Perspective: Real ID is bad? Compared to what?

The Department of Homeland Security has published the proposed details of the Real ID act, and criticism is starting to pour in from all sides. The Real ID act is supposed to standardize driver's licenses issued by the states. Supporters say that this is necessary to improve security. Critics usually focus on the weakening of privacy protections. The arguments and counterarguments usually don't bother to address each other and, lofted on volume rather than substance, quickly grow heated and dim.

There's a way to have a meaningful debate on this. Any new security proposal must be compared to the status quo on four dimensions: Security, privacy, convenience and cost. If the new proposal is clearly better at all four, then it's a no-brainer. If the new program is worse on all four, then, well, it has no brains. What if the new program is better on some dimensions but not on others? Should we weigh the relative merits and compromise? Yes, eventually, but not right away! Since the new proposal enjoys the airy freedom of not actually existing yet, we should go back and rework the proposal until it is overwhelmingly better than the status quo.

If we just throw our hands up and refuse to engage Real ID, we'll get the lousy law we deserve.

What is the status quo that Real ID is aiming to replace? Basically, each state has its own standards for driver's licenses, which differ on many of the important details. This is pretty bad across all four dimensions.

If we just throw our hands up and refuse to engage Real ID, we'll get the lousy law we deserve.

Security is a mess under the current systems. Methods of collecting, verifying and storing background data differ from state to state, as do the physical protections on the cards themselves and the qualifications of the people that handle your licenses. It's not terribly difficult to get a fraudulent driver's license in any state, and it's easier in some states than others. This kind of setup is structurally likely to worsen over time as people "shopping" for a fake license disproportionately target states known to have weak security. The argument that monoculture and homogenization of systems are generally bad for security doesn't apply here; all the state systems don't have to fail for a terrorist to get a fake license--it only takes one.

At the security line at Chicago O'Hare Airport, a New York driver's license is functionally equivalent to a California license. Since the federal government has to treat all the licenses as equal, it's perfectly reasonable to ask that they all be equal. And not just equal, but at least passably secure. Real ID can improve this.

Privacy with the status quo isn't much better. All of your personal data is already stored on your license and can be read electronically by anyone with a simple 2D bar code scanner. DMV databases are susceptible to data theft, and there are no consistent regulations for what you're allowed to do with a driver's data. With the bar set so low, Real ID should be able to provide a significant privacy upgrade, so it's disappointing that the initial proposed language is mostly mute on privacy. If passed today, Real ID would probably do no net harm to our already meager privacy, but this isn't good enough. Let's work explicit privacy protections into the plan. Real ID should be about real privacy and real security.

Convenience, usually the single most important factor in the successful adoption of new security programs, is pretty much a wash here. The quality of the worst licenses will go up and more attention to training should even out the experience of dealing with DMV staff, but most people won't notice a difference in convenience. My friend who routinely gets extra special airport security treatment because his official DC license is so poorly printed that it looks completely fake, will feel better, but most people won't care.

Cost is tricky as well. Initial adoption of a new driver's license standard will certainly be more expensive in the short term, but the efficiencies of scale and standardization may save money over time. Is this wishful thinking? Probably.

So how do we judge Real ID? We are already living with a national-scale identity system, except it's an accidental system that sucks for security and privacy and is lackluster in convenience and cost.

Is Real ID overwhelmingly better? Not yet, but it can be made so. Let's.

Biography
Phil Libin is president of CoreStreet, an ID management and access control company in Cambridge, Mass. His regular thoughts can be found at Vastly Important Notes.

More Perspectives

[Christopher Hall]

How does the EU handle it?

It's rare that I look across the pond to see how our brothers in Europe are doing things, but in this case, I think it's worth mentioning. How does the European Union handle this sort of thing? Do they have a continental ID card or is everyone only required to use their specific nationality identification?

[Jim Harper]

Why Look to the EU?

I don't know why the EU would be a model. Spain has a national ID, and that didn't stop the Madrid bombings. That's evidence against the assumed benefits of REAL ID, and against following the EU's lead.

