Topic: Telecom, Internet & Information Policy

Family Security Matters: REAL ID = National ID

A month ago, I wrote here and in a TechKnowledge article about the telling imagery that a company called L-1 Identity Solutions had used in some promotional materials. The cover of their REAL ID brochure featured an attractive woman’s face with her driver license data superimposed over it, along with her name, address, height, eye color, place of birth, political affiliation, and her race. This is where the national ID system advanced by the REAL ID Act leads.

Here’s another example. A group called Family Security Matters has reprinted on its site a blog post supporting the $80 million in grant money that the Department of Homeland Security recently announced, seeking to prop up the REAL ID Act. (I’ve written about it here and here.)

What’s interesting is not that a small advocacy group should support REAL ID, but the image they chose to illustrate their thinking: a man holding his “National Identity Card,” his fingerprint and iris images printed on it, and presumably programmed into it.

Were there ever any doubt that REAL ID was a national identity system and a step toward cradle-to-grave, government-mandated biometric tracking, Family Security Matters has helped clear that up.

TSA Background Check Includes Political Party

We’re now learning the meaning of a new policy that Americans can’t “willfully” refuse to show ID at airports. The Consumerist has a write-up of one man’s experience with IDless travel. It turns out they do a background check on you using, among other things, your political affiliation.

That’s a nice window onto what identity-based security is all about: giving the government deep access into all of our personal lives. Of course, this type of security is easy to evade, and the 9/11 plot was structured to evade it. Checking ID cannot catch someone who has no history of wrongdoing.

Identity checks at airports require law-abiding American citizens to give up their privacy, including their political affiliations, with essentially no security benefit.

More on REAL ID Grants - DHS’ REAL ID Fervor Is Fading …

I wrote here last week about the limping DHS grant-making process for the REAL ID Act. (Summary: Good money after bad.)

Unsurprisingly, ID card maker Digimarc is touting the spending going to “its” states in a press release. I wrote about the plans of biometric technology company L-1 to acquire Digimarc’s ID card business in a recent TechKnowledge entitled “L-1: The Technology Company in Your Pocket.” (Digimarc recently received a higher offer for its ID card business from a French conglomerate. The appetite for national ID systems is certainly higher in old Europe and elsewhere around the globe than in the United States.)

Late Friday, DHS Assistant Secretary for Policy Stewart Baker posted on DHS’ “Leadership Journal” blog about the grants. Late Friday is the time of the week when releases are least likely to get uptake - are DHS web staff trying to suppress Baker? You’d expect to see something like this on Friday morning, or the night before grants are announced.

Anyway, in his blog post, Baker tries to inflate the money available for REAL ID, claiming that this $80 million is really more like $511 million. It’s not. And if it were, it still would be only 3% of the $17 billion cost of implementing REAL ID.

Of course, Baker claims that the costs of implementing REAL ID are lower now, but that’s only because DHS assumed away much participation in the program. I suppose France could have defeated Germany buy building only 27% of the Maginot line, but it’s doubtful. That’s what a national ID card is - a Maginot line that’s easy to avoid. Baker wants us to believe that a bad security system which is also incomplete is therefore … somehow … good.

Baker’s post, like the rest of DHS’ recent efforts, is a tired effort to prop up REAL ID. He tries to skip past the issues, saying “The arguments for having secure identification speak for themselves.” They don’t, and Baker hasn’t spoken for them either.

DHS’ institutional support for REAL ID grows more and more anemic with each passing day. Witness the thoroughly lame effort of the Department to revive it by banning “willful” refusal to show ID at airports. I now find myself in the position of trying to draw attention to the corpse of REAL ID - I do so because government programs like this have to be really dead before they’re truly dead.

Giving away grants that nobody wants. Defending what can’t be defended. I would be tired too. Congress can make everyone’s life better by rescinding these grants and repealing the REAL ID Act.

TV Is Great

Books? Newspapers? Who needs ‘em!

Take a look at this clip from the Colbert Report, which lampoons the overwrought reaction several politicians had to the recent Boumediene decision. (Tim Lynch wrote about it here, here, and here.) Fear-mongerers are increasingly looking like buffoons, thanks in part to the native common sense of comedy writers. And thus Colbert introduces Neal Katyal for a quick primer on the U.S. Constitution and the genius of its design.

Comedy Central doesn’t meet your standard? Not effete enough? TV has something for you too.

Here (in RealAudio and MP3 format) is a segment from Friday’s Newshour with Jim Lehrer on PBS in which something unique and exciting happens: A victim of the flooding in the midwest exhibits personal responsibility and does not ask for government help. Here’s the key couple of sentences:

Narrator Elizabeth Brackett: Despite the devastation, [flood victim Barb] Boyer, like many who farm in these floodplains, says she does not expect much government help.

