Tag: dhs

(No) Surprise! REAL ID Deadline Extended Again

In a classic example of the 5:00 Friday news drop, the Department of Homeland Security has announced that it is extending the REAL ID compliance deadline. Forty-six of 56 jurisdictions, it reports, were not able to implement even the interim measures it proposed requiring by December 31st when it last extended the deadline in May of 2008.

The DHS statement insists that a full compliance deadline on May 10, 2011 remains in effect. What that really means is that there will be another false crisis as that deadline approaches, and the DHS will extend the deadline yet again.

The better alternative is to repeal the national ID law and the worthless, expensive pseudo-security it represents. It is not to revive REAL ID under its alternative name “PASS ID.”

REAL ID Retreats Yet Again

Several different outlets are noting the quiet passing of a Department of Homeland Security deadline to implement our national ID law, the REAL ID Act.

In May of 2008, with many states outright rejecting this national surveillance mandate, the DHS issued blanket waivers and set a new deadline of December 31, 2009 by which states were supposed to meet several compliance goals.

They have not, and the threat that the DHS/Transportation Security Administration would prevent Americans from traveling has quieted to a whimper.

The reason why? The federal government would be blamed for it. As Neala Schwartzberg writes in her review of the push and pull over REAL ID:

If I was a betting person (and I am from time to time) I’d bet the backed-up-down-the-corridor traveler who is then turned away after presenting his or her state-issued, official complete with hologram ID will blame Homeland Security.

Does the ongoing collapse of REAL ID leave us vulnerable?

Richard Esguerra of the Electronic Frontier Foundation says in this Wired article that REAL ID “threatens citizens’ personal privacy without actually justifying its impact or improving security.”

REAL ID remains a dead letter. All that remains is for Congress to declare it so. And it may be dawning on Congress that passing it a second time under the name “PASS ID” will not work.

Latest REAL ID Deadline Will Pass Without a Blip

Via the ACLU blog, there’s no chance that the Department of Homeland Security will interfere with Americans’ travel when its latest deadline for REAL ID compliance passes at the end of this month. As happened with the original deadline for states to implement the national ID, DHS will give out waivers to recalcitrant states instead of carrying out the threat of refusing to accept travelers’ IDs at airports.

States were required by Tuesday to request a waiver from DHS showing that they had met certain milestones for REAL ID compliance. But according to NextGov, Arkansas, Idaho, Kansas, Missouri, Montana, New Jersey, Oklahoma, South Carolina, and three U.S. territories have not asked for a waiver.

Supporters of a REAL ID revival bill called “PASS ID” want to use this end-of-year impasse to hustle their bill through Congress (the way REAL ID was originally passed). But the impasse is fake, and states can do what they want.

“Should Congress not act before it adjourns this year, DHS has planned for contingencies related to REAL ID implementation, including extending the deadline as a last resort,” said a DHS spokesman.

“I E-Verify”: Do Businesses Agree With Your Values?

My March 2008 paper, Franz Kafka’s Solution to Illegal Immigration, detailed the problems with electronic employment verification systems. The paper concludes that successful “internal enforcement” of immigration law requires a national ID—and ultimately a cradle-to-grave biometric tracking system.

The Department of Homeland Security has started a program called the “I E-Verify” campaign for businesses that use the federal background check system on its employees. If you see businesses with “I E-Verify” decorations or insignia, they at least indirectly support a national ID system in the United States. This can help you decide whether or not you want to spend your dollars with them.

Arizona to Feds: No “Enhanced” Drivers License

Last week, the governor of Arizona signed H.B. 2426, which bars the state from implementing the “enhanced” drivers license (EDL) program.

If the federal REAL ID revival bill (PASS ID) becomes law, it will give congressional approval to EDLs, which up to now have been simply a creation of the federal security and state driver licensing bureaucracies.

As governor of Arizona, the current Secretary of Homeland Security signed a memorandum of understanding with the DHS to implement EDLs, and she backs PASS ID even though she signed an anti-REAL ID bill as governor. As I said before, Secretary Napolitano seems to be taking the national ID tar baby in a loving embrace.

Fun With DHS Press Releases!

Let’s fisk a DHS press release! It’s the “Statement by DHS Press Secretary Sara Kuban on Markup of the Pass ID Bill by the Senate Homeland Security and Government Affairs Committee.” Here goes:

On the same day that Secretary Napolitano highlighted the Department’s efforts to combat terrorism and keep our country safe during a speech in New York City,

This part is true: Secretary Napolitano was in New York speaking about terrorism.

Congress took a major step forward on the PASS ID secure identification legislation.

There was a markup of PASS ID in the Homeland Security and Governmental Affairs Committee. It’s a step – not sure how major.

PASS ID is critical national security legislation

People who have studied identity-based security know that knowing people’s identities doesn’t secure against serious threats, so this is exaggeration.

that will break a long-standing stalemate with state governments

Thirteen states have barred themselves by law from implementing REAL ID, the national ID law. DHS hopes that changing the name and offering them money will change their minds.

that has prevented the implementation of a critical 9/11 recommendation to establish national standards for driver’s licenses.

