is because work is
still on-going in the International Standards Organization
(known as ISO) to craft a standard for the online use cases of
mDLs.
This is a terrible reason for the Government to avoid focusing on a
solving a problem that leads to hundreds of billions of dollars in
identity-related cyber crime and millions of victims of identity theft.
Indeed, it is hard to think of another security crisis where the
Government's response has been to say ``let's hold off on solving it
until the International Standards Organization gets things figured
out.''
If ISO is moving too slowly, the United States should take the lead
on creating its own standard, and work to advance it in ISO rather than
sit back and hope that ISO eventually figures it out.
While DHS does not create standards, DHS--or even better, the White
House or Congress--should request that NIST lead a timeboxed, 1-year
effort to create the standards and guidance needed to accelerate the
deployment of secure, privacy-protecting mDL apps that Americans can
use to protect and assert their identity on-line.
There is precedent for this here--indeed a number of ISO security
standards are more or less based on work that NIST led first. For
example, in 2013, when the Obama administration determined that
cybersecurity risks had reached a point that Government action was
urgently needed, President Obama signed an Executive Order that gave
NIST 1 year to create a Cyber Security Framework (CSF). NIST released
the CSF in 2014, and it has since become recognized across the globe as
the preeminent framework for organizations to use to manage cyber risk.
So much so that ISO then used it as the basis of a ``formal
international standard,'' leveraging the CSF content as the basis of
both ISO 27103 and 27110. None of this would have happened without a
recognition from the U.S. Government that Government action was needed
here to jumpstart progress.
Note that NIST has launched a small project here out of its
National Cybersecurity Center of Excellence (NCCoE) focused on
developing a reference implementation of the digital identity standard
in partnership with industry. Some of the Better Identity Coalition's
members are participating with NIST in this project; NIST has noted
that outcomes of this project may result in contributions to the ISO
standard currently being crafted. It's a good project that will help to
move the ball forward--but bluntly, it's too small and too slow an
effort relative to what is really needed here to accelerate the rollout
of robust digital identity infrastructure.
Third, TSA alone should not be in the lead here.
I do want to complement the TSA team working on this, in that they
get that there is a bigger set of issues at play beyond the use cases
directly relevant to TSA's mission, and they have been working with
NIST and other Government stakeholders. TSA's proposed draft
regulations here also include some elements dealing with the security
of how a mDL is provisioned for in-person use cases that can be
leveraged to also ensure a secure provisioning process for on-line use
cases--they seem to be looking beyond the use cases that are in their
scope.
That said, TSA's mission does not involve ensuring a safe and
privacy-preserving foundation for digital transactions in banking or
health or Government services, or other places where Americans might
have a need for digital ID.
Nor does it include issues around identity inclusion, such as how
to help people who might not have a driver's license or other
Government credential today--and who may not be able to easily get one.
This is an important point to flag: Roughly 10 percent of adults do not
have a driver's license or State ID, and in many cases, people lack
critical identity documents like birth certificates and Social Security
cards needed to get one. This disproportionately impacts the most
marginalized communities, including people of color, the elderly, the
poor, as well as survivors of domestic violence and those reentering
society after time in prison. As we talk about investing in new digital
identity tools, it is important to make sure our most vulnerable
neighbors are not left behind.
And so while I admire much of the work TSA is doing here--
particularly how their team has taken some very forward-looking steps
in their proposed draft regulations on mDLs to look ahead to solving
some of these other issues, there is a bigger structural issue where
TSA is limited in how much they can accomplish.
We desperately need to elevate protecting people from ID theft and
identity-related cyber crime so that it is a national priority, not a
transportation security priority.
This brings up my fourth key point, which is that digital identity is a
critical infrastructure issue and needs to be treated as such.
DHS said as much in 2019 when it declared identity as one of 55
``National Critical Functions''--defined as those services ``so vital
to the U.S. that their disruption, corruption, or dysfunction would
have a debilitating effect on security.''
But compared to other critical functions, identity has gotten scant
investment and attention. And it's a bit puzzling that DHS, after
calling out digital identity as a critical function, has opted to focus
so narrowly here as it implements the REAL ID Modernization Act of
2020.
Finally, on that note, the White House could and should play a bigger
role here, by launching a ``whole-of-Government'' effort to
address critical vulnerabilities in our ``digital identity
fabric.''
The administration actually had great language on digital identity
in its March 2023 National Cybersecurity Strategy; Strategic Objective
4.5 of the Strategy called for the Government to ``Support Development
of a Digital Identity Ecosystem'' and stated:
``Today, the lack of secure, privacy-preserving, consent-based digital
identity solutions allows fraud to flourish, perpetuates exclusion and
inequity, and adds inefficiency to our financial activities and daily
life. Identity theft is on the rise, with data breaches impacting
nearly 300 million victims in 2021 and malicious actors fraudulently
obtaining billions of dollars in COVID-19 pandemic relief funds
intended for small businesses and individuals in need. This malicious
activity affects us all, creating significant losses for businesses and
producing harmful impacts on public benefit programs and those
Americans who use them. Operating independently, neither the private
nor public sectors have been able to solve this problem.''
Of note, the National Cybersecurity Strategy noted the role that
mDLs could play, encouraging ``a focus on privacy, security, civil
liberties, equity, accessibility, and interoperability.''
We agree that all of these are important, and, indeed, essential.
It is critical as mDLs are emerging that Government defines what
``good'' looks like with regard to these credentials, and puts a plan
in place to make sure that we get there--and that we avoid bad outcomes
that might arise if the architecture for mDLs is not properly designed
to maximize benefits and minimize any potential harms.
Unfortunately, when the implementation plan for National
Cybersecurity Strategy was published in July, it inexplicably skipped
over the identity section entirely--jumping from Strategic Objective
4.4. to 4.6, as if the identity objective was never in the Strategy.
The administration has said that identity might be addressed in future
versions of the implementation plan, but for now this work has been
sidelined. That means there is no vision of what ``good'' looks like to
guide different agencies working on these issues, nor is there any plan
to address some of the difficult inclusion issues I discussed earlier
to make sure that we are not leaving anybody behind as we invest in
better digital identity.
In the wake of White House inaction, Congress can help to drive
progress. Last year a bipartisan bill that is based on our Policy
Blueprint--the Improving Digital Identity Act--cleared the House
Oversight Committee and the Senate Homeland Security and Governmental
Affairs Committee (HSGAC), but came up just short of passage. That bill
has been reintroduced in the Senate and passed the HSGAC in March, and
is currently awaiting further action. As currently drafted, it falls
under the jurisdiction of the House Oversight Committee and not the
Homeland Security Committee, but the bill was sponsored by Democrats
and Republicans on this committee--former Ranking Member John Katko and
former Congressman Jim Langevin were original authors of the bill--and
we'd love to explore ways this committee might be able to drive action
forward.
Thank you for the opportunity to testify today. Note that I have
submitted a copy of the Coalition's Policy Blueprint \3\ for the record
to augment this testimony; I look forward to answering your questions.
---------------------------------------------------------------------------
\3\ The Blueprint can be found at https://www.betteridentity.org/s/
Better_Identity_- CoalitionBlueprint-July2018.pdf.
Mr. Gimenez. Thank you, Mr. Grant.
I now recognize Hal Wiediger for 5 minutes to summarize his
opening statement.
STATEMENT OF HAL WIEDIGER, SENIOR VICE PRESIDENT, CLIENT
SUCCESS, IDENTITY & SECURITY NORTH AMERICA, IDEMIA
Mr. Wiediger. Thank you, Chairman Gimenez and Ranking
Member Thanedar, for inviting me to this important topic for--
to testify today.
IDEMIA is on a mission to unlock the world and make it
safer. IDEMIA provides unique technologies, underpinned by
long-standing expertise in biometrics, cryptography, data
analytics, systems, and smart devices that secure billions of
transactions.
With 15,000 employees, IDEMIA is trusted by over 600
governmental organizations, and more than 2,300 enterprises
spread over 180 countries with an impactful, ethical, and
socially responsible approach.
For more than 60 years, IDEMIA has been a trusted partner
of Government agencies, offering unmatched expertise in
identity management. We have produced over 1 billion driver's
licenses in the United States and currently produce driver's
licenses for 34 States and mobile driver's licenses for 5
States.
Additionally, the Transportation Security Administration
relies on our Credential Authentication Technology, CAT, to
authenticate and verify and identify millions of travelers
every day.
Identity verification is a critical part of the security
mission of TSA. Our CAT machine helps TSA validate a
passenger's identity, and provide real-time security data on a
passenger's vetting status. The newest iteration of this
technology will enable the use of digital IDs and facial match
to further increase the security effectiveness of identity
validation processes.
As TSA implements the REAL ID mandate, the CAT machine will
let the officer know if a REAL ID is counterfeit. Digital
identity solutions provide consumers with unlimited benefits.
Digital IDs are here today and will be increasingly relied upon
in the future. Driver's licenses, passports, and other
credentials can be accessible on our mobile devices, much like
your credit cards today. This innovation fundamentally changes
the identity security market, enhancing security and improving
the customer experience, providing consumers with ultimate
control over their identity.
Digital IDs are derived from physical ID and the fidelity
of the information is tied to how robust the initial proving
process for the physical ID was. For example, a customer with a
REAL ID-compliant physical credential has proven both their
identity and their legal presence in the United States. A
digital ID derived from a REAL ID-compliant physical credential
provides the consumer with a digital document that enables them
to verify both their identity and their legal presence in the
United States.
Unlike a physical ID, which can be lost, used by an
imposter, or presented even if it has been revoked, a digital
ID can only be unlocked and used by the individual to whom it
was issued if the issuer allows it to be accessed,
significantly reducing opportunities for fraud and ensuring
only you can authorize the use and validation of your identity
information.
The use cases for this innovative technology provides
significant consumer benefits, making it easier for disaster
victims to file claims, preventing fraudulent transactions,
enabling customers with accessibility challenges to enroll for
important services wherever they are, faster provisioning of
public aid to services to citizens, or creating a frictionless
experience for travelers. Consumer demand and convenience will
force ID verification to be digital. Digital identity solutions
are secure, enhance privacy, and meet robust global standards.
Like many tools and technology innovations, our technology
is safe because we and our customers adhere to the highest
ethical privacy and accuracy standards. We demonstrate our
leadership and commitment by regularly taking part in tests by
the National Institute for Standards and Technology, NIST, to
check how our technology platforms and assess its accuracy to
ensure it is safe, secure, and accurate.
The test results confirm IDEMIA'S long-standing expertise
and demonstrate how advanced our technology is, giving us and
our customers confidence that they are using proven technology
that has been tested to ensure both accuracy and fairness.
However, we also have a role to play in determining who we
sell our technology to and how our technology is used. Any tool
in the wrong hands can cause harm. We ensure that our customers
respect using our technology in a way that aligns with our
values and makes it safe and easier for people to prove their
identity in a secure manner that also enhances privacy
protection.
