NSW announces plan for digital licences

NSW recently announced plans to digitise licences issued in the state — starting with recreational fishing, responsible service of alcohol and gambling licences, then progressing on to eventually issuing digital drivers’ licences.

It’s an exciting announcement, and whilst not the first (Delaware and Iowa have also announced plans) it would seem to make NSW a very early adopter.

Why bother? Convenience for the licensee is a plus: one less card to carry on you, simpler renewal and no waiting around for your new licence to arrive. It can deliver some improvements in identification too – a digital system can provide more complete and detailed information to verify the correct person has the licence (such as 3D image of the person’s face). Thirdly, in the long run it should lead to significant cost savings for government as phyiscal licences are eventually phased out.

However, there are a lot of risks and challenges to overcome.

We can consider this using the three “C’s” of security:

  • Confidentiality.
  • Integrity.
  • Availability.

The above rules are summarised by the SANS Institute as:

“Information should be shared only with authorized persons, it should be verifiably authentic, complete, sufficiently accurate, trustworthy and reliable, and it should be accessible when needed.”

So what are the specific issues the NSW Government will need to overcome?

Security

The first issue is fairly obvious: making sure the new digital licences can’t be falsified or duplicated. After all, people regularly swap phones, so the system will need to allow the “licence” to exist on multiple devices or make it easy to transfer.

Stopping people from creating apps that replicate the licence will be impossible, so the best solution is likely to make the most important aspects server-side. For instance, have the app designed to be scanned by a device used by the police officer (including, potentially, a phone app). The officer’s device can then fetch the licence details from the source, and use those to verify the person’s identity. Poor reception areas could present a problem here, but having the officer’s system periodically sync a cached copy would alleviate this somewhat (if no connection available to main system, use the cached copy.

Inter-jurisdictional recognition

This has been acknowledge as a significant challenge by the NSW government — will other jurisdictions recognise the licence? Here the critical issue is inter-state recognition: If a person goes on a driving tour of the Great Ocean Road, will the Victorian Police accept the digital licence? Even if they want to, will they be able to verify it?

The answer right now seems to be “they don’t know.” Some of the information released has stated physical licences will still be available. So it may be a case of remember to put your physical licence back in the wallet/purse before heading off interstate, but that sounds like a stop-gap solution. Ultimately, we will probably need agreement on an interoperable standard for such systems so that each jurisdiction can verify each other’s licences.

That is likely going to take some time.

International recognition of the licences is a smaller issue, but will be annoying for those travelling. When travelling overseas, most people elect to lock up their passports when heading out for the night — losing a passport is a serious issue — and just carry their driver’s licence — as a proof of age ID most places will accept international licences. As a side story, this doesn’t always work so well if you’re from Tasmania. I’ve had a number of bartenders insist the ID must be fake because “Tasmania doesn’t exist.” They’ve even (on occasion) had large books of international driver’s licences to check whether they are legit and Tasmania has been missing from the book. Similarly, travellers may run into inconveniences if they want to rent a car.

Privacy

Up at the top I mentioned one of the benefits of a digital licence being that it provides more complete and accurate information for authorities. That means the licence is also more valuable to those with more nefarious intentions, and appropriate security measures will be paramount.

There is a less obvious issue which some others have highlighted — the privacy of other information stored on the phone. These days our phones carry a huge amount of personal and private information on them — many will not feel comfortable unlocking their phone and handing it over to a stranger (even one in a uniform). There are ways to address this — and there are indications the problem is being considered, but much will ride on the final implementation. Personally, I hope they elect to go for a “scan” solution, where the officer scans the licence without actually taking the phone away.

Conclusion

The proposed plan is ambitious (digital driver’s licences available in 2018) and in some respects it feels like it is overdue in 2015. However, in spite of  the basic concept being fairly simple, there are a lot of hurdles to be overcome. Some of those are techincal, but the hardest will be the social — designing a solution users will feel comfortable using, and achieving the support necessary to make the program workable.

Advertisements

One thought on “NSW announces plan for digital licences

  1. I wonder if something along the lines of a Kerberos authentication setup may be necessary – authentication tokens, authentication token-issuing servers, limited lifespans and the like.

    You could almost model it as a public-private key setup – private key stays on the (device? server-side? Chip embedded in the drivers arm?) and the public key is registered with that persons name etc.

    The stickler would be to make sure the license is pinned to the right person. What about a TOTP-type shared secret authentication scheme?

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s