gregh  2008-06-11 05:35  information_privacy  medical_records  personal_information   

NY Times: Kaiser Backs Microsoft Patient-Data Plan:

Kaiser Permanente, the nation’s largest nonprofit health maintenance organization, is endorsing the drive toward consumer-controlled personal health records in a partnership with Microsoft.

The partnership, announced Monday, will begin with a pilot project open to Kaiser’s 156,000 employees, which will run until November. If successful, the product linking Kaiser’s patient information with Microsoft’s Health Vault personal health record service will be offered to Kaiser’s 8.7 million members in nine states and the District of Columbia.

The article waxes on about how portability is a problem, and how this will solve all of those issues.

A more cynical -- and in my mind realistic -- view is that Kaiser moving its records accomplishes goals that allow it to get around HIPAA. Microsoft becomes a provider of services for storage of medical records, so there is no issue with Kaiser sharing. Once Microsoft has the records, the vulnerabilities lie with Microsoft's technologies, the users, and the service providers who sign up with HealthVault.

Microsoft gets data it can sell, Kaiser lightens its burdens of protecting records, and users are exposed to errors not only by Kaiser, but now also by Microsoft, Microsoft's partners, and themselves.

Ms. Silvestre said Kaiser had also looked closely at Google, but had been particularly impressed by Microsoft’s technology for protecting the privacy and security of personal data.

One of the really disappointing things about HealthVault is that it's still using usernames and passwords. What's more, it makes release of and access to information very easy to the record holder, which means it's more likely that individuals will errantly release their own records. Microsoft is leading the way on safe, user-centric identity technology, and to date, none of it has been applied to HealthVault, so far as I'm aware. The responsible thing would be to wait on services like HealthVault until the identity picture is fixed. Instead, people are so eager to jump on board, they'll gladly put the privacy of medical records at risk.

HIPAA isn't keeping pace with technological change, and systems like this, structured to provide workarounds, only show how feckless it is.

gregh  2007-08-12 18:33  identity  Law  personal_information  usercentrism   

When we empower users to control their identities, do those empowered to release personal information on behalf of a user have a responsibility to ensure the user understands what they're releasing?

I don't know. I do know that most computer interfaces continue to baffle users. Users seem just to want to click to make the dialog box go away. Dialog boxes mean something has happened. How do we train a user to be careful before releasing information?

From a legal standpoint, does a user truly consent to the release of data if the user didn't understand what they were releasing? What would be the standard for determining what a user knew or should have known?

gregh  2007-01-11 13:48  homeland_security  information_privacy  Law  personal_information  Politics  privacy  real_id   

Update: See my follow-up, covering the actual text leading to these suggestions. It's not quite as bad as suggested. It still ain't great.

If the following is actually correct, the Department of Homeland Security is even more worthless than I could have imagined.

UnRealID.com:

The Department of Homeland Security has finished their proposed regulations for implementing the Real ID Act and has sent them to the Office of Management and Budget for approval.  The publication of DHS's REAL ID regulations will follow shortly.  The compliance guidelines are almost one year overdue.

According to a still-secret several hundred-page dossier sent last week by DHS to the Office of Management and Budget, DHS considered three ways to implement the REAL ID Act:

Plan A: Order the individual states to find a way of communicating data to one another.  This idea was given short shrift by DHS, who dismissed it out of hand.
Plan B: Have DHS build a centralized database for the states to query before issuing REAL ID-compliant drivers licenses.  This idea was also rejected.
Plan C: Have a private data aggregator act as the central database.  This is the plan advocated by DHS.  The plan calls for the outsourcing of all drivers license and ID card checks to a private corporation, who would then charge the states for each check performed.  DHS head Michael Chertoff personally ordered this option to be chosen, according to a senior administration source.

One would hope that this would be the final nail in the Real ID coffin, and this would surely bring about swift introduction of the Akaka-Sununu Identification Security Enhancement Act of 2006.

Given the poor data protection histories of the commercial data aggregators, not to mention their incredibly poor histories of data matching, the very idea of them being called upon to manage aggregation of all of the drivers databases sounds more like a cruel joke. There may be more interesting issues.

To begin with, the Real ID Act doesn't call for a large database of driver's license data. In order to issue Real ID-compliant driver's licenses, states must:

(12) Provide electronic access to all other States to
information contained in the motor vehicle database of the
State.
(13) Maintain a State motor vehicle database that contains,
at a minimum--
(A) all data fields printed on drivers' licenses and
identification cards issued by the State; and
(B) motor vehicle drivers' histories, including
motor vehicle violations, suspensions, and points on
licenses.

