Tag: department of homeland security

Would PASS ID Really Save States Money?

By
Jim Harper

The proposed PASS ID Act is a national ID just like REAL ID, and it threatens privacy just as much. Some argue that a national ID under PASS ID should be palatable, though, because it reduces costs to states.

But savings to states under PASS ID are not at all clear. Let’s take a look at the costs of creating a U.S. national ID.

The REAL ID Act, passed in May 2005, required states to begin implementing a national ID system within three years. In regulations it proposed in March 2007, the Department of Homeland Security extended that draconian deadline. States would have five years, starting in May 2008, to move all driver’s license and ID card holders into REAL ID-compliant cards.

The Department of Homeland Security estimated the costs for this project at $17.2 billion dollars (net present value, 7% discount). Costs to individuals came it at nearly $6 billion – mostly in wasted time. Americans would spend more than 250 million hours filling out forms, finding birth certificates and Social Security cards, and waiting in line at the DMV.

The bulk of the costs fell on state governments, though: nearly $11 billion dollars. The top three expenditures were $5.25 billion for customer service at DMVs, $4 billion for card production, and $1.1 billion for data systems and IT. Getting hundreds of millions of people through DMVs and issuing them new cards in such a short time was the bulk of the cost.

To drive down the cost estimate, DHS pushed the implementation schedule way back. In its final rule of January 2008, it allowed states a deadline extension to December 31, 2009 just for the asking, and a second extension to May 2011 for meeting certain milestones. Then states would have until the end of 2017 to replace all cards with the national ID card. That’s just under ten years.

Then the DHS decided to assume that only 75% of people would actually get the national ID. (Never mind that whatever benefits from having a national ID drop to near zero if it is not actually “national.”)

The result was a total cost estimate of about $6.85 billion (net present value, 7% discount). Individual citizens would still spend $5.2 billion worth of their time (in undiscounted dollars) on paperwork and waiting at the DMV. But states would spend just $1.5 billion on data and interconnectivity systems; $970 million on customer service; and $953 million on card production and issuance—a total of about $2.4 billion. (All undiscounted—DHS didn’t publish estimates for the final rule the same way it published their estimates for the proposed rule.)

Maybe these cost estimates were still too high. Maybe they weren’t believable. Or maybe Americans’ love of privacy and hatred of a national ID explains it. But the lower cost estimate did not slow the “REAL ID Rebellion.” Given the costs, the complexity, the privacy consequences, and the dubious benefits, states rejected REAL ID.

Enter PASS ID, which supposedly alleviates the costs to states of REAL ID. But would it?

At a Senate hearing last week, not one, but two representatives of the National Governors Association testified in favor of PASS ID, citing their internal estimate that implementing PASS ID would cost states just $2 billion.

But there is reason to doubt that figure. PASS ID is a lot more like REAL ID – the original REAL ID – in the way that most affects costs: the implementation schedule.

Under PASS ID, the DHS would have to come up with regulations in just nine months. States would then have just one year to begin complying. All drivers’ licenses would have to be replaced in the five years after that. That’s a total of six years to review the documents of every driver and ID holder, and issue them new cards.

How did the NGA come up with $2 billion? Maybe they took the extended, watered-down, 75%-over-ten-years estimate and subtracted some for reduced IT costs. (The NGA is free to publish its methodology, of course.)

But the costs of implementing PASS ID to states are more likely to be closer to $11 billion than the $2 billion figure that the NGA puts forward. In just six years, PASS ID would send some 245 million people into DMV offices around the country demanding new cards. States will have to hire and train new employees to handle the workload. They will have to acquire new computer systems, documents scanners, data storage facilities, and so on.

There is another source for cost estimates that draws the $2 billion figure into question: the National Governors Association itself. In September 2006, it issued a report with the National Conference of State Legislatures and the American Association of Motor Vehicle Administrators finding that the costs to re-enroll drivers and ID holders over a 5-year period would cost states $8.45 billion (not discounted).

