Manage updates with the Download App
- Related Blogs
-
DHS: Real ID could help shut down meth labs
January 16, 2008 -
Homeland Security proposes delayed Real ID rollout
January 11, 2008
It's been nearly three years since Congress passed the act, and the Department of Homeland Security just published final regulations to implement the law that will change the way state driver's licenses are issued.
Of particular concern is the department's flirtation with a central ID database. The final regulations, released January 11, strongly support leveraging existing technology by expanding the central database for commercial drivers to include all drivers and state ID card holders--that is, virtually every American.
Following this path of least resistance fails to acknowledge that the security risks of a central ID database are enormous, as is the potential for abuse by government and business. Security experts agree that creating a "one-stop shop" of highly sensitive personal information on millions of Americans, not just a relatively small pool of commercial drivers, is a bad idea. It would be an irresistible treasure trove for identity thieves, terrorists, and other criminals.
The law's basic goal of making the driver's license a more reliable assertion of identity is a good one. Setting minimum federal standards to make the issuance process more secure so that it's tougher to get fake driver's licenses or hold multiple licenses from different states is not unreasonable.
The ostensible purpose for a centralized repository of ID information is to enable states to more easily check whether new applicants already have a driver's license from another jurisdiction, thereby ensuring "one driver, one license." But this can be achieved without creating a central ID database that puts Americans' privacy and civil liberties at risk.
Building a distributed system that stores ID information in different locations, such as state motor vehicle databases, makes more sense. Each state could check with other states for possible existing driver's licenses without having to ping a central database, while maintaining control over its residents' data. This is technologically possible, especially if states have adequate funding to scale up their systems to handle the incoming traffic.
Regardless of whether ID information is stored centrally or in separate databases that are accessible via a central portal, an equally important question is who would have access to the ID data and for what purposes?
If it is run by DHS or otherwise deemed a "federal" system, some limitations would be placed on the U.S. government by existing federal privacy and security laws. But these laws may still need to be bolstered in light of Real ID.
If run by a private organization, as is the current commercial driver's license database, federal privacy and security laws may not apply. Nor would the much-touted--though still weak--Driver's Privacy Protection Act, which only regulates how state motor vehicle departments disclose personal data to government agencies and commercial entities.
Thus no robust legal framework exists to protect the personal information that would be held in the centralized ID system envisioned by DHS from misuse by government and business. Allegedly, the Department of Transportation and other federal agencies already regularly access the privately managed commercial driver's license database with virtually no oversight.
And neither the Real ID Act nor the final regulations prohibit the recording of individuals' transactions in the central ID database or the skimming of personal data from the card itself, both of which would facilitate intrusive tracking by the government and unsolicited marketing by commercial entities.
The law mandates that ID information be digitally stored on the card in a standardized format, but neither it nor the final rules include encryption or other security requirements. There have been news reports that some businesses are already collecting personal data from driver's licenses using commonly available readers without patrons' consent. A national standard would make this even easier.
Supporters of the Real ID Act shamelessly exploit the contentious illegal immigration and national security issues as political cover for what could evolve into much darker government uses. Legislation has already been introduced in the Senate and House to address some of these concerns.
State legislatures are also speaking out against Real ID. Seventeen states have passed legislation rejecting Real ID, and in 22 other states such legislation has either been introduced or has passed one chamber.
The ideal solution is for Congress to revisit the fundamentally flawed Real ID Act. But even if Congress doesn't act to repeal the law or otherwise attempt a fix, DHS has a responsibility--and the statutory flexibility--to build strong privacy and civil liberties protections into its regulations to ensure that the implementation of Real ID doesn't do more harm than good.
Biography
Sophia Cope is a staff attorney and the Ron Plesser Fellow at the Center for Democracy & Technology in Washington, D.C. Among other issues, Cope focuses on the privacy implications of government identification programs.