Driver's license database information is commercial information owned by the states. This is clear from Reno v. Condon:

The motor vehicle information which the States have historically sold is used by insurers, manufacturers, direct marketers, and others engaged in interstate commerce to contact drivers with customized solicitations. The information is also used in the stream of interstate commerce by various public and private entities for matters related to interstate motoring. Because drivers’ information is, in this context, an article of commerce, its sale or release into the interstate stream of business is sufficient to support congressional regulation.

There were already some questions hanging around (most dismissed by commentators) about the Constitutionality of allowing the federal government to require states to grant other states access to their own commercial items without compensation in order to comply with the Real ID Act. Permitting commercial data aggregators to take possession or ownership of that state property without compensation is somewhat more egregious. As things now, those aggregators would be forced to purchase that information from the states; at least in that instance, the coffers of the states are gaining something to help cover the maintenance of that data. Under this plan, it would seem plausible (especially if the aggregators "accidentally" released the information into the public domain) that the states would simply be forced to give it away. This may raise greater Constitutional questions about those portions of the Real ID Act.

It makes the security aspect even worse.

It likely removes the (feckless) Privacy Act and the Computer Matching and Privacy Protection Act from the mix.

In short, I'm currently even a bit skeptical that even the inept Department of Homeland Security could proffer a suggestion as ludicrous as this one; I can't wait to see the actual proposed regulations to find out if it's true.

gregh  2006-12-14 15:00  homeland_security  Law  personal_information  privacy  real_id   

Homeland Security chief defends Real ID plan:

"I think this is an example (of) when security and privacy go hand in hand," the Homeland Security chief said in a half-hour speech at George Washington University here. "It is a win-win for both."

The importance of such documents was magnified by an announcement Wednesday, Chertoff said. Federal authorities reported that they had made more than 1,200 arrests related to immigration violations and unmasked criminal organizations stealing and trafficking in genuine birth certificates and Social Security cards belonging to U.S. citizens.

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

First for the cheap shot: "a win-win for both?" Doesn't the term have two "wins" in it to signify that it's already about both? What would be a win-win for security or privacy alone?

Chertoff ignores the greater privacy implications of Real ID. One is that the states will have to collect a much greater array of information from individuals than they currently do. Another is that they're required to maintain it both electronically (that should make your skin crawl) and in hardcopy. Yet another is that they'll be forced to communicate with a number of other databases (leaking personal information) every time you need to interact with a card-issuing agency. It requires that I carry around a large chunk of machine-readable information on my identification card, and what's worse, makes no limitation on who can read that information and how it can be used. And finally, the Act requires that the states open up their databases to all of the other states. Enrolling in the Real ID system saps a big chunk of my privacy away from me.

Unfortunately, it adds no privacy protections (it even took some away.) The guy who can walk around with papers with my personal information isn't prevented from doing so with Real ID in place. There are no added limitations on the use of social security numbers, or of sensitive transactions, or the release of my records. There's no protection of state records release laws under Real ID, and it seems probable that any state in the Union could decide to start selling the records of any other state.

Is there added security? There's no suggestion of it in the Real ID Act. Much of the act worries about ensuring that cards can't be tampered with or counterfeited (and we all know this is a joke; if someone can make it, someone else can copy it.) There's little effort given to the notion of authenticating a card. Instead, security is supposed to come from looking at a card and making an assumption that if it looks like a Real ID-compliant card, it must be a Real ID-compliant card. That will work well the first time someone knocks over a delivery truck shipping Real ID-compliant cards to the DMV, or a former employee of the company making card materials for an agency absconds with the materials and sells them.

The tough part for me is figuring out who actually is receiving the wins from the win-win. I suppose mostly it's a flailing agency that needs any "positive" progress it can make and an industry anxious to start selling newer, more expensive identification card raw materials.

gregh  2006-12-13 01:01  elections  homeland_security  information_privacy  Law  personal_information  privacy  real_id   

This is good news. Getting through finals kept me from seeing this right away. The text is not currently on Thomas yet, so I'm not sure what the details are. Homeland Security Watch says it rolls back to § 7212 of the Intelligence Reform and Terrorism Prevention Act, but the text from the ACLU press release below makes it sound like it goes even further.