Just as with REAL ID, re-enrollment under PASS ID would undo the cost-savings and convenience that states have gained by allowing online re-issuance for good drivers and long-time residents. As the NGA said:

Efficiencies from alternative renewal processes such as Internet and mail will be lost during the re-enrollment period, and states will face increased costs from the need to hire more employees and expand business hours to meet the five year re-enrollment deadline.

Angry citizens will ask their representatives why they are being investigated like criminals just so they can exercise their right to drive.

PASS ID does reduce some of the information technology costs of REAL ID, such as requirements to use systems that still do not exist, and requirements to pay for driver background checks through the Systematic Alien Verification for Entitlements system and the Social Security Online Verification system.

But PASS ID still requires states to “[e]stablish an effective procedure to confirm that a person [applying] for a driver’s license or identification card is terminating or has terminated any driver’s license or identification card” issued under PASS ID by any other state. How do you do that? By sharing driver information. The language requiring states to provide all other states electronic access to their databases is gone, but the need to share that information is still there.

A last hope for states is that the federal government will come up with money to handle all this. But the federal government is in even tougher financial straights than many states. The federal deficit for this fiscal year is projected to reach $1.84 trillion.

Experienced state leaders recognize that the promise of federal money may not be fulfilled. The weakly funded PASS ID mandate will likely become a fully unfunded mandate.

So, does PASS ID really save states money? I wouldn’t put any money on it … .

Topics: 
Law and Civil Liberties, Telecom, Internet & Information Policy

Review of the Big REAL ID Hearing

By
Jim Harper

The Senate Homeland Security and Governmental Affairs Committee held a hearing yesterday on the REAL ID Act and the REAL ID revival bill, known as PASS ID. I attended and want to share with you some highlights.

Good News!

Little good came from the hearing, as it was primarily focused on how to get the states and people to accept a national ID. But there is some good news.

First, Department of Homeland Security Secretary Janet Napolitano declared REAL ID dead (much as I did in my testimony two-plus years ago). “DOA” is how she referred to it.

She also said that no state will be in compliance with REAL ID by the current December 31, 2009 deadline. This is important because a lot of people think that states doing anything about the security of drivers’ licenses and ID cards are complying with REAL ID.

Another highlight was the commentary of Senator Roland Burris (D-IL). He is a beleaguered outsider to the Senate and evidently wasn’t coached on the talking points around REAL ID and PASS ID. So he flat out asked why we shouldn’t just have “a national ID.”

Senator Susan Collins’ (R-ME) nervous smile was particularly noticeable when Burris asked why the emperor had no clothes. No one was supposed to talk about national IDs at this hearing! But that’s what PASS ID is.

REAL ID and PASS ID are two versions of the same national ID system, and nobody is denying it. That’s good news because the effort to rebrand REAL ID through PASS ID has failed.

A Fake Crisis

Some other issue-framing is worth pointing out. Chairman Lieberman and Secretary Napolitano took pains to point out the importance of acting on PASS ID soon, claiming that the TSA would have to seriously inconvenience travelers with secondary searches at the end of the year if nothing was done.

But this is the same “crisis” that the DHS navigated a little over a year ago. States across the country were refusing to implement REAL ID. The DHS Secretary rattled his saber about inconveniencing travelers. And the DHS Secretary ended up giving all states a deadline extension. Secretary Napolitano will do the same thing if PASS ID fails - saber-rattling included. There is no crisis.

Vermont Governor Jim Douglas Supports a National ID

As I noted above, PASS ID is a national ID, just like REAL ID.

By testifying in support of PASS ID, Vermont governor Jim Douglas (R) put himself on record as supporting a U.S. national ID. He can pretend it’s not a national ID, of course, and he did his best to paper over the issue when Senator Burris asked about it. But Governor Douglas supports a national ID.