See more CNET content tagged:
driver's license, Real ID Act, law, privacy, database
112 comments
Join the conversation! Add your comment
When is the last time a liberal attacked Real ID as not sanctioned by any power committed to the Feds under the constitution? Never! hahahaha
Go drink your KoolAid Ms. Cope.
SSN for citizens, how valid is it?
example..everybody in witness protection gets a 'new one'...which
is unrelated to the 'old one'...
for most of the last 70 years, it took little effort to obtain a
number, which was not necessarily 'secure'...and was (as printed on
that piece of paper) never planned to be an identity tool anyway.
large corporations have proven themselves incapable of keeping
data on their citizens and customers safe.
Incompetent managers allow it to be taken home on laptops and
disk. Or stolen due to poor network/security design. And let us
not forget that the rule of law is frequently suspended when
someone chooses to hang "national security" on whatever illegal
activity their agency is caught doing. So you know they won't be
able to keep their hands off of the data.
And Federal agents have even been known to use Dept. of
Homeland Security databases to stalk their girlfriends.
I agree. Real ID is a bad idea.
<a class="jive-link-external" href="http://www.informationweek.com/shared/printableArticle.jhtml?" target="_newWindow">http://www.informationweek.com/shared/printableArticle.jhtml?</a>
articleID=201807903
Putting everyone's data into one database for quick and easy stealing/searching is a bad idea.
When they claim a single database, I am sure they are talking about a common uniform method of access to uniformly formatted local mirror of the database, and not a globally unique singlular computer, with a singular location and storage system.
No system admin would ever dream of such a singularity nightmare.
As for searching a stealing info, that happens already, in fact in my state you can go to the DMV and pay for a copy of the records. Solicitors, especially car dealers do this all the time.
Anything else REAL ID is a bad idea.
health care, schooling, etc... but the Real ID would merely
prevent them from entering Federal buildings and airplanes -
two places which they probably already shun. Basically I see no
benefit to the immigration situation from this. It's just
camouflage words for the real agenda of totalitarian social
control.
Right now, the Federal Reserve is actively causing the value of
the dollar to drop. When the big'ole Stimulus Package comes in
supposedly this summer, it will cause further harm to the
dollar's worth. To me, it looks like they are steering us directly
into economic collapse.
The solution? Get our buddies Canada & Mexico to bail us out
by forming a NAFTA union state with the "Amero" currency to
compete with the Euro. Connect the dots, people. Our country
is in danger!
How many illegals are going to go to a government agency, get
photographed, get fingerprinted, in order to get a drivers license.
If I really wanted to, I could just open my eyes and look at you and determine your weight, height, and eye color.
I guess the world fears someone stealing your organ donor status. That's the only thing on my license that's not already somewhere else.
Bottom line is.. if you're not a criminal, this little card won't matter to you ever. Not one bit.
Hmm lets see..
A card that you are required to have to gain access into certain places... Do you think that list won't grow over time?
A centralized form of ID? Worked well in the Soviet Union, sign me up!
Let's forget that this idea is un-american.
How does one gain access to this wonderful card?
By showing the very forms of ID that our always honest and caring government is saying is insecure to scare people into accepting it?
Yeah, that is "secure" and no one will ever fraudulently obtain one. Ever!
Of course, something man creates, can never, ever be counterfeited. </sarcasm>
Why don't you come up with one reason why it will be helpful and keep us safe and why it is worth giving up fundamental liberty for. To to try avoid misleading and illogical responses, your reason can not go against the constitution or the ideals that this formerly great country were founded upon.
With a birthdate, social security number, and valid address (no PO Boxes) identity thieves have all they need to steal your identity. A bonus is your picture and any other data they choose to collect.
And only one database for the entire US represents an irresistible target for criminals. Remember, for the last 5 years or so, the people hacking encryption software and stealing private information are no longer script kiddies or young adults having fun proving they can hack a system, it is hostile foreign governments, terrorists, and criminals looking for a steady source of income.