In particular, increased protection of driver's license data from third parties (esp. if beyond what the DPPA provides), encryption of collected data, and the protection of state privacy laws (which weren't impacted by § 7212, anyway) all sound good.

Hopefully, with the new Congress, this thing will stand a chance.

American Civil Liberties Union : ACLU Lauds Akaka-Sununu Real ID Fix Bill, Says Additional Privacy and Civil Liberties Safeguards Still Needed:

WASHINGTON - The American Civil Liberties Union today welcomed the introduction of bipartisan legislation authored by Senators Daniel Akaka (D-HI) and John Sununu (R-NH) that would add privacy and civil liberties safeguards to the Real ID Act. The 'Identification Security Enhancement Act of 2006' would address several of the shortcomings of the controversial legislation adopted last year, including the establishment of a National ID.

. . .

The Real ID Act was adopted last year as part of a must-pass military appropriations bill. The act rolls back civil liberties protections, attacks privacy rights and sets the stage for a national ID. Many diverse groups including the ACLU, the National Association of Evangelicals, the Ancient Order of Hibernians, the National Conference of State Legislatures, the National Governors Association and the American Association of Motor Vehicle Administrators opposed the Real ID Act. Conservative estimates place the minimum cost of the program at $12 billion.

The Akaka-Sununu bill would eliminate most of the requirements that laid the foundation for a National ID card, such as the obligation that all data and systems be standardized. The bill also changes the approach to drivers’ licenses by calling for more flexible 'standards' instead of the current uniform mandates. In perhaps its most significant privacy fix, the legislation prohibits the use of license data by third parties, requires encryption of the data itself and preserves any state privacy laws that may provide greater protections.

(Via Homeland Security Watch.)

gregh  2006-11-09 18:14  identity  information_privacy  personal_information  privacy   

Daniel Solove comments on USA Today article about financial institutions culling from public records databases to arrive at identifying facts, rather than using Social Security Numbers:

Concurring Opinions: Verifying Identity: From One Foolish Way to Another:

The problem with using this method is that the information in public databases is often riddled with errors. Why do banks need to go behind your back to snoop out information about you? Banks and financial institutions already have a relationship with you -- after all, you established an account with them. They can use some of the information they gathered at that time to establish your identity and then ask you to supply additional information to help identify you. But going behind people's backs and trolling public records for data does not strike me as a particularly effective method given the possibility for errors in those records.

Anyone who has had someone else's information in a credit reports know that matching records, even when there is a solid, government-issued identifier, seems impossible on the scale that's required for the credit agencies. These public records databases often work with pieces of data that aren't tied to a unique identifier like a SSN. Imagine the torture of trying to get access to your money -- or get a new credit card -- when your financial institution is using data that is, often at best, tenuously matched.

gregh  2006-10-31 10:03  homeland_security  information_privacy  Law  personal_information  privacy  real_id   

Of course Total Information Awareness never died.

It helps connect the dots, as I've previously suggested:

Certainly, there's probably good reason to believe that TIA never died. There's also very good reason to believe that one of the great benefits of forcing the electronic opening of all state driver databases is that it would benefit a TIA-like system.

Why else would the federal government force the states to electronically open their databases to all other states, when the states hadn't even been asking for that? Well, of course. It makes it easier for the federal government to collect the information to stuff their databases. Unfortunately, it also leaves everyone else's information more prone to theft. Government agencies haven't exactly shown themselves to be adept at protecting personal information.

NATIONAL JOURNAL: Terrorist Profiling, Version 2.0 (10/20/2006):

The government's top intelligence agency is building a computerized system to search very large stores of information for patterns of activity that look like terrorist planning. The system, which is run by the Office of the Director of National Intelligence, is in the early research phases and is being tested, in part, with government intelligence that may contain information on U.S. citizens and other people inside the country.
 
It encompasses existing profiling and detection systems, including those that create 'suspicion scores' for suspected terrorists by analyzing very large databases of government intelligence, as well as records of individuals' private communications, financial transactions, and other everyday activities.

(Via Schneier on Security.)

gregh  2006-10-24 11:09  information_privacy  Law  personal_information  privacy  real_id   

Why should we fight government attempts to gather and open up even more information, regardless of the promises that might be put forward by our representatives and agencies?

