gregh  2008-04-23 08:44  Law  ncsl  privacy  real_id   

NCSL Supports The Identification Security Enhancement Act of 2007:

However, lacking the full policy and financial commitment of the federal government to ensure the success of the state-federal partnership needed to make REAL ID possible, NCSL now calls upon Congress to repeal REAL ID and reinstate the negotiated rule-making process. This approach will achieve our shared goals for security in a manner that respects states’ rights, privacy protections, and fiscal responsibility.

S.717, which I previously covered in its 2006 form, would bring back the negotiated rulemaking and return to the states the authority to preserve their own privacy regimes.

Keep your fingers crossed.

(Via Jim Harper.)

gregh  2007-07-28 10:40  dppa  real_id   

Killer of Actress Stabbed in Prison:

The man convicted of stalking and killing actress Rebecca Schaeffer in 1989 was stabbed repeatedly by another inmate in the prison where he is serving a life sentence, corrections officials said.
. . .
The slaying of Schaeffer, a former teenage model who co-starred in the 1980s sitcom "My Sister Sam," helped prompt anti-stalking laws. She was shot when she answered the door of her home in Los Angeles.

It also brought about the Driver's Privacy Protection Act, which is likely to be clobbered in what meaningful forms are left by Real ID, assuming it lives to become relevant. (Reno v. Condon)

gregh  2007-06-28 18:25  eevs  immigration  privacy  real_id   

Did Real ID bring down immigration reform? That's probably not the right way to put it.

Are the forces of evil (Sensenbrenner, et al) so incredibly gung ho to track the details of every American who chooses to work that they'll scuttle immigration reform rather than see Real ID go down the tubes? The answer appears to be yes. However, the problem is deeper than immigration; it may extend to your ability to find work, change jobs, and in turn, move freely about the country.

Declan describes how attempted to kill Real ID in the current immigration reform efforts brought a halt to the process in his article, National ID plan may have killed immigration bill:

Privacy advocates were quick to claim that a vote against Real ID cards the previous evening doomed the bill.

Wednesday's vote showed that senators were willing to delete the portion of the labyrinthine immigration bill that would require employers to demand the Real ID cards from new hires. Because some of the bill's backers had insisted that the ID requirement remain in place--as a way to identify illegal immigrants--they were no longer as willing to support the overall bill.

Commentary in that article also comes from the Cato Institute's Jim Harper:

"The proponents of national ID in the Senate weren't getting what they wanted, so they backed away," said Jim Harper, a policy analyst at the free-market Cato Institute who opposes Real ID. "It was a landmine that blew up in their faces."

(By the way, if you're looking for an easy-to-read book with broad coverage of identity issues, I recommend Harper's Identity Crisis: How Identification is Overused and Misunderstood.)

However, it's important to note that another key facet of this immigration reform bill came in the form of pre-employment verification. A database of huge importance that would be run by, of all agencies, the Department of Homeland Security, employers would be forced to query the database preferably before, but certainly shortly after you went to work. In this Huffington Post entry, the ACLU's Caroline Fredrickson explains the system:

For instance, Title III of the bill expands the error-plagued Employment Eligibility Verification System (EEVS), creating a vast federal database to verify the eligibility to work of all job applicants in America -- including U.S. citizens. This expansive system would contain extraordinary amounts of personal information on everyone who seeks or holds a job, all of it keyed to a person's Social Security number. If the immigration bill passes as written, all Americans will need to have their eligibility to work approved by the Department of Homeland Security. Invariably, DHS will confuse the files of people with similar names or use outdated or erroneous information to deny people the right to work, creating a 'No Work List' similar to the government's 'No Fly List.' They have testified that they will need to "manually reverify" the work-eligibility of eight percent of all workers.

So, we can't get passports out to people to travel, but we'll certainly be able to manually verify 80% of the legally working population in no time. No doubt.

John Gilmore paints a much scarier picture of the growing "In DHS We Trust" phenomenon:

The attempt to force a process of "get federal permission to hire FIRST" on the country is eerily parallel to the DHS proposal to require airlines to "get federal permission to transport FIRST". Today, airlines can bring you to the US without permission, but they are liable for the cost of carrying you elsewhere if the US won't admit you. This naturally limits their willingness to bring random people -- but allows people to come and apply for asylum, for example. The Gestapo announced months ago that they plan to change this to require each passenger's info to be submitted long before the plane takes off, getting an affirmative "OK", or else the passenger would not be allowed on board at all. As with other federal watchlist checks, this would come with zero due process protection for the passenger, and zero accountability for the government. If they mysteriously keep saying "No", there's nothing that you as a citizen could do to get back into your own country. They wouldn't even have to jail or detain you, such that a lawyer could go to court with some urgency to spring you. No, YOU would have to sue THEM, and it would take years in the courts.