And the government and private industry has a very poor record of protecting citizens' confidential information.
putative 'national id card' but without discussion which should take
place surrounding that concept.
Is the time ripe for such a set of identity papers? Perhaps, but let's
call it what it is, not a 'more secure' driver's license!!
Has the IRS database been repeatedly hacked and exploited? I'm not aware that it has, other than for the tax system ... which is absurd in its complexity.
What top secret info is really in danger here? My address and phone number is already public. My SSN is pseudo-public.
Maybe I'm just sick of lawyers ... even pretty ones like the author.
Lawyers seem to like to block progress/efficiency by inventing all kinds of hypothetical problems. At least that's what they do where I work.
get a credit card or get a job or any number of other things that
all require you to have an ID are you high its not a choice
anymore you have to have an ID to live anymore what freedom
are you really giving up the freedom to live a free life due to
morons like you who say what are you really giving up I for one
hate the idea as a legal tax paying citizen who is not in trouble
with the law
Hitler did this before he killed all the jews
Russia did this when they took everyones freedoms
now on to america land of the free (well not really)
have the freedom ... uh, wait a second there ...
Some people just don't have the capacity to think. Glover65, try
China. They think like you do.
I for one would feel more secure with a single centrally managed database that can be secured than depending on the unknown skills of 50 different state managed IT departments.
Maryland is supposed to have a 'centrally stored database' for driver's licenses, and what is it really? A whole bunch of COPIES of the same database all throughout the state in multiple locations.
Really, with the internet today, we do not need that anymore. They could have one database in a fortified building somewhere, but don't want to because of the exceedingly SMALL chance that the internet would go down.
It will reveal much of their plans to create a new world government.
This information comes straight from the source. Daniel Estulin has
predicted the sub-prime loan scandal and many others just by
reporting what the elite talk about in the most secret meeting held
every year.
Human nature is in all of us but their are some who become obsessed with what their neighbor is doing. They gravitate to positions of power where they seek to use legitmate laws to force their neighbors to conform to their particular religious moral and political doctrines and values. It is not random hackers who are looking for a quick buck that pose the greatest threat with Real ID. The threat comes from an organized group with a common religious and political paradigm, the self-righteous, we only want to make you do what is good for you, Big Brother liberty hating attitude and finally the power, through total information access, to find and force you and everyone else to conform or go to jail, be brain washed or eliminated. As the Mothers of Invention sang, "It can't happen here!?"
True peace and security will never come out of the barrel of a gun or through abandoning the vision our forefathers had of a nation that would create hope by recognizing and protecting the truths that all humans are created equal (and some are not more equal than others), and they are endowed by their creator (not a self-righteous Big Brother government) with certain unalienable rights.....
The Bush administration is following the playbook Hitler used. The slogan, "Arbeit Macht Frei" , "Work makes you free", was used to shame those who might question the government's policies. Shame is a powerful tool used by all controllers to get others to sheepishly comply. It led millions to their death. Likewise, the "Protect America Act" has a facade that would make anyone that loves America ashamed to stand up and question or disagree with government decisions, actions and unjust laws. Behind the facade is the dismantling of our hard won freedoms and the protective structure from abuse of power of checks and balances to power put by the wisdom of our founding fathers into the Constitution. If Hitler had the computer technology and information networking power that the government is putting in place today, hope and liberty would be long dead today.
all Bush's fault?
As a french citizen i can mention we have something similar to
Real ID here and experienced close to no issues but many
safeguards had to be put into place to make it a secure system.
A) No one can modify records but a central ID authority that is
NOT regional nor local , checks about death and or
modifications are Human made to the database.
B) Database is only readable from certain point to point internal
networks heavily encrypted transport protocols on specific
network ranges using a variation of IPV6sec protocols and
sequentially changing DES3 Keys of long values.
