Wednesday, April 16, 2008

Real ID Just Waiting In The Wings?


Is "Real ID" Dead, or Just Waiting for the Next Terrorist Crisis?
Are there limits to how far Americans will go to fight the so-called "War on Terrorism?"
Apparently so. Legislators in more than two dozen states have enacted laws refusing to go along with an unfunded federal mandate that imposes security, authentication and issuance standards for driver's licenses and state ID cards.
The initial deadline for compliance with this "Real ID" initiative is May 11, 2008. After that date, residents of states that haven't promised to issue Real ID-compliant identity documents will be penalized. These American citizens won't be able to use their drivers' licenses to board a domestic airline flight, enter a federal courthouse, or for other official government purposes.
Only, it appears that the Department of Homeland Security (DHS) isn't that serious about enforcing the Real ID mandate. To avoid a May 11 showdown, the DHS has issued extensions to compliance with Real ID to every state that passed laws refusing to comply with it! The DHS merely received assurances that these states will "eventually" comply with the requirements.
Supporters of the Real ID initiative - part of a 2005 military spending bill - claim that it merely establishes common-sense standards to insure identity documents can't be counterfeited or falsified. That, in turn, they say, will reduce terrorism, illegal immigration, and a host of other social ills.
If only that were true - it's not. Harder-to-forge IDs won't stop terrorism, because making sure someone is who they claim to be doesn't prove they won't conduct a terrorist act.
Most terrorists have no previously known links to terrorism. In fact, many of the 9/11 hijackers had no prior terrorist records. For that matter, neither did Oklahoma City bomber Timothy McVeigh.
Then there's the matter of whether Real IDs will actually be, well, real. Proponents say the high-tech identity documents produced under the initiative will be tamperproof and impossible to counterfeit.
But this claim is a bold-faced lie. We need look no further than the newest generation of U.S. passports - those equipped with supposedly tamper-proof radio frequency identification (RFID) chips. This new "tamper-proof" RFID chip is similar to the one that's supposed to be inserted in all Real ID compliant identity documents.
In 2006, a German computer security consultant actually cloned an RFID passport. Is it too much to imagine that clever hackers will similarly find a way to hack Real IDs?
But the most threatening aspect of the Real ID initiative is its creation of the equivalent of a national database that includes details on nearly 250 million licensed drivers. Each state must provide electronic access to the information contained in its database to all other states.
An interlinked system is a far greater security risk than a decentralized one with each state issuing ID cards according to its own rules. That's because if hackers manage to penetrate it, they'll have access to identity documents in all 50 states - not just one.
Moreover, since there's no requirement that the data on your Real ID will be protected in any way, private companies can use the information in it at will. Every retailer that requires identification will swipe your Real ID and then sell the data to information aggregators to be data mined whenever they choose.
Does the current standoff over Real ID mean the end of efforts to establish a national ID card? Not at all. If a lie is repeated often enough, people will believe it's true. That's particularly true when it comes to the War on Terror.
If there is another terrorist attack on U.S. soil, the trend toward a national identity card - and national ID database - may be unstoppable. Let's hope that day never comes.

No comments: