Topic: Telecom, Internet & Information Policy

What Massachusetts Needs Is a Legislature More Like the U.S. Congress, Said No One Ever

The Massachusetts legislature is currently debating the state government’s budget for the new fiscal year which begins July 1st. This phenomenon—finalizing a spending plan before the beginning of the fiscal year—is something rarely seen in the U.S. Congress any more. Kudos, Bay State, for surpassing the low bar set in Washington, D.C.

But the General Court of Massachusetts is taking one page from the U.S. Congress’s tattered playbook. According to WRAL news, it may attach national ID compliance legislation to the budget bill.

That’s how Congress passed the ill-conceived REAL ID Act back in 2005. There were no hearings on the national ID issue or the bill that gave us one. Instead, the Republican House leadership attached the national ID law to a must-pass spending bill and rammed it past the Senate to President Bush, leaving states to grapple with implementation challenges and Department of Homeland Security belligerence ever since.

As in many states, the U.S. DHS has been telling Massachusetts legislators that they have to get on board with the national ID law, issuing licenses and ID cards according to federal standards, or see their residents refused at TSA’s airport checkpoints.

The threat of federal enforcement in 2016 was broadcast loud and clear last fall. Then in January DHS kicked the deadline a few more years down the road. It’s hard to keep track of the number of times DHS has set a REAL ID deadline, then let it slide when elected state officials have declined to obey the instructions of unelected DHS bureaucrats.

Minnesota has had a similar experience. Last winter, its legislature was spooked into creating a special “Legislative Working Group on REAL ID Compliance.” But Minnesota just ended its legislative season without passing REAL ID compliance legislation. There are a few people there who recognize the demerits of joining the national ID system, and Minnesota elected officials may have figured out that when DHS bureaucrats say “Jump!” they do not have to ask “How high?”

The General Court has done better than the U.S. Congress on REAL ID by holding hearings before acting. In 2007, then-Massachusetts Attorney General Martha Coakley testified before the Joint Committee on Veterans and Federal Affairs.

Once Again, REAL ID Is a National ID

A small pro-national-ID group called “Keep Identities Safe” is dancing a little jig because New Hampshire Governor Maggie Hassan (R) has signed legislation to move her state closer to compliance with our national ID law, the REAL ID Act.

In a blog post—apparently their first ever (so that link will be broken if they blog again)—they try to declare the end of the REAL ID Rebellion. I often say it was founded when Rep. Neal Kurk (R-Weare) inveighed against the national ID law in a 2006 speech on the floor of the New Hampshire House of Representatives.

But the heart of the matter is the denial that REAL ID is a national ID law. The New Hampshire legislation says, “Any records received pursuant to this paragraph shall not be used, further transferred, or otherwise made available to any other person or entity for the purpose of creating or enhancing a federal identification database.”

How can New Hampshire offer a REAL ID option and not participate in a national identification database?

It’s a good question, so I’ll cite again directly to the terms of the REAL ID law, which requires states to:

(12) Provide electronic access to all other States to information contained in the motor vehicle database of the State.

(13) Maintain a State motor vehicle database that contains, at a minimum –

(A) all data fields printed on drivers’ licenses and identification cards issued by the State; and
(B) motor vehicle drivers’ histories, including motor vehicle violations, suspensions, and points on licenses.

The U.S. Department of Homeland Security has temporarily written that requirement out of the law in an effort to get states committed to REAL ID. When enough states are in the tank, the agency will move the compliance goalposts and require states to begin sharing their drivers’ data via the nationwide database system that the law specifically requires. The American Association of Motor Vehicle Administrators is currently touting on its website that Iowa has signed up to its “State-to-State Verification Service.”

The New Hampshire legislation also suffers from poor draftsmanship. New Hampshire’s motor vehicle bureaucrats can sign their state up to AAMVA’s information-sharing system simply by allowing themselves to believe that they are not doing so “for the purpose of creating or enhancing a federal identification database.” Governor Hassan has left New Hampshirites unprotected from seeing their data shared nationally.

Notably, the REAL ID law does not exempt “non-federal” licenses from the information-sharing requirement. New Hampshirites who choose that option will still have their information shared nationally.

Has the REAL ID Rebellion ended? Perhaps. DMV bureaucrats and their pro-national-ID allies at “Keep Identities Safe” have been working for years to wear down and evade state legislatures’ resistance to the national ID law. They have had some success in growing the power of the federal government in yet another direction.

Should this be a source of pride? A national ID is a poor security tool that wastes taxpayer dollars, upsets the constitutionally prescribed state-federal balance of power, and compromises law-abiding Americans’ privacy and liberties. The move toward national ID compliance in New Hampshire is probably not something to dance a jig about.

The Boundaries of Westphalia

The Peace of Westphalia in the mid-17th Century established the idea of state sovereignty. Under Westphalian principles, each state has exclusive authority over its territory and domestic affairs.  That’s been pretty good for kings, ruling elites, and the lucky few who live in top-class democracies or benevolent dictatorships.

But Westphalia is on the way out. Individual sovereignty is coming in.

Territorial state sovereignty is just one way to organize human affairs. It was probably an improvement on constant tribal war, but it’s not the last step in political evolution. It’s exciting to see how the boundaries of Westphalia can be surpassed in favor of individual empowerment. People are increasingly able to conduct their intellectual affairs—speaking, transacting, and so on—without reference to nation-states.

I’m reminded of this far-sighted (or far-out) notion by a relatively practical observation from identity expert and former Utah CIO Phil Windley. In “Self-Sovereign Identity and Legal Identity” Phil says:

We’ve finally gotten to a place where self-sovereign identities are technically possible. This is a huge milestone. The next hurdle is getting organizations, including governments to allow the use of self-sovereign identities as the basis for their administrative identities.

The National ID Social Season Is Underway

The American Association of Motor Vehicle Administrators is the umbrella group for DMV bureaucrats across the nation. It’s a non-profit group, but it does more than earnestly educate government officials and the public about the nuances of driver licensing. Since the 1930s, it has advocated for increased government spending on licensing bureaucracy—and it has advocated against driver’s rights. (It’s all discussed in my book Identity Crisis.) That doesn’t mean AAMVA can’t have fun. Indeed, AAMVA’s social season gets underway next week.

You see, AAMVA is a growing business. A decade ago, when the Capitol Hill staffer with lead responsibility for the REAL ID Act came through AAMVA’s revolving door, I noted the dollar-per-driver fee it collects in the Commercial Driver Licensing system. That $13 million in revenue has surely grown since then.

AAMVA’s revenues will grow far more when it runs the back-end of the REAL ID system, potentially pulling in from three-and-a-quarter cents to five cents per driver in the United States. At 210 million licensed drivers, AAMVA could make upwards of ten million dollars per year.

To help that business flow, every year AAMVA holds not one, but five lavish conferences, each of which has its own awards ceremonies aimed at saluting DMV officials and workers. There, AAMVA leadership, vendors, and officials from government agencies both state and federal gather to toast their successes in advancing their cause, including progress in implementating our national ID law, the REAL ID Act.

Laboratory of Democracy? No—Adminstrative Arm of DHS

In several states around the country, legislators are working to pass legislation that would move their states toward compliance with the REAL ID Act, the U.S. national ID law. Oklahoma state senator David Holt (R), for example, has touted his plan as giving Oklahomans the “liberty” to choose which of two ID types they’ll get. Either one feeds their data into a nationwide system of databases.

If you want a sense of what these legislators are getting their states into, take a look at the eight-page notice the Department of Homeland Security published in the Federal Register today. It’s an entirely ordinary bureaucratic document, which walks through the processes states have to go through to certify themselves as compliant. Its few pages represent hundreds of hours of paperwork that state employees will have to put in complying with federal mandates.

Among them is the requirement that the top official of the DMV and the state Attorney General confirm that their state jumps through all the hoops in federal law. Maybe Oklahoma’s Attorney General, Scott Pruitt (R), thinks his office’s time is well spent on pushing paper for the federal government, but it’s more likely that he wants to be enforcing Oklahoma laws that protect Oklahomans.

REAL ID-compliant states have to recertify to the DHS every three years that they meet DHS’s standards. DHS can and will change these standards, of course. DHS officials get to inspect state facilities and interview state employees and contractors. DHS can issue corrective demands and require the states to follow them before recertification.

It’s all unremarkable—if you’re sanguine about taxpayer dollars burned on bureaucracy, and if you think that states are just administrative arms of the federal government. But if you think of states as constitutionally independent sovereigns, you recognize that this document is out of whack. States do not exist to play second fiddle in bureaucrat-on-bureaucrat bureaucracy.

Whether or not we have a national ID matters. The constitutional design of government matters, including, one hopes, to people in Oklahoma and other states across that land. State officials who are conscious of these things should reject this paperwork and these mandates. If the federal government wants a national ID, the federal government should implement it itself.

Uber and Lyft Leave Austin Over Fingerprint Requirement

The ridesharing companies Uber and Lyft have withdrawn from Austin, Texas after voters there failed to pass Proposition 1, which would have repealed regulations requiring Uber and Lyft to include fingerprints as part of their driver background checks. This is a disappointing result, especially given that fingerprinting is, despite its sexy portrayal in forensic TV shows, not a perfect background check process and needlessly burdens rideshare companies.

