Real ID Act being reconsidered
Finally. The Senate Judiciary Committee started hearings yesterday examining the implications of the Real ID Act, which would turn state drivers' licenses into de facto national ID cards. If committee chairman Patrick Leahy has his way, this ridiculous piece of security theater will be repealed:
Critics argue that it's a $23 billion unfunded mandate that would link states' databases to create a centrally accessible system through which the federal government could monitor citizens. Some argue that its real appeal was to those who want to deny driver's licenses to undocumented workers.
The critics also say it wouldn't stop terrorists from obtaining IDs any better than current state programs and that a more centralized system could make citizens more susceptible to identity theft.
I'm going to quote a lengthy excerpt from Bruce Schneier on the subject, but the whole post is a must-read on the subject:
It doesn’t really matter how well a Real ID works when used by the hundreds of millions of honest people who would carry it. What matters is how the system might fail when used by someone intent on subverting that system: how it fails naturally, how it can be made to fail, and how failures might be exploited.
The first problem is the card itself. No matter how unforgeable we make it, it will be forged. We can raise the price of forgery, but we can’t make it impossible. Real IDs will be forged.
Even worse, people will get legitimate cards in fraudulent names. Two of the 9/11 terrorists had valid Virginia driver’s licenses in fake names. And even if we could guarantee that everyone who issued national ID cards couldn’t be bribed, cards are issued based on other identity documents -- all of which are easier to forge.
And we can’t assume that everyone will always have a Real ID. Currently about 20% of all identity documents are lost per year. An entirely separate security system would have to be developed for people who lost their card, a system that itself would be susceptible to abuse.
Additionally, any ID system involves people: people who regularly make mistakes. We’ve all heard stories of bartenders falling for obviously fake IDs, or sloppy ID checks at airports and government buildings. It’s not simply a matter of training; checking IDs is a mind-numbingly boring task, one that is guaranteed to have failures. Biometrics such as thumbprints could help, but bring with them their own set of exploitable failure modes.
All of these problems demonstrate that identification checks based on Real ID won’t be nearly as secure as we might hope. But the main problem with any strong identification system is that it requires the existence of a database. In this case, it would have to be 50 linked databases of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.
The security risks of this database are enormous. It would be a kludge of existing databases that are incompatible, full of erroneous data, and unreliable. Computer scientists don’t know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.
But even if we could solve all these problems, and within the putative $11 billion budget, we still wouldn’t be getting very much security. A reliance on ID cards is based on a dangerous security myth, that if only we knew who everyone was, we could pick the bad guys out of the crowd.
That's the heart of the matter. When politicians who know nothing of security (in this case, James "Tex" Sensenbrenner) try to look "tough" on the issue, they end up making the problem worse. A scheme such as Real ID is security theater at its worst; by fostering a false sense of security, we leave ourselves even more vulnerable. Bad security is worse than no security at all.
Schneier also says here:
REAL ID requires that driver's licenses contain actual addresses, and no post office boxes. There are no exceptions made for judges or police -- even undercover police officers. This seems like a major unnecessary security risk.
REAL ID also prohibits states from issuing driver's licenses to illegal aliens. This makes no sense, and will only result in these illegal aliens driving without licenses -- which isn't going to help anyone's security. (This is an interesting insecurity, and is a direct result of trying to take a document that is a specific permission to drive an automobile, and turning it into a general identification device.)
[,,,]
And the wackiest thing is that none of this is required. In October 2004, the Intelligence Reform and Terrorism Prevention Act of 2004 was signed into law. That law included stronger security measures for driver's licenses, the security measures recommended by the 9/11 Commission Report. That's already done. It's already law.
These are all valid points which Congress never debated or considered -- at least, not until Leahy decided to hold hearings on the subject.
We certainly need to look at security vulnerabilities across the board and take reasonable, effective steps to combat those weaknesses. Grandstanding by ill-informed and ill-motivated politicians such as Sensenbrenner isn't the way to do it. Leahy has always been a staunch advocate of privacy rights, and I believe he understands the fundamentals of good security policy. His hearings will hopefully shine the light of reason on this badly conceived law.