Back to News & Commentary

TSA Shouldn't Force a Bad Digital ID System on America

Hand holding a paperless passport virtual ID on smartphone screen with airport timetables as background.
If we must have a digital ID system, we should take the time to do it right.
Hand holding a paperless passport virtual ID on smartphone screen with airport timetables as background.
Jay Stanley,
Senior Policy Analyst,
桃子视频Speech, Privacy, and Technology Project
Share This Page
October 31, 2023

A movement is underway to create a digital identity system that would allow people to carry their ID on their phones or on digital smart cards and, eventually, use them over the internet. That might sound handy at first blush, but as we discussed in this 2021 report, it would not be as simple as it might sound. It could create a world where we get asked for digital ID at every turn, and by every web site, and where our ID use is tracked; and it could have significant implications for equity if digital IDs become effectively mandatory by disadvantaging those who don鈥檛 have a smartphone.

Unfortunately, the TSA is threatening to prematurely lock in a harmful digital identity system that allows ID card issuers to track where people show their ID, fails to include a number of important privacy protections, and fails to ensure that the system is free from the control of particular private corporations. We, along with several of our allies, submitted joint comments to the agency highlighting these and other problems and urging the agency to slow down.

The major questions about any digital identity system are whether it will be designed to protect privacy to the maximum extent possible, and whether people will be forced to participate in it. Will it be built to give control to people, or built to spy on people and increase the control of government agencies and companies over people? Making somebody show ID is sometimes necessary, but it鈥檚 also an act of power. Who should be able to require someone else to identify themselves? What can the requestor do with that information once they have it? What recourse does the identified person have if the requestor misuses the information?

We need to be extremely careful about what kind of system we adopt, because it鈥檚 going to need to be interoperable across all the states, and potentially across the world, and therefore, once adopted, is going to be very difficult to change.

The TSA relies on identity cards only for one very narrow and specific purpose, so it might seem strange that the agency is in a position to determine the design of a new identity system, dictating the process for how people present ID in every small town and city across America 鈥 and more significantly, perhaps, online 鈥 for decades to come. Some in Congress have the creation of a national expert task force to recommend a digital ID architecture, but that hasn鈥檛 happened.

The reason for the TSA鈥檚 position is the of 2005, in which Congress forced states to follow federal standards for the design of physical driver鈥檚 licenses that would be recognized by the federal government. (This ill-conceived legislation was drafted hastily and forced through Congress without hearings in a post-9/11 environment where opposition to even the stupidest national security measures was still demagogued as 鈥減ro-terrorist.鈥) In 2020, Congress modified that law by federal power to digital IDs, leaving it up to DHS to craft the precise rules for what kinds of digital ID would be deemed Real ID-compliant. DHS then decided to delegate that process to its sub-agency, the TSA.

In short, whatever rules the TSA comes up with for federally compliant digital IDs will force the states to comply and are likely to govern what the nation ends up with.

A lot of innovation is underway in the digital ID space. A whole community of technologists and other experts has been working on the problems of online identification and authorization for years. There鈥檚 innovation in privacy-protecting encryption with a wide variety of applications. The World Wide Web Consortium (W3C), the main standards organization for the web, is working on a standard called , which is more decentralized and privacy-protecting than many other systems.

Another standard that has been issued is called Mobile Driver鈥檚 Licenses (mDLs). This standard was created behind closed doors by a secretive committee at the International Standards Organization (ISO) that, so far as I can tell, was made up of representatives of U.S. security agencies like DHS, tech giants, and authoritarian governments. As discussed in our 2021 report, this ISO standard is flawed. It would allow for IDs that 鈥減hone home鈥 to the DMV (or its corporate contractor), allowing tracking of where, when, and to whom you are showing your ID, and still lacks many important components that could protect privacy. Missing components include, for example, standards governing the design of digital wallets and their privacy protections, protections for data stored on the phone, mechanisms for the ID holder to receive information about the legitimacy of the requester, and provisioning (the process states use to install an mDL in people鈥檚 wallets).

If the United States is to adopt a digital ID, it鈥檚 also vital that that ID be open and free of proprietary corporate strings. There must be no one corporation, or small handful of corporations, that Americans are de facto required to deal with in order to participate in a digital identity system. Yet the TSA appears to be working extremely closely with Apple Inc. Documents obtained by journalist Jason Mikula reveal that the TSA has entered into contracts that appear to give Apple Inc. of mDL checkpoints. For puzzling and unclear reasons, the TSA even signed over to Apple the agency鈥檚 patents governing the operation of its airport mDL checkpoints.

If it moves to embrace the ISO standard at this time, as it is proposing to do, the TSA will prematurely lock in that standard before we have a clear sense of its effectiveness or risks, and in spite of the fact that other maturing standards such as Verifiable Credentials seem far superior. Any increased use of digital driver鈥檚 licenses won鈥檛 speed people through airline security 鈥 ID checking is not the bottleneck 鈥 and it won鈥檛 free people from having to carry their physical ID cards, since, , 鈥淵ou must still carry your physical ID.鈥 A number of states have launched state digital driver鈥檚 license programs (also in with the TSA and Apple), but there has not been any popular rush to embrace them.

And there is no popular clamor for digital IDs from residents of the states. The states that have rolled out digital driver鈥檚 licenses have not had substantial public sign-on. This is being driven by vendors and other corporations, eager to define digital driver鈥檚 licenses as 鈥渢he future鈥 and conjure a non-existent public excitement about the technology. Whether or not digital IDs prove to be part of our future, there鈥檚 no reason for that future to include this particular form of digital ID.

For all its problems, the TSA doesn鈥檛 have any incentive to turn digital IDs into a privacy nightmare. It just wants to check travelers鈥 IDs (though doing so has a very dubious relationship to the security of aviation). I suspect that it is moving too fast out of a misguided effort to be 鈥渕ission-focused鈥 and 鈥渕odern鈥 and to 鈥渆mbrace the future.鈥 But the TSA, like state departments of motor vehicles, has been thrust into an important civic role that is far broader than its mission, and it needs to act with a recognition of that responsibility. As we told the TSA in our comments, there鈥檚 no hurry here; if we must have a digital ID system, we should take the time to do it right. A rushed embrace of a poorly scoped standard could leave us locked into a world with even more corporate control, centralized surveillance, and weakened privacy than we have today.

Learn More About the 桃子视频 on This Page