For society to unlock this potential, we need a legal and
regulatory framework that ensures responsible use while also
enabling and supporting continuous innovations and society
benefits.
In closing, we're grateful to work with the fantastic
partners like the Department of Homeland Security, the
Transportation Security Administration, the American
Association of Motor Vehicle Administrators, and advocacy
groups like The Better Identity Coalition and the American
Civil Liberties Union.
Thank you for inviting IDEMIA to engage in this important
discussion today. We look forward to your questions and
appreciate an open dialog to discuss digital identity solutions
and the important benefits they provide society.
[The prepared statement of Mr. Wiediger follows:]
Statement of Hal Wiediger
December 5, 2023
introduction
Thank you, Chairman Gimenez and Ranking Member Thanedar, for
inviting me to testify today on this important topic. IDEMIA is on a
mission to unlock the world and make it safer. Backed by innovative
R&D, IDEMIA provides unique technologies, underpinned by long-standing
expertise in biometrics, cryptography, data analytics, systems, and
smart devices that secure billions of interactions around the world.
With 15,000 employees, IDEMIA is trusted by over 600 governmental
organizations and more than 2,300 enterprises spread over 180
countries, with an impactful, ethical, and socially responsible
approach.
For more than 60 years, IDEMIA has been a trusted partner of
Government agencies--offering unmatched expertise in identity
management. We have produced over 1 billion drivers licenses in the
United States, and currently produce driver's licenses for 34 States,
and mobile driver's licenses for 5 States. Additionally, the
Transportation Security Administration relies on our Credential
Authentication Technology (CAT) to authenticate and verify the identity
of millions of travelers every day.
Digital Identity Solutions Provide Consumers with Unlimited Benefits
Digital IDs are already here, and their issuance and adoption will
only increase in the future. Drivers licenses, passports, and other
credentials are now accessible on our mobile devices, much like credit
cards are today. This innovation fundamentally changes the identity
security market, simultaneously enhancing security and improving the
customer experience--providing consumers with ultimate control over
their identity. Digital IDs are derived from a physical credential, and
the fidelity of information is tied to how robust the initial proofing
process for the physical credential was.
For example, a customer with a REAL ID-compliant physical
credential has proven both their identity and their legal presence in
the United States. A Digital ID derived from a REAL ID-compliant
physical credential provides the consumer with a digital document that
enables them to verify both their identity and their legal presence in
the United States. Unlike a physical ID which can be lost, used by an
imposter, or presented even if it has been revoked, a digital ID can
only be unlocked and used by the individual to whom it was issued, and
if the issuer allows it to be accessed, significantly reducing
opportunities for fraud, and ensuring only you can authorize the use
and validation of your identity information.
The use cases for this innovative technology are endless and
provide significant consumer benefits--making it easier for disaster
victims to file claims, preventing fraudulent transactions, enabling
customers with accessibility challenges to enroll for important
services from wherever they are, faster provisioning of public aid and
services to citizens, or creating a frictionless experience for
travelers. Consumer demand will force ID verification to be digital
where it is physical and in-person today.
Digital Identity Solutions Are Secure, Enhance Privacy, and Meet Robust
National and International Standards
Like many tools and technological innovations, our technology is
safe because we and our customers adhere to the highest ethical,
privacy, and accuracy standards. We demonstrate our leadership and
commitment by regularly taking part in tests by the National Institute
for Standards & Technology (NIST) to check how our technology performs
and assess its accuracy to ensure it is safe, secure, and effective.
The test results confirm IDEMIA's long-standing expertise and
demonstrate how advanced our technology is. This third-party validation
gives us and our customers confidence that they are using proven
technology that has been tested to ensure both accuracy and fairness.
However, we as a company also have a role to play in determining
who we sell our technology to and how our technology is used. Any tool
in the wrong hands, can cause harm, and we are very selective to ensure
that our customers are using our technology in a way that aligns with
our values and mission to unlock the world and make it safer and easier
for people to navigate the physical and digital worlds in total
security. For society to unlock all this potential, we need to ensure
that we create a legal and regulatory framework that ensures
responsible use, while also enabling and supporting continuous
innovation and societal benefits. We are grateful to have fantastic
partners like the American Association of Motor Vehicle Administrators
(AAMVA), and advocacy groups like the Better Identity Coalition and the
American Civil Liberties Union
closing
Thank you for inviting IDEMIA to engage in this important
discussion today. We look forward to your questions and appreciate an
open dialog to discuss digital identity solutions and the important
benefits they provide to society.
Mr. Gimenez. Thanks, Mr. Wiediger.
I now recognize Mr. Stanley for 5 minutes to summarize his
opening statement.
STATEMENT OF JAY STANLEY, SENIOR POLICY ANALYST, SPEECH,
PRIVACY, AND TECHNOLOGY PROJECT, AMERICAN CIVIL LIBERTIES UNION
Mr. Stanley. Chairman Gimenez, Ranking Member Thanedar, and
Members of the subcommittee, thank you for inviting me to
testify today. Thank you for your attention to the emerging
issues around digital IDs.
Let me start by saying that our immediate concern is that
the TSA is pushing ahead with a set of digital ID standards
that aren't ready for prime time. If we are to have a digital
ID system, it's vital that we take the time to do it right.
The TSA proposes to incorporate into U.S. regulations an
MDL standard set by the international standards body, the ISO.
That standard, which allows for centralized tracking of how we
use our IDs, was created behind closed doors by a secretive,
international committee made up of Government agencies, tech
giants, and for all we know, the Chinese and Russian
Governments.
We don't know because, when we ask the ISO for the list of
who was in the group that wrote this standard, they refuse to
disclose it. The standard is not even available to the public
without paying thousands of dollars. That is no way to make
policy in a democracy on something that will affect us all, as
Mr. Grant said, will be a piece of our critical infrastructure.
We're concerned that the TSA appears to be working
extremely closely with one company, Apple, even for mysterious
reasons signing over to Apple the agency's patents governing
the operation of its airport digital ID checkpoints.
It's also unclear that the TSA has the authority for its
proposed digital ID plan, and there are larger questions about
why the TSA with its relatively narrow mission has been
positioned to determine the shape of the Nation's identity
system.
The TSA is pursuing an initiative not important to its
mission, but that will have wide-spread spillover effects on
American society. Let me flesh this out by making three overall
points:
First, a digital identity system would have far-reaching
consequences. The idea might sound simple, but the creation of
a digital ID, especially one that could be used over the
internet, would be a turning point that could have enormously
harmful effects. Once it starts to become easy to share your ID
with the press of a button, the danger is that we start getting
identity demands from all quarters.
Want to enter a 7-Eleven? Scan your ID. Want to browse a
clothing store? Scan your ID. Buy a cup of coffee, park your
car, scan your ID.
If we get a digital ID that can be used on-line, we may
wake one day and find, if you want to watch a video or log on
to social media or look at a news site, we get a demand to,
quote, press a button and send us your driver's license.
There's already far too much tracking that takes place of
us on-line and polls show that Americans are very uncomfortable
with it, but that tracking is far from perfect. A digital ID
could make it inescapable.
A digital ID system, if not built carefully, could send a
report back to the Government every time you show your ID, a
record of every bar, club, casino, bank, and doctor's office
visits and, once it goes on-line, every website and on-line
service you use, too. The ISO standard permits this.
The second point I would like to make is that any digital
ID system must come with safeguards. If we are to have a
digital ID, on a technical level, the system should have
privacy built in. We need legal safeguards. For example, we
need to make sure that police officers do not and cannot access
our phones during ID checks. We need protections to make sure
we aren't swamped by identification demands at every turn. We
need to ensure that a digital ID remains optional.
My third point is that we need to take the time to do this
right. If we must have a digital ID system, we can design one
that makes use of the newest innovations in technology to
protect our privacy, while at the same time, making legitimate
ID requests easier and more secure. There's an enormous amount
of innovation, invention, and discussion still under way around
identity and encryption technologies, but there are still many
missing pieces that need to be worked out.
We are at a formative moment. It would be a pity to find
ourselves locked into a suboptimal standard, an ID system, the
way we're stuck with our QWERTY keyboards where the keys are
intentionally placed to slow down typists because early
typewriters jammed easily.
There's no hurry here. Digital IDs are not going to speed
people through airline security. ID checking is not the
bottleneck, and it won't free people from having to carry their
physical ID cards. The TSA warns on its website, quote, ``You
must still carry your physical ID.''
Nor is there any popular clamor for digital IDs from
residents of the State. Those that have rolled out digital ID
have not had substantial public sign-on except where people
have been forced to use them. Digital IDs are being driven by
vendors and other corporations, not by any public excitement
about the technology.
So again, to summarize, my three points are that a digital
identity system could have profound consequences, could become
a major piece of our public, critical infrastructure, and it
needs technological and legal safeguards, and we need to take
the time to do this right. It's too big to leave to the
Nation's Departments of Motor Vehicles. It's too big to leave
to the TSA. It will become a significant thing.
Thank you very much. I look forward to your questions.
[The prepared statement of Mr. Stanley follows:]
Prepared Statement of Jay Stanley
Chairman Gimenez, Ranking Member Thanedar, and Members of the
subcommittee: thank you for your attention to the emerging issues
around next-generation identity proofing and thank you for inviting me
to testify today. I would like to focus on one component of this still-
developing ecosystem: digital IDs and the Transportation Security
Administration's role in setting applicable Government-wide standards.
I will touch on three dimensions of digital IDs and TSA's related work:
the risks to security, privacy, and equal opportunity; necessary
safeguards; and the importance of the TSA slowing down adoption of
digital driver's license standards to address those risks and
corresponding safeguards.
We believe that a digital identity system could have far-reaching
consequences for people's privacy and other civil liberties,
potentially leading to an explosion in identification demands. A
digital identity system could allow for new ways of tracking us, and
further disadvantage those who don't use the technology. Any such
system, therefore, must be accompanied by careful technological and
legal protections.
If we are to have a digital ID system, it's vital that we take the
time to do it right. There is a lot of innovation under way in the
digital identity space, including when it comes to privacy protection.
The TSA proposes to adopt a ``mobile driver's license'' standard set by
the International Organization for Standardization (ISO)--a standard
that was created behind closed doors by a secretive committee at the
ISO that, so far as we can tell, was made up of representatives of U.S.
security agencies like DHS, tech giants, and authoritarian governments.
This ISO standard is inadequate and incomplete when it comes to the
protection of our privacy.\1\
---------------------------------------------------------------------------
\1\ See Jay Stanley, ``Identity Crisis: What Digital Driver's
Licenses Could Mean for Privacy, Equity, and Freedom,'' American Civil
Liberties Union (May 2021), https://www.aclu.org/sites/default/files/
field_document/20210913-digitallicense.pdf.
