Tag: national id

Recapping the Costs of the REAL ID Revival Bill

In late July, the Senate Homeland Security and Governmental Affairs Committee passed a new version of PASS ID, the REAL ID revival bill. I’ve posted about various dimensions of it: the national ID question, the politics of PASS ID, whether PASS ID protects privacy, a run-down of the Senate hearing on it, and the inexplicable support of the Center for Democracy and Technology for this national ID law.

Three months later, the committee still has not reported the bill, meaning that the public doesn’t get access to the version the committee passed. (A resolution in the House would require committees there to publish amendments to bills within 24 hours.) But the Congressional Budget Office scored the bill this week. That is often a signal that legislation is on the move.

So it’s a good time to look at costs again. The National Governors Association and the National Conference of State Legislatures both premised their support for PASS ID on the idea that it would reduce costs to states to just $2 billion.

But in July I examined the likely costs of PASS ID and NGA’s cost calculations. To save you a burdensome click, here are some highlights:

But there is reason to doubt [the NGA’s $2 billion] figure. PASS ID is a lot more like REAL ID — the original REAL ID — in the way that most affects costs: the implementation schedule.

Under PASS ID, the DHS would have to come up with regulations in just nine months. States would then have just one year to begin complying. All drivers’ licenses would have to be replaced in the five years after that. That’s a total of six years to review the documents of every driver and ID holder, and issue them new cards.

How did the NGA come up with $2 billion? Maybe they took the extended, watered-down, 75%-over-ten-years estimate and subtracted some for reduced IT costs. (The NGA is free to publish its methodology, of course.)

But the costs of implementing PASS ID to states are more likely to be closer to $11 billion than the $2 billion figure that the NGA puts forward. In just six years, PASS ID would send some 245 million people into DMV offices around the country demanding new cards. States will have to hire and train new employees to handle the workload. They will have to acquire new computer systems, documents scanners, data storage facilities, and so on.

The NGA’s claim of savings from PASS ID is weak. Did the new CBO score change anything?

First, let’s review what a CBO score is. When CBO scores a bill, it reports how a bill will change costs to the federal government. Other CBO reports may include overall costs for federal programs, but when CBO scores a bill, it just reports the difference between current federal spending and spending if a new proposal should pass. CBO sometimes mentions mandates on states and private-sector costs in their bill-scores, but those are rarely if ever thoroughly reported. CBO’s wheelhouse is federal spending, and that’s what it reports.

Now, let’s look at how CBO has done with estimating the costs to states from implementing federal national ID standards.

Its first cut at scoring national ID standards was when it looked at H.R. 10 in the latter stages of the 108th Congress. (This was before REAL ID — H.R. 10 was an early version of the bill that became law as the Intelligence Reform and Terrorism Prevention Act.) When CBO scored H.R. 10 in late 2004, it lumped national ID standards along with several other policies and programs in a category called ”Mandates With no Significant Costs.”

Four months later, in early 2005, CBO scored the REAL ID Act, which had been introduced early in the new Congress. It found then that the national ID standards Congress had put into law in December had changed from a mandate with “no significant costs” to a mandate costing more than $100 million.

CBO thought REAL ID would only cost $20 million more than that, an amount below the reporting threshold of the Unfunded Mandates Reform Act, so CBO did not do a thorough analysis.

Then the folks actually faced with implementing it took a look at REAL ID. More realistic estimates of costs to states in the $10+ billion range came forward, including an estimate from the National Governors Association, as I discussed in my previous post on costs.

With that background we’re ready to look at the CBO score for PASS ID. CBO makes no precise estimate of costs to states. Its specialty, again, is federal spending. But it makes a few observations about such costs:

  • “The bill would require states to issue public notices about their security and privacy policies that include information about how personally identifiable information is used, stored, accessed, and shared.”

This, all should agree, is a complex problem but a small cost.