There was a time when Republicans stood for resisting federal incursions on state power. In the 104th Congress, the Senate Judiciary Committee had a subcommittee that focused on federalism and the preservation of state power (the Subcommittee on the Constitution, Federalism, and Property Rights). But the National Governors Association, with Douglas at the helm, is now in the process of negotiating the sale of state power over driver licensing and identification policy to the federal government.

Rampant Security Ignorance

The reason why he supports this national ID law, Governor Douglas said, is that he, like every governor, “is a security governor.”

With so many Senators and panelists conjuring security and the 9/11 Commission report, it would be a delight if someone actually examined the security benefits of a national ID. The information is there for them. Again, my testimony to the committee two years ago supplied at least some. Then, I said, “Implementation of REAL ID would impose more costs on our society than it would provide in security or other benefits,” and I articulated how and why a national ID fails to secure.

But Senator Lieberman said he “assumes” REAL ID provides national security benefits. Assumes? He and his staff apparently haven’t familiarized themselves with the level of national security that a national ID would create, taking into account the counterattacks and complications of such a system.

Five years after the vaunted 9/11 Commission report - and the three-quarters of a page it devoted to identity security - Senator Lieberman, the chairman of a committee dealing with domestic security, has yet to look into the merits.

In case Senator Lieberman needs some help …

I’m So Sick of the 9/11 Commission Report!

Speaking of the 9/11 Commission, it has been five years since that report came out, and people continue to parrot the line that REAL ID was a “key 9/11 Commission recommendation.”

The 9/11 Commission dedicated three-quarters of a page to the question of identity security, out of 400+ substantive pages. Its entire treatment of the subject is on page 390.

The 9/11 Commission did not articulate how a national ID system would defeat future terror attacks. It did not even articulate how a national ID would have defeated the 9/11 attacks had it been in place. A minor shift in behavior by the 9/11 attackers, such as using their passports to board planes, would have defeated REAL ID and PASS ID, were we somehow allowed “do-overs.”

We are not allowed “do-overs,” and the problem we face is not 9/11, but securing against current and future threats - including people who might shift their behavior in light of security measures we take.

These shifts in behavior might include taking a few extra steps to get the documentation they need, for access to the country or targets. These shifts in behavior might include attacking targets that do not require documentation. Identity-based security is a Maginot Line.

The 9/11 Commission report was written at a time when little research on identity-based security had been done. It was written by fallible humans who knew little about identity-based security, and who got it wrong. The report is not a religious text.

The report did say something important, though: “For terrorists, travel documents are as important as weapons”! (page 384) It’s a terrific turn of phrase because it shuts down the logic centers in the brain - eek, terrorists! - and ends the discussion.

The “travel documents” the report was talking about, though, were passports and visas, not drivers’ licenses and birth certificates - the things foreign terrorists use to get into the country. If we’re going to turn the driver’s license into an internal passport - and TSA checkpoints are the beginning of such a policy - then perhaps these are travel documents. Just, please, Secretary Napolitano, train your TSA agents to not say, “Your papers, please.”

Even as to international travel documents, though, the 9/11 Commission got it wrong. Weapons are the only things as important as weapons. And the 9/11 terrorists didn’t actually use weapons any more substantial than box cutters. They “weaponized” a non-weapon. (Security is complicated, you see.)

Denying terrorists travel documents, drivers’ licenses, and IDs simply presents them some inconveniences - such as using people with no record of terrorism. Seventeen of nineteen 9/11 attackers were unknown to U.S. officials as threats, so it’s obviously not that much of an inconvenience.

Evading identity-based security is so easy. People do it all the time. And it won’t stop under anyone’s version of a national ID. But the 9/11 Commission said … !

Something New to Worry About

Much of the national ID battle happens at the federal level with these national ID laws, of course, but it’s important to realize that federal officials, state officials, companies, and non-profit groups are working to knit together a cradle-to-grave national ID system no matter what happens with REAL ID and PASS ID.