---------------------------------------------------------------------------
In particular, it is vital that any digital ID system this Nation
adopts be based on open, non-proprietary standards. We are concerned
that the TSA also appears to be working extremely closely with one
company, Apple, Inc., even signing over to Apple the agency's patents
governing the operation of its airport mobile drivers' license
checkpoints.\2\
---------------------------------------------------------------------------
\2\ See Jason Mikula, ``Apple's Homeland Security Deal Yields
Checkpoint, KYC, Voter ID Patents, Documents Suggest,'' Fintech
Business Weekly (Sept. 11, 2022), https://
fintechbusinessweekly.substack.com/p/apples-homeland-security-deal-
yields.
---------------------------------------------------------------------------
It's also unclear that the TSA has the authority to issue interim
compliance waivers for digital IDs, as the agency proposes to do in its
August Notice of Proposed Rulemaking.\3\ There are also larger
questions about why the TSA, with its relatively narrow mission, has
been positioned to determine the shape of an identity system that will
affect all of the Federal Government, and indeed all of U.S. society.
---------------------------------------------------------------------------
\3\ Minimum Standards for Driver's Licenses and Identification
Cards Acceptable by Federal Agencies for Official Purposes; Waiver for
Mobile Driver's Licenses, 88 Fed. Reg. 60056, 60072 (proposed Aug. 30,
2023).
---------------------------------------------------------------------------
i. a digital version of our id might sound simple but would have far-
reaching consequences
A movement is under way to create a digital identity system that
would allow people to carry their ID on their phones or on digital
smart cards and, eventually, use them over the internet. That might
sound handy at first blush, but it would not be as simple as it might
sound. The creation of a digital ID--especially one that could be used
over the internet--would be a turning point that could have enormously
harmful effects on our privacy, on the right to anonymous speech, on
financial access, and more. The adoption of any such system must be
approached with great care and deliberation, and accompanied by both
technological and legal protections against the negative side effects
the creation of a digital ID is likely to have.
The current discussion centers largely around digital versions of
people's plastic driver's licenses that can be used for in-person
presentations such as at TSA checkpoints, known as ``mobile drivers'
licenses.'' But the real game for big tech companies and Government
agencies is a digital ID that can be used on-line, and while the former
is not without potentially significant ramifications, it is the on-line
digital ID that will be a real game-changer. Since the dawn of the
internet, on-line speech and activity has been relatively anonymous,
and much policy discussion in the past three decades has centered on
questions of whether, when, and how to verify identities on-line. Those
questions--and their answers--would be fundamentally altered by the
development of an easily presentable and ubiquitous digital ID. The
possibility that our digital IDs would be required to access not just
on-line governmental services but also social media platforms, news
sites, and digital services is reason for great caution in this space.
As I will touch on soon, the future of digital IDs and the future of
these questions can very much be shaped by Congress and the TSA.
Some say a digital ID is inevitable. We don't know whether that's
true. There do seem to be a lot of forces gathering to make it happen,
including big banks, tech companies, and other on-line advertisers.
Digital driver's licenses currently being adopted in a number of States
are based on a standard created by the International Standards
Organization (ISO)--and that organization is currently working to
expand the standard to cover on-line, at-a-distance ID presentations.
Even if another standard is adopted instead, it is likely that we will
see a continued push for an ID that can be used on-line. Some of these
institutions just want to make existing verification systems easier,
while others likely would love to use a digital identity system to
track people. If a digital ID system does come about, we do know that
this new infrastructure will have a lot of unanticipated consequences,
as is always the case with a major new technological and identity
infrastructure, going back to the Social Security card created in the
1930's.
Some of those consequences, however, we can anticipate. Negative
side effects that a digital ID would predictably create include:
a. An explosion in demands that we prove our identity
A digital ID would make it much easier to present one's full,
cryptographically-signed, DMV-vetted proof of identity. That also means
it will become much easier for all manner of stores and on-line sites
to request or demand proof of identity, since it wouldn't be a big ask.
A digital ID could create a world where we get asked for ID at every
turn. Want to enter a 7/11? Scan your ID. Want to enter a national
park? Scan your ID. Want to browse a clothing store, buy a cup of
coffee, or park your car? Scan your ID.
And that dynamic becomes even more intense once it's extended to
the internet, where every web site and service demands not just an
email address, but your full, DMV-vetted ID. We already live in a
digital ecosystem that goes to great lengths to connect our on-line and
off-line activity to key identifiers. If not properly guarded, digital
IDs may simply facilitate that effort. We may wake up one day and find
that overnight, if we want to watch a YouTube video, or log on to
social media, or look at a news site, we are asked to ``press a button
and send us your driver's license.''
A powerful Big Tech motivation for that is likely to be marketing.
As some other techniques for tracking people on-line, such as cookies,
lose their utility, companies are hungry for alternate ways of
identifying people so they can collect reliable personal data for
advertising, have a reliable unique identifier so they can track us
across different sites, and increase the value of the data they
collect.\4\ Other motivations are likely to be cybersecurity (``We need
to know who is on our site in case they turn out to be a bad actor''),
enforcement (``We need to make sure you aren't someone we've previously
banned due to violations of our terms of service''), and age
verification (``For our legal due diligence, we need to know you're
over 13 or we can't market to you'').\5\
---------------------------------------------------------------------------
\4\ The loss of utility comes from several sources, including the
``death of tracking cookies,'' the influence of E.U. privacy law, and
changes to the operating system on Apple's phones, which limit
advertisers from accessing an iPhone user identifier. Google has also
moved toward limiting the tracking technology in its Chrome browser and
in the Android phone operating system. See Owen Ray, ``Tracking Cookies
are Dead: What Marketers Can Do About It,'' Invoca Blog (Oct 2. 2023),
https://www.invoca.com/blog/tracking-cookies-are-dead-what-marketers-
can-do-about-it; Brian Chen, ``To Be Tracked or Not? Apple Is Now
Giving Us the Choice,'' The New York Times (April 16 2021), https://
www.nytimes.com/2021/04/26/technology/personaltech/apple-app-tracking-
transparency.html; Brian Chen and Daisuke Wakabayashi, ``You're Still
Being Tracked on the Internet, Just in a Different Way,'' The New York
Times (April 6, 2022), https://www.nytimes.com/2022/04/06/technology/
online-tracking-privacy.html.
\5\ The Children's Online Privacy Protection Act bars the on-line
collection of personal information from children under 13 without
parental permission. 15 U.S.C. � 6502.
---------------------------------------------------------------------------
Without protections in place, any digital ID that emerges that can
be used on-line is likely to lead to an explosion in on-line identity
demands. The ease and convenience of using a pre-built, Government-
sanctioned identify proofing as a single sign-on method is likely to
prove game-changing. Currently people have the flexibility to offer
different log-in information for different accounts. Depending on how
much we trust a web site, we can use different email addresses,
different login handles, and real or fake names and other data. This
flexibility empowers individuals. It allows us to choose when we wish
to reveal our identity, and when we want to remain anonymous or
pseudonymous. To provide your real identity is to enter a lifetime
relationship with a company or web site--they will always be able to
find you. People don't always want that.
These kinds of dynamics could lead us toward a ``checkpoint
society'' where an increasingly dense net of identity checkpoints and
access controls is woven throughout American life, on-line and off-. It
could also become impossible to do anything without proving your
identity. That would mean a significant loss not only of privacy, but
also an erosion of Americans' ability to engage in anonymous speech.
Anonymous speech has been an important American tradition since the
Nation's founding--the Federalist Papers and many pro-revolutionary
pamphlets were written anonymously, for example--and it brings many
benefits, including the ability to speak truth to power, to freely
associate and exchange ideas, and to seek support on-line for
conditions and experiences that many find shameful to disclose.\6\
---------------------------------------------------------------------------
\6\ McIntyre v. Ohio Elections Commission (1995) (anonymous
election- and issue-related leaflets); Talley v. California, 362 U.S.
60 (1960) (anonymous handbills).
---------------------------------------------------------------------------
Verification of a person's real identity is currently difficult,
cumbersome, and expensive, and as a result is not usually asked of
customers unless absolutely necessary. Once we create a way of proving
our identity that is quick and easy, demands will proliferate.
b. Centralized tracking of presentations
Another danger posed by a digital ID is that, depending on how an
ID system is architected, it could allow people's presentations of
their ID to be tracked. When I present my plastic driver's license at a
wine store to prove I'm over 21, generally, no record of that
interaction is created, and it remains between me and the clerk.\7\
Digital technology, however, magnifies the potential for those
presentations to be recorded, reported, and tracked.
---------------------------------------------------------------------------
\7\ See Heather Brown, ``What Do Driver's License Scanners Do With
Our Information?'', WCCO (Mar. 3, 2022), https://www.cbsnews.com/
minnesota/news/drivers-license-scanners; Dana Fowle, ``Retailers
Scanning Drivers Licenses Raises Privacy Issues,'' Fox 5 Atlanta (Jan.
21, 2022), https://www.fox5atlanta.com/news/retailers-scanning-drivers-
licenses-raises-privacy-issues.
---------------------------------------------------------------------------
In digital identity systems that permit such tracking, information
could be gathered by the issuer (in the case of digital driver's
licenses, that would be motor vehicle departments or the contractors
that they hire) about every bar, club, casino, office lobby, bank,
pharmacy, doctor's office, sporting arena, concert venue, and airport
that an ID holder visits; every convenience store beer purchase,
equipment rental, or hotel check-in; any applications for social
services; and any other circumstance in which they may be asked to show
an ID. And again, if a digital identity system starts being used on-
line, that list could grow exponentially to cover the websites and on-
line services a person uses. Digital IDs would also make it trivial for
those stores, bars, banks, and other establishments to tie every
transaction to your real identity and monetize that data, unless
Congress provides meaningful safeguards.
The ISO standard that the TSA proposes to embrace allows for
systems in which the verifier (such as a liquor store or web site)
electronically pings the ID issuer to confirm that the ID is valid.
That ``server retrieval'' method gives the ID issuer a variety of data
that can give them a bird's-eye view of when, where, and to whom a
person is presenting their ID. The ISO standard also permits off-line
verifications, which unlike remote over-the-internet verifications
don't require the verifier to connect to the issuer or any other third
party when doing an ID verification.\8\ This is how any digital
identity system should work, but we are concerned that some States may
use the server retrieval method, thereby creating an infrastructure
that allows for the tracking of ID holders.
---------------------------------------------------------------------------
\8\ The verifier will need to periodically download verifiers'
public encryption key, which is used to cryptographically verify that
the digital ID has been digitally signed by the DMV or other issuing
party and has not been altered.
---------------------------------------------------------------------------
Some digital ID systems, such as the ISO standard, may also provide
for IDs that ``phone home'' to their issuers at regular intervals. This
also threatens to invade identity holders' privacy by providing the
issuer with information about the holder such as their IP address,
which can reveal location and other information.
c. Further disadvantaging those without technology
If digital IDs become mandatory, either legally or practically, it
could also have significant implications for equity and the ``digital
divide'' by disadvantaging those who don't have a smartphone or other
necessary devices. That is a surprisingly large group of people,
including many from our most vulnerable communities. Studies have found
that more than 40 percent of people over 65 and 25 percent of people
who make less than $30,000 a year do not own a smartphone.\9\ People
with disabilities are 16 percent less likely to own a smartphone, and
many who are homeless also lack access.\10\ Some may lack the resources
to afford a smartphone and mobile data access, while others spurn
smartphones to protect their privacy or because they just don't see the
need. In other cases, a single phone may be shared among family
members.
