As I was contemplating writing a post on future prospects for the federal REAL ID program, Stateline.org reported, “Proposed legislation being circulated on Capitol Hill would give states more time, flexibility and money to meet federal Real ID requirements. […] The bill, which is still being negotiated but could be introduced by the end of the month in the U.S. Senate, is known as the Pass ID Act (Providing for Additional Security in States’ Identification Act).” This is good news, especially the fact that the current proposal would “scrap the program’s current rules and creat[e] a new rule-making process.” (The REAL ID Act of 2005 mandates that state driver’s licenses and ID cards follow federal technical standards and verification procedures issued by the Department of Homeland Security.)
I hope that the REAL ID program is scrapped. It cannot be fixed. I believe that (pdf) the REAL ID system creates a fundamentally flawed national ID system. It enables tracking, surveillance, and profiling of the American public through the proposed interlinking of the motor vehicle databases of all 56 states and territories, the use of an unencrypted machine-readable zone on the state ID cards and driver’s licenses, and the ability for the system to be used for much more than the few purposes set out by the 2005 law. There is also the problem that a national ID system is not good security. You should not have one national ID card for the same reason that you do not have one key to open the locks on your home, car, office or safe deposit box. You do not put all of your trust in one key, and you should not put all of your trust in one ID card.
The Department of Homeland Security and Secretary Chertoff spent a lot of time pushing the REAL ID national identification system as a savior for false identification problems. In a January 2008 opinion column written by Secretary Chertoff, he urged states, companies, and the general public to embrace the national identification system because he says it is trustworthy. Secretary Chertoff said “embracing REAL ID” would mean using the one ID card to “cash a check, hire a baby sitter, board a plane or engage in countless other activities.”
Chertoff has deflected questions about the massive security hole created by embedding so much trust in one national identification card — people will trust the criminals who hand them forged cards. However, in an August 2008 speech Chertoff agreed that the fact that REAL ID and other identification cards can be forged is a security problem:
I certainly have seen intelligence that tells me that sophisticated criminals and sophisticated terrorists spend a great deal of time learning to fabricate and forge even these improved cards. The net effect of this may be that it’s going to be harder for people on campus here to get a drink when they’re under 21, but unfortunately it’s not going to be that much harder for the most sophisticated dangerous people to counterfeit an identity card.
Secretary Chertoff seemed to be undermining the federal government’s professed reason for creation of a national identification system: To improve national security. REAL ID, as currently set out, would convince states, businesses, parents in need of babysitters, that the REAL ID card could be trusted to identify the person in front of them. However, Chertoff here agreed that criminals will still be able to forge REAL ID cards. The cards cannot and should not be used for the myriad purposes suggested by Chertoff.
When the agency released the draft implementation regulations in March 2007, it received more than 21,000 public comments (I was one of the commenters (pdf), as Counsel at EPIC). On January 11, 2008, about two and a half years after the passage of the REAL ID Act of 2005, Department of Homeland Security Secretary Michael Chertoff released the final rule, and faced criticism from state governments, members of Congress, civil liberties advocates and security experts. The final REAL ID rule includes poor privacy and security safeguards for the sensitive personal data of cardholders. The changes made in response to public comments about the proposed draft regulations were marginal, at best.
Civil liberties advocates are not the only critics of REAL ID. Numerous states have rejected the program. Notably, new Homeland Security Secretary Janet Napolitano signed a bill to reject the REAL ID program last year in her capacity as Arizona governor. Napolitano pointed to the lack of adequate federal funding, calling Real ID “just another unfunded federal mandate.”
In February, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee sent a letter (pdf) to Secretary Napolitano highlighting key privacy issues faced by the department. One of the problems spotlight by the committee was REAL ID:
REAL ID and Other Identification Cards: Despite the best efforts of the Privacy Office and the Committee, the final rule under the REAL ID Act does not fully address privacy and data security. The Committee has made recommendations for strengthening the rule in this regard in its Report No. 2007-01. The rule leaves states in the position of subjecting their residents’ personal information to the vulnerabilities of the state with the weakest protections. Since the rule has not yet gone into full effect, given the absence of the reference databases, it should at least be reviewed and considered for revision to better address privacy and data security issues regarding the shared state data. In addition, the rule’s provision allowing for the placement of unencrypted personal information in the machine-readable zone, which encourages inappropriate data collection and mission creep, should be reviewed and considered for revision. We note that passport cards and enhanced driver’s licenses raise similar privacy and data security concerns.
Some states have decried REAL ID as an unfunded federal mandate and rejected the program on those grounds. But, there are substantial security reasons for rejecting a national identification card, as well. It decreases security to have a centralized system of identification, one ID card for many purposes, as there will be a larger amount of harm when the card is compromised.
A better system is one of decentralized identification, which reduces the risks associated with
security breaches and the misuse of personal information. A decentralized approach to identification is consistent with our commonsense understanding of identification. If you are banking, you should have a bank account number. If go to the library, you should have a library card number. If you rent videos from a store, you should have a video rental store card number. Utility bills, telephone bills, insurance, the list goes on. These context-dependent usernames and passwords enable authentication without the risk of a universal identification system. That way, if one number is compromised, all of the numbers are not spoiled and identity thieves cannot access all of your accounts.
I hope that Congress and the administration will review the REAL ID system and see that it is not just a costly program sweeping much-needed funds away from other security programs. REAL ID is a fundamentally flawed system that harms us by putting all of our secure ID eggs in one basket.