[facil560]

Not Safer

The only thing Real ID will protect us from is other Americans. We <br />are not going to close our air travel to foreign tourists and since <br />they will not need or qualify for a US issued ID they will continue to <br />travel on our airlines with foreign ID/passports. They won't be <br />"standardized" and machine readable and can still be faked. There <br />is no increase in safety from foreigners that want to do us harm. <br />Instead of a fake Alabama driver's license they will get a fake <br />Nigerian passport.

[Jim Harper]

The Debate is Well Under Way - REAL ID Fails on All Dimensions

First things first. The author of this piece is an interested party. His company sells ID-checking equipment to the government, or at least seeks to do so.<br /><br /><a class="jive-link-external" href="http://www.cato-at-liberty.org/2006/11/09/no-really-why/" target="_newWindow">http://www.cato-at-liberty.org/2006/11/09/no-really-why/</a><br /><br />That doesn't Phil should be ignored, and he has some good points.<br /><br />REAL ID fails on all the dimensions he cites. Nobody has articulated how REAL ID helps secure the country. At best, it would be a mild inconvenience to foreign terrorists, and no inconvenience at all to domestic ones - that is no more than the inconvenience to every driver in the country, who would have to wait in line for hours at the DMV to have their documents scanned into state databases accessible nationwide. <br /><br />If there was a relevant security benefit to REAL ID, you could say that it shifts the risk from the nation to the individual, who would be more susceptible to identity fraud thanks to the trove of data wharehoused by DMVs - but, again, the national security benefits are negligible.<br /><br />Cost? $17 Billion, according to the Department of Homeland Security. $50 for every man, woman, and child in the U.S. - for the privilege of being subjected to greater surveillance and greater risk of identity fraud.<br /><br />The discussion of REAL ID doesn't need to wait, or slow down. It's almost over. REAL ID is a dead letter.

[facil560]

Hit that nail

directly on the head. You are absolutely correct.

[Phil Libin]

status quo fails even worse

Jim,<br /><br />You are right that I am not a disinterested party. Though I have no direct or indirect dealings with REAL ID, it is not inconceivable that my company will at some point in the future sell something to a federal or state agency trying to comply with the program. My connection to the identity and security industries are plain and visible. I'm glad that you don't think that such involvement disqualifies my opinions on the subject. There's a strong tradition in this country to "put your money where your mouth is"; I am financially involved in identity because I think it's important. Most people assume that it's the other way around.<br /><br />I won't cry if REAL ID dies, in fact I'll congratulate you on your direct efforts to kill it. The point I was trying to make in the article is that the current, ad-hoc, system of driver's licenses already suffers from ALL of the problems that you're raising about REAL ID. Security and privacy, for individuals as well as for the "nation", are both very poorly served right now. You and I disagree on whether REAL ID is a step in the right direction. I think that it's marginally better than the status quo and invite people to work hard to improve it further. You think that it's a step backwards. <br /><br />Do we agree that the current ad-hoc system sucks? If you're successful in stopping REAL ID completely, will you work with me to create a better system?

[davez2006]

Why IDs at all?

Just to get into a commercial airport as a ticketed passenger? Since <br />physical screening is not going away, the person getting into the <br />airport does not matter.<br /><br />Just to get into a federal building? Mission creep.

[Solaris_User]

Identification =! Security

911 hijackers had legal id, Timothy Mcvay had his own id, the beltway snipers had id too, and yes even Charles Manson had id.<br /><br />As you can see.. ID does not protect you from anything.

[bemenaker]

EXACTLY!!!

I have never understood this whole national ID = security argument. Every one of the 9/11 hijackers had an ID. Every national born "terrorist" in this country had them. What did it do? Nothing. Big brother wants to know everything about me faster, that's what this amounts too. <br /><br />No, I'm not a paranoid conspiracy theorist, just show me how this does anything different.<br /><br />You can board a plane without showing an ID, it just means you have to go through a lot more security screens, which are just as ineffective.

[m.meister]

National ID in disguise

Let there be no bones about it. The Real ID Act is a proposal for <br />a National ID system and fails at all four areas mentioned: <br />security, privacy, convenience and cost.<br /><br />Security: There is zero evidence that Real IDs would have <br />prevented the last terror attack.<br /><br />Privacy: What little privacy there is will be lost completely. The <br />gov't wants to collect more information on you and make it <br />MORE accessible across the country. That means more failure <br />points to get the data and once someone gets it, more <br />information is available to them.<br /><br />Convenience - this is a ruse by the federal gov't. Having a "Real <br />ID" offers zero convenience. You'll still get strip searched at the <br />airport (where all Americans are treated as terrorists by default). <br />After a certain date, the Federal Gov't has already decided it will <br />not even talk to you if you don't have a Real ID. Essentially you <br />lose your rights as a citizen if you can't show your Real ID. That's <br />real convenient.<br /><br />Cost - Not only will this cost billions, the cost is thrust onto the <br />states.<br /><br />By the definition of the author, the Act has no brains.<br /><br />It is truly sad how ironic the names of these bills always reflect <br />the opposite of their true effect: Real ID Act, Patriot Act. The <br />names are marketing tools designed to deceive the public with <br />the real goals.<br /><br />Real ID is a Nationalized ID system. You will not be able to <br />interact with Federal (and likely State) Government without such <br />an ID. <br /><br />Much like most of Homeland Security, there is HUGE cost, HUGE <br />loss of privacy and ZERO accountability (by our Gov't). It is a <br />lose-lose-lose-lose scenario.<br /><br />The Real ID will have the same effect as the Secret Terrorist <br />Watch List (which contains tens of thousands of names), and the <br />"random searches at the gate" when it comes to prevention. <br />Which is basically ZERO. The idea is to make it "appear" safer.

[weegg]

We have a national ID

Your social security number!<br /><br />Like its not stolen, lol!

[HoustonSpace]

Doesn't Matter - Constitutional Breach

It does not matter if the REAL ID act is good or bad. I am inclined on thinking it is bad. The 10th Amendment forbids such action by the Federal Government. Until they add an Amendment stating that the 10th amendment is null and void, then it's remains up to the individual States. <br /><br />Basically, the 10th amendments states that any powers not delegated to the federal government are given to the States, or to the People. That's about as clear as an amendment can get. Real ID is a violation of the Constitution, period.

[Phil Libin]

Then so is the FAA and almost every other executive department

The constitutional argument is important and I'm far from qualified to discus it in depth. However, it seems that by your interpretation of the 10th Amendment, the federal government ought to get out of the business of regulating air travel, banking insurance, etc. Maybe that's a viable philosophical position, but I'm not ready to go that far.<br /><br />Plus, can't you make an argument that regulating IDs is part of the federal government's constitutionally required prerogative to protect the safety of the people?<br /><br />I'm not sure, but I'd welcome a discussion.

[JoeCrow]

Libin == "Yes, I will sell you out...

...just to make a little money".<br /><br />Why take opinions from someone with considerable financial gain at stake?<br /><br />Time to think for yourself.

[Phil Libin]

I would not

Joe,<br /><br />You should certainly think for yourself. Although you should not assume that a financial stake in an issue should disqualify someone's opinion. I'm just putting my money where my mouth is.<br /><br />I wouldn't sell you out just to make a buck.

[Mark Donovan]

False assertion: bad across all four dimensions

States set standards that are most cost-effective and efficient for their own circumstances. It is not true that convenience and cost are better with a Federally-mandated program that forces states to implement procedures that are not tailored to the states' own population and needs. What works in Rhode Island is not likely to be the best solution in California. Real-ID does not improve cost or convenience.

[E B]

Different ID standards are necessary...why?

Come on, let's get real. I can understand why states want different standards for things like traffic laws or land use -- one-size-fits-all certainly doesn't work in many areas of government. But we're talking about a driver's license here, primarily as it's used for identification. How many special needs does one state really have over another when it comes to issuing ID cards? How different are Rhode Island's drivers license needs than Californias? Honestly?<br /><br />People are people are people. Your argument that states need flexibility just assumes the need, without providing a single example. Yet instead of addressing the reasons given in the editorial for why a national standard would be beneficial, you ignore them -- just as the author predicted, unfortunately.<br /><br />Get over the knee-jerk reaction to attack a national ID card, and figure out how to make one that's useful and beneficial to everyone. I don't know what the answer is yet, but I'd rather take part in the debate than just attack every idea without offering any constructive criticism.

[nypari]

Real ID

As a native of Denmark I have been puzzled by the vicious resistance to a national ID system ? which my native country has had for close to 100 years without great harm! If we can iron out some of the problems raised by objectors, the Real ID can become a real blessing to us all. Once it is operating I can see the death of the notorious "No Fly Lists", that have kept even the likes of Ted Kennedy of airplanes! With incontrovertible ID in hand one can face down the airport inspectors!

[Fritzr_gc]

Real ID

It will have no effect on the No Fly list. The good senator will still be kept off the plane if his name appears on the list whether he has a Real ID, his Senate ID or his state ID. It is assumed that if the name in the list matches your ID, that you are the person named in the list until you provide proof that you are not.<br /><br />The reason why each state has unique requirements for their State ID/Driver's License is simple. Each state has it's own set of regulations governing the use of vehicles on the highway. The state requirements are spelled out in the state driver's handbooks available at the DMV offices in each state. If Real ID will replace these state IDs then there will be 51 different Real IDs for the 51 states &#38; DC ... plus one for each territory that issues a territorial ID ... oops that would require all 50 states, DC &#38; the territories to scrap all their local laws &#38; agree on a single set of laws. A California resident can apply for his Real ID driver's license in Connecticut where knowledge of the California laws will be tested. After all it is a National License :P<br /><br />Is the Danish National ID available to all residents of the EU? The comparison is valid if Denmark is considered a "state" within the EU. California is a "state" within the Federal Republic known as the United States of America. Each state is sovereign within it's own boundaries &#38; honors the ID granted, by their state governments, to citizens of other member states of the Federal Republic.

[EvilEricc]

Denmark has only 4mil.+ people and has never tasted freedom!

[solrosenberg]

The Security Line

"At the security line at Chicago O'Hare Airport, a New York driver's license is functionally equivalent to a California license."<br /><br />Yes, they both will get a cursory glance from a bored minimum wage worker (note: the people who check IDs are not TSA employees) to make sure the name somewhat resembles what's on the boaring pass. It's a non-sequitur to say this has anything to do with security. And you're not even required to show ID for a domestic flight if you're willing to submit to secondary screening.<br /><br />The idea that waving a drivers license shows you are a not a threat is inane. A drivers license shows you managed to pass a drivers test. Period. People need to stop expanding the scope.

[TexanInExile]

WHAT'S THE BEEF - POSITIVE ID IS GOOD

I carry a US Government issued ID from the US Department of Defense called a Common Access Card which has taken the place of most ID cards for military and DoD civilians.<br /><br />Hassle? Not really. Getting used to it took some practice. It is universally recognized as uncorruptable identification when I travel (often), when I go the bank (not as often) and in many other circumstances. <br /><br />I now have to remove the CAC from my wallet every working day to plug into my office PC as part of a positive ID program to validate my credentials fo the computer network, and also as part of the electronic signature process.<br /><br />Big brother watching me - yes. Oh well he was going to do it some how, I am glad he got out this cheap, get over it, grow up, and get on with you lives. It is going to happen. My "national" ID works well, and they keep finding more uses for it.<br /><br />As for the author. He makes money selling ID programs. I am jealous, and wish I had thought of it first. I also wish my name was Bill Gates, or I thought of Google. Someone is going to make money selling ID programs, why not listen to what they have to say, they most likely know more than the rest of use do, or have time to research on our own.<br /><br />National IDs are inevitable, the sooner we all agree upon a standard policy the better off we will be.

[Had_to_be_said]

Intentionally BETRAYING everything America stands for, ...or just INSANE..?

