The Real ID Act and Privacy: Part IIWe continue to focus on the Real ID Act, a new federal law that establishes strict standards and procedures for the issuance of driver's licenses by the states. Last month's column covered the law's convoluted passage despite opposition from immigration groups, privacy advocates and the states. Now we will look closer at the privacy consequences.
The driver's license issue itself dates to the events of 9/11. In the aftermath, state motor vehicle administrators developed a proposal for better standards, and they wanted federal support. The DMVs thought that they could get federal legislation along with funds to use for which they would not be accountable to their legislatures. That effort fell apart amid opposition from groups on the right and left of the political spectrum.
A few years later, state DMVs ended up with the worst possible outcome. They must implement expensive new federal mandates, but federal funds will be scarce. The Department of Homeland Security can give grants to states, but there is no new money. One lesson for everyone is that you come to Washington for help at your own peril.
The same lesson might apply to privacy groups. The initial precedent for the federal government regulating state motor vehicle licenses was the Driver's Privacy Protection Act, a 1994 law that limits disclosure of personal information by state DMVs. Privacy advocates who cheered the act and the Supreme Court decision that the law did not violate constitutional principles of federalism may not be so happy now.
For our purposes, the Real ID Act's main provision gives the Department of Homeland Security the power to set standards for driver's licenses and determine whether state licenses and other ID cards pass muster. The law itself sets some standards for new licenses. They must collect the information found today on a license, including name, address, date of birth, gender and a digital photograph. Not much new there.
Probably the most controversial element is the requirement for common machine-readable technology. The ability to read the data on a driver's license by swiping it through an automated reader will be greatly enhanced. It is not uncommon to have to show your license to enter a building, check into a hotel or buy a drink at a bar. With uniform coding, it will be much easier for everyone who swipes the card to collect personal information to use, possibly without restriction. This may well create new opportunities for merchants to devise and sell enhanced lists.
The most troublesome part of the issuance process will be the need for everyone to document identity. States must demand new documentation from everybody as well as proof of citizenship. The inconvenience for the ordinary person begins to mount here.
First, it may no longer be possible to renew a driver's license over the Internet, as it is today in some states. Right off the bat, the lines at the DMV will be longer. Second, each transaction will be more complicated because states must verify an applicant's Social Security number and the validity of each document presented. For many documents, there is no easy way to do that. If verification is impossible on the spot, then people may face returning to the DMV on a second day.
Third, many people will bring the wrong documentation, so they will have to return more times. That will make the lines and the wait even longer. Fourth, even if DMVs can verify U.S. documents in real time, the odds are that the person in front of you in line will be foreign born, and you will have to wait a long time while the clerk figures it all out.
Finally, the law requires states to capture digital images of identity source documents for storage in a transferable format. This will create an enormous repository of identification documents that will be an identity thief's dream. The law requires security, but we all know that even the best security isn't foolproof. A DMV clerk in another state may provide copies of your documents to an identity thief who works overseas.
Don't forget that you will need to get an ID for your grandmother who has Alzheimer's and lives in a nursing home. That will be three times harder than getting your own. It doesn't matter that she doesn't drive anymore because the ID card may be needed for Medicare.
Now you begin to understand why the public may become unhappy about the new ID requirements. This is why convenience may, for once, help rather than undermine privacy. If you set out to develop a more convoluted, bureaucratic and inconvenient process affecting nearly every American, you would be hard pressed to do better than Rep. James Sensenbrenner did with the act.
Whether a better license is worth having and will improve security or the fight against terrorism is a good question for another day. Meanwhile, it will be an interesting three (or more) years while everyone begins to figure out how to implement the act. Though the act passed Congress easily, I don't think the fight is over. This particular struggle between privacy and security has just started.