Tag: privacy

Minnesota to Become a National ID State?

When Congress passed the REAL ID Act, it hadn’t held a hearing to examine the merits and demerits—or practicalities—of instituting a U.S. national ID. Unworkable, the Chairman of the Senate Homeland Security Committee called it. In the U.S. House, REAL ID was attached to a must-pass military spending bill after the House vote on that bill. REAL ID wasn’t a shining example of democratic deliberation.

But REAL ID requires state cooperation. States must convert their driver licensing bureaus into arms of the U.S. Department of Homeland Security. This means that states may deliberate openly about whether databases of information about their residents should be poured into a national ID system. (This is a clear requirement from the statute. States that commit to REAL ID compliance now eventually must “[p]rovide electronic access to all other States to information contained in the motor vehicle database of the State.”)

Minnesota is a state where Department of Homeland Security bureaucrats have recently pressured elected officials to fall in line. And in Minnesota today a “Legislative Working Group on Real ID Compliance” will meet to discuss “possible compliance measures.” The chair of the group is Rep. Peggy Scott (R) and the alternate chair is Sen. Scott Dibble (DFL).

Now, the Minnesota legislature is moving pretty fast. Their governor appears to have been successfully buffaloed by the Department of Homeland Security. But at least there is an open meeting that Minnesotans and interested advocates can attend to inform the legislature.

So now the question can be joined: Will Minnesota’s elected officials put the state’s residents into a national ID system?

The web page on which this meeting is listed appears as though it will change. Other members of Minnesota’s “Legislative Working Group on REAL ID Compliance”—folks who will have a big say on whether Minnesota becomes a national ID state—are listed below.

The War against Cash, Part I

Politicians hate cash.

That may seem an odd assertion given that they love spending money (other people’s money, of course, as illustrated by this cartoon).

But what I’m talking about is the fact that politicians get upset when there’s not 100 percent compliance with tax laws.

They hate tax havens since the option of a fiscal refuge makes confiscatory taxation impractical.

They hate the underground economy because that means hard-to-tax economic activity.

And they hate cash because it gives consumers an anonymous payment mechanism.

Let’s explore the animosity to cash.

Is a ‘Non-Federal’ License Still a National ID?

The Department of Homeland Security has been pressuring state legislatures to implement our U.S. national ID law, the REAL ID Act. States are free to set their own policies because the DHS will always back down. But many state legislators don’t know that. They’re in a bind where they feel obligated to obey federal mandates, but they want to do right by the citizens of their states. Law-abiding Americans shouldn’t have to scrounge up long-lost identity documents, stand in line at DMVs, and see themselves entered into a national ID system just so they can carry a driver’s license.

So practical legislators are seeking that golden compromise, which the REAL ID Act seems to hold out. But watch your wallet, because a “non-federal” license may still be a national ID.

REAL ID permits the issuance of “non-federal” licenses and IDs. These can be issued without the many stringent, time-consuming, and annoying requirements of REAL ID. Such a card simply has to state clearly on its face that it may not be accepted by federal agencies for official purposes, and it must use unique designs or colors to indicate this.

But REAL ID also requires compliant states to give all other states access to the information contained in their motor vehicle databases. The law requires them to share all the data printed on the REAL ID cards, as well as driver histories, including motor vehicle violations, suspensions, and points on licenses.

That leaves an open question: Does the REAL ID Act require nationwide info-sharing on every licensee? Or just the licensees who carry REAL ID cards?

The question is important, because of the huge data security implications from exposing data about every driver to the motor vehicle bureau of every other state. A good reason to avoid REAL ID is to avoid the risk that a rogue DMV employee in any state can access the data of drivers in all the others. That’s a recipe for mass-scale identity fraud.

Drivers who are worried about identity fraud and their privacy should be able to opt out of this information sharing. While we’re at it, the privacy of security-conscious drivers could be protected if “non-federal” licenses came without the “machine-readable zone” that REAL ID requires. It allows easy collection of driver data and tracking with every swipe or scan of the card in a digital reader.

States should really resist REAL ID entirely. Congress should stop funding it and repeal the unnecessary and burdensome national ID law. But if there are to be “non-federal” IDs from compliant states, it would be nice if they offered Americans a way to opt out of the insecure information-sharing requirements in this national ID system.

What Is Real REAL ID Compliance?

This fall, the Department of Homeland Security and its pro-national ID allies staged a push to move more states toward complying with REAL ID, the U.S. national ID law. The public agitation effort was so successful that passport offices in New Mexico were swamped with people fearing their drivers’ licenses would be invalid for federal purposes. A DHS official had to backtrack on a widely reported January 2016 deadline for state compliance.

DHS continues to imply that all but a few holdout states stand in the way of nationwide REAL ID compliance. The suggestion is that residents of recalcitrant jurisdictions will be hung out to dry soon, when the Transportation Security Administration starts turning away travelers who arrive at its airport checkpoints with IDs from non-compliant states.