Here’s one worth highlighting: Thirteen states apparently are already scanning, or have scanned, their birth certificates into databases for use in the national ID system. The effort is being led by the National Association for Public Health Statistics and Information Systems in Silver Spring, Maryland. This group will undoubtedly have access to your private health information should federal e-health records be implemented, so you might want to familiarize yourself with them.

Is your state one of them? How many copies of your birth certificate can be found in how many places around the country? You might want to ask your state legislators about that. The future of this effort is to collect biometrics at birth, of course. This is a privacy problem.

But maybe all the privacy concerns have been taken care of. The proponents of REAL/PASS ID found themselves a fig leaf on that score.

Token Cover on Privacy Issues

Ari Schwartz from the Center for Democracy and Technology testified in favor of PASS ID. (Senator Akaka noted in his opening statement that CDT endorses PASS ID.)

He characterized opponents of REAL/PASS ID as wanting to “do nothing.” It’s a classic ploy - but cheaper than we’re used to seeing from Ari and CDT - to mischaracterize opponents as wanting to “do nothing.” As Ari knows well, I have advocated endlessly for a diverse and competitive identification and credentialing system that would provide all the security ID systems can, without government surveillance.

But Ari testified imaginatively about how PASS ID makes a national ID okay. He has concerns with it, of course, yadda yadda yadda - the privacy fig leaf obliged to wear a fig leaf himself.

And this is the unexpected bad news from the hearing. The Center for Democracy and Technology supports having a national ID in the United States.

Many would find this inexplicable, but it’s not. Though the people who work at CDT personally want very much to do the right thing, there are no principles to the organization beside compromise and having a seat at the table (neither of which are actually principles, of course).

CDT plays a wonderful convening role on many issues, and the name of the organization implies that it reconciles technology programs with fundamental societal values. But here it has given political cover to the push for a national ID in the United States. One can’t help wondering if there is anything that would cause CDT to push back from the table and say No.

Topics: 
Telecom, Internet & Information Policy

Quadrennial Claptrap

By
Benjamin H. Friedman

Since the mid-1990s, the Defense Department has been legally required to review its strategy and force structure every four years, producing what’s called the Quadrennial Defense Review.

The result has been a series of vacuous documents that commingle vague, unsubstantiated claims about great historical shifts underway (think Tom Friedman but without the empirical rigor) with threat inflation. There is no evidence that these documents have produced much beyond wasted time and effort.

Naturally, the Department of Homeland Security decided to produce a quadrennial homeland security review, which is underway. Last week, ForeignPolicy.com reported that the State Department will get in on the act with a Quadrennial Diplomacy and Development Review.  Apparently grand strategy documents have great allure to policy-makers. So it’s worth reflecting on why the QDR has failed.

I say it’s because strategy is overrated. The idea is that government is a scientific enterprise where smart people get together, figure out the wisest course, and then marshal their bureaucracies to the new objectives. The trouble with this view is that government is political; it is about competing bureaucratic interests or ideologies trying to impose their preferences on each other.  Strategy documents have no inherent power over these forces.

In practice, because the military services participate in the QDR’s production, it is an output of the politics it is supposed to guide, a logroll that justifies existing realities. The services all employ manpower to defend their prerogatives. Consultants get hired. A great fuss occurs. Compromise language carries the day, and the thing winds up vapidly endorsing the existing force structure and programs.

A better way to go would for the Office of the Secretary of Defense to use strategy documents to give its views official heft; one more way to impose their preferences on the rest of the Pentagon. That argues for civilian authorship, not service inclusion. Of course, this method is only as good as OSD’s ideas.

The next QDR is due this year. The document will likely endorse the Secretary Gates’ desire to make the military better suited to counterinsurgency, which is OK, and overstate our ability to succeed in these wars, which is not.

The owner of the document is the Undersecretary of Defense for Policy, Michelle Flournoy, who previously founded the Center for New American Security, which has, in its brief life, exhibited great enthusiasm for counterinsurgency campaigns or US military-led nation-building.