---------------------------------------------------------------------------
\9\ See ``Mobile Fact Sheet,'' Pew Research Center (April 7, 2021),
https://www.pewresearch.org/internet/fact-sheet/mobile/.
\10\ See Andrew Perrin and Sara Atske, ``Americans with
disabilities less likely than those without to own some digital
devices,'' Pew Research Center (Sept. 10, 2021), https://
www.pewresearch.org/short-reads/2021/09/10/americans-with-disabilities-
less-likely-than-those-without-to-own-some-digital-devices/.
---------------------------------------------------------------------------
To worsen inequality, digital IDs need not become legally mandated,
just practically required. There's no law that says anybody has to get
a credit card or driver's license, but it's hard to participate fully
in society without one, and those who lack them suffer significant
disadvantages in today's world. If digital credentials become similarly
practically required, the effects would be even worse. This is why we
have called for a ``right to paper'' (see below).
ii. any digital id system must offer safeguards
If we are to have a digital ID, we need to make sure we build it in
a way so that it does not become an infrastructure that allows us to be
tracked and regimented in new ways. That means building both technical
and legal safeguards that protect our privacy and guard against
overuse.
a. Technological safeguards
The technological protections that should be incorporated into a
digital ID include (but are not limited to):
No tracking.--A system must not allow ID issuers visibility
into where and when an ID is presented to a verifier, as
discussed above.
Holder control.--An ID holder--the individual to whom the ID
belongs--should have technological control over what data they
reveal to a verifier, allowing them to reveal some fields of
data and not others, and to reveal characteristics such as
``over age 21'' without revealing details the holder's date of
birth, or ``resident of county'' without revealing their
address. This is one area where a digital ID can have
advantages for privacy over a physical ID, and that advantage
should be made use of.
Unlinkable presentations.--When the holder presents their
digital credentials, the verifier should be unable to link that
presentation with others from the same holder. For example, the
verifier should not be able to tell that the ``over 21'' person
buying a case of beer today is the same person who bought a
bottle of wine last week. This limits the ability of any
verifier (or their vendors) to assemble a map of data about who
does what where.
Verifier transparency.--An ID holder should have
transparency into who is requesting identifying or
authenticating information, their authority for making that
request, what the specific circumstances and purpose of the
request are, what information is and has been transmitted, and
if that transmission involves third parties.
Open not proprietary.--If the United States is to adopt a
digital ID, it's also vital that that ID be open and free of
proprietary corporate strings. There must be no one
corporation, or small handful of corporations, that Americans
are de facto required to deal with in order to participate in a
digital identity system. The system must be clearly documented
and open enough that it is possible for any party with the
relevant skills to build an interoperable digital wallet that
any legitimate ID holder can use or an interoperable verifier
tool that any legitimate verifier can use. No system that our
society depends upon should be built on proprietary
specifications, proprietary hardware, or patent-encumbered
technology.
b. Legal safeguards
In addition to technical protections built into digital IDs,
Congress should consider establishing legal safeguards to protect
individuals from surveillance and Governmental incursions:
No police access to phones.--By placing people's mobile
phones at the center of law enforcement driver's license
checks, a digital identity system raises the risk that police
officers will gain warrantless access to people's phones, a
potentially severe violation of privacy. No one seems to be
contemplating a system that as a technological matter requires
people to hand over their phones, but that is not enough. Many
people, especially vulnerable people such as the elderly,
immigrants, and members of marginalized communities, may not
feel able to decline a police request to hand over or unlock
their phone. Despite a crystal-clear Constitutional requirement
that police must obtain a warrant for smartphone searches,
questionable ``consent-based'' police searches of people's cell
phones happen thousands of times a day.\11\ A police officer's
request--``mind if I look at your phone?''--may make a search
``voluntary'' in the eyes of the law, but few searches based on
such police requests are truly voluntary. That is especially
true for members of poor and marginalized communities. Police
officers should be legally prohibited from making requests for
``voluntary'' taking or search of people's phones.
---------------------------------------------------------------------------
\11\ Riley v. California, 573 U.S. 373 (2014); Logan Koepke et al.,
``Mass Extraction: The Widespread Power of U.S. Law Enforcement to
Search Mobile Phones,'' Upturn (2020), https://www.upturn.org/work/
mass-extraction/.
---------------------------------------------------------------------------
Protections against excessive identity demands.--As
discussed above, a digital identity system, by making it very
easy to share our ID, is likely to lead to a significant
expansion in the times and places where our IDs are demanded.
As a result, no digital identity system should be rolled out
without legal limits on when those engaged in commerce or other
regulated activities may demand that people identify
themselves.
``A right to paper''.--We believe that people should have a
right to obtain and use paper, plastic, or other physical
identity documents instead of or in addition to a digital ID.
The use of digital IDs should never become mandatory as a legal
or practical matter. Digital IDs should be accompanied by
policies that bar those engaged in commerce or other regulated
activities from refusing to accept physical IDs on a reasonably
equal basis.
Protections against data collection by verifiers.--Verifiers
in any system of digital IDs should come with concrete legal
obligations to minimize collection and retention of data, with
appropriate consequences for violations. One tempting business
model for verifiers will be to offer free verification
terminals (for in-person use) or software (for network use) in
order to collect data about where and when a person is using
their ID. This could be for marketing, surveillance, or other
purposes. Even where vendors are well-intentioned, these data
collections are attractive targets for hackers, criminals, and
espionage agencies.
iii. we need to take the time to do this right
Because the emergence of a digital identity standard is likely to
have significant consequences and to require development of mitigating
policies such as those we outline above, it is important that the
United States take care to minimize the negative impacts a digital ID
would have. That will take some time.
a. A lot of work is still under way on ID standards and technology
The standards and technologies we need to build an identity system
that protects the interests of ordinary people including privacy are
not yet ripe. There is an enormous amount of innovation, invention, and
discussion still under way with regards to this technology and to
encryption technologies that can allow us to protect privacy even while
retaining many useful functions of an ID card.
As the TSA itself has pointed out, the privacy protections
governing mobile driver's licenses are ``evolving and unsettled.''\12\
The ISO standards for mobile driver's licenses (currently ISO/IEC
18013-5:2021) are currently incomplete and address only some aspects of
a digital identity system.
---------------------------------------------------------------------------
\12\ Minimum Standards for Driver's Licenses and Identification
Cards Acceptable by Federal Agencies for Official Purposes; Waiver for
Mobile Driver's Licenses, 88 Fed. Reg. 60056 (proposed Aug. 30, 2023),
at 60072.
---------------------------------------------------------------------------
One example is the provision in the ISO standard under which IDs
``phone home'' to their issuers. Under a privacy-protective
architecture, an ID holder who needs to perform a specific task such as
an update or renewal should be in control of when and how they connect
to the DMV (or another issuer) rather than having that built into their
phone. These sorts of check-ins should be minimized and infrequent,
should be doable over anonymized networks such as Tor and Apple Private
Relay, and should be subject to strict data destruction requirements on
any metadata gathered by the issuer or their vendor during these check-
ins. None of these considerations have been addressed, and if they were
debated at all within the ISO the public had no role in or visibility
into it. These are the kinds of considerations that need more mature
development.
Another example of the system's current immaturity is the
implementation of unlinkable presentations, in which a verifier has no
way of knowing that the person who is proving they're over 21 is the
same person who proved that last week. One way to do this is with a
stack of unique, single-use ``tickets'' (cryptographic tokens signed by
the issuer). But there has been little if any discussion of that kind
of functionality as part of the ISO standards process, so far as we
know.
Other missing components include standards governing the design of
digital wallets and their privacy protections, protections for data
stored on the phone, mechanisms for the ID holder to receive
information about the legitimacy of the requester, and provisioning
(the process States use to install a mobile drivers' license in
people's wallets).
Even the incomplete ISO standard that the TSA proposes to embrace
is only one of a number of approaches to digital identity that are
being developed around the world. Interest in digital identity systems
has fueled the emergence of an entire community that has been working
on the problems of on-line identity and authorization for many years,
including privacy. That movement has created a variety of proposed
systems, including a promising open standard created by the World Wide
Web Consortium (W3C) called Verifiable Credentials (VCs). VCs are
regarded as superior by many in the digital identity community, and
should be given time to further evolve and ripen before TSA pushes a
standard that is likely to become locked in. Simply put, people are
still figuring things out.
That is also true when it comes to the field of privacy-enhancing
cryptography, which is advancing quickly with a great deal of creative
research that promises to allow us to ``have our cake and eat it too''
when it comes to privacy and security across a wide variety of
applications. For example, a privacy-enhancing technology called ``zero
knowledge proofs'' allows people to prove they know certain things
without revealing what those are--a technique that is still in the
process of being applied in new areas.\13\ As a Federal Reserve Board
report put it, privacy-enhancing technologies remain ``an emerging
category of tools.''\14\
---------------------------------------------------------------------------
\13\ See Jay Stanley, ``Paths Toward an Acceptable Public Digital
Currency,'' American Civil Liberties Union (March 3, 2023), https://
www.aclu.org/sites/default/files/field_document/
cbdc_white_paper_0882_0.pdf (on encryption tools in digital payments);
Jay Stanley and Daniel Kahn Gillmor, ``New Mobile Phone Service Shows
We Can Have Both Privacy and Nice Things,'' American Civil Liberties
Union (February 15, 2023), https://www.aclu.org/news/privacy-
technology/new-mobile-phone-service-shows-we-can-have-both-privacy-and-
nice-things (on the use of privacy-enhancing technologies in a
telephone network).
\14\ See Kaitlin Asrow and Spiro Samonas, ``Privacy Enhancing
Technologies: Categories, Use Cases, and Considerations,'' Federal
Reserve Bank of San Francisco (June 1, 2021), https://www.frbsf.org/
banking/wp-content/uploads/sites/5/Privacy-Enhancing-Technologies_FI-
NAL_V2_TOC-Update.pdf.
---------------------------------------------------------------------------
b. Any standard that emerges is likely to become ``locked in''
We need to be extremely careful about the details of any digital
identity system we adopt, because it's going to need to be
interoperable across all the States, and potentially across the world.
It will likely be adopted by Federal agencies, companies, and small
businesses across the Nation. Therefore, once put in place, it is going
to be very difficult to change.