Setting the REAL ID Record Straight in Minnesota

A few weeks ago, unsatisfied with a report on REAL ID in the Minneapolis Star Tribune, I submitted an op-ed that the paper was kind enough to print. Unfortunately, they followed it up with an editorial favoring state compliance with REAL ID. And last week, the Star Tribune published an op-ed from a pro-national-ID advocacy group arguing that Minnesota should join the national ID system. The paper’s recent coverage of a meeting between state officials and the DHS reported uncritically on federal bureaucrats’ misrepresentations to Minnesota’s lawmakers. The REAL ID record in Minnesota should be set straight.

According to the Star Tribune’s report, Ted Sobel, director of DHS’s Office of State-Issued Identification Support, told Minnesota officials: “We are not asking Minnesota to turn over the keys to your information to anybody else. REAL ID does not affect one way or another how Minnesota protects the information of its residents.”

That is not accurate. REAL ID compliance would require Minnesota to make its drivers’ information available to all other States. The law is unequivocal on that (you can get it right from DHS’s web site):

To meet the requirements of this section, a State shall adopt the following practices in the issuance of drivers’ licenses and identification cards: …
(12) Provide electronic access to all other States to information contained in the motor vehicle database of the State.
(13) Maintain a State motor vehicle database that contains, at a minimum–
(A) all data fields printed on drivers’ licenses and identification cards issued by the State; and
(B) motor vehicle drivers’ histories, including motor vehicle violations, suspensions, and points on licenses.

That seems like turning over the keys to me, and it absolutely affects the security of Minnesotans’ personal information.

No, America, You Don’t Need to Comply with the REAL ID Act

Like countless similar news stories recently, a report on Business Insider claims: “Residents from 5 US states could soon need a passport for a domestic flight.” The idea is that the Transportation Security Administration will begin to enforce the REAL ID Act in 2016 by denying airport access to travelers from non-compliant states.

It’s not true.

Nobody needs to get a passport to fly domestically. No state needs to implement the REAL ID Act’s national ID mandates.

I’ve been collecting examples of misleading reports like this at the Twitter hashtag “#TakenInByDHS.” A recent blog post of mine, also called “Taken In by DHS,” fleshes out the story of widespread misreporting on the situation with our national ID law.

In brief, the Department of Homeland Security is trying to get the states to convert their driver licensing systems into components of a U.S. national ID system. The REAL ID Act, which Congress passed in 2005, allows DHS to refuse IDs from non-compliant states, including IDs travelers present at TSA’s airport checkpoints.

This concerns some people when they first learn about it, but the REAL ID compliance deadline passed more than seven years ago with not one state in compliance. DHS has improvised deadline after deadline since then, and it has caved every single time its deadlines have been reached. I went through the history last year in my Cato Policy Analysis, “REAL ID: A State-by-State Update.”

DHS’s latest story is that it might start to enforce REAL ID in 2016. It won’t. 

DHS Uses Local Law Enforcement To Shut Down Tor Access For Library Patrons

Earlier this year, the Library Freedom Project launched an initiative to test the use of Tor exit relays in local libraries as a means of helping library patrons browse the internet annonymously. As the LFP noted

To begin this new project, we needed a pilot, and we had just the library in mind – Kilton Library in Lebanon, New Hampshire, one of two Lebanon Libraries. Chuck McAndrew is the IT librarian there, and he’s done amazing things to the computers on his network, like running them all on GNU/Linux distributions. Why is this significant? Most library environments run Microsoft Windows, and we know that Microsoft participated in the NSA’s PRISM surveillance program. By choosing GNU/Linux operating systems and installing some privacy-protecting browser extensions too, Chuck’s helping his staff and patrons opt-out of pervasive government and corporate surveillance. Pretty awesome.

At least it was awesome until the Department of Homeland Security got wind of the project.

As Julia Angwin of ProPublica reports today

In July, the Kilton Public Library in Lebanon, New Hampshire, was the first library in the country to become part of the anonymous Web surfing service Tor. The library allowed Tor users around the world to bounce their Internet traffic through the library, thus masking users’ locations.

Soon after state authorities received an email about it from an agent at the Department of Homeland Security.

“The Department of Homeland Security got in touch with our Police Department,” said Sean Fleming, the library director of the Lebanon Public Libraries.

After a meeting at which local police and city officials discussed how Tor could be exploited by criminals, the library pulled the plug on the project.

“Right now we’re on pause,” said Fleming. “We really weren’t anticipating that there would be any controversy at all.”

He said that the library board of trustees will vote on whether to turn the service back on at its meeting on Sept. 15.

Nearly everything in our society has been or will be exploited by criminals: cars, cellphones, hatchets, cleaning solutions, tape, boats, aircraft–the list is virtually endless. It’s part of living with and in a free society, and the feds don’t come knocking on 3M’s door every time a criminal uses their tape to facilitate a break-in or other criminal act. But federal agencies like DHS and the FBI are literally on an anti-encryption, anti-privacy crusade with respect to consumer electronics and software–especially high-quality, publicly audited and effective anonymization technology like Tor. The Kilton Library’s internet freedom project has just become the federal government’s latest victim in that misguided campaign.

To recap: DHS used the Lebanon, New Hampshire police department to lean on–if not outright intimidate–a local library into at least temporarily abandoning a tool that reinforces Fourth Amendment privacy protections–and in doing so treated all of the Kilton Library’s patrons as potential criminals first, and as citizens with rights a very distant second.