Fix REAL ID Before You Fund It
July 25, 2007
Filed under Security & Surveillance
This week, Sen. Lamar Alexander is expected to introduce an amendment to the Homeland Security Appropriations Bill (S. 1644) that would provide $300 million in funding for REAL ID (a program that in total will cost an estimated $23 billion). The debate over REAL ID funding shifts the focus from the more pertinent issue: REAL ID is a fundamentally flawed law that has serious privacy and security problems. Congress must address these problems first before determining how to pay for the program's implementation. Senator Alexander's funding amendment would allocate good money to implement a fundamentally bad law. Furthermore, funding of REAL ID could encourage states that had previously raised privacy and security objections to the law to implement the REAL ID Act in the hopes of receiving more federal funding down the road. Congress' foremost focus should be on promoting meaningful driver's license reform that properly addresses privacy and security concerns, which is exactly what Senator Akaka's Identification Security Enhancement Act of 2007 does (S. 717). Congress must act immediately -- if it waits until the final Department of Homeland Security (DHS) regulations are released this summer, focus will likely shift away from reforming the original statute. DHS is considering creating a central database of driver's license and ID card information with no meaningful privacy and security standards. Such an approach would create a single access point to the full identity and personal information of virtually every American including highly sensitive source documents such as birth certificates, Social Security cards, and passports, which REAL ID requires states to scan and store digitally). REAL ID would create a one-stop-shop for terrorists, identity thieves, unscrupulous DMV or other government employees seeking to steal identities or do other harm. These concerns apply equally whether the data is centralized or resides in a system of linked DMV databases without proper safeguards. The weakest state's security system, if breached, would then allow access to all other databases, even those with much more robust security measures. REAL ID mandates that each card contain a machine-readable zone (MRZ), which DHS had mandated be standard across all states. The MRZ mandate was intended to aid law enforcement in processing suspects with greater accuracy and efficiency. However, without any use limitations whatsoever, it will be much more likely that government and commercial entities will use the MRZs to log virtually every public and private transaction. CDT wrote a letter to the Senate expressing these concerns and urging senators to vote against the REAL ID funding amendment.