C) Data consolidation is made by region (the equivalent of mini
states). Only crime sentences are being stored centrally and the
record is getting reviewed and blanked 10 years after sentences
have been purged and you are no longer considered dangerous
or harmful to others. You still have a record but it is not callable
at a moment's notice. Minor offences and dismeanors are not
filed under your ID and are wiped out after a commission
statement , this is peer reviewed and you can go defend your
case in court as well to obtain the order during public hearings.
D) The system is by itself heavily controlled and reviewed by
CNIL (civilian rights watch dog) all procedures are CNIL approved
. Biographical data is NOT stored or anywhere near accessible
on the card itself whose only content are your ID number and
checksum controls that make Des3 hash tables look nice.
E) Central Data access and correlation capacity is tiered and a
cop or a filed agent needs to get a court order to access
secondary and tertiary tier data linked to ID (this is where the
Des3 key is modified , after only so many accesses a new key is
generated and attached to your record logging who and for what
purposes and under which motivation your record has been
accessed). Top tiered access is only granted for sustained
terrorism charges which is a rare form of inquiry and
surveillance , takes many forms few of which are electronic
(considering all documents and all signals can be falsified and or
jammed helps in this field of investigation is a basic GIVEN).
RealID and the regulation around it is badly thought out and that
is the real issue at stake here and without proper watchdogs
your transaction records are accessible to hacks and or
overzealous malevolent agencies. Copy all the checks and
balences put into the French ID card and privacy will be enforced
. This system while far from perfect (it took me a bit to correct
my third first name on my ID , this is how i got to know more
than the average citizen about its makeup). But it has been built
with security in mind as well as privacy . A cop can't review your
transactional record without a court order in due form , nor can
a bank access any biographical data via reading your ID card
number or swiping its magnetic stripe. A government agent
might access under court order the biographical data attached
to your ID under a pending investigation and surveillance order
issued by a District Attorney (procureur de la républic) whose
decision can be countered by court after debate if the case is
raised , (lawful abuse are penal offences under our laws and can
lead to demotion of the magistrate).
The system while not perfect is defensible and has been under
pressure by present administration (Sarkozy's) to enable easier
access. Ethics commities within the security apparel opposed
the decision so did Assembly (Congress), Same from the Senate.
One of the real issues here is about how the security scheme
about RealID is lacking that data exchange is not securely
managed and that third parties that might have other goals than
pure security might have one stop access to your private data.
The answer unfortunately points that some federal agencies are
not being held in check by citizens in the exercise of their
powers and follow a power grab agenda over the country's
population under the false prestence of security.
Poor design of security procedures in databases ended in similar
situation as faced by the brits which exposed the records of 25
Million British citizens data. At the heart of that problem is that
England some can consider the 53rd US state has notoriously
wide use of M$oft related software which we all know here is
suspectible to security woes flaws viruses worms and the list
keeps growing. French security agencies knowing the growing
concerns over such infrastructures are moving away from
windows and have long kept use of client/server mini/micro
architectures for state mission critical applications with tiered
trust levels on the client/server trust relationship.
All of the above mentionned imply a total rethink not only of the
RealID act but of the security apparatus the U.S citizens would
like to live with without living in fear of the State whose missions
is also to enforce the respect of citizen's rights.
When a state decides to give drivers licenses to illegal aliens, and some already do, this all becomes a moot point, so no change for the illegals in the long run.
In the short run, they will have less federal help, and drive without licenses. No license means no insurance. We will all pay for that error.
As for data security, it will be broken. Who we blame isn't important. We can blame ourselves for letting the government put all our information in one database, with thousands of departments, organizations, and offices, on federal, state, and local levels able to access all of it.
The argument that one database is safer than 50 is wrong, unless you hold 50 drivers licenses. My info is in a state database. not 50 of them. That makes it less likely to be hacked, by a factor of 50. Well, maybe not 50, but the point stands. I would be very happy if my info was on a county database instead of a state database. It would be that much harder for anyone to access quickly. 50 data bases is a balance between easy access for law enforcement, and privacy. One database is as bad for privacy as thousands are to easy access.
