Real ID = National ID

Barry Steinhardt bsteinhardt at
Wed May 4 11:05:11 PDT 2005


Congressional passage of the "Real ID" legislation is now all but a
done deal, House and Senate conferees having agreed to inclusion of
language in an appropriations bill that is all but certain to pass.

The name "Real ID" is, if anything, too modest.  Despite deep public
opposition over the years to a national identity card, and Congress's
unwillingness to even consider the idea directly, our security
agencies have now gotten what they want as proponents have succeeded
in pushing through Congress a National ID-in-disguise.
The "Real ID" Act is indeed a real (national) ID.  Although
individual states' driver's licenses may continue to exhibit cosmetic
differences, they will now contain a standardized set of information
collected by all 50 states, which means that underneath each state's
pretty designs they are really a single standardized national card -
backed up not only by biometrics, but also by a standardized "machine-
readable zone" and by a national database of ID information.  Local
DMV offices may continue to appear to be state offices, but they will
now become agents acting on behalf of the federal government, charged
with issuing a national identity document without which one will be
unable to function in America.
National database creates powerful tracking tool. Real ID requires
the states to link their databases together for the mutual sharing of
data from these IDs.  This is, in effect, a single seamless national
database, available to all the states and to the federal government.
(The fact that the database is a distributed one, maintained on
interconnected servers in the separate states, makes no difference.)
National database creates security risks. The creation of a single
interlinked database creates a one-stop shop for identity thieves and
terrorists who want to assume an American's identity.  The security
problems with creating concentrated databases has recently been
demonstrated by the rampant number of data breaches in recent months
in which information held by commercial database companies has fallen
into the hands of identity thieves or others.  The government's
record at information security is little better and that is
especially true at state Motor Vehicle Departments that have
routinely been the targets of both insider and outsider fraud and
just plain larceny.
The "machine-readable zone" paves the way for private-sector
piggybacking.  Our new IDs will have to make their data available
through a "common machine-readable technology."  That will make it
easy for anybody in private industry to snap up the data on these
IDs.  Bars swiping licenses to collect personal data on customers
will be just the tip of the iceberg as every retailer in America
learns to grab that data and sell it to Choicepoint for a dime.  It
won't matter whether the states and federal government protect the
data - it will be harvested by the private sector, which will keep it
in a parallel database not subject even to the limited privacy rules
in effect for the government.
This national ID card will make observation of citizens easy but
won't do much about terrorism.  The fact is, identity-based security
is not an effective way to stop terrorism.  ID documents do not
reveal anything about evil intent - and even if they did, determined
terrorists will always be able to obtain fraudulent documents (either
counterfeit or real documents bought from corrupt officials).
Negotiated rulemaking.  Among the any unfortunate effects of this
legislation is that it pre-empts another process for considering
standardized driver's licenses that was far superior.  That process
(set in motion by the Intelligence Reform Act of 2004) included a
"negotiated rulemaking" among interested parties - including the
states and civil liberties groups - to create standards.  Instead,
the worst form of rules is being imposed, with the details to be
worked out by security officials at DHS instead of through balanced
negotiations among affected parties.
"Your papers, please."  In the days after 9/11, President Bush and
others proclaimed that we must not let the terrorists change American
life.  It is now clear that - despite its lack of effectiveness
against actual terrorism - we have allowed our security agencies push
us into making a deep, far-reaching change to the character of
American life.

Barry Steinhardt

Director Technology and Liberty Project
American Civil Liberties Union

You are subscribed as eugen at
To manage your subscription, go to

Archives at:

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07078, 11.61144  
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list