CFC Testifies Against REAL ID Act

On May 1st the Department of Homeland Security held a national town
hall meeting at the University of California at Davis to discuss
implementation of the REAL ID Act. The Consumer Federation of California (CFC) believes REAL ID’s would represent a gross violation of personal privacy rights and actually increase the potential for identity theft.

REAL ID Overview: The Real ID Act of 2005 would turn our state
driver’s licenses into a genuine national identity card and impose
numerous new burdens on taxpayers, citizens, immigrants, and state
governments ‘ while doing nothing to protect against terrorism. This
new federal identity document would be required of every American in
order to fly on commercial airlines, enter government buildings, open a
bank account, and more.

Below is a short fact sheet created by a coalition opposing the REAL ID Act called Real Nightmare (www.realnightmare.org), followed by the text of the testimony given by Richard Holober, Executive Director of CFC, at the town hall meeting hosted by the Department of Homeland Security.

REAL ID FACT SHEET

It’s a national identity system. The standardized national
driver’s licenses created by Real ID would become a key part of a
system of identity papers, databases, status and identity checks and
access control points ‘ an ‘internal passport’ that will increasingly
be used to track and control individuals’ movements and activities.

Will not be effective against terrorism. The fact is,
identity-based security is not an effective way to stop terrorism. ID
documents do not reveal anything about evil intent ‘ and even if they
did, determined terrorists will always be able to obtain fraudulent
documents (either counterfeit or real documents bought from corrupt
officials).

Will be a nightmare for state governments. Real ID requires
state governments to remake their driver’s licenses, restructure many
of their computer databases and other systems, create an extensive new
document-storage system, and ‘ perhaps most difficult of all ‘ verify
the ‘issuance, validity and completeness’ of every document presented
at DMVs. See Real Burdens.

Will mean higher fees, long lines, and bureaucratic nightmares for individuals.
Because Congress ordered but did not pay for these mandates, which will
cost states billions of dollars, fees on individuals applying for
driver’s licenses will inevitably rise, perhaps steeply. Individuals
are also likely to confront slower service, longer lines, and frequent
bureaucratic snafus in obtaining these ID cards. Many unlucky
individuals will find themselves caught in a bureaucratic nightmare as
they run up against the complexities of this law.

Increased security and ID-theft risks. The creation of a single
interlinked database as well as the requirement that each DMV store
copies of every birth certificate and other documents presented to it
will create a one-stop shop for identity thieves.

Will be exploited by the private sector to invade privacy. Real
ID would make it easy for anybody in private industry to snap up the
data on these IDs. Already, bars often swipe licenses to collect
personal data on customers ‘ but that will prove to be just the tip of
the iceberg as every convenience store learns to grab that data and
sell it to data companies for a dime.

Will expand over time. The Real ID database will inevitably,
over time, become the repository for more and more data on individuals,
and will be drawn on for an ever-wider set of purposes. Its
standardized machine-readable interface will drive its integration into
an ever-growing network of identity checks and access control points ‘
each of which will create new data trails that will in turn be linked
to that central database or its private-sector shadow equivalent.

REAL ID National Town Hall By the Department of Homeland Security

May 1, 2007 from 10 AM to 2 PM PDT, Freeborn Hall at the University of California, Davis.

Testimony by Richard Holober, Consumer Federation of California:

"Good morning. My name is Richard Holober. I’m the Executive Director
of the Consumer Federation of California. We have worked mainly in
California but also at the federal level on a great many privacy
issues. California really has led the nation in protecting privacy.
Unfortunately, much of what we are able to achieve here in California
is undone at the federal level. We’re very concerned that these
proposals will jeopardize privacy.

Now, there are two issues that are often intermingled, those are
privacy and security. Security of people’s records, that’s generally
viewed as a technical issue, how do we make these record tamper proof.
We believe that the more records are aggregated the more you are
compiling all kinds of bits and pieces of information about people,
their banking records, their Social Security Numbers, their birth
records, other records about them, into a single databases, that very
act of aggregating records, creates new opportunities for identity
theft.

This proposal will create a potential one-stop shop for identity
thieves. The regulations are silent on the question of certain data,
but we believe it is likely that most states will scan and save
electronically all source documents, birth certificates, proof of
address, et cetera, making this information part of state databases as
well. The creation of a massive national database loaded with
American’s personal information would be a dream come true for identity
thieves.

Databases that contain Social Security Number, birth dates,
certificates, other personal information, the regulations suggest using
a monthly bank statement, and a yearly financial statement to verify
your address, so that means that these records will also contain your
personal banking and tax information. This information is all that a
criminal needs to steal someone’s identity. Instead of remaining under
an individual’s control, they’ll be housed in the DMV at risk of being
taken by hackers, burglars, or the way much identity theft occurs,
through inside jobs.

Because they’re stored as digital images, anyone with a color printer
will be able to produce high quality forgeries of these documents. REAL
ID database systems will not only store all the information on nearly
everyone in America it will offer access to millions of federal, state,
local, government employees around the nation. A single break in the
security of the system at any of the thousands of DMV offices around
the nation could potentially compromise the personal information and
the documents of 240 million Americans.

Worse, there is no mechanism in the regulation for states to ensure
that officials in other states are properly protecting personal
information. Nor do the regulations provide any guidance besides the
meaningless phrase best practices for how states are to safeguard their
databases. Personal information will only be as secure as the state
with the weakest security and there are no requirements for encryption
of records.

We’re extremely worried that rather than safeguarding security, the
more identity thieves can get their hands on aggregated records, the
more there will be identity theft and that will be by not only common
variety criminals, but by terrorists as well. We’re opposed to these
regulations. This one hearing, I believe the only hearing in the nation
that’s open to the public, and we had information about this on 8 days
notice is wholly inadequate for an item that’s of tremendous concern to
the American people. Thank you."