  • “The bill also would require states to have a process that would allow individuals to access, amend, and correct their information. Information from groups representing state governments [NGA and NCSL, most likely] indicates that most states currently have such policies and procedures, though some may need to be revised.”

No. They. Do. Not.

As I said in my post on the privacy consequences of PASS ID:

This is a new and different security/identity fraud challenge not found in REAL ID, and the states have no idea what they’re getting themselves into if they try to implement such a thing. A May 2000 report from a panel of experts convened by the Federal Trade Commission was bowled over by the complexity of trying to secure information while giving people access to it. Nowhere is that tension more acute than in giving the public access to basic identity information.

No state has opened its driver databases for review and correction by the public. That would be an all-you-can-eat buffet for identity fraudsters. The CBO has been bamboozled about state policies.

But the language of PASS ID finesses this, doesn’t it? It says that opening up identity data and giving the public correction rights would be done “as determined appropriate by the State.” So states wouldn’t really have to do anything, right? Right!

Except that the Department of Homeland Security gets to interpret what that language means, and a court will defer to any reasonable DHS interpretation. That’s the Supreme Court’s Chevron doctrine. (It’s an unfortunate abdication of power to administrative agencies, but it’s the law today.)

If the NGA and NCSL have told their clients that they will have the last word on how PASS IS is implemented, they are wrong. It’s DHS’ call — not states’. There may be huge costs to states — hidden at first, but growing and growing — if they stick their heads into the jaws of the federal lion.

Returning to the CBO’s assessment of state costs:

  • “The bill would repeal the requirements of the REAL ID Act and replace them with more flexible requirements for issuing compliant driver’s licenses and identification cards.”

This is true in some respects, and not in others. As I noted before, PASS ID is on a tighter implementation schedule which is the main driver of costs.

  • “The bill also would authorize appropriations that could be used to pay for those requirements, and it would prohibit the federal government from charging fees to states to access the SAVE and SSOLV data systems.”

Because it’s federal, this is something that CBO actually knows about, and its assessment is that PASS ID would dole out a total of $123 million to states over the next five years. Washington, D.C.’s highest spending year would be fiscal 2013, in which it would spend $39 million, less than $1 million per state.

And those savings when the federal government doesn’t charge states for using its databases? Just $2 million each year in fiscal 2010 and 2011.

Nothing in the CBO estimate changes the conclusion that implementing a national ID would cost states over $10 billion dollars, as they hired new staff, acquired new equipment and systems, and marched 250 million Americans through their DMVs. The federal government is promising to dole out $123 million and offer states a whopping $4 million in savings on data access.

The National Governors Association’s argument that PASS ID reduces costs to states is ludicrous. And the paltry funds Congress might share with states is a drop in the bucket. The homeland security appropriations bill for fiscal 2010 cuts funding for REAL ID by $40 million from its 2009 funding level. PASS ID would fare no better.

State governors and legislatures that have fallen for the PASS ID cost estimates of the National Governors Association and National Conference of State Legislatures should fire these financial advisors. NGA and NCSL are trying to grow federal power at the expense of state coffers.

Three Irrefutable Facts About the Baucus Bill

The Senate Finance Committee votes today on Senator Max Baucus’ version of the health care bill. Cato health care experts have analyzed the bill thoroughly, and point out three vital components to the cost and reach of the legislation:

1) The real cost of the bill is in excess of $2 trillion.

Chairman Max Baucus hoodwinked the CBO with a number of clever budgetary gimmicks, most notably by keeping about half of the cost off the federal books. The bill also assumes Congress will make cuts to Medicare payments, which has never once happened before.

2) The bill contains an enormous middle-class tax hike.

The bill imposes a 40 percent excise tax on health insurance plans that offer benefits in excess of $8,000 for an individual plan and $21,000 for a family plan. Insurers would almost certainly pass this tax on to consumers via higher premiums. As inflation pushes insurance premiums higher in coming years, more and more middle-class families will find themselves caught up in the tax — providing the government with more revenue.

3) The bill creates a national ID program.

The bill contains a paragraph explicitly addressing “eligibility verification.” You must prove who you are to federal entitlement agencies in order to qualify for the bill’s “state exchanges” and tax credits. No ID, no benefits.

Senate Health Regulation Bill Includes National ID Plan

Thanks to the push for a more transparent Congress, we’re getting a better look at what new health care regulations might shape up to be. Alas, not a very good look: with weak justifications, the Senate Finance Committee is working on a strange “plain language” description of the bill, and apparently not planning to read or release the final language.

I’ve found something worth noting, though, in each of the bill versions I’ve seen. The Senate Finance Committee’s Rube Goldberg plan for health care in America has a provision establishing paragraph talking about “Eligibility Verification.”

If you want to access the “state exchanges” or collect the federal tax credits created by the bill, your eligibility will have to be verified. Here’s what it says:

Eligibility Verification. In order to prevent illegal immigrants from accessing the state exchanges or obtaining federal health care tax credits, the Chairman‘s Mark requires verification of the following personal data. Name, social security number, and date of birth will be verified with Social Security Administration (SSA) data. For individuals claiming to be U.S. citizens, if the claim of citizenship is consistent with SSA data then the claim will be considered substantiated. For individuals who do not claim to be U.S. citizens but claim to be lawfully present in the United States, if the claim of lawful presence is consistent with Department of Homeland Security (DHS) data then the claim will be considered substantiated. Individuals whose status is expected to expire in less than a year are not allowed to obtain the tax credit. Individuals whose claims of citizenship or lawful status cannot be verified with federal data must be allowed substantial opportunity to provide documentation or correct federal data related to their case that supports their contention.

Translation: Every American who wants to access a “state exchange” or get the tax credits in the bill would have to submit data about themselves to the Social Security Administration or Department of Homeland Security for verification. If you don’t do it, no exchanges or tax credits. If your data doesn’t match, no exchanges or tax credits, unless you can convince SSA or DHS bureaucrats that you are who you say you are.

Sound familiar? Then you probably read my Cato Policy Analysis “Electronic Employment Eligibility Verification: Franz Kafka’s Solution to Illegal Immigration.” The paper discusses how verification of immigration status for employment eligibility would plunge Americans into a Kafka-esque bureaucracy and deny many law-abiding Americans the ability to work. Ultimately, the system requires a national identification card.

The same goes with a health care “eligibility verification” system. If you’re one of the millions of people about whom the Social Security Administration has bad data, plan to spend long hours waiting in line to plead with indifferent federal bureaucrats for health care access. When attacks and complications on the verification system break it down, they’ll move to “strengthen” the system. Get ready to dig up your birth certificate—they’ll want to scan it into their computers—plan to be photographed and fingerprinted, and get ready to stand in line for your national ID card.

It was refreshing to see Joe Wilson heckle the president the other week—the president is our employee, after all—but in their enthusiasm to generate differences with President Obama, Republicans may be coalescing behind plans to push a national ID and federal background check system that all freedom-loving Americans should reject.

The REAL ID Deadline Is Fake

Some state governments have claimed that a pending compliance deadline for REAL ID requires them to tighten up their driver’s licensing procedures consistent with the 2005 national ID law. (But see this.)

In fact, REAL ID is dead and the deadline is fake. More than a dozen states have statutorily barred themselves from complying, and in a rule published Monday the Department of Homeland Security extended the deadline again. This is the same thing it did last May and could easily do indefinitely.

The republic survives, and will survive quite nicely without this or any national ID law.

Arizona to Feds: No “Enhanced” Drivers License

Last week, the governor of Arizona signed H.B. 2426, which bars the state from implementing the “enhanced” drivers license (EDL) program.

If the federal REAL ID revival bill (PASS ID) becomes law, it will give congressional approval to EDLs, which up to now have been simply a creation of the federal security and state driver licensing bureaucracies.

