Back in April, I blogged about how Department of Homeland Security Secretary Michael Chertoff was “dead wrong” when he testified before the Senate that personal information can’t be “skimmed” from an unencrypted barcode, which all driver’s licenses will have under the REAL ID program. Chertoff completely denied that there are any privacy risks associated with the REAL ID card’s “machine-readable zone.”
Sen. Feingold, D-WI, was right to question Chertoff’s testimony that day and followed up with a letter asking the Secretary to further explain why he thought citizens’ personal information wasn’t at risk or why they couldn’t be tracked by scanning REAL ID cards during a multitude of transactions. Just this week, DHS responded to Sen. Feingold via letter. The Department again shirked responsibility for ensuring that Americans’ personal information stored on REAL ID cards is protected and not accessible by unauthorized parties – businesses and government agencies alike.
As with virtually all REAL ID privacy issues, DHS has punted the security of the machine-readable zone (i.e., barcode) to the states. CDT has consistently highlighted this as a key privacy issue (among many), arguing that the REAL ID program in total should be scrapped. Or, at the very least, the privacy and security shortfalls should be addressed by new legislation. Congress must act soon because DHS clearly can’t be trusted to meaningfully protect personal privacy.
Chertoff did not sign the DHS response letter. This saved the Secretary the embarrassment of admitting that he was the one who was wrong on this matter and not the privacy advocates seeking to protect the security of Americans from identity theft and other threats by raising the issue.