The 9/11 Commission devoted three-quarters of a page to identity security – out of 400+ substantive pages. That’s more of a throwaway recommendation or afterthought. False identification wasn’t a modus operandi in the 9/11 attacks, and the 9/11 Commission didn’t explain how identity would defeat future attacks. (Also, using “critical” twice in the same sentence is a stylistic no-no.)

As the 9/11 Commission report noted, fraudulent identification documents are dangerous weapons for terrorists,

No, it said “travel documents are as important as weapons.” It was talking about passports and visas, not drivers’ licenses. Oh – and it was exaggerating.

but progress has stalled towards securing identification documents under the top-down, proscriptive approach of the REAL ID Act

True, rather than following top-down prescription, states have set their own policies to increase driver’s license security. It’s not necessarily needed, but if they want to they can, and they don’t need federal conscription of their DMVs to do it.

– an approach that has led thirteen states to enact legislation prohibiting compliance with the Act.

“… which is why we’re trying to get it passed again with a different name!”

Rather than a continuing stalemate with the states,

Non-compliant states stared Secretary Chertoff down when he threatened to disrupt their residents’ air travel, and they can do the same to Secretary Napolitano.

PASS ID provides crucial security gains now by establishing common security standards for driver’s licenses

Weak security gains, possibly in five years. In computer science – to which identification and credentialing is akin – monoculture is regarded as a source of vulnerability.

and a path forward for ensuring that states can electronically verify source documents, including birth certificates.

We’re on the way to that cradle-to-grave biometric tracking system that will give government so much power over every single citizen and resident.

See? That was fun!

Assessing the Claim that CDT Opposes a National ID

It was good of Ari Schwartz to respond last week to my recent post querying whether the Center for Democracy and Technology outright opposes a national ID or simply “does not support” one.

Ari says CDT does oppose a national ID, and I believe that he honestly believes that. But it’s worth taking a look at whether the group’s actions are consistent with opposition to a national ID. I believe CDT’s actions – most recently its support of the PASS ID Act – support the creation of a national ID.

(The title of his post and some of his commentary suggest I have engaged in rhetorical excess and mischaracterized his views. Please do judge for yourself whether I’m being shrill or unfair, which is not my intention.)

First I want to address an unusual claim of Ari’s – that we already have a national ID system. If that is true, his support for PASS ID is more sensible because it is an opportunity to inject federal privacy protections into the existing system (putting aside whether it is a federal responsibility to manage a state system or systems).

Do We Already Have a National ID?

I have heard a few people suggest that we have a national ID in the form of the Social Security Number. I believe the SSN is a national identifier, but it fails the test of a national identification card or system because it is not used for identification. As we know well from the scourge of identity fraud, there is no definitive way to tie an SSN to a person. The SSN is not used for identification (at least not reliably and not alone), which is the third part of my national ID definition. (Senator Schumer might like the SSN to form the basis of a national ID system, of course.)

But Ari says something different. He does not claim any definition of “national ID” or “national ID system.” Instead, he appeals to the authority of a 2003 report from a National Academy of Sciences group entitled “Who Goes There?: Authentication Through the Lens of Privacy.” That report indeed says, “State-issued driver’s licenses are a de facto nationwide identity system” – on the second-to-last substantive page of its second-to-last substantive chapter

But this is a highly selective use of quotation. The year before, that same group issued a report called “IDs – Not That Easy: Questions About Nationwide Identity Systems.” From the beginning and throughout, that report discussed the many issues around proposals to create a “nationwide” identity system. If the NAS panel had already concluded that we have a national ID system, it would not have issued an entire report critiquing that prospect. It would have discussed the existing one as such. Ari’s one quote doesn’t do much to support the notion that we already have a national ID.

What’s more, CDT’s own public comments on the proposed REAL ID Act regulations in May 2007 said that its data-intensive “one person – one license/ID card – one record” policy would ”create a national identification system.”

If a national ID system already existed, the new policy wouldn’t create one. This is another authority at odds with the idea that we have a national ID system already.

Support of PASS ID might be forgiven if we had a national ID system and if PASS ID would improve it. But the claim we already have one is weak.

“Political Reality” and Its Manufacture

But the heart of Ari’s claim is that supporting PASS ID reflects good judgment in light of political reality.

Despite the fact that there are no federal politicians, no governors and no appointed officials from any party publicly supporting repeal of REAL ID today, CDT still says that repeal is an acceptable option. However, PASS ID would get to the same outcome, or better, in practice and has the added benefit of actually being a political possibility… . I realize that Harper has invested a lot of time fighting for the word “repeal,” but at some point we have to look at the political reality.

A “Dear Colleague” letter inviting support for a bill to repeal REAL ID circulated on the Hill last week. How many legislators will hesitate to sign on to the bill because they have heard that the PASS ID Act, and not repeal of REAL ID, is CDT’s preferred way forward?

The phrase “political reality” is more often used by advocates to craft the political reality they prefer than to describe anything truly real. Like the observer effect in experimental research, statements about “political reality” change political reality.  Convince enough people that a thing is “political reality” and the sought-after political reality becomes, simply, reality.