As governor of Arizona, the current Secretary of Homeland Security signed a memorandum of understanding with the DHS to implement EDLs, and she backs PASS ID even though she signed an anti-REAL ID bill as governor. As I said before, Secretary Napolitano seems to be taking the national ID tar baby in a loving embrace.

Fun With DHS Press Releases!

Let’s fisk a DHS press release! It’s the “Statement by DHS Press Secretary Sara Kuban on Markup of the Pass ID Bill by the Senate Homeland Security and Government Affairs Committee.” Here goes:

On the same day that Secretary Napolitano highlighted the Department’s efforts to combat terrorism and keep our country safe during a speech in New York City,

This part is true: Secretary Napolitano was in New York speaking about terrorism.

Congress took a major step forward on the PASS ID secure identification legislation.

There was a markup of PASS ID in the Homeland Security and Governmental Affairs Committee. It’s a step – not sure how major.

PASS ID is critical national security legislation

People who have studied identity-based security know that knowing people’s identities doesn’t secure against serious threats, so this is exaggeration.

that will break a long-standing stalemate with state governments

Thirteen states have barred themselves by law from implementing REAL ID, the national ID law. DHS hopes that changing the name and offering them money will change their minds.

that has prevented the implementation of a critical 9/11 recommendation to establish national standards for driver’s licenses.

The 9/11 Commission devoted three-quarters of a page to identity security – out of 400+ substantive pages. That’s more of a throwaway recommendation or afterthought. False identification wasn’t a modus operandi in the 9/11 attacks, and the 9/11 Commission didn’t explain how identity would defeat future attacks. (Also, using “critical” twice in the same sentence is a stylistic no-no.)

As the 9/11 Commission report noted, fraudulent identification documents are dangerous weapons for terrorists,

No, it said “travel documents are as important as weapons.” It was talking about passports and visas, not drivers’ licenses. Oh – and it was exaggerating.

but progress has stalled towards securing identification documents under the top-down, proscriptive approach of the REAL ID Act

True, rather than following top-down prescription, states have set their own policies to increase driver’s license security. It’s not necessarily needed, but if they want to they can, and they don’t need federal conscription of their DMVs to do it.

– an approach that has led thirteen states to enact legislation prohibiting compliance with the Act.

“… which is why we’re trying to get it passed again with a different name!”

Rather than a continuing stalemate with the states,

Non-compliant states stared Secretary Chertoff down when he threatened to disrupt their residents’ air travel, and they can do the same to Secretary Napolitano.

PASS ID provides crucial security gains now by establishing common security standards for driver’s licenses

Weak security gains, possibly in five years. In computer science – to which identification and credentialing is akin – monoculture is regarded as a source of vulnerability.

and a path forward for ensuring that states can electronically verify source documents, including birth certificates.

We’re on the way to that cradle-to-grave biometric tracking system that will give government so much power over every single citizen and resident.

See? That was fun!

Assessing the Claim that CDT Opposes a National ID

It was good of Ari Schwartz to respond last week to my recent post querying whether the Center for Democracy and Technology outright opposes a national ID or simply “does not support” one.

Ari says CDT does oppose a national ID, and I believe that he honestly believes that. But it’s worth taking a look at whether the group’s actions are consistent with opposition to a national ID. I believe CDT’s actions – most recently its support of the PASS ID Act – support the creation of a national ID.

(The title of his post and some of his commentary suggest I have engaged in rhetorical excess and mischaracterized his views. Please do judge for yourself whether I’m being shrill or unfair, which is not my intention.)

First I want to address an unusual claim of Ari’s – that we already have a national ID system. If that is true, his support for PASS ID is more sensible because it is an opportunity to inject federal privacy protections into the existing system (putting aside whether it is a federal responsibility to manage a state system or systems).

Do We Already Have a National ID?