The fact that the federal government has not publicly addressed the issue of who has access, and who maintains the system is a red flag that they don't think you'll like the answer. They have addressed that issue, I can assure you, they just don't want to tell us what they have decided until it's too late to stop them.
As for national security, gimme a break. How does this help? How many attacks have taken place where the terrorists didn't have ID, or needed to enter a federal building to work their plan? It's as stupid as putting metal detectors at the entrances of federal buildings after the Oklahoma City bombing. This has nothing to do with terrorists.
For those who say "don't get a license if you don't want one", I'd like to point out that this is not just a drivers license.
It is a drivers license, a travel permit, a pass to use government services, and a permit to get help from federal courts if you need to protect your rights. That's just for starters. Banking? Filling a prescription at the drug store? Writing a check at the supermarket? Applying for a job? The list will be added to, probably on the state level, once the dust settles. Face it, this card is a license to have rights. The ID in my wallet will expire eventually. What can I replace it with, even if I don't drive?
As a law abiding citizen, I will have the right to move freely about the country. I will have a right to address my government, and face my accusers... if I have my ID. Without it, I can't enforce my rights, because it would require entering a federal courts building. Copyrights? No. Freedom of speech? Not for me. Enter a Post Office to buy stamps?
In Roe vs. Wade, Jane Roe was not the defendant's real name, for her safety. That case law might not have ever taken place with real ID. I'm sure some people consider that an argument FOR the ID. Whatever.
This ID gives me my rights. All this time I thought they were unalienable.
There are so many other issues to consider, but the bottom line is this. Our rights and privacy are being chipped away at, in pieces small enough that not enough people complain about any one chip to stop it. The chips are starting to add up.
Lampie The Clown
I worry about the abuse such a system could be used for, but our current system is already abused on a massive scale, it is possible to create a better system, but I don't think Real ID is it.
<a class="jive-link-external" href="http://craphound.com/NIS_Options_Analysis_Outcome.pdf" target="_newWindow">http://craphound.com/NIS_Options_Analysis_Outcome.pdf</a>
Lampie The Clown
The suspicious will assume that the {card, document, chip, whatever} will be able to track our movements everywhere. But why???
ObQuote: "Just because you're paranoid doesn't mean they're not out to get you!"
A unified database system for ID is perhaps a good idea with the proper implementation. But it should not have anything to do with driver licenses, which are often maintained by private sector entities. Everyone has an identity, not everyone drives...
An electronic ID card would be acceptable if and only if there is a physical switch, to prevent unauthorized reading of the information. And that only law enforcement and gov. entities are allowed to require you 'unlock' for electronic ID. There should be no easy method of writing this info to the card, otherwise we open ourselves to a whole new world of ID Fraud (quit calling it ID Theft, if you steal my wallet, you have it and I don't, but if you 'steal' my identity, does that mean I no longer have an identity?)
As for the immigration issue, I don't think it should be considered with this issue, if immigrants are here legally its not a problem. If not, its still not going to be solved by this issue regardless of how its implemented.
On that note a similar approach with a Voter ID card, would possibly be an answer to the electronic voting corruption that does exist already. With one exception, the Electronic Voter Card should be globally unique, and completely anonymous, containing no personal ID information, storing the election, issues/measures and how you voted on them only with a non-personally identifying voter ID Number. This card should have a 4-position switch to comletely lock, read-only (for verifying your vote record afterwards, against the central database counting the votes), and write-only for recording your vote, at an official polling place. And an erase option. The method of ensuring integrity of the system is you would have to present Valid registered voter ID to recieve a Voter Card, and that you are allowed to pick that card at random from a bin, such that it does not ever get associated with your Identity. Being able to verify your vote, against the official record of it can prevent the 'fixing' of elections with current systems. The validation process needs to become part of our democracy, because the whole system is being hijacked, with control of the media.
