Skip to Content

Government Surveillance

CDT Supports Privacy Protections Proposed in the PASS ID Bill

Washington–The Center for Democracy & Technology today welcomed the introduction of legislation to correct key privacy and security flaws in the REAL ID program. The bill, known as the Providing for Additional Security in States’ Identification (PASS ID) Act of 2009, supports the 9/11 Commission’s recommendation of making driver’s license and ID card issuance more secure, without allowing DHS unfettered discretion to expand the program or forcing states to share data in ways that risk privacy and security.

“The PASS ID Act addresses most of the major privacy and security concerns with REAL ID,” said Ari Schwartz, Vice-President of CDT. “The approach this bill proposes will go a long way towards increasing the reliability of driver’s licenses and ID cards in a privacy protective way.”

To help prevent loss or inappropriate use of personal data, the bill would make changes to the standards and practices used by states in handling personally identifiable information (PII) and would require privacy and security protections for PII collected and stored in connection with the issuance of driver’s licenses. States would be required to establish safeguards to protect PII in DMV databases, adopt procedures to prevent unauthorized access and use of PII, and create a process for cardholders to access and correct their own information.

Most notably, the PASS ID Act:

  • Removes the requirement that states “provide electronic access” allowing every other state to search their motor vehicles records.
  • Limits the “official purposes” for which federal agencies can demand a PASS ID driver’s license, thereby helping prevent “mission creep.”
  • Requires privacy and security protections for PII stored in back-end motor vehicle databases.
  • Provides protections for PII stored in the machine-readable zone (MRZ) on the cards. The Act prohibits states from including the cardholder’s social security number in the MRZ and places limits on the storage, use, and re-disclosure of that information. These changes will limit use of the card as a tracking device.

While the reforms proposed by PASS ID are a much-needed improvement over current law, work still needs to be done to ensure strong privacy protections for the 240 million Americans and lawful residents who carry state-issued driver’s licenses or ID cards.

“Protecting privacy and security is an ongoing process that requires continual attention to new risks and the potential for profiling and fraud,” said Schwartz. “CDT will continue to work with Congress and the states to improve privacy and security in driver’s license and ID card issuance and in associated back-end information systems.”

Related Reading

The CDT logo. A white "cdt" alongside "Center for Democracy & Technology" on a dark grey background.

The STOP CSAM Act Would Make Kids Less Safe
White document on black background.

CDT Joins Letter in Opposition to the Strengthening Transparency and Obligations to Protect Children Suffering from Abuse and Mistreatment (STOP CSAM) Act

EU Tech Policy Brief: June 2025