About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« The internet of things 2.0 | Main | Dog years »

1% of the way

By Dave Birch posted Jan 15 2008 at 9:07 AM

[Dave Birch] Things haven't been going terribly well for America's ambitious Real ID scheme. Government agencies missed the end of October deadline to complete background checks for employees and contractors who have worked for the federal government for 15 years or less and to begin issuing the new identity cards that include employees' fingerprints as required under Homeland Security Presidential Directive 12, which President Bush issued in 2004. In all, about 1.9 million federal employees and 591,358 contractors require credentials. As of that deadline, 97 percent of federal employees and 79 percent of contractors had completed the required background checks, but federal agencies had issued only 1 percent of the new cards. Now it turns out that some of the other deadlines around driving licenses are being rolled back as well.

Many people are profoundly uncomfortable with the Real ID programme, and its important to understand what their concerns are. The central worry is, I suppose, the same as in the U.K. Creating a highly centralised big meta-database containing personal information on virtually every American will result in an extremely valuable central source of ID data that might be vulnerable to terrorists, thieves, and unscrupulous employees and others. The Real ID cards have to have a machine-readable zone (MRZ) that is standardised across all states, and this leads to other concerns about organisations scanning these and storing the data. I have a lot of sympathy with this "mission creep" worry: it's wrong to dismiss those of us with concerns as cranks or luddities. When sensible people observe that

What’s more, the REAL ID Act does not mandate specific, robust privacy and security standards for the protection of personal information, and DHS has cited this fact in attempting to excuse its weak proposed regulations.
I don't see why they shouldn't expect a proper answer. Like many other privacy-sensitive people (and organisations) I would like to see ID documents (such as driver's licences in the U.K. and U.S.) work in a better way, but this can and must be done without compromising personal privacy. As the CDT note in this article, it may be inappropriate to expect the card to be a magic bullet against identity theft and fraud if the surrounding processes are not dealt with. Consider the simple measures of verifying the authenticity of source documents, securing the physical locations where the cards are made and supplies stored to deter outsider fraud, and deterring insider fraud by strictly controlling access to card-making systems and supplies and conducting employee background checks. All of these will go a lot further in making things like driver’s licenses more secure forms of identification without posing serious risks to personal privacy. The effect of the REAL ID Act may well turn out to be quite the opposite: by encouraging trust in the card, it may well undermine other security measure: when the guard at the airport (or wherever) sees the REAL ID, they'll wave you through. The fact that you may have bribed a DMV clerk to issue you with a REAL ID in a false identity will go undetected. That's UNREAL ID, isn't it?

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference 1% of the way:


The comments to this entry are closed.