Flournoy and a co-author just published a kind of preview of the QDR in Proceedings, the Naval Institute’s magazine. The article not encouraging. It cites the disastrous vehicle of Cold War threat inflation, NSC-68, as an example to emulate. Unsurprisingly it buys into the trendy idea that future US wars will be hybrid wars, mixing conventional and unconventional tactics as Hezbollah did in 2006 in Lebanon. It takes the conventional position that the United States has to police global commons (space, cyberspace, airspace and sea lanes), to protect the “international system.” This apparently means that free trade requires US military hegemony, a common claim with a hazy causal logic. The article makes the curious argument that because the commons are a public good, other nations have “powerful incentives” to help the United States police them. I am all for burden sharing, but this misunderstands the meaning of public goods, which are notoriously underprovided. Powerful incentives encourage free-riding, not mutual aide.

Worst of all, the article buys into the idea that the United States needs to fix failed states, which is a recipe for empire.

The good news is that there is time to fix all this. Maybe the Pentagon will embrace restraint. You never know.

Topics: 
Foreign Policy and National Security

Calling Secretary Napolitano: Arizona to Reject EDLs

By
Jim Harper

Department of Homeland Security Secretary Janet Napolitano has been all over the map on national ID issues. As governor of Arizona, she signed a memorandum of understanding with the Bush DHS to implement “enhanced driver’s licenses” in her state. These are licenses with long-range RFID chips built into them. But then she turned around and signed legislation barring implementation of the REAL ID Act in Arizona.

Now, having taken federal office, she again favors REAL ID – or at least under its new name: PASS ID. (Her efforts to put distance between REAL ID and PASS ID have not borne fruit.)

In some respects, PASS ID is worse than REAL ID. It would give congressional approval to the “enhanced driver’s license” program – invented by DHS and State Department bureaucrats to do long-range (and potentially surreptitious) identification of people holding this type of card. Back home, the Arizona legislature has just passed a bill to prohibit the state from implementing EDLs.

So the former governor of Arizona, who has both supported and rejected national ID programs, now supports a bill to approve the national ID program her home state rejects. Napolitano seems to be taking the national ID tar baby in a loving embrace.

Topics: 
Foreign Policy and National Security, Telecom, Internet & Information Policy

Bierfeldt v. Napolitano Roundup

By
David Rittgers

Back on March 29th, Campaign for Liberty employee Steven Bierfeldt was leaving the Campaign’s regional conference in St. Louis, Missouri. He was carrying $4700 in cash donations and Campaign for Liberty and Ron Paul literature. TSA personnel at the St. Louis airport felt that carrying this amount of cash was “suspicious” and detained him for interrogation. The TSA personnel intended to take Bierfeldt to the local police station for further questioning after he refused to answer the questions associated with their fishing expedition. Luckily, a plainclothes officer arrived and spoke briefly with one of the TSA officers, who told Bierfeldt that he was free to go.

Bierfeldt is now filing suit against Secretary of the Department of Homeland Security Janet Napolitano. The ACLU Blog of Rights has more on the suit, including a digital copy of the complaint. Filing suit to prove that “[c]arrying $4700 in cash poses no conceivable threat to flight safety” is a sign that airport screening is going too far.

Bierfeldt was right to be wary of airport screening while carrying Ron Paul and Campaign for Liberty literature. The Missouri Information Analysis Center, one of 70+ “fusion centers” in the nation, had just released its report on domestic terrorism and the militia movement. Libertarians are expressly targeted as potential domestic terrorists:

Political Paraphernalia: Militia members most commonly associate with 3rd party political groups. It is not uncommon for militia members to display Constitutional Party, Campaign for Liberty, or Libertarian material. These members are usually supporters of former Presidential Candidate: Ron Paul, Chuck Baldwin, and Bob Barr.