In our fervor to regulate and control immigration, we've got to be very wary of those in our legislature who would like to use this opportunity to regulate and control the rest of us. As Senators Max Baucus and Jon Tester said after the immigration bill was eventually put out of its misery:

"We scored a major victory today in our efforts to protect privacy and defeat a bad immigration bill at the same time," said Baucus, Montana’s senior U.S. Senator. "If Jon and I just brought down the entire bill, that’s good for Montana and the country."
...
"If by fighting to keep government out of people’s private lives, Max Baucus and I stopped the senate from passing this flawed immigration bill, then this was a real victory for Montana and the American people," Tester said.

Indeed.

gregh  2007-03-01 14:39  homeland_security  real_id   

Well, DHS has released Real ID draft regs.

In addition, states have been given another 19 months:

The Bush administration will allow states to postpone the planned May 2008 launch of a program to toughen security requirements for driver's licenses by up to 19 months, in response to complaints about the projected $11 billion cost and potential disruptions, congressional and Department of Homeland Security officials said yesterday."

Time to go read the draft regs...

gregh  2007-02-21 09:07  homeland_security  real_id   

The National Conference of State Legislators has put up a "Countdown to REAL ID" page. There a lot of great resources there, as well as a database inventorying various state legislation concerning driver's licenses and identification cards.

Countdown to REAL ID:

As the May 11, 2008 implementation deadline of the Real ID Act approaches, states are facing an uncertain future. The U.S. Department of Homeland Security (DHS) has failed to release regulations and Congress has appropriated only $40 million to assist states with the implementation. Without adequate assistance from the federal government and regulations to guide state efforts to implement the Real ID Act, state driver’s license security is at a stand still. 

As I write this, the countdown says:
444 days, 10 hours, 44 minutes, 01 seconds

Wouldn't be bad to see some regulations come out of DHS at some point, eh?

gregh  2007-01-30 10:28  Politics  privacy  real_id  security   

Real-ID: Costs and Benefits:

All of these problems demonstrate that identification checks based on Real ID won’t be nearly as secure as we might hope. But the main problem with any strong identification system is that it requires the existence of a database. In this case, it would have to be 50 linked databases of private and sensitive information on every American -- one widely and instantaneously accessible from airline check-in stations, police cars, schools, and so on.

The security risks of this database are enormous. It would be a kludge of existing databases that are incompatible, full of erroneous data, and unreliable. Computer scientists don’t know how to keep a database of this magnitude secure, whether from outside hackers or the thousands of insiders authorized to access it.

And yet, there's a group that will carry on insisting that this is something we must have. We open ourselves up to theft of identity information on a grand scale, and for what? As Schneier continues:

Even worse, as soon as you divide people into two categories -- more trusted and less trusted people -- you create a third, and very dangerous, category: untrustworthy people whom we have no reason to mistrust. Oklahoma City bomber Timothy McVeigh; the Washington, DC, snipers; the London subway bombers; and many of the 9/11 terrorists had no previous links to terrorism. Evildoers can also steal the identity -- and profile -- of an honest person. Profiling can result in less security by giving certain people an easy way to skirt security.

So, we do all of this Real ID nonsense, and what do we get? Oh, right. Less security. Along with the false sense of security, we also receive diminished privacy, heightened risks to privacy, greater government aggregation of data that is is unlikely to be able to manage, and just generally a worse situation than we had before.

gregh  2007-01-25 19:59  real_id   

Maine rejects Real ID Act | CNET News.com:

Maine overwhelmingly rejected federal requirements for national identification cards on Thursday, marking the first formal state opposition to controversial legislation scheduled to go in effect for Americans next year.

. . .

"I have faith that the Democrats in Congress will hear this from many states and will find a way to repeal or amend this in the coming months," House Majority Leader Hannah Pingree, a Democrat, said in a telephone interview after the vote. "It's not only a huge federal mandate, but it's a huge mandate from the federal government asking us to do something we don't have any interest in doing."

