Utah mDL FAQs
FREQUENTLY ASKED QUESTIONS (click a heading below to jump to a topic area)
- What safety does an mDL provide?
- How does an mDL prevent fraud?
- What are the benefits for the user?
- What are the benefits for the relying party?
- Do other states have an mDL?
- Who can get an mDL?
- How do I get an mDL?
- What is the future of mDL?
- How does the app work?
- What data does the app contain?
- Will the app track my location?
- Will the app contain other government records?
- But could it contain other government records?
- If the state government were to come up with a single digital platform for a person to manage all of their government documents, who would approve that decision?
- Who authorized the program?
- Who manages the program?
- Is this replacing the physical driver license?
- Who built the software?
- What was the technological lift to put the mDL in place and keep it going beyond the pilot?
- How long has it been in existence?
- How many people have mobile driver licenses?
- Why is there a cost for provisioning my mDL to the application?
- How many businesses can accept them?
- What businesses are coming on next?
- What if I get pulled over?
- Will I need to hand my phone over to the police?
- Doesn’t this give the government too much of my information?
- How secure is it?
- How is my data protected?
- What standards are you following?
- Who has access to the data?
- How is the data accessed between the phone and the state (DLD)?
- Is Apple going to start offering an mDL in Utah?
- Can someone hack my phone and access my data?
What safety does an mDL provide?
An mDL built on ISO/IEC 18013-5 allows the user to limit the data they share to just the data needed for the transaction. When verifying age, the verifier does not need to know the person’s demographic information, address, or driving privilege. They only need to verify that the person presenting is that person and that they are of age to complete the transaction with only the information required by law. When using the barcode from a physical license, all the text information from the card is contained in that barcode, so mDL represents an improvement in control of data. In addition, the portrait is not in that physical barcode, leaving open the opportunity for misuse of the physical card by someone else. mDL has these protections.
How does an mDL prevent fraud?
An mDL allows you to share data with the relying party (business, agency, or checkpoint) you choose to do business with. All the security and privacy checks happen automatically through digital signatures and certificate verification. Verifying the authenticity of a physical card, on the other hand, is dependent on the knowledge of the clerk or verifier, who must understand the security features on a physical card. Card security features vary from state to state and continually change.
Verifying the authenticity of an mDL is not dependent on the knowledge or training of the clerk. The Reader app does the work. The certificates used in an mDL transfer are signed by the State of Utah Driver License Division and give cryptographic proof that the data is valid. In turn, fake and altered IDs are rejected and cannot be authenticated.
What are the benefits for the user?
- Contactless transaction – Never hand your phone or device to anyone.
- Control of shared data – You control what data you share.
- Secured on device – Data is encrypted and requires PIN or biometrics to open.
- Remote management – Device can be wiped or deleted if lost or stolen.
- Lost Credential (license or ID card) Recovery – If ID is lost, it is quick to download the app and resume having your mDL versus applying for a duplicate hard card.
What are the benefits for the relying/verifying party?
- Contactless transaction – Never have to touch a user’s device, which reduces liability.
- Controlled data – Only request the data required to approve the transaction.
- Security features – All security features are confirmed electronically; no need to decipher physical security features or run through fraudulent document training.
- Signed by issuing authority – Certificates verify that the credential was issued by the Driver License Division.
Do other states have an mDL?
Yes, multiple states have ongoing pilot programs and may issue production mDLs this year. There is an interactive map at Implementation Tracker Map – mDL Connection that shows progress in the United States, and there are other jurisdictions worldwide that are implementing mDL. There is no central coordination of these efforts, but there is a common, open standard for sharing the data so that driver license and ID implementations result in identity that people can use everywhere – ISO/IEC 18013-5:2021 – Personal identification.
Who can get an mDL?
mDLs are only available to current holders of a valid Utah driver license, commercial driver license, or identification card.
How do I get an mDL?
With the program having transitioned to production, you can perform a self-setup and ID verification. Instructions are available here. The GET Mobile ID application will require you to scan your physical driver license, confirm your phone number, and take a live selfie inside the app. Please watch our social media for information about additional methods, including the ability to obtain your mDL during your visit to a DLD office.
What is the future of mDL?
The mDL is an optional extension of our physical credential. Just as we have worked for the last 3 years to get this project off the ground, each state will do something similar. That is just the first part of building an interoperable ecosystem. Then we have the relying parties who will have their own timeline of adoption. This timeline will be driven by the public and their adoption and desire to use an mDL. You can ask your favorite local businesses to use one of the many mDL Reader solutions on the market. The FAA states that there are 2.9 million domestic travelers daily. This would position TSA to be the largest relying party since they likely are one of the largest verifiers of our physical credentials already. This, by itself, could speed up the ecosystem and adoption rate of the mDL by states and citizens.