Cato recently held a forum on this phenomenon, Fusion Centers: Domestic Spying or Sensible Surveillance? My colleague Tim Lynch hosted, and panelists included Bruce Fein, Constitutional Attorney, The Lichfield Group; Harvey Eisenberg, Chief, National Security Section, Office of United States Attorney, District of Maryland; and Michael German, Policy Counsel, American Civil Liberties Union. Audio and video are available at the link.

Mike German has written extensively on this topic. Read his November 2007 report, What’s Wrong with Fusion Centers and July 2008 update. Mike is a former FBI agent and author of the excellent book, Thinking Like a Terrorist.

You can watch Mr. Bierfeldt giving his side of the story to Judge Andrew Napolitano (no relation to Homeland Secretary Janet Napolitano) on Fox’s Freedom Watch.

Judge Napolitano recently spoke at the Cato book forum, Dred Scott’s Revenge: A Legal History of Race and Freedom in America. Co-panelists included my colleague Jason Kuznicki and Reason’s Damon Root.

Topics: 
Law and Civil Liberties

Cyber Security “Facts”

By
Jim Harper

National Journal’s “Expert Blog” on National Security asked me late last week to comment on the question, “How Can Cyberspace Be Defended?” My comment and others went up yesterday.

My response was a fun jaunt through issues on which there are no experts. But the highlight is the response I drew out of Michael Jackson, the former #2 man at the Department of Homeland Security.

It does little to promote serious discourse about the truly grave topic of cyber security threats to begin by ridiculing DHS and DOD as “grasping for power” or to suggest that President Obama has somehow been duped into basing his sensible cyber strategy on “a lame and corny threat model called ‘weapons of mass disruption.’” It shows ignorance of the facts to deny that cyber vulnerabilities do indeed present the possibility of “paralyzing results.”

Jackson neglects to link to a source proving the factual existence of “paralyzing” threats to the Internet – he’d have to defeat the Internet’s basic resilient design to do it. (Or he has collapsed the Internet, the specific way of networking I was talking about, with “cyber” – a meaningless referent to everything.) But the need for tight argument or proof is almost always forgiven in homeland security and cyber security, where the Washington, D.C. echo-chamber relentlessly conjures problems that only an elite bureaucracy can solve.

In another comment – not taking umbrage at mine, but culturally similar to Jackson’s – Ron Marks, Senior Vice President for Government Relations at Oxford-Analytica, says, “Cyberterrorism is here to stay and will grow bigger.” The same can be said of the bogeyman, but the bogeyman isn’t real either.

(To all interlocutors: Claiming secrecy will be taken as confessing you have no evidence.)

Jackson’s close is the tour de force though: “Good people are working hard on these matters, and they deserve our unwavering financial and personal support. For now and for the long-term.”

A permanent tap on America’s wallets, and respect on command? Sounds like “grasping for power” to me.

Topics: 
Foreign Policy and National Security, Telecom, Internet & Information Policy

And Your Freedom to Travel Takes Another Step Back

By
Jim Harper

Yesterday, the Department of Homeland Security announced that it would begin a further attempt to implement the Western Hemisphere Travel (Restriction) Initiative.

WHTI is a congressionally mandated program to increase the documentation required for travel to and from neighboring countries. It’s a classic example of self-injurious overreaction to terrorism. The costs we incur for this program vastly outstrip the harms it averts. I have blogged about it here before. In a turn of phrase Orwell would love, a DHS blog post on the topic characterized the goings-on as “Boosting Border Security and Efficiency.”

In January 2008, I wrote about the border bedlam that would ensue when the DHS implemented WHTI as it had threatened to do, but the DHS was bluffing. A post on the Identity Project has a bevy of links and information, and an interesting take on things. It’s called “Today We’re All Prisoners in the USA.”

Topics: 
Foreign Policy and National Security, Telecom, Internet & Information Policy, Trade and Immigration

Pages