. . .

The votes in Maine on the resolution were nonpartisan. It was approved by a 34-to-0 vote in the state Senate and by a 137-to-4 vote in the House of Representatives.

Maybe the legislators to the south in New Hampshire will grow a backbone now.

gregh  2007-01-21 01:09  homeland_security  information_privacy  Law  real_id   

Following up on my recent post about the DHS recommending a commercial data aggregator to create a new database for the data access requirements of the Real ID Act, it appears that it may not be as dire as original reported by Unreal ID. Specifically, Unreal ID claimed that the DHS recommendation was to:

[h]ave a private data aggregator act as the central database. This is the plan advocated by DHS. The plan calls for the outsourcing of all drivers license and ID card checks to a private corporation, who would then charge the states for each check performed. DHS head Michael Chertoff personally ordered this option to be chosen, according to a senior administration source.

A Wired story takes some issue with this, and provides text of the recommendations Unreal ID was operating from. This is pretty useful. While this entire component of Real ID is awful, it's not quite as bad as I surmised and wrote about previously. Let's look at the suggestions as they exist in this text (whether this is the actual text of the recommendations or not):

First, the States could simply be left to make whatever arrangements they choose among themselves. This approach would maximize State flexibility but could prove burdensome and chaotic in implementation.

There is no doubt that this would prove "burdensome and chaotic." Of course, that's one of the pluses. Imagine the states opening up their databases in ways that made using that access completely unworkable. They'd give up on this unnecessary requirement and it would go away. It's no surprise that DHS would dislike this one; it should be clear that the intention was never really to allow states full access to the databases of other states, but rather to make access easier for federal agencies by standardizing access. Why would Jim Sensenbrenner care about giving all the states access, when it's something they've never pursued?

The language is a bit confusing for this second item, and that's somewhat disturbing. It's disturbing because it's not clear just how it works in conjunction with the third recommendation. I'll explain more below:

Second, the States could create a "federated" or "decentralized" system, in which each State continues to maintain its own records but the interface among databases is standardized. This might be implemented as a "pointer" index that allows States to determine where to find relevant records about applicants. This system would be similar to DOT's Commercial Driver's License Information System (CDLIS).

The third possibility, listed below, does have distinguishing characteristics, but some of the language of this possibility is unclear. It appears to blend federated data and decentralized data. There's no reason states couldn't standardize interfaces to their data without providing some central federation service that provides pointers to the data. That sounds like it comes suspiciously close to the clearinghouse discussed below. Instead, the data could simply be decentralized with standardized access methods used across the states.

Both possibilities sound horrid. The pointer database suggests a database of identifying information -- quick, tell me what other than SSN could be sensibly used as the pointer -- that provides ready access to go gather anything a wily user wants to get out of the system. The "chaotic and burdensome" approach sounds much better. This sounds like a data protection nightmare. After all, this pointer index would, as a matter of course, contain enough information to identify a person. Getting that data would expose a hundreds of millions of identities.

Of course, it would also make it easier for the TIA replacement to find the data.

Finally, there's the third possibility, the "clearinghouse" solution. Here's how it appears in the Wired document:

Third, the States could utilize an intermediary, or clearinghouse, to assemble necessary information about a particular applicant. This approach would require only one entry of information by a State DMV, and one transmission of all verifiable information to the clearinghouse. The clearinghouse would not store data about applicants; instead, it would determine which databases and systems to search and then would provide the relevant information once the data is assembled about that applicant. For example, the clearinghouse would communicate with SSA to verify the applicant's Social Security number (submitting the applicant's full legal name, date of birth and Social Security number provided by the applicant), submit applicant data through EVVE, submit applicant data to USCIS' SAVE program as applicable, and check whether the applicant is licensed in another state through queries to individual States. Once all these lines of data were verified, the clearinghouse would return the full, verified response back to the State DMV. In none of these approaches would a large permanent multistate collection of individual records be created. The "federated" and clearinghouse alternatives are focused on the infrastructure among systems, and would not act as a substitute for the databases that hold the actual information (i.e., the databases would not "dump" into the clearinghouse).

Note that the description is very clear that there would not be "a large permanent multistate collection of individual records" here. Of course, that's patently untrue, because the pointer index of the federation would, in fact, have a gigantic collection of individual records. It would have to, if the goal is to find all records, for example, that pertain to my license and potential licenses I might have had elsewhere, which is really the sole reason to create this monstrosity in the first place (excepting the ulterior motives I suspect are at this requirement's heart.)

