Motor vehicle officials and a biometric firm are piloting a federally-funded online program to let citizens renew driver’s licenses by drawing a passcode with a mouse or finger on a touchscreen -- a method with the potential to stanch voter fraud.
The maneuvering will be similar to scribbling on an Etch-a-Sketch toy, said Jeff Maynard, president and chief executive officer of Biometric Signature ID, the company providing the handwriting recognition service. “Instead of your Etch-a-Sketch machine, it’s now a mobile device, like an iPhone or an iPad,” or a personal computer.
The $1.6 million project led by the American Association of Motor Vehicle Administrators is one of several trials the National Institute of Standards and Technology is funding to lay the foundation for an online login network, akin to a credit card system, where computer users can access separate sites without resubmitting personal data.
Other participants in the licensing pilot program include the Commonwealth of Virginia Department of Motor Vehicles, CA Technologies, Microsoft and AT&T.
The planned login network, called the National Strategy for Trusted Identities in Cyberspace, or NSTIC, aims to ensure Internet users are who they say they are when they interact online.
With handwriting capture, “those strokes are unique to you. And we store that in an encrypted database when you enroll. If the biometrics match, you are allowed access to the next level” of identity verification to conduct the online transaction, renewing a license in this case, Maynard explained. The technique, called gesture biometrics, allows the computer to distinguish the physical person from imposters by using “whatever pointing device they have at their desk right now,” Maynard said. (Click here for a test drive)
The technology is delivered through the Web, or the “cloud,” so there is no app to download or hardware to attach.
Motor vehicle administrators feel compelled to advance the NSTIC network, due to “the driver’s license increasingly becoming the de facto identity document,” Neil Schuster, the association’s president and chief executive officer, said in a statement.
Some local governments require that voters show a driver’s license or similar ID to vote. And DMV websites are the de facto voter registration location in many states. These realities create the risk that bogus driver’s licenses could impact voting results.
“Man, that thing in the wrong hands can create your ID for somebody else,” Maynard said.
NSTIC proponents say the envisioned chain of validated IDs could thwart such fraud and make all online transactions, perhaps even online voting, more secure than it is today. There are hurdles, however. The network will require compatibility standards, privacy policies, buy-in from e-commerce businesses, the trust of citizens, a new marketplace of credential providers, and global adoption.
Ian Grossman, vice president of member services and public affairs for the motor vehicle association, said, “If there’s a way an elections commission can leverage what we’re doing to reduce the fraud of the initial identity document then I think the benefits of that will be flowing in a lot of different directions.”
Within the NSTIC system, the data on a driver’s license may be needed to obtain a stronger Web credential from, for instance, authentication firm VeriSign, to perhaps one day file taxes through IRS.gov.
"The same entities who issue a driver’s license -- that provide you an identity card -- would be involved in a broader community that gives someone credentials,” Grossman said. “Our intent is limit and minimize the amount of fraud around these identity documents.”
The problem of fraudulent online ballots and voter registration rolls are beyond the immediate scope of the $9 million worth of pilot grants that NIST announced on Sept. 20.
“Our efforts in the NSTIC National Program Office are centered around creating an identity ecosystem where individuals can choose from a variety of different credential offerings in the marketplace for online transactions that are more secure, convenient and privacy enhancing,” said Jeremy Grant, NIST Senior Executive Advisor for Identity Management. “But we would imagine that once an identity ecosystem exists, it would enable a wide range of online transactions that are not possible today.”
He added, “Secure authentication is certainly one of the missing pieces to that puzzle [of online voting] but it is hardly the only one.” The other obstacles include viruses on voters’ computers, as well as a 2011 NIST finding that “Internet voting systems cannot currently be audited with a comparable level of confidence in the audit results as those for polling place systems.”
Grant said, “I’d personally love it if I could one day vote from my smartphone. But given that the challenges to online voting extend well beyond the scope of NSTIC, this is not a focus of the NSTIC National Program Office.”
Among the other NSTIC grants is a $1.8 million pilot led by ID management company Daon to demonstrate how senior citizens and other individuals can use smartphones and tablet devices to maximize customer choice, with support from AARP, the American Association of Airport Executives and PayPal, among others. In addition, Resilient Network Systems is pursuing a $2 million program to secure sensitive health and education transactions with the help of the American Medical Association, Aetna, LexisNexis, Riverside Unified School District, Santa Cruz County Office of Education and others.