The second part of this answer is online or unattended verification. While the standards for this type of identity verification are still being written, the use cases expand exponentially. One example of this is opening a bank account online. While this is possible now, a bank gathers large amounts of data from you, asks for the upload of digital copies of documents, and runs several checks on a person to try to avoid fraudulent activity while using information from a multitude of 3rd parties. Digital verification of an mDL would significantly reduce a person from fraudulently being able to open or access an account. In short, the physical credential is not going away. The mDL is an optional extension of your hard card, just like putting your credit card on your phone. The future of mDL will open some avenues of use that we have not ever considered.
How does the app work?
The app, written by GET Group North America, can be downloaded from public app stores onto your mobile device. At the DLD office, someone will verify your identity and the system provisions your mDL directly into that app. At home, you may run a self-registration process.
How do I provision my mDL?
The at-home remote provisioning goes through the following steps. The license holder will: (1) download the app from the app store and then (2) confirm your mobile number and email and then (3) scan the 2D barcode on the back of the license and then (4) take a selfie and do a liveness detection. If the selfie matches the photo previously taken at a Driver License office and if the data on the back of the license matches the valid data in the Driver License database, then the license will be provisioned onto the phone.
The mDL data has been signed by Utah DLD when provisioned to your device. That digital signature makes it an official document that you control. The system uses the private keys on your device to encrypt each data element and ensure that only you can use it and share data. No other entity can access or read the mDL data without your consent.
A relying party (i.e., a business, restaurant, bank, etc.) will have a verifier app that contains a public key from all trusted issuers (such as Utah DLD.) The verifier receives encrypted data from you and authenticates that data with the correct public key. This ensures that the mDL data is authoritative (comes from the DLD), has not been altered, and was issued to you. If all the data elements you shared match, the credential is verified. If there has been any tampering or changes to the data, it will not be verified. The relying party can then approve your transaction.
How do I use my mDL at a store?
To present your license or ID, unlock the GET Mobile ID app with PIN, face, or fingerprint and choose the data page you want to share. Then simply tap the share button and a QR code will appear. The QR has a countdown timer and does not contain anything that identifies you. Present the QR code to the relying party’s verifier device and the two devices will create an encrypted communication path for the verifier to receive just the data you approved, and verify the validity of the license or ID. On many devices, it is also possible to start the process using Near Field Communication (NFC) by tapping your phone on a verifier device when you see the QR code and NFC logo on screen after hitting the Share button.
What data does the app contain?
Legislatively and contractually, the only data in the mDL application is your driver license and the phone number and email you provided. All data is encrypted and stored in the secure area along with the private data keys. For any other information to be added to the license or to expand the app’s capability, it would have to be debated and approved by state lawmakers, which has not occurred or been discussed.
You also have access to the transaction log of places you have shared your mDL data. This is also currently stored encrypted on the device and is never shared with any other entity, including any government entity.
Will the app track my location?
No. There are no location or tracking services associated with the mDL. On some devices, location service chips are used for Bluetooth and NFC communication, which is why you may have been promoted to consent to sharing location with the app itself (not any other entity.)
Will the app contain other government records?
No. Not only are no other government records stored in the app, but the app also does not link to or share data with any other government agency.
But could it contain other government records?
The DLD does not want and will not want to commingle any other data (fishing licenses, vaccine records, etc.) with the driver license database. So while the developer technically could do that, the scope for the app is so narrow to only include the mobile driver license data. And remember, adding your driver license to your phone is optional.
If the state government were to come up with a single digital platform for a person to manage all of their government documents, who would approve that decision?
Something like a digital government wallet would require significant debate, decision-making, and funding by the 104-member Utah Legislature. This mobile driver license project is not and will not be the platform for a digital government wallet.
Who authorized the program?
The Utah Legislature in 2019 and in 2020 authorized the Department of Public Safety’s Driver License Division (DLD) to create and pilot a mobile driver license program for residents who want the option of carrying their data securely within their cell phone.
Who manages the program?
Just like with your regular driver license, the DLD manages the mobile license program.
Is the mobile license replacing the physical driver license?
This is not meant to replace the physical driver license. The mDL is available as an option for those who want it. Keep in mind that one of the common requests DLD receives related to the driver license is when can there be a secure mobile version of the license.
Who built the software?
What was the technological lift to get it in place and keep it going beyond the pilot?
With GET building the app, the technical lift really became a matter of building an API to be able to provision your DL/ID data to the device, which took approximately 2-3 months. Since this was done for an operational pilot, there was no significant change to move from pilot to production. Utah’s mDL was implemented by GET Group North America without cost to the Utah Driver License Division and with minimal program expense by the state.
How long has it been in existence?
The pilot program launched in June 2021. DLD was statutorily required to “establish a process and system for an individual to obtain an electronic license certificate or identification card” on or before January 1, 2022, which it has done. The transition to production happened in October 2022 after the completion of security and privacy reviews.
How many people have mobile driver licenses?
As of March 2023, we have 24,000 plus individuals participating.
Why is there a cost for provisioning my mDL to the application?