Health care privacy law: All bark, no bite? - The Red Tape Chronicles - MSNBC.com:

In fact, there have been 22,664 HIPAA privacy-related complaints filed since the privacy rule took effect in 2004, and not a single institution has been fined for privacy lapses, according to the Department of Health and Human Services, which enforces HIPPA. It's not clear that any of the three incidents above generated HIPAA privacy complaints, so the total number of privacy-related incidents is no doubt higher.

The government won't even enforce statutory information protection laws against private entities. Why would we ever expect the government to enforce regulations against itself? Of course, my favorite whipping boy, the Real ID Act, didn't even legislate privacy; it removed what limited privacy was already in place.

Two questions to consider:

1. What's the likelihood DHS will enhance privacy protections (rather than merely the legislated weakening of the DPPA inherent in the Real ID ACt) with its draft regulations for Real ID?
2. How likely is it that even if there is enhanced privacy, it will ever be enforced, when the easiest defense is "We were trying to root out terrorists?"

gregh  2006-10-21 11:46  identity  information_privacy  Law  personal_information  privacy  real_id   

Is there any better evidence that the Real ID Act was poorly conceived and given too little consideration than the fact that the deadline for state implementation is less than 18 months away from the time the draft standards will be released?

FCW.com - Real ID draft regs due by year's end:

By the end of the year, the Homeland Security Department will issue draft regulations specifying how states should implement mandatory federal standards for driver's licenses. But several states have already gotten started.

According to the statute, the states will have until May 11, 2008, to implement the requirements that "the National Governors Association and the National Conference of State Legislatures stated . . . will cost $11 billion over five years to comply with the law, which will reduce efficiencies and increase wait times." In other words, the Department of Homeland Security has taken longer to develop a draft of the regulations than the states will have to implement this multi-billion dollar fiasco.

A better piece of legislation aimed at this problem could have preserved privacy, made implementation easier for the states, and laid out a more realistic timeline for implementation. Instead, we got the Real ID Act.

gregh  2006-10-20 07:08  information_privacy  Law  personal_information  Politics  privacy  real_id   

Where rubber meets the road in privacy debate - Special Projects - MSNBC.com:

“The Real ID Act is a direct implementation of one of the 9/11 Commission recommendations,” said Jeff Lungren, spokesman for House Judiciary Chairman Rep. James Sensenbrenner, R-Wisc., the legislation’s key sponsor. “There’s a ton of misconceptions that have been promulgated by the opponents from the get-go. It’s unfortunate that they’re continuing to do so.”

Okay. He's not really the Devil. At least, I don't think he is. I'm not really an authority on such matters.

As far as I can tell, this is the 9/11 Commission recommendation that the Real ID Act implements:

Recommendation: Secure identification should begin in the United States. The federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses. Fraud in identification documents is no longer just a problem of theft. At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.

See Chapter 12, Immigration Law and Enforcement.

Now, Jeff Lundgren, what about this recommendation:

First, as we will discuss in chapter 13, to open up the sharing of information across so many agencies and with the private sector, the President should take responsibility for determining what information can be shared by which agencies and under what conditions. Protection of privacy rights should be one key element of this determination.

Recommendation: As the President determines the guidelines for information sharing among government agencies and by those agencies with the private sector, he should safeguard the privacy of individuals about whom information is shared.

Perhaps they simply for got about that? No. It's worse than that. Section 7212 of the Intelligence Reform and Terrorism Prevention Act of 2004 implemented the same top-level recommendation of the 9/11 Commission Report to bring more control to the issuance of driver's licenses. In fact, the Department of Transportation, in conjunction with the states and the Department of Homeland Security were already working on the new standards. Among the differences? Section 7212 had a requirement that privacy concerns be considered in the development of regulations; that nagging little piece was omitted from the Real ID Act Sensenbrenner is so proud of ramming through. Second, § 7212 required negotiated rulemaking, so that affected and interested parties could take part in the process of formulating the regulations. Oops. That got dropped from Real ID, too.

Here's a snippet from a work in progress of mine that goes into more detail on the important pieces of § 7212 that were tossed aside for the Real ID Act:

Section 206 of Real ID[1] repeals § 7212 of the Intelligence Reform and Terrorism Prevention Act of 2004.[2]  Section 7212 imposed many similar data and identity verification constraints on the states as does Real ID.[3]   Beyond intentionally trying to increase information collection, enhance capabilities for information processing, and increase information dissemination, it’s unclear why § 7212 should have been repealed.