It would be a pity to find ourselves locked into a sub-standard ID
system that doesn't make use of the newest innovations in technology,
the way we're locked into our QWERTY keyboard standard, where the keys
are intentionally placed to slow down typists because early typewriters
jammed easily. Yet that is what is in danger of happening.
iv. there is no need for the tsa to rush a digital id system into
operation
The TSA's rapid movement toward setting standards (even supposedly
interim ones) for State digital driver's licenses is premature and
unnecessary, and threatens to create just the kind of lock-in of a
substandard system that we should seek to avoid.
a. The Federal Government has the power to rapidly standardize a
digital ID system
Whatever rules the TSA comes up with for Federally-compliant
digital IDs will force the States to comply and are likely to govern
what the Nation ends up with. Requirements and standards that the TSA
sets for Federal acceptance of digital identification are going to
force States' departments of motor vehicles to meet those requirements.
The Nation's DMVs, in turn, put credentials in the pockets and purses
of most Americans, an enormous power that could stifle efforts to
create other, superior ID systems. While it's possible that
alternative, parallel, competing identity systems emerge and find broad
acceptance--which would be a good thing--it's likely that the driver's
license will continue to remain the primary ID that Americans use when
asked to prove their identity, age, or residency.
b. TSA is adopting standards that are not optimal
The TSA proposes to adopt an ISO ``mobile driver's license''
standard that was created behind closed doors by a secretive committee
at the ISO that, so far as we can tell, was made up of representatives
of U.S. security agencies like DHS, tech giants, and authoritarian
governments. This ISO standard would allow for IDs that ``phone home''
to the DMV (or its corporate contractor), and allow tracking of where,
when, and to whom an ID holder is showing their ID. As discussed above,
it is also incomplete.\15\
---------------------------------------------------------------------------
\15\ See Jay Stanley, ``Identity Crisis: What Digital Driver's
Licenses Could Mean for Privacy, Equity, and Freedom,'' American Civil
Liberties Union (May 2021), https://www.aclu.org/sites/default/files/
field_document/20210913-digitallicense.pdf.
---------------------------------------------------------------------------
The TSA also appears to be working extremely closely with Apple,
Inc. Documents obtained by journalist Jason Mikula reveal that the TSA
has entered into contracts that appear to give Apple significant power
over the implementation of mobile drivers' license checkpoints. For
puzzling and unclear reasons, the TSA even signed over to Apple the
agency's patents governing the operation of its airport mobile drivers'
license checkpoints.\16\
---------------------------------------------------------------------------
\16\ See Jason Mikula, ``Apple's Homeland Security Deal Yields
Checkpoint, KYC, Voter ID Patents, Documents Suggest,'' Fintech
Business Weekly (Sept. 11, 2022), https://
fintechbusinessweekly.substack.com/p/apples-homeland-security-deal-
yields.
---------------------------------------------------------------------------
c. There's no hurry for the TSA
Any increased use of digital driver's licenses won't speed people
through airline security--ID checking is not the bottleneck--and it
won't free people from having to carry their physical ID cards, since,
as the TSA warns, ``You must still carry your physical ID.''\17\
---------------------------------------------------------------------------
\17\ See ``Biometric and Digital Identity Solutions For TSA
PreCheck Members,'' Transportation Security Administration, https://
www.tsa.gov/digital-id.
---------------------------------------------------------------------------
Nor is there a popular clamor for digital IDs from residents of the
States. Those that have rolled out digital driver's licenses have not
had substantial public sign-on. Alabama, for example, has had a digital
driver's license available to residents since 2015, but was rarely used
even as mobile payments skyrocketed. Digital IDs are being driven by
vendors and other corporations, eager to define digital driver's
licenses as ``the future'' and conjure a non-existent public excitement
about the technology.\18\
---------------------------------------------------------------------------
\18\ See Lauren Walsh, ``Alabama's digital driver's license: What
you need to know,'' ABC 33/40 (Oct. 8, 2018), https://abc3340.com/news/
local/alabamas-digital-drivers-license-what-you-need-to-know.
---------------------------------------------------------------------------
d. There are serious questions about the TSA's authority to dictate ID
standards for the whole U.S. Government
The authority of the Department of Homeland Security to regulate
the forms of identity that are accepted by the Federal Government stems
from the Real ID Act of 2005 and the Real ID Modernization Act of
2021.\19\ Those acts direct the Secretary of DHS to promulgate
regulations specifying compliance requirements, and to certify State
compliance therewith. Those acts do not contemplate the issuance of
interim compliance waivers that permit the Federal acceptance of
identity documents that are not subject to requirements created through
the regular regulatory process, which is what the agency proposes in
its August Notice of Proposed Rulemaking.\20\
---------------------------------------------------------------------------
\19\ REAL ID Act of 2005, Pub. L. 109-13, div. B, title II, �
202(a)(1), (c)(3), 119 Stat. 311 (2005) (codified as amended at 49
U.S.C. � 30301 note); REAL ID Modernization Act, Pub. L. 116-260, div.
U, title X, � 1001(b)(2)(D), 134 Stat. 2304 (2020) (codified at 49
U.S.C. � 30301 note) (amending the REAL ID Act � 202).
\20\ Minimum Standards for Driver's Licenses and Identification
Cards Acceptable by Federal Agencies for Official Purposes; Waiver for
Mobile Driver's Licenses, 88 Fed. Reg. 60056, 60072 (proposed Aug. 30,
2023).
---------------------------------------------------------------------------
Also questionable is DHS's decision to delegate its authority under
these acts to its sub-agency TSA. This creates a situation, not
contemplated by Congress, in which an agency with a narrow mandate of
protecting the safety of aviation, and which has an interest only in
one narrow use of identity documents (matching against airline
tickets), is positioned to determine the shape of an identity system
that will affect all of the Federal Government, and indeed all of U.S.
society.
v. conclusion: this is a big decision with far-reaching ramifications,
and we should take the time to get it right
The major questions about any digital identity system are whether
it will be designed to protect privacy to the maximum extent possible,
and whether people will be forced to participate in it. Will it be
built to give control to people, or built to spy on people and increase
the control of Government agencies and companies over people? Making
somebody show ID is sometimes necessary, but it's also an act of power.
Who should be able to require someone else to identify themselves? What
can the requestor do with that information once they have it? What
recourse does the identified person have if the requestor misuses the
information? These questions should be answered before we rush into
locking in a sub-optimal digital identity system.
Mr. Gimenez. Thank you, Mr. Stanley.
Members will be recognized by order of seniority for their
5 minutes of questioning. An additional round of questioning
may be called after all Members have been recognized.
I now recognize myself for 5 minutes of questioning.
I want to make it very clear that I'm not here to advocate
for digital anything. My issue is really the fact that we have
a standard, which is REAL ID, in order to pass a TSA checkpoint
and that maybe 50 percent of the American public will not have
REAL ID come March--May 7th of 2025. A digital ID doesn't solve
the problem.
So, Mr. Grossman, a digital motor driver's license is based
on a driver's license issued by a State. Yet, only 5 States out
of the 56 issuing jurisdictions that we have actually will only
give you a REAL ID with the requirements of a REAL ID.
So the other jurisdictions, you may get a REAL ID or think
they may ask you to pay more to get a REAL ID and that's up to
the individual whether they want a REAL ID or not. At the end
of the day, whether--if it's not a REAL ID, even if it's a
digital driver's license, it won't get you past TSA. That's
what this committee's about. OK. So we can talk about some
other issues.
By the way, some of the issues you brought up, Mr. Stanley,
are provocative. Actually, you know, some caught me, starts me
to think. Those are outside the purview of this committee. If
TSA is, in fact, involved in that, then, you know, I think we
need some further hearings on what is TSA doing to set
standards for digital ID, and why is TSA the only Government
agency doing that. That's for another day.
Today what I'm really thinking about: What are we going to
do on that day when you're trying to get into the airport and
you have 2.9 million people going through airports and 50
percent of them can't get in, get on their plane because they
don't have a REAL ID?
So the push for digital IDs, is there any--Mr. Grossman,
maybe you can answer this question. Is there a push to convert
all of that digital ID to REAL ID, or are we going to still
have some people have ID REAL ID, some people don't have REAL
ID?
Mr. Grossman. So certainly in the current State, most
States offer that option of you can either access a REAL ID or
have a non-REAL-ID-compliant credential. The focus of States
right now are to continue to provide that option when they're
providing it. Then working with TSA for the ones that an REAL
ID-compliant, is there a way to reflect that in the mobile
device, as well? That's the rule making that was referred to by
other testimony.
So the States' focus as relates to REAL ID has always been
following the Federal guidelines. It said if you want to use
your State-issued driver's license or identity card for Federal
purposes, meet these standards. That's why all States have
provided the option for their constituents to receive that
Federally-accepted credential.
Mr. Gimenez. Correct. But isn't it true that also some of
these States or some of these jurisdictions will charge you
more for that REAL ID?
Mr. Grossman. The fees certainly do vary across the States.
That's correct.
Mr. Gimenez. OK. I don't know if any of you can answer this
but I know that--you know, what percentage of the American
public actually has a passport? That's another way to get
through, have a REAL ID. Does anybody know the answer to how
many--what percentage of the American public actually has a
passport?
Mr. Grant. I think it's a little less than half. The
numbers surged a little after 9/11 when some of the land-border
points required some sort of ID, but it's not something that's
a viable alternative for at least half the country.
Mr. Gimenez. All right. So there we go back to my original
premise is that come that day on 2025, we will have utter chaos
at our airports because a great number of people will not have
the identification that is required by TSA in order to board a
plane.
So, what is it that we're going to do about it?
Unfortunately, I don't think any of you really have the answer
to that question.
That's a question--yes, Mr. Stanley.
Mr. Stanley. I will say that the TSA has been threatening
chaos in airports for the last 18 years. It has been its main
hammer to try to get recalcitrant States into line.
You may recall, after REAL ID was passed, it was enormously
unpopular. Over half the States passed either resolutions
against it or laws that banned their DMVs from complying with
it. We opposed it. We've worked with a lot of conservative
allies and State legislators to get these. The TSA has
consistently threatened that it's going to cause chaos in
airports and forced State legislators to pull back on those--in
that opposition to REAL ID.
The TSA is engaged in a game of chicken that I don't--I
think it's highly unlikely that TSA would actually make half
the population of any State have to go through secondary
screening at an airport because of the chaos that would ensue
and I would not--and each time they set a new deadline, we say
to people, They will probably push this back, and they always
have so far.
So I would be unsurprised if they don't push it back again.
Mr. Gimenez. But that would also take Congressional action,
right, to do that?
Mr. Stanley. My understanding is, no, because they never
got Congressional action the last 4 or 5 times they kept
pushing the deadline back.
Mr. Gimenez. Fair enough. But if it's something that was
mandated by Congress, I think that maybe it takes--it should
take Congressional action to push it back. So, maybe that's the
reason why we're having this hearing so that I can educate our
colleagues that, Hey, we have a problem looming in that we
are--are we going to hope that TSA pushes it back or are we
going to do something about it?
Then if we are going to do something about it, how can we
fix this problem? Because this problem has been going on for a
number of years. Do we continually kick the, you know, can down
the road?
