The Real ID Act was inserted into a must-pass military spending bill in 2005. It requires states to redesign their driver's licenses and state ID cards to meet a common federal standard, and to start sharing information with all other states -- effectively turning 50 different state-issued cards into a national ID.
Citizens will have to present documents such as a certified birth certificate, marriage certificate and a Social Security card to renew their current licenses or ID cards. If a state fails to comply, residents won't be able to use their ID to board planes, enter federal courtrooms or collect federal benefits.
But with the May 11, 2008, compliance deadline getting closer, the program is beginning to feel a backlash. In late January, Maine officially declared Real ID to be too expensive and overly invasive of its residents' privacy. Montana's legislature is moving toward a similar finding.
The law may enjoy a rosier reception in the Garden State. Paula Arcioni, the information security officer for New Jersey's Office of Information Technology, envisions the identification cards eventually morphing into smartcards that can be used by the government to help authenticate people and deliver services over the internet. For instance, using a combination of a password and a smartcard reader on a computer, individuals could use the licenses to give a bank account number to the state disability office and have funds electronically deposited.
Arcioni, who emphasized she was not speaking on behalf of the state of New Jersey, says what she calls "scope creep" will be welcomed by citizens.
"All you are getting in e-government for the most part are things that don't require strong two-factor identification," Arcioni said, referring to security that requires something beyond a user name and password. "But as we move forward and start to deliver more and more complicated services, I think that people for the most part will want to know their government has implemented strong measures."
Denise Blair, who's responsible for California Department of Motor Vehicles' infrastructure, sees similar benefits, but expressed concerns about how the DMV will handle cases where longtime driver's license holders don't have a birth certificate. She's looking forward to seeing the federal government's detailed implementation rules, scheduled for release this spring.
California has the most licensed drivers of any state -- more than 11 million as of 2005. Blair says the standardized cards mandated by Real ID could free her department to offer more services online; without strong authentication, the most advanced service the California DMV offers over the web is to allow residents to submit a change of address electronically.
Dan Combs, president of Global Identity Solutions and former director of digital government in Iowa, said Congress didn't really know what it was doing when it passed the law. He's doubtful it will be useful for preventing terrorism -- one of Congress' stated purposes in crafting the measure -- but said it could be useful for simplifying government services like issuing fishing licenses and preventing identity theft and other fraud.
"Most of the really strong support for Real ID comes from people like me who see the promises in an ID system," Combs said. "Once you get a system like this in place an awful lot of government becomes easier."
Combs, who serves on the Electronic Commerce Coordinating Council's Real ID committee, suggested that retailers would want to use the cards to help cut down on losses due to credit card fraud.
Dan Chenok, a vice president at government consulting giant SRA International and a former information and technology official at the Office of Management and Budget, was less enthusiastic, pointing out that Real ID introduces security concerns and that there are no laws regulating how data in the systems will be used, corrected or shared.
Chenok sees the real debate over Real ID starting once the regulations are issued in April.
"It's fair to say most citizens don't understand the implications of Real ID," Chenok said. After April, "the debate will be off to the races."
Audience members alternately clamored for the cards to include a full set of fingerprints and protested that a system that included fingerprints was bound to get hacked.
Marc Rotenberg, who heads the Electronic Privacy Information Center and was in the audience, said he's disappointed that governments aren't keeping pace with what technologists and privacy advocates now agree is the sine qua non of an effective identification system: context.
Rotenberg pointed to OpenID and Microsoft's Windows CardSpace, both of which are online authentication services that let users decide how much information -- name, date of birth, credit card number -- to share with another website. He said those services are signs that technology is moving in the right direction.
The right way to do identification mimics the rules of the 1974 Privacy Act that strictly limit information sharing between government databases, Rotenberg said.
"You may be a veteran and get Social Security and pay taxes and maybe even have a criminal record," Rotenberg said. "The purpose of the Privacy Act was to keep them contained.
"The federal government should not be keeping detailed profiles on U.S. citizens," he said.
Autor(en)/Author(s): Ryan Singel
Quelle/Source: Wired News, 08.02.2007