Generally, § 7212 is very similar to Real ID, so much so that the casual observer might not notice the differences.[4]  Both impose their restrictions only if the state-issued identification will be used by federal agencies as authentic identification for official purposes.[5]  Both require similar types of information to be collected applicants for driver’s licenses or identification cards.[6]  Both suggest at offers of grants to help the states get themselves into compliance.[7]  Both provide timelines for implementation and mechanisms to extend those timelines.[8]  That’s roughly where the similarities end.

Section 7212 calls for negotiated rulemaking, while Real ID doesn’t address the rulemaking process at all.[9]

 

1.     The Privacy Requirements of § 7212

 

For information privacy, the most important piece of § 7212 that was not carried forward to Real ID is the requirement for regulations to protect the privacy of individuals.[10]  Section 7212 required that the regulations “shall include procedures and requirements to protect the privacy rights of individuals who apply for and hold driver’s licenses and personal identification cards.”[11]  There is no such provision in Real ID.

This may not merely be trimming some fat from a process that might have been a government smokescreen in forming such regulations.  Development of the regulations for driver’s licenses under § 7212 was required to be done by a committee using federal negotiated rulemaking guidelines.[12]  The statute laid out the minimum categories of individuals that would have representatives on the committee drafting the regulations: 1) officials from state agencies that issue driver’s licenses or identification cards;[13] 3) elected officials from the states; 4) representatives of the Department of Homeland Security; and 5) other interested parties.[14]

State officials would have vested interests, both political and legal, in ensuring that the regulations protected the privacy of their constituents.[15]  Other interested parties would no doubt consist of civil liberties groups interested in protecting privacy rights.[16]  Even companies that sell privacy protection software or advanced identification technologies would probably get involved.[17]  Regardless of the motives of the various parties included in the negotiated rulemaking, there would surely by more public input and oversight to protect the privacy rights of individuals than there will be in an otherwise undefined privacy regulation context, as that which exists in Real ID.

 

2.     Specific § 7212 Steps to Avoid the National ID Card Issue

 

The repeal of § 7212 also removed some measures that appeared to avoid the institution of a national identity card.[18]  Americans have long been opposed to the concept of a national identity card, feeling that such a card is too great an intrusion into their personal privacy.[19]  Some commentators have even suggested that such a system, giving someone a single national identity, robs that person of individual political identity that many Americans cherish.[20]

Richard Sobel has put forth some suggestions about what a national identity system might look like. He proffers that such a system would require all citizens and documented immigrants to: 1) be issued an identifying number; 2) at a certain age, every individual would be issued a card that identified the person and was tied to the identification number; and 3) those numbers would be entered into a nationwide databank collecting disparate personal information.[21]  As Prof. Sobel points out, with the issuance of a Social Security Number at birth, the first step of that process is already complete.[22]

Section 7212 prevented the execution of the other two components of Prof. Sobel’s national identity system prerequisites.  First, it allowed states to forego certain requirements, including the requirement that an individual have a social security number, or even that a person be a citizen or documented immigrant to drive.[23]  Second, it allowed no requirement that states force their cards to conform to a national appearance standard.[24]  Third, it did not impose the open database access requirement of Real ID.[25]

Real ID, on the other hand, virtually meets all of these prerequisites.  It relies upon Social Security Numbers, which are now issued at birth.  It will allow the issuance of a standardized card at the time when a person needs to access federal resources.  Finally, Real ID mandates that all of that information be put into a databank of disparate information, that can all be tied together by the national identifier.[26]

---

[1] Real ID Act § 206.

[2] Intelligence Reform and Terrorism Prevention Act of 2004, Pub. L. 108-48, Title VII, § 7212 (2004).

[3] See e.g., § 7212(b)(C)(2); Real ID Act § 202(b)-(c).

[4] Section 7212 placed rulemaking and administrative authority under the Secretary of Transportation.  Section 7212(b)(C)(i). Real ID Act substitutes the Secretary for Homeland Security.  The Real ID Act, § 201(4).  Section 7212 requires regular audits of state compliance. 

Section 7212(b)(C)(iii).  Real ID Act, curiously, does not, in spite of it’s supposedly great concern for ensuring states comply.  Real ID Act, § 202(a)(2).