The testimony that I've seen opens up a whole can of other
worms, OK, that--that maybe we, maybe not this subcommittee
will take up. But if TSA's actually involved in those
activities, maybe this subcommittee will take them up. So the--
my time is up for right now.
So I recognize the Ranking Member, the gentleman from
Michigan, Mr. Thanedar.
Mr. Thanedar. Again, thank you, Chairman Gimenez, for
scheduling this hearing.
This is important. You know, I'm a scientist by training.
I'm an innovator. I love technology, and can't wait for my
Christmas presents hopefully with some good technology in the
market.
As a scientist, I recognize we need to continue to
innovate, improve our processes, make people's lives better.
But the question here that I raise and the concerns I have
about using technology before it is completely baked.
You know, I represent Michigan's 13th Congressional
district. I represent the city of Detroit with 78 percent
African-American population. We have seen use of facial
technology, facial IDs. The police department has used some of
that and seen some horror situations, people incorrectly
identified, wrongly accused, using a technology that I'm not
quite sure, you know, is appropriate or has been fully tested,
that it does not have biases and discrimination against people
of color, for example.
So my concern here is, you know, are we rushing this so
much that we are affecting people's privacy and rights and the
potential, although the potential to enhance security and
convenience of those benefits may be outweighed by the risk
they pose to privacy.
Mr. Stanley, what risk does it pose to privacy and people's
civil liberties?
Mr. Stanley. Thank you, Mr. Ranking Member.
The face recognition is a very, very powerful biometric. In
many ways, it's the most powerful biometric. If somebody wants
to take your fingerprint, they can't do it unless you know that
you're doing it, whereas if you're walking down the street, you
can be subject to face recognition.
We have, given the enormous number of cameras in our
society, if we were to plug face recognition into all of them,
it would be basically--it could come close to the same as
putting a GPS tracker on everybody. That can reveal a lot of
information about people.
So, people in the privacy and civil liberties community
have been, rightly, very wary of face recognition technology
and it's especially--it's used before it's ready for prime
time, which I thought you said very well, before the biases are
worked out, or procedures are worked out and, you know, in
police departments and the like. We have called for a
moratorium on its use by law enforcement until we can get all
that straight.
Face recognition also plays a role in the identity context,
and that's a very complicated issue, again. For example, every
time you show a digital ID, does it transmit a digital photo of
yourself to the person that is verifying you? Now they can--now
they have your digital photo. Or do you self-verify to your
phone?
There are a lot of complex issues that need to be worked
out around there, and I think that that is part of what makes
the current digital identity technology immature.
Mr. Thanedar. Thank you.
Mr. Stanley and Mr. Grant, what recommendations do you have
for TSA and the Federal Government for developing digital ID
standards in a responsible manner?
Mr. Grant. Well, from my perspective, as I mentioned in my
opening statement, I would get this--I think TSA deserves a
seat at the table but this is something that's much bigger than
TSA in that the issues we're trying to deal with, particularly
with this wave of ID-related cyber crime that we've seen and
sort-of this new threats that are emerging there, you know,
both to the technical side, the security side, and also the
privacy side that you're talking about. We have other parts of
government that are quite good at this.
In fact, you know, this is a place where it would be great
to see NIST, the National Institute for Standards and
Technology, be directed to play a bigger role.
You know, I think one thing Jay and I agree on is that we
need to get this right. I'm saying go fast. He's saying go
slow. But at least from our perspective, let's get this to the
experts, you know, within the digital identity team at NIST, at
the privacy engineering team at NIST, you know. Give them a
time box deadline, say, a year, to try and actually bring the
right stakeholders together and get this figured out.
We actually know how to do this. In fact, I say a lot of
the technologies that, perhaps, we would have dreamed of a few
years ago are now starting to become mature and we know how to
build robust and privacy-preserving digital identity systems.
But tying this into REAL ID compliance, I think we're
conflating two different objectives right here and not
necessarily focusing on the right ones.
Mr. Thanedar. Thank you.
Mr. Stanley, if you have time.
Mr. Stanley. Yes, I would agree that TSA is not the right
agency to lead. As I said in my comments, I would urge that TSA
not to exert pressure on the States to move to build a digital
identities around the ISO standard which is basically what
they're doing.
I would urge them to be very careful about working with
particular vendors. At the end of the day we need a system is
that open and where an American who wants to participate in our
identity system doesn't have to deal with one company or a
small number of companies but can deal with a whole variety of
competitive companies.
So those are two of the recommendations I would make.
Mr. Thanedar. Thank you. Thank you.
Sorry, Mr. Chairman. Thanks for letting me go over a little
bit more of my time.
Mr. Gimenez. It's fine. It's fine, Mr. Ranking Member. I'm
pretty lax here. We don't have a big crowd.
So I now recognize the gentlewoman from Florida, Ms. Lee.
Ms. Lee. Thank you, Mr. Chairman.
Mr. Grant, I'd like to pick up just where Ranking Member
Thanedar left off with you there.
You mentioned in your written testimony that Congress
passed the REAL ID Modernization in 2020, but did not give TSA
direction on what use cases should be a priority.
So I'd like to hear a bit more about whether you believe
Congress should give TSA a directive to prioritize the on-line
identity use cases, or, rather, give a separate entity the
authority to be prioritizing, like NIST, the authority to be
prioritizing and the direction to prioritize these types of
cases.
Mr. Grant. Thanks for the question.
So I'd like to see NIST more involved. I also think one of
the things that was interesting is when the original REAL ID
Act was passed in 2005, DHS, in general, was given directions
to figure out the standards and the regulations. It was led out
of their policy office at the time.
When the Modernization Act was passed in 2020, which
essentially said a REAL ID could either be a plastic card or it
could be digital, the assumption was that the same team in DHS
might lead it again, but then TSA was basically given the
authority.
Jurisdictionally, this becomes a bit of a tricky issue. But
there is certainly, as I talk about the cybersecurity
implications of digital identity writ large, and the way that
mobile driver's license could play a role in solving those
problems, one of thoughts has been that CISA could play a role,
but CISA does not seem to be engaged on this particular issue.
I don't know that CISA would be ideal necessarily. I would
personally prefer to see this at NIST. But even within the
scope of DHS and the current legislation that we have, DHS has
the ability to bring in a cybersecurity set of experts as
opposed to just TSA with its more limited focus.
Ms. Lee. Mr. Grossman, I would like to go back to your
testimony about MDLs. I believe you described that they could
offer better security and better privacy for consumers if
they're designed properly. I'd like to hear more from you
about: What are the elements of that proper-designed that could
ensure the security and the privacy?
Mr. Grossman. So there's a number of elements that are laid
out both in the standard, as well as the AAMVA implementation
guidelines, and a couple of that I'll highlight for an example.
One is to not track where it is being used. So when someone
uses it and it's red, that is not what we call calling home,
phoning home back to the State agency. The State agency doesn't
know where and how you're using it. Making sure the protocols
and policies are in place is a key protection.
Another key protection of the mobile driver's license is
you as the holder can decide what elements of my information am
I going to share with this individual. By contrast right now,
if you think about every time you use your driver's license or
identity card, you're physically handing that over to that
person who may only need to know you're older than 21. Yet,
you're giving them your name, your address, information about
you, whether or not you're an organ donor. The list goes on and
on and, whereas you only need to know I am old enough to make
this purchase.
So the ability for, as an individual, to say I'm only going
to give you what you need, nothing more and nothing less, is
the opportunity to protect that information.
Ms. Lee. Thank you, sir.
Mr. Grant, back to you, one of the things that you
mentioned was attributing the lack of progress to DHS to their
desire to wait on the International Standards Organization to
develop standards. We've touched on CISA, NIST.
Can you elaborate on the advantages of DHS not waiting for
the International Standards Organization to finish their work,
both in terms of immediately protecting millions of victims
from identity theft, in addition to wanting to remain the world
leader in the digital identification space?
Mr. Grant. Yes, thanks for the question. So I'll preface
this by saying that I mentioned in my written testimony, I used
to work at NIST. I used to lead digital identity efforts there
from 2011 to 2015.
Generally speaking, the voluntary consensus-based standards
process that we embrace, along with a lot our peers across the
globe, is the best way to go. Every now and then, we have a bit
of a crisis where we need to move a little quicker, and that's
where I can think of at least two situations over the last 20
years, where the White House or Congress have turned to NIST
and said you've only got 9 months, 12 months and you've got to
act.
The first was in 2004 when President Bush issued Homeland
Security Presidential Directive 12 in response to the need to
have stronger IDs for Government workers and contractors. That
was a Presidential directive. NIST provided FIPS, Federal
Information Processing Standards, FIPS 201 within 9 months.
The second was in the Obama administration when Congress
deadlocked on cybersecurity legislation. So, they said, well,
let's at least come up with a cybersecurity framework that can
be voluntary that not only Government agencies but also
industry can start to use to manage cybersecurity risks.
It was an Executive Order in February 2013. A year later,
because NIST only had a year, they rolled out the CSF. In fact,
that's become the basis of an ISO standard today.
I think we're at a moment right now with FinCEN's
documented $212 billion in suspicious activity reports in 2021
tied to compromised identity. The GAO said between $130- and
$135 billion in pandemic unemployment benefits lost to
fraudsters, again, mostly organized criminals in hostile
nation-States.
You add those numbers up, that's between $300- and $350
billion just in two sectors, just in 1 year. We can't afford to
wait, and I think this is why we're at a point where we should
stop deferring to ISO in hoping the voluntary process works.
Instead, we basically put NIST and really I think we really
need a broader whole-of-Government effort to address what I
really think is a crisis right now when it comes to identity-
related cyber crime.
Ms. Lee. Thank you.
Mr. Chairman, I yield back.
Mr. Gimenez. Thank you.
I now recognize the gentleman from Illinois, Mr. Foster.
Mr. Foster. Thank you, Mr. Chair, for waiving me onto this.
You know, we have been wrestling with this and, you know, for
some years now. It's, you know, we're forced to sort-of spread
our effort into multiple committees and multiple agencies, and
that's slowed things down.
I had a Zoom earlier this morning with a gentleman, Norbert
Sagstetter, who is leading the European Union effort on this,
and they're making impressive progress.
You know, their goals are that I think by February, they
will have passed the enabling legislation, and that by some
time around 2026 or 2027, every E.U. citizen will have the--who
wants one, will be able to get a secure digital ID they can
present on-line to prove they are who they say they are.
They are wrestling the same things that we have, where the
States are going to be holding the biometrics and a lot of the
key databases which people are comfortable with, and yet you
need something which interoperates and prevents, you know,
synthetic identity fraud and things like that.
So, they are really doing the same, going through the same
things we are and it seems to me like maybe a year ahead, which
is sort-of ironic because their biggest collaborator is NIST,
because all the standards that they're rolling out were
actually developed at NIST years ago and they still consult
with NIST.