I have heard a few people suggest that we have a national ID in the form of the Social Security Number. I believe the SSN is a national identifier, but it fails the test of a national identification card or system because it is not used for identification. As we know well from the scourge of identity fraud, there is no definitive way to tie an SSN to a person. The SSN is not used for identification (at least not reliably and not alone), which is the third part of my national ID definition. (Senator Schumer might like the SSN to form the basis of a national ID system, of course.)

But Ari says something different. He does not claim any definition of “national ID” or “national ID system.” Instead, he appeals to the authority of a 2003 report from a National Academy of Sciences group entitled “Who Goes There?: Authentication Through the Lens of Privacy.” That report indeed says, “State-issued driver’s licenses are a de facto nationwide identity system” – on the second-to-last substantive page of its second-to-last substantive chapter

But this is a highly selective use of quotation. The year before, that same group issued a report called “IDs – Not That Easy: Questions About Nationwide Identity Systems.” From the beginning and throughout, that report discussed the many issues around proposals to create a “nationwide” identity system. If the NAS panel had already concluded that we have a national ID system, it would not have issued an entire report critiquing that prospect. It would have discussed the existing one as such. Ari’s one quote doesn’t do much to support the notion that we already have a national ID.

What’s more, CDT’s own public comments on the proposed REAL ID Act regulations in May 2007 said that its data-intensive “one person – one license/ID card – one record” policy would ”create a national identification system.”

If a national ID system already existed, the new policy wouldn’t create one. This is another authority at odds with the idea that we have a national ID system already.

Support of PASS ID might be forgiven if we had a national ID system and if PASS ID would improve it. But the claim we already have one is weak.

“Political Reality” and Its Manufacture

But the heart of Ari’s claim is that supporting PASS ID reflects good judgment in light of political reality.

Despite the fact that there are no federal politicians, no governors and no appointed officials from any party publicly supporting repeal of REAL ID today, CDT still says that repeal is an acceptable option. However, PASS ID would get to the same outcome, or better, in practice and has the added benefit of actually being a political possibility… . I realize that Harper has invested a lot of time fighting for the word “repeal,” but at some point we have to look at the political reality.

A “Dear Colleague” letter inviting support for a bill to repeal REAL ID circulated on the Hill last week. How many legislators will hesitate to sign on to the bill because they have heard that the PASS ID Act, and not repeal of REAL ID, is CDT’s preferred way forward?

The phrase “political reality” is more often used by advocates to craft the political reality they prefer than to describe anything truly real. Like the observer effect in experimental research, statements about “political reality” change political reality.  Convince enough people that a thing is “political reality” and the sought-after political reality becomes, simply, reality.

I wrote here before about how the National Governors Association, sensing profit, has worked diligently to make REAL ID a “political reality.” And it has certainly made some headway (though not enough). In the last Congress, the only legislation aimed at resolving the REAL ID impasse were bills to repeal REAL ID. Since then, the political reality is that Barack Obama was elected president and an administration far less friendly to a national ID took office. Democrats – who are on average less friendly to a national ID – made gains in both the House and Senate.

But how are political realities crafted? It has often been described as trying to get people on a bus. To pass a bill, you change it to get more people on the bus than get off.

The REAL ID bus was missing some important riders. It had security hawks, the Department of Homeland Security, anti-immigrant groups, DMV bureaucrats, public safety advocates, and the Bush Administration. But it didn’t have: state legislators and governors, privacy and civil liberties groups, and certain religious communities, among others.

PASS ID is for the most part an effort to bring on state legislators and governors. The NGA is hoping to broker the sale of state power to the federal government, locking in its own institutional role as a supplicant in Washington, D.C. for state political leaders.

But look who else was hanging around the bus station looking for rides! – CDT, the nominal civil liberties group. Alone it jumped on the bus, communicating to others less familiar with the issues that PASS ID represented a good way forward.

