Back in January I wrote an op-ed criticizing the Department of Homeland Security for flirting with the idea of creating a national ID database to implement the REAL ID Act. While CDT has been supporting the repeal of REAL ID or its major amendment, we believe that, should the law stand, it must be implemented responsibly.
The American Association of Motor Vehicle Administrators (AAMVA), a private organization representing the interests of state DMVs, has been a key proponent of creating a national ID database, which would hold highly sensitive personal information on virtually all Americans, because it already manages a similar central database for commercial drivers.
Although AAMVA is clearly pushing the centralized model, it has heard the cries of privacy advocates who have warned of the significant privacy and security risks of creating a national ID database. To its credit, AAMVA is putting together a white paper, due out in the next few weeks, analyzing the different system models that could ensure that an applicant doesn’t already hold a REAL ID card from another state (which is a requirement of the Act).
Just this week CDT submitted comments to AAMVA urging the development of a fully distributed system where states could check with every other state whether a driver’s license (or ID card) applicant is already licensed in another jurisdiction, but where licensees’ personal information would be securely stored in state-managed databases.
We also highlighted the privacy and security risks of consolidating the highly sensitive personal information of approximately 250 million driver’s license and ID card holders into one location:
– Federal and state privacy laws wouldn’t clearly apply to a centralized system managed by a private entity (i.e., AAMVA);
– With sensitive information such as name, date of birth and Social Security Number, the central database would be a one-stop-shop for identity thieves, terrorists and other determined hackers;
– It would increase the risk of internal abuse by unscrupulous DMV employees, which is the leading cause of driver’s license fraud and identity theft (as evidenced by the recent case in Ohio);
– And, most frighteningly, it would pave the way for future “mission creep” by the government and others, who could use the central database to track Americans’ activities over time for reasons that have nothing to do with driver’s license administration, thereby creating the “national ID” system that the public rightly fears.
If Congress fails to repeal or significantly amend the REAL ID Act, CDT hopes that AAMVA will take the lead, working with the states and the Department of Homeland Security, to create a distributed state-to-state verification system, which will go a long way to better protect Americans’ privacy and prevent future misuse of the driver’s license system.