[5] Rather than risk federalism questions, both § 7212 and Real ID Act only purport to lay down standards for what is required of state-issued identification documents if they are to be used for official federal government uses.  See e.g., § 7212(b)(C)(2); Real ID Act § 202(a).

[6] See, e.g. § 7212(b)(C)(2); Real ID Act § 202(c).

[7] See e.g., § 7212(c); Real ID Act § 204.

[8] See e.g., § 7212(d); Real ID Act § 205(b).

[9] See § 7212(b)(4). 

Real ID Act contains no similar requirement for the involvement of affected parties in the crafting of regulations.

[10] See  § 7212(b)(3)(2).

[11] Id.  Real ID Act contains no similar requirement for regulations to ensure information privacy.  There’s no explanation for why it has been removed in the record.  There are certainly inferences that can be drawn.

[12] Section 7212(b)(4).

[13] In other words, those who would be charged with implementing the standards would be involved in developing the regulations.  In contrast, the current approach under the Real ID Act doesn’t prohibit the Department of Homeland Security from involving those charged with implementation, but neither does it require such involvement.  In fact, it would appear that the Department of Homeland Security is well underway in drafting regulations in a vacuum.  See U.S. Driver’s License Standard Still Undefined, Card Technology, http://www.cardtechnology.com/article.html?id=20060613J3I4TARG (last visited Jun. 30, 2006).

[14] Section 7212(b)(4)(B).  It seems reasonable to assume that “interested parties” in 5) would see the involvement of privacy advocates and other civil liberties groups.

[15] See supra Part I.E.

[16] See e.g., EPIC – National ID and Real ID Act, Electronic Information Privacy Center, http://www.epic.org/privacy/id_cards/ (last visited Jun. 30, 2006) (EPIC’s tracking of the latest news regarding Real ID Act issues as well as national identity card issues); American Civil Liberties Union, RealNightmare.org, http://www.realnightmare.org/ (last visited Jun. 30, 2006) (ACLU’s public awareness website for Real ID Act concerns); United States Public Policy Committee of the Association for Computing Machinery, USACM Urges Reconsideration of Real ID Provisions, http://www.acm.org/usacm/weblog/index.php?p=280 (last visited Jun. 30, 2006).

[17] This is not a suggestion that vendors shouldn’t be involved in this process.  Indeed, software companies right now are doing significant work in identity management technologies, and the considerable research being done in that space would almost certainly benefit the development of the requirements the Real ID Act is imposing.  See, e.g., Microosft Corporation, Microsoft CardSpace, http://msdn.microsoft.com/winfx/reference/infocard/default.aspx (last visited Jun. 30, 2006); Network World, Novell Funds Open Source Bandit, http://www.networkworld.com/news/2006/061306-novell-funds-open-source.html?fsrc=rss-security (last visited Jun. 30, 2006) (regarding Novell’s Bandit identity management technology); Liberty Alliance Project, http://www.projectliberty.org/ (last visited Jun. 30, 2006) (website for the Liberty Alliance Project, a federated identity management technology).

[18] There is a long history of rejection of national identity cards in the United States.  See

Richard Sobel, The Demeaning of Identity and Personhood in National Identification Systems, 15 Harv. J.L. & Tech. 319, 382-386.

[19] See Id.

[20] Id at 370 (“Similarly, the presumption and presence of unimpeded individual action protected by the political buffer around personhood and undergirding individual rights clash with a national ID.”).

[21] Richard Sobel, The Degradation Of Political Identity Under A National Identification System, 8 B.U. J. Sci. & Tech. L. 37, 45-47.

[22] Id. at 46.

[23] See § 7212(b)(3), specifiying:

(B) may not infringe on a State's power to set criteria concerning what categories of individuals are eligible to obtain a driver's license or personal identification card from that State;

(C) may not require a State to comply with any such regulation that conflicts with or otherwise interferes with the full enforcement of State criteria concerning the categories of individuals that are eligible to obtain a driver's license or personal identification card from that State;

[24] Id. (“(D) may not require a single design to which driver’s licenses or personal identification cards issued by all States must confirm . . .  .”).

[25] In fact, it requires no information sharing between the states at all.

[26] The national identifier here is the Social Security Number, despite the fact that the Privacy Act of 1974, in part, was aimed at limiting use of the Social Security Number as a national identification number.  Sobel, Demeaning, at 350-351.  The disparate information is the array of drivers records, in all of their various formats, spread throughout the states.