More on Drivers' Licenses
Arnold G. Reinhold
reinhold at world.std.com
Wed Nov 7 10:06:42 EST 2001
Noah Silva recently brought this interesting 1994 article on DMV data
exchange by Simson Garfinkel to the attention of the
dvd-discuss at eon.law.harvard.edu list:
>http://www.wired.com/wired/archive/2.02/dmv_pr.html
The article discusses the AAMVAnet system and the extent to which
the threat of revocation of driver's license is already being used as
a tool for social control. It's also clear that the state DMVs are
in a unique position to provide identity information for a future PKI.
I did some poking around on Google to see what has been happening in
this area since then. I found the American Association of Motor
Vehicle Administrators web site which announces:
"On October 24, 2001, AAMVA's Executive Committee passed a resolution
creating a Special Task Force on Identification Security to develop
a strategy on enhancing the issuance of secure identification
credentials for driver licensing and photo ID purposes, and to
develop short- and long-term priorities and actions."
http://www.aamva.com/drivers/drvIDSecurityindex.asp
They already have a standard for Driver IDs that is available on-line
http://www.aamva.com/standards/stdAAMVADLIdStandard2000.asp
http://www.aamva.com/Documents/stdAAMVADLIDStandrd000630.pdf (full text)
It is a very through and detailed document that builds on a raft of
existing international standards (smart cards, bar codes, JPEG, etc.)
and US DMV and LE practices (data dictionaries, encodings,
fingerprint and signature storage, etc.). It does not prescribe any
card technology, but sets standards to be used if a technology is
selected.
What is strikingly to me about the document is the complete lack of
cryptographic standards. The document specifically discourages
encryption of machine readable data unless required by law. In a very
interesting Appendix H on physical security measures, digital
signatures are mentioned only in passing under Machine Readable Data:
"Common techniques to ensure data integrity include:
Check digits and data encryption (presumably with public key encryption)
For IC cards, tamper detection and chip disabling; and digital
signatures for all data written to the chip."
That's it! There is a set of proposed revisions to the standard, but
they are only accessible to AAMVA members. I don't know if the
revisions address crypto issues, but from the quote above, I
suspect they have a long way to go.
Arnold Reinhold
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list