They're very eager also to collaborate with the United
States, which I thought was very interesting, that they
repeatedly approached me with the idea that we should be--the
free democracies of the world should be working together on
this because we are the--that's where you want to draw the
fence on these efforts.
So actually, Mr. Grant, could you say a little bit about
your perception of what the rest of the world is doing compared
to the United States?
Mr. Grant. Thank you, Congressman Foster, and thanks for
your leadership on this issue.
We're at an interesting inflection point. I'm going to
digress for about 15 seconds to say back in 2011, when I first
joined NIST, I learned that when it came to payment cards, the
United States had 25 percent of the transactions, but 50
percent of the fraud, in other words, an eight-times-higher
fraud rate because we were the only country that had not
migrated away from insecure magnetic to more secure chip-based
smart cards.
It was only after the Target breach happened in 2013 where
we had so much damage that finally the banks and retailers and
other stakeholders said we need to start to move toward the
rest of the world so we can erase all of this massive crime
that we're seeing tied to our reliance on insecure technology.
I think we're at an inflection point right now when it
comes to identity where we are seeing all our peers across the
globe--be it European Union, Canada, Australia, Singapore--you
know, other countries that we tend to think of as our, you
know, both often competitors, but also peers, every one of them
has a strategy right now to try and address this issue of
digital identity on-line. The United States is the only country
that has no strategy whatsoever.
So I worry that in a few years from both an economic
competitiveness standpoint, along with the security losses that
we're suffering because of identity-related cyber crime,
compared to the rest of the world, we're going to be in
somewhat of a dark place.
Mr. Foster. You didn't mention India which is making
really--you know, they came up with a basic identity, mandatory
identity program for every Indian.
There are lots of things that Americans would not be
comfortable about their system. But after having established
that, there's an incredible ecosystem of financial innovation
that's come into being based on the ability to prove you are
who you say you are on-line.
When you get past that hurdle, then the start-up costs for
fintechs are much smaller. There's a lot of enthusiasm,
particularly among smaller banks, where one of their biggest
costs is the cost of on-boarding customers. You remember during
COVID when we had to bring a lot of unbanked individuals into
the system? It was costing $400 to bring an un-banked person
in.
You know, in India it's essentially free. You just get out
your cell phone, prove you are who you say you are, consult the
list of bad actors. If you're not on it, boom, you've opened
your bank account. That is, you know, that's an impressive step
forward.
Other countries are noticing it, and it's in the process of
being adopted. The Indian system and their payment rails are
being adopted by, you know, Singapore and Indonesia and the
Philippines and so on, and as well as some of the Gulf states.
So, you know, there's a danger that usually we spend a lot
of time worrying that the Chinese currency is going to take
over for the U.S. dollar. But I think there's a more real worry
that the payment rails that were developed in India based on a
secure digital ID will take over. So we have to--we have
competitive worries to look at on that.
So the other thing that I guess has been mentioned and
talked about is the business of AI, AI and deepfakes which are
really frightening.
All the banks--I serve on Financial Services. The banks are
all terrified by this because they use voice recognition. When
people say what can Congress do about deepfake and AI
generally, the No. 1 thing that we could do today is to have
Federal recognition of mobile ID on-line to prevent people from
being impersonated from this. That's--that should be a
bipartisan thing that we can really move the ball forward on
this.
So thank you again for letting me participate in this.
Thank you to our witnesses.
Mr. Gimenez. You're quite welcome.
I now recognize the gentleman from Louisiana, Mr. Higgins.
Mr. Higgins. Thank you, Mr. Chairman.
I thank our panelists for being here today.
Mr. Stanley, having been on other side during the course of
my life, many interactions with the ACLU, I look forward to us
agreeing to something today. It would be a first in history.
So I say that lightheartedly, because we are a free nation.
Generally speaking, the purpose of this committee is to
maintain the security of our homeland. But that's the security
of our homeland is to maintain without sacrificing individual
rights and freedoms of our citizenry. Or else what's the
purpose of the security of the homeland?
So this hearing touches on subject matter that is
reflective of that need for balance. In my State of Louisiana,
we were one of the first to push through, through our State
legislature, digital identification. It was official through
the State, recognized by the State.
So as a cop, if I interact with you and I ask for your ID,
for your driver's license, you can show me your phone. There's
an official app on the phone that State--that's recognized by
the State, that I can look at your documentation. So retail
stores and State government offices and police officers, you
know, recognize this digital ID, but TSA does not.
So a common question that, you know, a conservative
Republican like me, we hear back home is: Why we have 9, 10
million illegals coming across the border, and I can't use my
digital ID to get on an airplane but these guys get tickets
from the Department of Homeland Security? You know, we pay to
send them wherever they want to go anywhere in the country.
That's sort-of a generalization of what's happening, but it's
very accurate. It's pretty much true.
So, Mr. Grossman and Mr. Grant, could you speak to what are
the benefits of the expansion of official digital IDs as it
relates to both enhanced security and protected individual
rights and freedoms, which is, for Mr. Stanley, I'm going to
hope we can agree on.
Mr. Grossman and Mr. Grant.
Mr. Grant. Sure. Well, it's great question. I'll say with
regard, first, to Louisiana's mobile driver's license,
Louisiana's definitely been an innovator here. It was one of
the first States out of the gate.
I will say with the draft regulations that TSA's put
forward on MDLs, if the Louisiana ID or any other State ID
that's gone forward on the mobile driver's license side meets
those rules, they would be able to use that to board a plane.
That's my understanding. I'll let TSA tell you that
authoritatively.
I think the balance between security and privacy is an
important one, and where, as somebody who's generally--I've
generally been a privacy advocate.
Mr. Higgins. Between security and freedoms.
Mr. Grant. Freedoms, yes.
Mr. Higgins. Yes, sir.
Mr. Grant. I think we can give people more privacy than
they have today by architecting these solutions the right way
in that, for example, if I hand my ID over at a bar, you can
read everything about me, when what you only need to know is
that I'm over 21. I don't get that question a lot these days,
but there was a time when it mattered.
Digitally, I can just share one attribute about me. The
same with trying to do something on-line, everything that's on
my driver's license might not be needed to be shared with the
bank or with the fintech app that I'm trying to apply for an
account with. But they can get those validated details about me
that they need directly from the authoritative source rather
than relying on some other solutions that are looking at other
sources to try and guess if it's you or not.
So I do think that, again, with the proper design, and this
is why we're really calling for, sort-of a whole----
Mr. Higgins. So if the digital designs, in the interest of
time, would comply with, say, REAL ID, then you would see a
path forward for not just for Louisiana but every sovereign
State to be able to allow the citizenry the option of using a
hard ID versus a digital ID?
Mr. Grossman. That's under way already.
Mr. Higgins. Yes, sir.
Mr. Grossman, you concur?
So, Mr. Grossman, do you concur?
Mr. Grossman. Yes, I concur, and I would add, the reason
why States are going down the road of mobile driver's licenses,
as fascinating and as exciting as new technology is, the core
driving purpose is, where does this technology allow us to
improve on safety, security, freedom from the physical world?
Mr. Higgins. Right.
Mr. Grossman. So through all these testimonies, through the
privacy, through the security, through getting it right, it all
has to do with that driving purpose of making it better than
the status quo of the physical world.
Mr. Higgins. So, Mr. Chairman, my time has expired, but I
would ask the indulgence of the Chair to allow Mr. Stanley to
agree or disagree. It would be a historical moment.
Mr. Gimenez. Yes, go right ahead, Mr. Stanley. Let's make
some history here.
Mr. Stanley. I thoroughly agree with you that----
Mr. Higgins. That's it, I'm out.
Mr. Stanley [continuing]. That it is vital to keep an eye
on freedom even as we look at what a digital ID----
Mr. Higgins. Thank you, Mr. Stanley.
I appreciate the indulgence, Mr. Chair.
Mr. Gimenez. All right. We have some time for a second
round, and so I'll start with myself.
Mr. Grossman, you know, we're talking a lot about the
digital, the digital world and all, and digital IDs, but
digital IDs are going to be based on a standard just like a
hard copy ID right now is.
So, while States may be offering digital IDs, there's no
guarantee that they will be REAL ID. They may not be REAL ID.
So that is not going to be as secure as REAL ID, or do you
think that a State-issued non-REAL ID, you know, driver's
license is as secure as a REAL ID, that that individual, in
fact, is who they say they are?
Mr. Grossman. Fundamentally, yes. This is because States,
even before 9/11, even before the REAL ID Act, States were
already recognizing the challenges of the vetting, identity,
and credentialing process, and making significant changes and
investments to producing a more secure credential, and a more
secure vetting process to make sure someone is who they say
they are.
All credentials that U.S. DMVs issue, there is an
enormously high level of confidence that that person is who
they say they are. It is fundamental to their mission, and is
something that they provide a high level of insurance
regardless of the type of credential they're carrying.
Mr. Gimenez. So what's the difference between a non-REAL ID
and a REAL ID issued by a State?
Mr. Grossman. So there are certain steps and documentation
that Department of Homeland Security has identified as, we
would like States to follow these steps to meet the REAL ID
requirements in order to use the State driver's licenses for
Federal purposes.
The non-REAL ID credentials in the States that offer it, we
would have to provide you a list by State. Some are very close
to the REAL ID process, and some have different gaps in between
the REAL ID process and the non-REAL ID process.
Mr. Gimenez. Would it be easier for somebody to go into a
State and say, I'm Mr. Grossman, and you may be Mr. Grossman,
but then Mr. Stanley may go and say, I'm Mr. Grossman, and get
a driver's license that says that actually that he's Mr.
Grossman if it weren't a REAL ID? Which is easier to do?
If it's not a REAL ID, would it be easier for Mr. Stanley
to become Mr. Grossman or vice versa? Which is the more secure?
Mr. Grossman. That would be--I can't answer that question
of which one is more secure because our States are dedicated to
making sure they're both secure.
The fundamental challenge of someone coming in and claiming
to be someone else is something DMVs are battling every single
day, and that's why they're using every tool in the toolbox to
fight that fraud, to stop that fraud, regardless of which type
of credential someone is trying to get.
Mr. Gimenez. OK. Now, my question, Mr. Stanley, why are
States fighting the standards for REAL ID?
Mr. Stanley. Largely the States have given up that battle.
I think that a lot of REAL ID was about strengthening the
security protections--you know, physical security protections
on physical IDs, and that ship has basically sailed.
Today's digital IDs are much more physically secure, as Mr.
Grossman said, than they were before 9/11. That was going to
happen anyway probably.
Mr. Gimenez. I'm not talking digital ID. I'm talking REAL
ID----
Mr. Stanley. No, no, no.
Mr. Gimenez [continuing]. Versus non-REAL ID, because the
majority of the jurisdictions, they do not issue just solely
REAL ID. They issue--they issue REAL IDs, but they also give
you an option not to get a REAL ID, the majority of the
jurisdictions.