My main desire for something like Real ID is that we find a way to make the voter registration and election process secure. Right now in my state, all you have to do to vote is to sign a card pledging that you are a US citizen and a resident of the state. It's all on the honor system and never checked by the county election offices. This is a tragedy. Attempts to fix this problem have been blocked by the majority party (Democratic) in our state legislature.
If Real ID can give back our elections to US citizens only, I'm all for it and I'll accept the potential for abuse and privacy problems. Without legitimate elections, we no longer have a free country. If Real ID won't solve this problem, then we need something that will.
I suspect that the same people who are blocking election reform in our state are also the people who are opposed to implementing Real ID.
getting worse with each passing 'security' law that is passed and
acted on and then extended longer than was originally planned.
What exactly can a friggin' piece of paper do to protect us? Nothing! Terrorists will still be able to get all the stuff they need for their schemes because they use markets that are not in the least bit affected by the Real ID act. Even if the act was global (it's coming sooner than you think), the REAL bad guys are supported by crooked governments who turn a blind eye.
All this act does is make sure the government gets better control over its subjects. That's what we are slowly becoming: subjects. The whole project stems from a desire for power and money. If the government has complete power of us, they can easily get all the money they want.
It's time for a thorough house-cleaning of the government at all levels. Our founders never intended for us to have life-long politicians. They sit there and get numb and greedy, doing anything they can to stay in office, completely ignoring their vow to "defend and uphold" our Constitution.
"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin
Our founding fathers are rolling in their graves.
Most importantly, Absolutely No Campaigning, you are not allowed to run for office, you must be chosen (at random) and pass the screening through public forum.
This almost eliminates all of the special interests, and campaign finance issues. There will be no campaigning, thus politicians do not need huge sums of money to buy airtime, and travel around to get votes. (free communication would help fight this too.) Thus there would no reason to accept special interest money, since there is no campaining, because no amount of money will put you back in office once your term is up. This has the added benefit for the office holder in general, you can actually keep, and live well off the political salary while in office, and not have to worry about financing your next campaign. That fat salary, is your 'bride' to act in the best interest of the people.
Allowing incumbants (of this process) to be considered, against new randomly chosen prospective public office holders, could be an avenue to retaining those who are really good at it, but still respecting term limits, which may change (increase) in light of a system such as this, if it proves to be beneficial.
This public forum screening process could be broadcast on things like CSPAN, or local access channels, and allow ordinary citizens to put forth issues important to them.
Second, although it needs to be carefully worded, I do think that broadcasting known false political or legal information of any kind by public entities, should persecutable, and not protected by free speech. Currently our media, our politicians, police, military, have the freedom to lie to the American public without fear of legal recourse.
Keeping state secrets, although I don't always agree with, is not nearly as bad as lying to cover things up.
Utimately this might release the death grip massive corperations have on this country, we must ensure that all processes and methods of governement do not rely, in anyway, on any particular private sector industry or business, especially the corperate media.
P.S. we also need to buy back the Federal Reserve, in case you did not know the entire country is bank rolled by a private group (Rockefellers, Morgans and such). Our national debt is held by them, not the rest of the world. We pay huge interest on our national debt to them, when we could just buy it back, for the fixed amount written into law (something like 475 million), and quit paying the interest on this debt, and quickly eliminate the principle in a few short years. This is 100% tax payer money going directly to the richest of the rich, for the governments debt, mostly perpetuated by the huge interest that we should not have to pay. The government should be able to loan itself money interest free, provided there is proper budget oversight.
So what do you care, sportsfanonly?
Is technology really affecting your favorite sport? If it does then perhaps there will be an article here about it, at somepoint, that is more relevant to you, and we will not complain about you talking sports, in this 'technology' forum.
Since it is being touted as a "secure" form of ID, I think you will find that in 2 or 3 years, no one will "accept" the old drivers' licenses - they will require the new ID card to board a plane, go into a federal building, to cross the border with Canada and Mexico, receive social security payments, etc.
The "you do not have to have one" argument is silly.