Happily, few have taken this signal. The authors of PASS ID were unable to escape the name “REAL ID,” which is a far more powerful beacon flashing national ID and all the ills that entails than CDT’s signal to the contrary.

This is not the first time that CDT’s penchant for compromise has assisted the national ID effort, though.

Compromising Toward National ID

The current push for a national ID has a short history that I summarized three years ago in a righteously titled post on the TechLiberationFront blog: “The Markle Foundation: Font of Evil II.”

Briefly, in December 2003, a group called the Markle Foundation Task Force on National Security in the Information Age recommended “both near-term measures and a longer-term research agenda to increase the reliability of identification while protecting privacy.” (Never mind that false identification was not a modus operandi of the 9/11 attacks.)

The 9/11 Commission, citing Markle, found that “[t]he federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers licenses.” In December 2004, Congress passed the Intelligence Reform and Terrorism Prevention Act, implementing the recommendations of the 9/11 Commission, including national standards for drivers’ licenses and identification cards, the national ID system recommended by the Markle Task Force. And in May 2005, Congress passed a strengthened national ID system in the REAL ID Act.

An earlier post, “The Markle Foundation: Font of Evil,” has more – and the text of a PoliTech debate between myself and Stewart Baker. Security hawk Baker was a participant in the Markle Foundation group, as was national ID advocate Amitai Etzioni. So was the Center for Democracy and Technology’s Jim Dempsey.

I had many reservations about the Markle Foundation Task Force and its work product, and in an April 2005 meeting of the DHS Privacy Committee, I asked Dempsey about what qualified people to serve on that task force, whether people were invited, and what might exclude them. A month before REAL ID passed, he said:

I think the Markle Task Force at least sought balance. And people came to the table committed to dialogue. And those who came with a particular point of view, I think, were all committed to listening. And I think people’s minds were changed… . What we were committed to in the Markle Task Force was changing our minds and trying to find a common ground and to try to understand each other. And we spent the time at it. And that, I think, is reflected in the product of the task force.

There isn’t a nicer, more genuine person working in public policy than Jim Dempsey. He is the consummate honest broker, and this statement of his intentions for the Markle Foundation I believe to be characteristically truthful and earnest.

But consider the possibility that others participating on the Markle Foundation Task Force did not share Jim’s predilection for honest dialogue and compromise. It is even possible that they mouthed these ideals while working intently to advance their goals, including creation of a national ID.

Stewart Baker, who I personally like, is canny and wily, and he wants to win. I see no evidence that Amitai Etzioni changed his mind about having a national ID when he authored the recommendation in the Markle report that ultimately produced REAL ID.

Other Markle participants I have talked to were unaware of what the report said about identity-based security, national identity standards, or a national ID. They don’t even know (or didn’t at the time) that lending your name to a report also lends it your credibility. Whatever privacy or civil liberties advocates were involved with the Markle Task Force got rolled – big-time – by the pro-national-ID team.

CDT is a sophisticated Washington, D.C. operation. It is supposed to understand these dynamics. I can’t give it the pass that outsiders to Washington might get. By committing to compromise rather than any principle, and by lending its name to the Markle Foundation Task Force report, CDT gave credibility to a bad idea – the creation of a national ID.

CDT helped produce the REAL ID Act, which has taken years of struggle to beat back. And now they are at it again with “pragmatic” support for PASS ID.

CDT has been consistently compromising on national ID issues while proponents of a national ID have been doggedly and persistently pursuing their interests. This is not the behavior of a civil liberties organization. It’s why I asked in the post that precipitated this debate whether there is anything that would cause CDT to push back from the table and say No.

Despite words to the contrary, I don’t see evidence that CDT opposes having a national ID. It certainly works around the edges to improve privacy in the context of having a national ID – reducing the wetness of the water, as it were – but at key junctures, CDT’s actions have tended to support having a U.S. national ID. I remain open to seeing contrary evidence.