It's easy to see why this solution looks like such a good sell. A rogue user from some random state is going to have a much more difficult time acting independently to harvest huge numbers of records from the other states; that risk is greatest when only the individual states will be tracking access, such as in the federated or "burdensome and chaotic" solutions. What's more, this one might be seen as attractive because it doesn't have to store anything, outside of the time that it's assembling these nice little records packages for the state DMVs. However, there's something far more sinister here.

From a data leakage perspective, it's going to be far more difficult to track American citizens if the records of movement are stored in requests between states. First, states would have to give it up. Second, the feds would have to be able to make use of the morass of various audit records. Oh, but that beautiful clearinghouse. It's going to know exactly where I am, when I requested a license or otherwise had business with the DMV. It will quickly put the federal government on a path to track movements of Americans (further on the path than it already is.) The data may come and go, but those logs will be rife with rich information to be mined, intruding into the private comings and goings of Americans.

No, this third option doesn't create a new database. Instead, it creates a new tracking system without the encumbrances of a new database.

The concluding paragraph of the text provided by Wired is someone comical:

In developing such a system, DHS expects that the all appropriate privacy and security mechanisms will be included to reduce the risk of unauthorized access, misuse, fraud, and identity theft. Although DHS considers the third option to have the highest probability of timely and effective implementation, DHS will not require States to adopt one of these approaches as part of these regulations. DHS will consult actively with States and other stakeholders with a view to assisting the States in choosing the alternative that is most likely to reduce the costs of meeting the verification requirement. DHS will be examining ways in which DHS may assist States in most effectively meeting the requirements of the REAL ID Act. This may involve assistance through federal procurements or grants. Any such assistance will likely be provided separately from this NPRM, but DHS welcomes comments on the alternatives and on methods by which it may assist the States in reducing the burden of complying with the requirements of the REAL ID Act.

(emphasis added.) Of course, it's rich enough to read about DHS expecting "all appropriate privacy and security mechanisms" to be included, given their repeated failing ratings for computer security and data protection, when they're even capable of filing their reports. However, the suggestion that they won't be requiring one of these to be selected is something of a joke. After all, does anyone believe that DHS will fund any option a state may choose?

Over at Homeland Stupidity, Michael Hampton has followed up his previous post to put these recommendations in context, concluding:

Don’t be too surprised in a few months when it’s announced that AAMVA got the contract after a lengthy wait, required for the sake of appearances and bureaucracy. After all, they’re already maintaining a similar, but much smaller, database for the states, which holds data on every commercial driver license holder in the country. This is the blueprint on which the national identity database will be built.

It does, oddly, sound a whole lot like the third possibility.

gregh  2007-01-11 13:48  homeland_security  information_privacy  Law  personal_information  Politics  privacy  real_id   

Update: See my follow-up, covering the actual text leading to these suggestions. It's not quite as bad as suggested. It still ain't great.

If the following is actually correct, the Department of Homeland Security is even more worthless than I could have imagined.

UnRealID.com:

The Department of Homeland Security has finished their proposed regulations for implementing the Real ID Act and has sent them to the Office of Management and Budget for approval.  The publication of DHS's REAL ID regulations will follow shortly.  The compliance guidelines are almost one year overdue.

According to a still-secret several hundred-page dossier sent last week by DHS to the Office of Management and Budget, DHS considered three ways to implement the REAL ID Act:

Plan A: Order the individual states to find a way of communicating data to one another.  This idea was given short shrift by DHS, who dismissed it out of hand.
Plan B: Have DHS build a centralized database for the states to query before issuing REAL ID-compliant drivers licenses.  This idea was also rejected.
Plan C: Have a private data aggregator act as the central database.  This is the plan advocated by DHS.  The plan calls for the outsourcing of all drivers license and ID card checks to a private corporation, who would then charge the states for each check performed.  DHS head Michael Chertoff personally ordered this option to be chosen, according to a senior administration source.

One would hope that this would be the final nail in the Real ID coffin, and this would surely bring about swift introduction of the Akaka-Sununu Identification Security Enhancement Act of 2006.

Given the poor data protection histories of the commercial data aggregators, not to mention their incredibly poor histories of data matching, the very idea of them being called upon to manage aggregation of all of the drivers databases sounds more like a cruel joke. There may be more interesting issues.