I wrote here before about how the National Governors Association, sensing profit, has worked diligently to make REAL ID a “political reality.” And it has certainly made some headway (though not enough). In the last Congress, the only legislation aimed at resolving the REAL ID impasse were bills to repeal REAL ID. Since then, the political reality is that Barack Obama was elected president and an administration far less friendly to a national ID took office. Democrats – who are on average less friendly to a national ID – made gains in both the House and Senate.

But how are political realities crafted? It has often been described as trying to get people on a bus. To pass a bill, you change it to get more people on the bus than get off.

The REAL ID bus was missing some important riders. It had security hawks, the Department of Homeland Security, anti-immigrant groups, DMV bureaucrats, public safety advocates, and the Bush Administration. But it didn’t have: state legislators and governors, privacy and civil liberties groups, and certain religious communities, among others.

PASS ID is for the most part an effort to bring on state legislators and governors. The NGA is hoping to broker the sale of state power to the federal government, locking in its own institutional role as a supplicant in Washington, D.C. for state political leaders.

But look who else was hanging around the bus station looking for rides! – CDT, the nominal civil liberties group. Alone it jumped on the bus, communicating to others less familiar with the issues that PASS ID represented a good way forward.

Happily, few have taken this signal. The authors of PASS ID were unable to escape the name “REAL ID,” which is a far more powerful beacon flashing national ID and all the ills that entails than CDT’s signal to the contrary.

This is not the first time that CDT’s penchant for compromise has assisted the national ID effort, though.

Compromising Toward National ID

The current push for a national ID has a short history that I summarized three years ago in a righteously titled post on the TechLiberationFront blog: “The Markle Foundation: Font of Evil II.”

Briefly, in December 2003, a group called the Markle Foundation Task Force on National Security in the Information Age recommended “both near-term measures and a longer-term research agenda to increase the reliability of identification while protecting privacy.” (Never mind that false identification was not a modus operandi of the 9/11 attacks.)

The 9/11 Commission, citing Markle, found that “[t]he federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses.” In December 2004, Congress passed the Intelligence Reform and Terrorism Prevention Act, implementing the recommendations of the 9/11 Commission, including national standards for drivers’ licenses and identification cards, the national ID system recommended by the Markle Task Force. And in May 2005, Congress passed a strengthened national ID system in the REAL ID Act.

An earlier post, “The Markle Foundation: Font of Evil,” has more – and the text of a PoliTech debate between myself and Stewart Baker. Security hawk Baker was a participant in the Markle Foundation group, as was national ID advocate Amitai Etzioni. So was the Center for Democracy and Technology’s Jim Dempsey.

I had many reservations about the Markle Foundation Task Force and its work product, and in an April 2005 meeting of the DHS Privacy Committee, I asked Dempsey about what qualified people to serve on that task force, whether people were invited, and what might exclude them. A month before REAL ID passed, he said:

I think the Markle Task Force at least sought balance. And people came to the table committed to dialogue. And those who came with a particular point of view, I think, were all committed to listening. And I think people’s minds were changed… . What we were committed to in the Markle Task Force was changing our minds and trying to find a common ground and to try to understand each other. And we spent the time at it. And that, I think, is reflected in the product of the task force.

There isn’t a nicer, more genuine person working in public policy than Jim Dempsey. He is the consummate honest broker, and this statement of his intentions for the Markle Foundation I believe to be characteristically truthful and earnest.

But consider the possibility that others participating on the Markle Foundation Task Force did not share Jim’s predilection for honest dialogue and compromise. It is even possible that they mouthed these ideals while working intently to advance their goals, including creation of a national ID.

Stewart Baker, who I personally like, is canny and wily, and he wants to win. I see no evidence that Amitai Etzioni changed his mind about having a national ID when he authored the recommendation in the Markle report that ultimately produced REAL ID.

Other Markle participants I have talked to were unaware of what the report said about identity-based security, national identity standards, or a national ID. They don’t even know (or didn’t at the time) that lending your name to a report also lends it your credibility. Whatever privacy or civil liberties advocates were involved with the Markle Task Force got rolled – big-time – by the pro-national-ID team.

CDT is a sophisticated Washington, D.C. operation. It is supposed to understand these dynamics. I can’t give it the pass that outsiders to Washington might get. By committing to compromise rather than any principle, and by lending its name to the Markle Foundation Task Force report, CDT gave credibility to a bad idea – the creation of a national ID.

CDT helped produce the REAL ID Act, which has taken years of struggle to beat back. And now they are at it again with “pragmatic” support for PASS ID.

CDT has been consistently compromising on national ID issues while proponents of a national ID have been doggedly and persistently pursuing their interests. This is not the behavior of a civil liberties organization. It’s why I asked in the post that precipitated this debate whether there is anything that would cause CDT to push back from the table and say No.

Despite words to the contrary, I don’t see evidence that CDT opposes having a national ID. It certainly works around the edges to improve privacy in the context of having a national ID – reducing the wetness of the water, as it were – but at key junctures, CDT’s actions have tended to support having a U.S. national ID. I remain open to seeing contrary evidence.