TSA Shouldn't Force a Bad Digital ID System on America

A movement is underway to create a digital identity system that would allow people to carry their ID on their phones or on digital smart cards and, eventually, use them over the internet. That might sound handy at first blush, but as we discussed in this 2021 report, it would not be as simple as it might sound. It could create a world where we get asked for digital ID at every turn, and by every web site, and where our ID use is tracked; and it could have significant implications for equity if digital IDs become effectively mandatory by disadvantaging those who don’t have a smartphone.

Unfortunately, the TSA is threatening to prematurely lock in a harmful digital identity system that allows ID card issuers to track where people show their ID, fails to include a number of important privacy protections, and fails to ensure that the system is free from the control of particular private corporations. We, along with several of our allies, submitted joint comments to the agency highlighting these and other problems and urging the agency to slow down.

The major questions about any digital identity system are whether it will be designed to protect privacy to the maximum extent possible, and whether people will be forced to participate in it. Will it be built to give control to people, or built to spy on people and increase the control of government agencies and companies over people? Making somebody show ID is sometimes necessary, but it’s also an act of power. Who should be able to require someone else to identify themselves? What can the requestor do with that information once they have it? What recourse does the identified person have if the requestor misuses the information?

We need to be extremely careful about what kind of system we adopt, because it’s going to need to be interoperable across all the states, and potentially across the world, and therefore, once adopted, is going to be very difficult to change.

The TSA relies on identity cards only for one very narrow and specific purpose, so it might seem strange that the agency is in a position to determine the design of a new identity system, dictating the process for how people present ID in every small town and city across America — and more significantly, perhaps, online — for decades to come. Some in Congress have proposed the creation of a national expert task force to recommend a digital ID architecture, but that hasn’t happened.

The reason for the TSA’s position is the Real ID Act of 2005, in which Congress forced states to follow federal standards for the design of physical driver’s licenses that would be recognized by the federal government. (This ill-conceived legislation was drafted hastily and forced through Congress without hearings in a post-9/11 environment where opposition to even the stupidest national security measures was still demagogued as “pro-terrorist.”) In 2020, Congress modified that law by extending federal power to digital IDs, leaving it up to DHS to craft the precise rules for what kinds of digital ID would be deemed Real ID-compliant. DHS then decided to delegate that process to its sub-agency, the TSA.

In short, whatever rules the TSA comes up with for federally compliant digital IDs will force the states to comply and are likely to govern what the nation ends up with.

A lot of innovation is underway in the digital ID space. A whole community of technologists and other experts has been working on the problems of online identification and authorization for years. There’s innovation in privacy-protecting encryption with a wide variety of applications. The World Wide Web Consortium (W3C), the main standards organization for the web, is working on a standard called Verifiable Credentials, which is more decentralized and privacy-protecting than many other systems.

Another standard that has been issued is called Mobile Driver’s Licenses (mDLs). This standard was created behind closed doors by a secretive committee at the International Standards Organization (ISO) that, so far as I can tell, was made up of representatives of U.S. security agencies like DHS, tech giants, and authoritarian governments. As discussed in our 2021 report, this ISO standard is flawed. It would allow for IDs that “phone home” to the DMV (or its corporate contractor), allowing tracking of where, when, and to whom you are showing your ID, and still lacks many important components that could protect privacy. Missing components include, for example, standards governing the design of digital wallets and their privacy protections, protections for data stored on the phone, mechanisms for the ID holder to receive information about the legitimacy of the requester, and provisioning (the process states use to install an mDL in people’s wallets).

If the United States is to adopt a digital ID, it’s also vital that that ID be open and free of proprietary corporate strings. There must be no one corporation, or small handful of corporations, that Americans are de facto required to deal with in order to participate in a digital identity system. Yet the TSA appears to be working extremely closely with Apple Inc. Documents obtained by journalist Jason Mikula reveal that the TSA has entered into contracts that appear to give Apple Inc. significant power over the implementation of mDL checkpoints. For puzzling and unclear reasons, the TSA even signed over to Apple the agency’s patents governing the operation of its airport mDL checkpoints.

If it moves to embrace the ISO standard at this time, as it is proposing to do, the TSA will prematurely lock in that standard before we have a clear sense of its effectiveness or risks, and in spite of the fact that other maturing standards such as Verifiable Credentials seem far superior. Any increased use of digital driver’s licenses won’t speed people through airline security — ID checking is not the bottleneck — and it won’t free people from having to carry their physical ID cards, since, as the TSA warns, “You must still carry your physical ID.” A number of states have launched state digital driver’s license programs (also in questionable partnership with the TSA and Apple), but there has not been any popular rush to embrace them.

And there is no popular clamor for digital IDs from residents of the states. The states that have rolled out digital driver’s licenses have not had substantial public sign-on. This is being driven by vendors and other corporations, eager to define digital driver’s licenses as “the future” and conjure a non-existent public excitement about the technology. Whether or not digital IDs prove to be part of our future, there’s no reason for that future to include this particular form of digital ID.

For all its problems, the TSA doesn’t have any incentive to turn digital IDs into a privacy nightmare. It just wants to check travelers’ IDs (though doing so has a very dubious relationship to the security of aviation). I suspect that it is moving too fast out of a misguided effort to be “mission-focused” and “modern” and to “embrace the future.” But the TSA, like state departments of motor vehicles, has been thrust into an important civic role that is far broader than its mission, and it needs to act with a recognition of that responsibility. As we told the TSA in our comments, there’s no hurry here; if we must have a digital ID system, we should take the time to do it right. A rushed embrace of a poorly scoped standard could leave us locked into a world with even more corporate control, centralized surveillance, and weakened privacy than we have today.