To begin with, the Real ID Act doesn't call for a large database of driver's license data. In order to issue Real ID-compliant driver's licenses, states must:

(12) Provide electronic access to all other States to
information contained in the motor vehicle database of the
State.
(13) Maintain a State motor vehicle database that contains,
at a minimum--
(A) all data fields printed on drivers' licenses and
identification cards issued by the State; and
(B) motor vehicle drivers' histories, including
motor vehicle violations, suspensions, and points on
licenses.

Driver's license database information is commercial information owned by the states. This is clear from Reno v. Condon:

The motor vehicle information which the States have historically sold is used by insurers, manufacturers, direct marketers, and others engaged in interstate commerce to contact drivers with customized solicitations. The information is also used in the stream of interstate commerce by various public and private entities for matters related to interstate motoring. Because drivers’ information is, in this context, an article of commerce, its sale or release into the interstate stream of business is sufficient to support congressional regulation.

There were already some questions hanging around (most dismissed by commentators) about the Constitutionality of allowing the federal government to require states to grant other states access to their own commercial items without compensation in order to comply with the Real ID Act. Permitting commercial data aggregators to take possession or ownership of that state property without compensation is somewhat more egregious. As things now, those aggregators would be forced to purchase that information from the states; at least in that instance, the coffers of the states are gaining something to help cover the maintenance of that data. Under this plan, it would seem plausible (especially if the aggregators "accidentally" released the information into the public domain) that the states would simply be forced to give it away. This may raise greater Constitutional questions about those portions of the Real ID Act.

It makes the security aspect even worse.

It likely removes the (feckless) Privacy Act and the Computer Matching and Privacy Protection Act from the mix.

In short, I'm currently even a bit skeptical that even the inept Department of Homeland Security could proffer a suggestion as ludicrous as this one; I can't wait to see the actual proposed regulations to find out if it's true.

gregh  2006-12-14 15:00  homeland_security  Law  personal_information  privacy  real_id   

Homeland Security chief defends Real ID plan:

"I think this is an example (of) when security and privacy go hand in hand," the Homeland Security chief said in a half-hour speech at George Washington University here. "It is a win-win for both."

The importance of such documents was magnified by an announcement Wednesday, Chertoff said. Federal authorities reported that they had made more than 1,200 arrests related to immigration violations and unmasked criminal organizations stealing and trafficking in genuine birth certificates and Social Security cards belonging to U.S. citizens.

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

First for the cheap shot: "a win-win for both?" Doesn't the term have two "wins" in it to signify that it's already about both? What would be a win-win for security or privacy alone?

Chertoff ignores the greater privacy implications of Real ID. One is that the states will have to collect a much greater array of information from individuals than they currently do. Another is that they're required to maintain it both electronically (that should make your skin crawl) and in hardcopy. Yet another is that they'll be forced to communicate with a number of other databases (leaking personal information) every time you need to interact with a card-issuing agency. It requires that I carry around a large chunk of machine-readable information on my identification card, and what's worse, makes no limitation on who can read that information and how it can be used. And finally, the Act requires that the states open up their databases to all of the other states. Enrolling in the Real ID system saps a big chunk of my privacy away from me.

Unfortunately, it adds no privacy protections (it even took some away.) The guy who can walk around with papers with my personal information isn't prevented from doing so with Real ID in place. There are no added limitations on the use of social security numbers, or of sensitive transactions, or the release of my records. There's no protection of state records release laws under Real ID, and it seems probable that any state in the Union could decide to start selling the records of any other state.

Is there added security? There's no suggestion of it in the Real ID Act. Much of the act worries about ensuring that cards can't be tampered with or counterfeited (and we all know this is a joke; if someone can make it, someone else can copy it.) There's little effort given to the notion of authenticating a card. Instead, security is supposed to come from looking at a card and making an assumption that if it looks like a Real ID-compliant card, it must be a Real ID-compliant card. That will work well the first time someone knocks over a delivery truck shipping Real ID-compliant cards to the DMV, or a former employee of the company making card materials for an agency absconds with the materials and sells them.

The tough part for me is figuring out who actually is receiving the wins from the win-win. I suppose mostly it's a flailing agency that needs any "positive" progress it can make and an industry anxious to start selling newer, more expensive identification card raw materials.