Homeland Security dismisses Real ID privacy worries

ARLINGTON, Va.--A senior U.S. Department of Homeland Security official on Wednesday said he finds privacy concerns prompted by the proposed Real ID regime puzzling.

Stewart Baker, the department's assistant secretary for policy, said a forthcoming system of uniform national identification cards will not put more personal information into the hands of motor vehicle administrators or result in a massive centralized database that's more susceptible to hackers.

In fact, Baker said, the controversial law will improve Americans' privacy. "You can never foresee the future, but every indication is that Real ID is actually going to make it less easy for people to engage in identity theft," Baker told the Homeland Security Data Privacy and Integrity Advisory Committee at its quarterly public meeting here.

Real ID has been a target of criticism since Congress enacted it three years ago as part of an "emergency" Iraq spending bill. Although Homeland Security has tried to defuse criticism by extending deadlines, the law still requires states to reconfigure their drivers licenses and share data. If they don't agree to comply by this October, their citizens won't be able to use their driver's licenses to board planes or enter federal buildings starting on May 11, 2008.

Baker said the process is privacy-protective because it will require Americans to produce legal documents like birth certificates, whose authenticity will be verified, before they can receive a card that meets Real ID protocol. That approach would allow, for instance, airport officials to be more confident in the identity of travelers when it comes time to check them against government watch lists, Baker said.

"You can never foresee the future, but every indication is that Real ID is actually going to make it less easy for people to engage in identity theft."

--Stewart Baker, Department of Homeland Security, assistant secretary for policy

Some states, including Maine, have rejected Real ID on cost grounds, however, and privacy advocates worry about what will happen to data on the IDs' mandatory bar code when it is scanned by banks, bars and other businesses. DHS ruled earlier this month that the data will not be encrypted because of "operational" concerns, such as police being able to easily scan the data from the backs of licenses during traffic stops.

Baker said Wednesday that the department would consider requiring encryption as it writes the final rules, but added: "If you impose encryption requirements that make that exchange of information difficult, you're undermining, not improving, security associated with driver's licenses, we don't want to do that."

Several members of the committee, composed of security companies, academia and nonprofit groups who make policy recommendations to Homeland Security privacy officials, raised concerns about the new system at Wednesday's meeting.

"With what happens now in airports, it doesn't look like it would matter how hard the document was to fake because no one looks at it closely enough to even think about that question," said committee Chairman J. Howard Beales, a George Washington University professor and former Federal Trade Commission official. "Is there a more elaborate process that's envisioned here?"

Baker said Homeland Security was considering taking over the identification check process and putting in stricter controls. Right now, people who check IDs in airport security lines are not generally government employees, he said.

Earlier in the meeting, Jonathan Frenkel, a senior policy adviser with Homeland Security, complained about what he called a rash of "misinformation" about draft national standards for ID cards.

For one thing, he said it's "utter nonsense" that the U.S. government is planning a "Big Brother kind of system" to track American citizens' every move through the cards, as one Missouri state legislator suggested this week.

Frenkel said that if the government really wanted to track cardholders, it would force all citizens to carry the cards. "Since no one is ever required to carry a Real ID...it makes no sense that the government would track something that (a person) doesn't have to carry," he said. (Many nations do require their citizens to carry such documents, and some Real ID critics view the law as the first step toward such a system.)

It also isn't true that only a Real ID card will allow a person to board an airplane or enter a federal building, Frenkel said. A U.S. passport issued by the State Department--new ones have RFID tracking chips embedded--would also qualify.

Privacy groups took issue with the agency's assertions. "It is not ridiculous to say that Real ID will create a national identification system that will allow people to be tracked," said Melissa Ngo, director of the Identification and Surveillance Project at the Electronic Privacy Information Center. "Real ID is ostensibly voluntary, but that just isn't true."

Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, said the practical effect of the rules will be a "uniform" card with a machine-readable zone whose information can readily be harvested by outsiders.

CNET News.com's Declan McCullagh contributed to this report.

More from News.com on this story's topics

Security

Create an email alert | RSS feed

Privacy

Create an email alert | RSS feed

Government

Create an email alert | RSS feed

See more CNET content tagged:
Stewart Baker, Real ID Act, homeland security, driver's license, identity theft