Austin’s ordinances require rideshare companies to implement fingerprints as part of their background check system by February 2017. Under the rules the fingerprints would be submitted to the Texas Department of Public Safety, which would then send the records to the Federal Bureau of Investigation (FBI). As I pointed out in my Cato paper on ridesharing safety, the FBI fingerprint data are hardly comprehensive: 

Some have faulted Uber and Lyft for not including fingerprint scans as part of their background checks. However, fingerprint databases do not contain a full case history of the individual being investigated, and in some instances an FBI fingerprint check may unfairly prevent a qualified taxicab driver applicant from being approved. The FBI fingerprint database relies on reporting from police departments, and other local sources, as well as other federal departments and is not a complete collection of fingerprints in the United States.

Critics of the FBI fingerprint database point to its incomplete or inaccurate information. In July 2013 the National Employment Law Project (NELP) released a study on the FBI’s employment background checks and found that “FBI records are routinely flawed.” Also, while law enforcement agencies are diligent when it comes to adding fingerprint data of arrested or detained persons to the federal data, they are “far less vigilant about submitting the follow-up information on the disposition or final outcome of the arrest.”

This lack of vigilance is significant because, as the NELP study goes on to point out, “About one-third of felony arrests never lead to a conviction. Furthermore, of those initially charged with a felony offense and later convicted, nearly 30 percent were convicted of a different offense than the one for which they were originally charged, often a lesser misdemeanor conviction. In addition to cases where individuals are initially overcharged and later convicted of lesser offenses, other cases are overturned on appeal, expunged, or otherwise resolved in favor of the worker without ever being reflected on the FBI rap sheet.”

Yes, Michael, REAL ID Is a Nationwide Data-Sharing Mandate

Baton Rouge IT consultant Michael Hale is right to be concerned about the unfunded mandates in the REAL ID Act. The U.S. national ID law requires states to issue driver’s licenses and share driver data according to federal standards. States complying with REAL ID will find that the U.S. Department of Homeland Security (DHS) dictates their driver licensing policies and the expenditure of state funds in this area forevermore. But he raises that concern at the tail end of a letter to the editor of The New Orleans Advocate that broadly endorses the national ID law based on incorrect information. Here’s some information that Mr. Hale and every American concernced with our liberty and security should know.

Mr. Hale believes that state driver data “will continue to be maintained by each individual state, and each state will decide who gets access to this information.” This is not the case. The REAL ID Act requires states to share driver data across a nationwide network of databases. The DHS and other national ID advocates downplay and deny this, but they are not persuasive because the requirement is right there in the statute:

To meet the requirements of this section, a State shall adopt the following practices in the issuance of drivers’ licenses and identification cards: …
(12) Provide electronic access to all other States to information contained in the motor vehicle database of the State.
(13) Maintain a State motor vehicle database that contains, at a minimum–
(A) all data fields printed on drivers’ licenses and identification cards issued by the State; and
(B) motor vehicle drivers’ histories, including motor vehicle violations, suspensions, and points on licenses.

Mr. Hale says, “The Real ID Act allows states to either adopt the Real ID or to come up with their own version of secure ID that Homeland Security can approve.” This is not true. The option of issuing a non-federal license or ID does not waive the obligation to share driver data nationwide.

Unlike the Department of Homeland Security and its pro-national ID allies, Mr. Hale gamely tries to argue the security merits of having a national ID. “The purpose of all this is to create a trustworthy form of ID that can be used to ensure air travel security,” he says. “The first step in securing a flight is to make sure everyone on board is who they claim to be.”

That argument is intuitive. In daily life, knowing who people are permits you to find them and punish any bad behavior. But U.S. federal public policy with national security implications and billions of taxpayer dollars at stake requires more articulate calculation.

The costs or impediments a national ID system would impose on dedicated terrorists, criminal organizations, and people lacking impulse control is minimal. For billions of dollars in taxpayer dollars expended, millions of hours standing in DMV lines, and placement of all law-abiding Americans into a national tracking system, REAL ID might mildly inconvenience the bad guys. They can, for example, bribe a DMV employee, spend a few thousand dollars to manufacture a false identity, or acquire the license of someone looking similar enough to themselves to fool lazy TSA agents. I analyzed all dimensions of identification and identity systems in my book, Identity Crisis: How Identification is Overused and Misunderstood.

There are other security measures where dollars and effort deliver more benefit. Or people might be left in control of their dollars and time to live as free Americans.

The Department of Homeland Security consistently downplays and obscures the true nature of the REAL ID Act’s national ID policy, and it never even tries to defend its security merits in any serious way. In the information technology community, the security demerits of having a national ID system backed by a web of databases as required by the law seems relatively clear.  People familiar with information technology tend to be more concerned, not less, with the power and peril of a national ID system.

The quest continues to make active citizens like Mr. Hale more aware of all dimensions of this issue.