So why are States not just saying everybody's going to get
a REAL ID in order to get a driver's license?
Mr. Stanley. The REAL--I don't know exactly what a lot of
the thinking is, but generally the objections to REAL ID is
that it's a huge unfunded mandate from the Federal Government
that imposed a lot of very particular regulations on exactly
how the DMVs did their business.
REAL ID was rammed through without hearings, without
consulting with the DMVs, and the experts in the DMVs, exactly
how they should proceed, and that led to a lot of the
objections. In addition to objections, people saw it as a
national identity system.
I think that--you know, the answer of--the answer of, like,
what is a REAL ID, it's whatever Homeland Security says it is.
Under the regulation, under the law, they get to make up the
regulations for what it is.
The same thing will apply to digital ID, which is what the
concern about digital ID is, is that we're leaving it up to
Homeland Security, and specifically they've delegated it to
TSA, to decide for the whole Nation what is and is not a REAL
ID-compliant----
Mr. Gimenez. What the standards are to get that digital ID,
that's being left up to TSA and Homeland Security?
Mr. Stanley. Correct.
Mr. Gimenez. OK. I understand the issue now. All right.
Thank you. My time is up.
I now recognize the Ranking Member.
Mr. Thanedar. Chairman, I'm good. Thank you.
Mr. Gimenez. OK. Back to the gentleman from Louisiana, Mr.
Higgins.
Mr. Higgins. Mr. Wiediger, am I pronouncing your name
correctly?
Mr. Wiediger. You're close.
Mr. Higgins. Wiediger? Mr. Wiediger, IDEMIA is rolling out
the CAT 2 technology, correct?
Mr. Wiediger. That's correct.
Mr. Higgins. So one of the airports where that's being
deployed is New Orleans. I anticipate, of course, it will be
well-received, reflective of the training that our TSA agents
and the CLEAR personnel and the airline personnel, the staff on
the ground there, interact with the general public. Have you
had pushback in any of your deployments that this committee
should be aware of----
Mr. Wiediger. We've had no----
Mr. Higgins [continuing]. That's notable?
Mr. Wiediger. We've had no pushback. TSA plans the activity
closely with all the jurisdiction, all the airports that are
gaining CAT 2s. Our teams go out and deploy them. There have
not been issues that have arisen in the deployment of the
assets. They've generally been very well-received.
Mr. Higgins. If there's an update on the boarding pass,
like in the absence of a boarding pass, which is one of the
ways that this new technology can function, am I correct, is to
coordinate the ID as presented and scanned with the records for
the airline regard so a person would not have to have their
boarding pass? Is that correct?
Mr. Wiediger. That's correct.
Mr. Higgins. OK. So that means that the technology would
have some record of a boarding pass. Is that correct?
Mr. Wiediger. So the----
Mr. Higgins. In the absence of the traveler presenting a
boarding pass, if you're saying that the technology will locate
and confirm the boarding pass that's associated with the ID
that's been presented and scanned and compared with the image
of the person that's standing before it, then you're saying
that the technology has possession of the boarding pass data
for that individual, correct?
Mr. Wiediger. In essence, that's correct. The platform is
updated by TSA through their software back-end processes.
Mr. Higgins. OK. So--and if--what if there's a variance of
what the traveler believes is their accurate boarding data?
They've upgraded or something like that, or if they've arranged
to have seats adjoining with their traveling companion or
something like that, like how fast is the technology updated
from the airlines?
Mr. Wiediger. I apologize. I don't have an answer for that.
TSA controls that part. We don't do that piece as it relates to
the boarding data. As it relates to their seats and the
assignments, I don't believe that's a conversation at the TSA
checkpoint, but I'd have to defer to TSA on that.
Mr. Higgins. So that's just something we have to watch?
Mr. Wiediger. I'm sorry?
Mr. Higgins. It's just something we'll have to watch?
Mr. Wiediger. Generally my understanding, based on the
airline processing, is that's handled by the airline. So what
TSA gets is the flight manifest to know that you're----
Mr. Higgins. Right. But that's the boarding pass?
Mr. Wiediger. Correct. Correct.
Mr. Higgins. So you see what I'm saying, there's an
intersection there between the new technology and the traveler
and the airline as it relates to the details of the boarding
pass. Don't want to get in the weeds there.
So the gentleman, my colleague, brought up AI. Do any of
you have concerns, in my remaining minute here? I mean, TSA is
not deploying, is not using AI, but it certainly--at least not
on the front line where there's intersections.
I'm not saying there's no research being done, but at the
point of intersection with American citizens, TSA is not using
AI. Do you see it as an issue and a challenge, and if so, how
and why? Because we certainly see it as an issue.
Mr. Grant. I think the threat from AI when it comes to
identity will probably be less acute in person and more on-
line, where we're seeing cheap deepfakes. You know, I can get
15 seconds of your voice or a photo of you and suddenly you're
on-line saying something you've never said before, never
recorded before. I think this is going to be the new frontier
in attacks in the cyber world where particularly, you know, I
mentioned before, it's a bit of an anomaly when we see a big
breach in identity, does it not provide the attack vector?
I think that might be about to explode if we don't have the
right defenses in place to be able to block some of those. But
I think that's going to--this is actually an area where I think
mobile driver's licenses, because they're rooted in public e-
cryptography, they can't be spoofed by AI----
Mr. Higgins. OK.
Mr. Grant [continuing]. Really important in the cyber
world. The in-person world, my personal view is that's less of
a threat.
Mr. Higgins. Well, we certainly have to build guardrails
into everything we do as we look at the emerging technologies
of AI. Apologize, my time is expired, gentlemen, Mr. Chairman.
Mr. Gimenez. Thank you. So that video I saw of you praising
the former President, that wasn't you? OK.
I recognize the Member from Illinois, Mr. Foster.
Mr. Foster. Thank you. I appreciate it, again.
Could you return a little bit to the phone-home problem?
Because I, this morning, had a long discussion with the E.U.
representative, because the worry that I understand is that if
every time you present your mobile ID, there's a query made to
the database to say, is this--the database maintainer, is this
really valid or not then, which is a sort-of innocuous thing,
until you realize that means they have a record of every time
you presented it and potentially even where you were when you
presented it.
They believe, the European Union, believes that they have
technological solutions that will make that not a worry. You
know, Mr. Stanley, you're on the leading edge of this. Do you
believe that that is something, if you pay attention to the
rules under which you can demand a mobile ID, you know, maybe
even license, making the collection of data from the mobile ID
a licensable activity, which I think is the E.U. approach,
whether this can actually be made into something that isn't
really a privacy concern?
Mr. Stanley. Yes. I mean, we have definitely called for
off-line only, you know, verifications so that the verifier is
not phoning home because, as you said, it creates a record--it
gives a record to the DMV, whatever, you know, their vendor or
whoever, of everywhere that you've showed your ID.
Instead, they can just pre-download the public key of the
DMV, and use the public key to verify that your digital token
is: (A), was signed by the DMV, and (B), has not been altered
by even one bit, and that solves that side of the tracking
problem.
There are other tracking problems where----
Mr. Foster. There is also a revocation problem that if you
say, there's the proof that I live in Naperville, Illinois,
whereas I've, in fact, moved 2 months ago, at some point you
have to consult the database. I have been told that there are
ways to publish the revocation list in a way that's encrypted,
so that the questioner can just sit there and ask a question of
the encrypted database, and whoever's maintaining it won't even
know which individual is being asked about.
So, I was just wondering if that is ready for prime-time
technology that could actually pretty much make this a
nonissue?
Mr. Stanley. So, No. 1, that's a question for a
cryptographer, but my general understanding is that, yes, with
new technologies such as zero-knowledge proofs, you can prove
that you know something without revealing what it is that you
know.
There's currently a lot of exciting research and
applications of these new cryptographic techniques that's being
explored by cryptographers and others, and this is part of the
reason we're saying let's take our time and do this right.
Let's make use of those technologies.
If they exist, it would be a pity if TSA and, you know,
DMVs barrel ahead with this somewhat privacy-protective--on
privacy-protective terms, primitive ISO standard rather than
taking the time and working in these kinds of technologies that
the European Union is looking at and so forth, so that we can,
to some degree, have our cake and eat it too here, have the
advantages that come from, you know, high technology but
protect our privacy at the same time.
Mr. Foster. Yes. It really highlights the difference
between the end-use case. If you're getting on an airplane, the
Government knows you're getting on the airplane. You know,
there isn't an issue of phoning home there.
But if you're buying something on-line, maybe the
Government shouldn't know that you presented your mobile ID for
that purpose.
So, you know, it's really encouraging. I've been told by
some cryptography types that this is actually a semi-solved
problem at this point, and the European Union is trying to get
that--we'll find out in February, I guess, when they roll out
their official technical specifications and so on.
Do you have any other comments on the whole concept of
having collection of information a licensed activity, so that,
you know, if you decide, OK, I'm holding a rock concert, I'm
worried about terrorists sneaking in, and so for 24 hours
afterwards, I want to maintain a record of who walked through
the turnstile, maybe that's OK, as long as you get a license
for collecting that information from everyone who walked in.
If there's no terrorist event in 24 hours, you have--the
terms of your license makes you destroy that kind of
information. Is that the sort of thing that is contemplated in
the United States?
Mr. Stanley. I know that the European Union is looking at
that approach. In many ways it seems like a characteristically
European approach to things, and we don't have an opinion on
whether that's the best way to, you know, impose limits.
But we do think that one way or another, we need to make
sure--because, you know, the fact that a digital ID makes it
much easier and cheaper for a bank to know who you are--they
don't have to go through these kludgy, face-recognition things
and exploring databases to see if you can answer questions.
It makes it much easier and cheaper for banks to know you
are who you say you are, but that means it makes it cheaper an
effort for everybody as well. So everybody is going to start
asking you for your ID, and we have to pay attention to that
flip side.
So whether it's by putting in place laws that restrict who
can ask for an ID and when, or a licensing scheme like that, we
haven't thought deeply enough about that. We don't have a
position on that, but one way or another it's the right goal.
Mr. Foster. OK. Well, thank you. Again, I appreciate it,
the witnesses.
Mr. Gimenez. Thank you. From what I understand, one of the
things that is actually at risk with AI is encryption and
cryptology, and so, we put too many eggs in that basket. That's
a subject to--that's a subject for another hearing, which by
the way I think we're going to have a couple more hearings.
This hearing actually is going to lead to more hearings,
one with TSA about what's going to happen on May 7, 2025,
specifically, and then, what are they doing as far as digital--
digital IDs themselves and their role in it.
So with that, I want to thank the witnesses for their
valuable testimony and the Members for their questions.
The Members of the subcommittee may have some additional
questions for the witnesses, and we will ask the witnesses to
respond to these in writing. Pursuant to committee rule VII(D),
the hearing record will be held open for 10 days being.
Without objection, the subcommittee stands adjourned.
[Whereupon, at 4:28 p.m., the subcommittee was adjourned.]
[all]