No... national-IDs, and America being turned into a TOTALITARIAN POLICE-STATE... by creating the absolute ability track, monitor, and control every single law-abiding citizen... IS NOT... "...inevitable".<br /><br />This "Real ID" (National ID, and centralized "data-aggregation", scheme) is about one thing... POWER. It sure as hell is not about FREEDOM, SECURITY, or convenience. In short, it is about INTENTIONALLY ENSLAVING the American-people... PERIOD... And, it is designed solely to place America directly, and completely, under the thumb of the Federal-Government (and those wholly-corrupt interests, who are actually, clearly, running the country for their own selfish interests).<br /><br />At a time when the Government of the United States is clearly operating COMPLETELY OUTSIDE "the Constitution", the "the will of the people"... or, of any REAL "LAW", at all... And at a time when, that same Government, is DEMANDING the ABSOLUTE power to place ALL PRIVATE-communications under complete Government-surveillance (without any "probable cause", whatsoever)... At a time when "SECRET ARRESTS, TRIALS", and even "TORTURE" have become common-place. And, when a free-American, cannot even walk down a public-street, without being under constant Government video-surveillance, or be -free- from being REQUIRED to carry "government-approved" identification ("papers") without fear of arrest... And while, at the exact same time, "OUR" Government is absolutely refusing to prosecute ANY of the REAL CRIMINALS, within their own ranks, or, the -power-elite- who actually wield the -real- power in this nation (who have repeatedly COMMITTED NUMEROUS, REAL, CRIMES against the American-public)... And while, these same politicians are also busy, frantically, trying to place absolutely every "public resource", and "public institution" in the hands of COMPLETELY-UNRESTRAINED, so-called, "private business"...<br /><br />...IT IS NOT the time to surrender our most valued RIGHT, and STRENGTH... the right to PRIVACY, and FREEDOM FROM, perpetual, Government interference in, and monitoring of, our personal-lives.<br /><br />That IS, precisely, what "REAL-ID" IS designed to do.<br /><br />Frankly, such, PATHETIC, rationalizations and attitudes which demand acquiescence to these type of actions... SICKEN ME. And, I will tell you one thing... I WILL die in the street, fighting this type of ANTI-AMERICAN OBSCENITY before I would EVER, turn my back on what it actually means to be "...a Free American", ...and collaborate with, or in any way tolerate, this, very literal, ENSLAVEMENT of all American-citizens.

[Solaris_User]

Abso-*****-lutely not.

&gt;&gt; Big brother watching me - yes. Oh well he was<br />&gt;&gt; going to do it some how, I am glad he got out<br />&gt;&gt; this cheap, get over it, grow up, and get on<br />&gt;&gt; with you lives. It is going to happen. My<br />&gt;&gt; "national" ID works well, and they keep<br />&gt;&gt; finding more uses for it.<br /><br />My responce to this is a flat no. I will carry no such card.<br /><br />Now you have a choice. You may allow me the freedom to make such a choice.. or you can ruin my life and put me in a government cage. I will not comply with this law.<br /><br />Some people have a line as to how oppresive they will allow their governments to become.. and this is mine. Welcome to Soviet Amerika comrade.

[bw49]

Real ID = what?

My objection is to the notion that Real ID is needed because state-issued driver's licenses are diverse and confusing.<br /><br />The driver's license is intended to identify your right to drive a (car, motorcycle, truck, etc.). Period. The driver's license is not -- and should not be -- needed unless you are driving.<br /><br />So what about passengers on a plane? If this is a "national" security problem, then we need a national travelers ID. And guess what? We ALREADY HAVE A NATIONAL TRAVELERS ID!! And we've had one for years.<br /><br />It's called a PASSPORT. You get one when you travel. Today, you need one to travel to/from foreign countries. It's a worldwide requirement, recognized by virtually all countries.<br /><br />And it's administered by the national (federal) government. It's standardized. And it's only required of people who travel.<br /><br />So forget all this "Real ID" nonsense. Use a PASSPORT. Require it of all airline, train, bus and boat passengers.<br /><br />With PASSPORTs, we need no new systems or laws or technology. It is already in place by those who need it. It doesn't cost the States anything. It doesn't require issuing something special for people who don't drive.<br /><br />"Real ID"? Nonsense. Use what you have.

[duffyway]

I believe that some of the resistance against the real ID it has to do in part to our sense of patriotism. This country was founded under the idea that all the states are independent and free. We also value our freedoms and real ID represent a threat to those freedoms. Every state has the right to set their security measures according to their individual needs. For example a high traffic travel state like California may need to apply tougher security measures than a state such North Dakota. Probably the cost of this implementation for a state like ND would be unnecessary given the low population and the low international traffic travel. The same way we proudly display our license plates to reflect our state values our driver licenses gives our states a sense of individuality. This is just besides the fact that real ID fails in the four dimensions stated in this article.