As stated above, the GET Mobile ID application was implemented by GET Group North America, and the mDL program was run without public funds and with no cost from GET Group. To cover the costs of the pilot program, onboarding Relying Parties so that you can use your mDL, and securing the systems that operate mDL; GET Group North America charges an annual subscription. GET Mobile ID is not advertising support and does not share any of the mDL data or transition data typically shared in “free software” implementations. Therefore, there is an annual subscription cost.
How many businesses can accept mDL?
Currently, the mDL can be used a few dozen locations, with businesses continually coming online as verifiers. You can see a list of locations on this map. As of March 2023, the mDL is accepted as an official ID at the following locations: Salt Lake International Airport – TSA PreCheck; Utah Community Credit Union (UCCU) branches; Harmons (City Creek, Traverse Mountain, and Santa Clara); Various State Liquor Stores; Midtown Community Health Center (Ogden); and America First Credit Union (AFCU) branches.
What businesses are coming on next?
DLD is in conversations with various gas stations, convenience stores, financial institutions, and government agencies. They will be added to the map and announced through our social media channels when they come online. Since the application was built upon an open ISO standard, businesses and agencies may independently start accepting mDL’s. There is no approval process, and many applications and solutions for reading ISO 18013-5 mDL’s are coming available. Businesses can obtain more information here, including the Utah public key.
What if I get pulled over?
At this point, law enforcement does not have the capability to verify the mDL and will continue to request your hard card license or ID. However, we are working with Utah Highway Patrol troopers in Salt Lake County and are in conversations with other law enforcement agencies throughout Utah who have expressed interest in the program.
Do I have to hand my phone over to the police?
You won’t, and you never should. An officer will carry a specific mobile application that can scan a QR code generated by the mobile driver license application. There is also an option to share your information with an officer via Bluetooth. The data is only shared with someone else when you tell the app to share it. And it is all completed without anyone else touching your device.
Doesn’t this give the government too much of my information?
This is the same information you gave the DLD to create a license for you in the first place. This is just a convenient, safe, and official way to carry your driver license digitally. It also gives you more control over what information you share from your driver license. DLD follows strict security standards that you can read about below.
How secure is it?
During provisioning, the system identifies your device so that only you can get your mDL, downloads the DLD-signed data, then utilizes the private keys on your device to encrypt all data elements. Only your device can decrypt and share that data once you consent to share. Those signed mDL data elements can be verified with the public key that the driver license makes available for verifiers. Not only is the data encrypted, but the application leverages the existing security features of your device. At a minimum, you must create a separate PIN to access the application, but you may also use fingerprint or facial recognition available on your phone to unlock the app.
How is my data protected?
The app provides a tamper-proof ID Doc on your mobile device that is signed by DLD. Nobody can create a fake PIN or use your Face/TouchID, ensuring only you can access or use your mDL. (Please note: ALL people you enroll to use your phone will be able to unlock the application; however, they will not match your driver license photo and will not match to you after data is shared.)
Just as you choose to share your physical license, you will be in control of who you share your digital license with, and it cannot access data without your consent. Not even DLD or law enforcement can access data unless you share it. In addition, you can choose the groups of data that you will share, allowing you to hold unneeded personal information from being shared.
What standards are you following?
The standards used to build the mDL are the ISO 18013-5 standards, which lay the groundwork for security and interoperability for a mobile driver license/ID solution. Since ISO/IEC is an International Standard, you will be able to use your mDL as identification around the globe. The system also adheres to the most recently published AAMVA (American Association of Motor Vehicle Administrators) guidelines, in which AAMVA and ISO developed the standards for our physical credentials. As additional standards from ISO/IEC, W3C, Open ID Foundation, or other standards development organizations become applicable to consenting and sharing your driver license for in-person and online interactions, Utah’s mDL will implement them.
Who has access to the data?
Nobody, not even law enforcement, has access to your mDL data without your consent. You actively consent to share your mDL data from your phone with just the entities you choose. Just like with your physical card, DLD holds and protects the original driver license record.
How is the data accessed between the phone and the state (DLD)?
The phone sends a request to the mDL application provider. The provider then sends a request to the state (DLD), which must meet several security requirements. DLD then processes the request and reports a “yes” or “no” that the driver license is a valid registration. In short, the cell phone does not directly access the database at DLD that contains all of the personal information of license holders.
Is Apple going to start offering a mDL in Utah?
Apple has announced that they will be working with several states, including UT, to enable residents to add their driver license or state ID to Apple Wallet in the future. This project is in the initial planning process. DLD and Apple will work together to ensure this product meets the needs of UT and its citizens. And just like the mDL with the GET Mobile group, downloading your mDL to your Apple Wallet will be optional.
Can someone hack my phone and access my data?
We have gone to great lengths to protect your data, including encryption, securing the app with a PIN or biometric authentication, and having a stand-alone app that does not track data or interact with other apps on your phone. While the DLD cannot determine whether your phone can be hacked, simply having an mDL on your device does not increase the susceptibility of that happening. Also, there is no direct link from the mobile app to DLD’s data or systems. Appropriate layers of security have been implemented to protect that data.