AAMVA Secure DLID Strategy Presented by: Jay Maxwell AAMVA CIO

1
AAMVA Secure DL/ID StrategyPresented byJay
MaxwellAAMVA CIO
2
AAMVA Secure DL/ID

• Agenda
• Why are we considering biometrics?
• How are we managing the effort?
• Minimum card design specifications
• Biometrics in use today
• Finding the right unique identifier
• Legislation

3
AAMVA Secure DL/ID

• A few Points
• Im am not for or against biometrics.
• Biometrics are fallible.
• The fact that they are imperfect does not mean
  they are unusable
• Yes, even facial recognition!

4
Who is AAMVA?

• American Association of Motor Vehicle
  Administrators
• Established in the 1930s to create a forum for
  the exchange of information among and
  establishment of standards for motor vehicle,
  driver licensing, and law enforcement
  administrators.
• Membership includes all US jurisdictions, all
  Canadian jurisdictions, Mexican Federal
  Government, US Federal Government

5
Driver License/ID Fraud

• There are five basic ways in which fraud is
  perpetrated with respect to the driver
  license/ID
• An applicant uses false breeder documents to
  obtain a legitimate driver license/ID.
• People fabricate/simulate illegitimate driver
  license/IDs (counterfeits).
• Someone modifies a legitimate driver license/ID.
• Problem drivers obtain multiple legitimate
  Driver licenses/IDs, with or without changing
  identities.
• Internal DMV employees issue legitimate driver
  licenses/IDs under false pretenses for personal
  profit

6
Driver License/ID Fraud

• As a result of these conditions
• Bad drivers can avoid driver control actions.
• Dishonest people use driver licenses/IDs to
  steal identities of others for financial gain.
• Underage drinking is facilitated.
• Terrorists can easily obtain legitimate
  identification documentation that opens doors to
  them for their activities

7
Key AAMVA Concepts

• Reciprocity
• Interoperability
• One Driver/One License/One Driver Control Record

8
Secure DL/ID Task Groups

• UID1 Acceptable ID List
• UID2 Residency/Non-Residency/Non-Citizen
• UID3 Fraudulent Document Recognition
• UID4 Internal Controls
• UID5 Oversight Compliance System
• UID6 Model Legislation
• UID7 Card Design Specifications
• UID8 Verification
• UID9 Unique Identifier
• UID10 Enforcement and Controls
• UID11 Driver License Agreement
• UID12 DRIVerS Infrastructure
• UID13 Process/Procedures

9
Minimum Card Design Specifications

• Functional Requirements
• Evidence of privilege to drive
• Identification
• Age verification
• Address/Residence Verification
• Automated Administrative Processing

10
Minimum Card Design Specifications

• General Considerations
• Legacy infrastructure that relies on current
  technologies (magnetic stripe and 2-D bar code).
• Strong consideration for on-line verification of
  the credential.
• Need to tie the card to the individual.
• PIN and perhaps biometrics
• E-government applications.
• Privacy issues related to the information
  available from the card.

11
Minimum Card Design Specifications

• Next Steps
• Determine minimum card security features
• Overt
• Covert
• Forensic
• Determine minimum machine readable data
• This will drive the decision on minimum machine
  readable technology
• Schedule ASAP within six months

12
Current Use of Biometrics in US
Standards?
13
Requirements

• Unique Identifier for a Secure Driver License

14
Associating the Identity with the Person

• One person can have multiple identities
• Multiple persons can share one identity
• This could result from
• Purposeful actions
• Inaccurate processing
• Undesirable regardless of the cause

15
AAMVAs Goal

• One driver/one license/one driver control record
• A person can have only one driver license or ID
  card
• All driver safety information is kept on a single
  driver control record
• The process and therefore the credential can be
  trusted

16
Unique Identifier - Business Uses

• Enrollment Search for an identity associated
  with a person within the system.
• Authentication - Verify a persons claim of an
  identity.
• Updating Groups records belonging to the same
  identity.

17
Requirements

• Capture Speed
• Accuracy
• Privacy
• Acceptability
• Generation
• Conversion
• Cost

• Uniqueness
• Standard
• Non-cooperative Use
• Automated Record Link
• Template Security

18
NGA, NCSL and CSG

• Concerns about federalization of the state
  issued driver license and a federal mandate
• Chair Governor Paul Patton (D-KY) created a
  Homeland Security Task Force that will address DL
  security. Other members are
• -- Gov. Michael Leavitt (R-UT), co-chair
• -- Gov. Roy Barnes, (D-GA), co-chair
• -- Gov. Ruth Ann Minner (D-DE)
• -- one more governor is to be named

19
Office of Homeland Security

• The National Strategy for Homeland Security
• July 2002
• the federal government, in consultation with
  state government agencies and nongovernmental
  organizations, should support state-led efforts
  to develop suggested minimum standards for
  drivers licenses, recognizing that many states
  should and will exceed these standards.

20
Drivers License Fraud Prevention Act of 2002
(S.3107)

• Introduced by Senators Richard Durbin (D-IL) and
  John McCain (R-AZ) on October 10 and referred to
  the Commerce Committee.
• AAMVA provided technical advice to both senators
  on the bill.

21
Overview of S.3107

• Improves reliability of state-issued drivers
  licenses/ID cards, enhances highway safety, and
  verifies personal identity.
• Establishes Drivers Verification Record
  Information System (DRIVerS) by integrating NDR
  and CDLIS.
• Requires Secretary of Transportation to work with
  states in a negotiated rulemaking to establish
  minimum identification and security standards
  through federal regulations.

22
Overview of S.3107

• Would amend the Driver Privacy Protection Act
  (DPPA) by tightening up the current set of
  permissible disclosures of personal information.

23
Overview of S.3107

• Prohibits display of SSN on licenses and
  registrations, but allows internal use or among
  states for linking records for licensing.
• Enhances penalties for making or using
  counterfeit or altered identification documents.
• Enhances penalties for internal fraud for
  unauthorized use of MVA records, equipment and
  software. Class C felony, up to 12 years in
  prison, a fine, or both.

24
Overview of S.3107

• Allows law enforcement to read the information
  stored on the DL/ID card.
• Directs the DOT Secretary to undertake a unique
  identifier study and submit a report to Congress
  within six months.
• Appropriates 20 million in FY 2003 and 50
  million yearly in FY 2004-2007 to fund all
  purposes in the bill.

25
DL Modernization Act of 2002

• H.R.4633 Introduced by Reps. Jim Moran (D-VA)
  Tom Davis (R-VA) and referred to the following
  committees Judiciary, Science, and
  Transportation Infrastructure
• AAMVA provided feedback on a courtesy draft.
• Establishes standards for the issuance of DL/ID
  cards.
• Requires computer chips to be embedded in the
  DL/ID card.

26
H.R.4633

• Requires states to collect biometric data for
  each card holder.
• Provides authority and grants to establish
  DRIVerS.
• Provides stringent penalties for forgery or false
  use of DL/ID cards.
• Requires states to repay grants if they do not
  meet the new requirements.

27
In Conclusion

• Whats Likely to Happen
• Secure DL/ID included with US DOT reauthorization
  (TEA 21) next session.
• Non-biometric unique identifier rolled out.
• Continued research on usefulness of biometrics.

28
Contact Information

• Jay Maxwell, CIO
• Jmaxwell_at_aamva.org
• Rich Carter, Director IT Standards
• Rcarter_at_aamva.org