Barb Boyer: We’ve always lived our life that we’re responsible for our own choices, our own destiny. And we chose not to carry the flood insurance. That was our responsibility. There’s a lot of people that - of course, we are going to need help, but do I expect it? No. We’ll start over. That’s all I know right now.

It’s stirring and inspiring to see people in dire straits who haven’t abandoned their values, the values that make this country great.

And it’s all brought to you by TV!

GAO Issues Report on Privacy

This week, for a hearing in the Senate Homeland Security and Government Reform Committee, the Government Accountability Office released a report on privacy titled “Alternatives Exist for Enhancing Protection of Personally Identifiable Information.” (GAO testimony based on the report is here.) I served on a National Academy of Sciences “Expert Panel” that gave the GAO some perspectives on issues related to the Privacy Act.

The report had three main conclusions, with my comments:

The Privacy Act’s definition of a “system of records” (any grouping of records containing personal information retrieved by individual identifier), which sets the scope of the act’s protections, does not always apply whenever personal information is obtained and processed by federal agencies. One alternative to address this concern would be revising the system-of-records definition to cover all personally identifiable information collected, used, and maintained systematically by the federal government.

The “system of records” definition has indeed fallen out of date. Thanks to the growth of search and other technological developments, records not organized by personal identifier can be accessed and used by the federal government, but they fall outside the purview of the Privacy Act. This should change. The report also highlights the fact that data used by the federal government, but held by information resellers, escapes the purview of the Privacy Act. This should also change.

According to generally accepted privacy principles of purpose specification, collection limitation, and use limitation, the collection of personal information should be limited, and its use should be limited to a specified purpose. Yet, current laws and guidance impose only the modest requirements in these areas… . Alternatives to address this area of concern include requiring agencies to justify the collection and use of key elements of personally identifiable information and to establish agreements before sharing such information with other agencies.

Once they have collected it, federal agencies can do anything they want with personal information simply by declaring their plan to do so in the Federal Register through a “System of Records Notice” or “SORN.” The statements agencies may make when they collect information do not bind them in the slightest. This is wrong and it should change. GAO’s recommendations to limit collection and sharing of information are rather tepid, alas, and they wouldn’t change agencies’ institutional incentives to over-collect and promiscuously share the personal information of the citizenry.

Privacy Act notices may not effectively inform the public about government uses of personal information. For example, system-of-records notices published in the Federal Register (the government’s official vehicle for issuing public notices) may be difficult for the general public to fully understand. Layered notices, which provide only the most important summary facts up front, have been used as a solution in the private sector. In addition, publishing such notices at a central location on the Web would help make them more accessible.

It’s true that Privacy Act notices don’t inform the public well. They are obscurely written documents in an obscure publication. But I’m not sure that the publication of “layered notices” would be an improvement. Sure, there’s a consensus among government types that layered notices are the next big thing, but I don’t believe that they will change citizen understanding or behavior in any significant respect. Notices are also not terribly relevant in the government environment because a person can’t decline to do business with a government based on its privacy practices or promises.

There’s more to learn on “notice” and its importance or relevance for getting people more privacy. The thing we know is that reducing data collection and use leads directly to privacy. Getting policymakers to understand the privacy costs they’re imposing on the public would be as effective, if not more, than notifying the public about what’s been done to them after a policy is made and the horse is out of the barn.

REAL ID Grant Process Collapses, Money Goes to No-Bid Contract

Mickey McCarter at Homeland Security Today has the scoop on REAL ID grants that the Department of Homeland Security is doling out today.

Yes, REAL ID grants. Ten states have passed legislation to bar themselves from participating. (Arizona was the most recent.) And many more have registered their objections to the national ID law. But the Department of Homeland Security is still trying to revive it — this time, by spreading a little money around.

What’s “a little money”? The estimated $85 million in grants is about 0.5% of the $17 billion that it would cost to implement REAL ID, so it’s just a little. But that’s $85 million that taxpayers won’t be getting back.

It’s interesting to see where the money is going, of course.

The breakdown of awards, obtained by HSToday.us, signifies that AAMVA effectively gains a no-bid contract under the awards, as DHS designates it the sole national centralized database of driver’s license information under REAL ID through a grant award to the state of Missouri… . . A competitive grant process could have resulted in multiple hub awards instead of a sole-source contract to AAMVA, sources argue, decentralizing REAL ID information somewhat and encouraging the rise of the most effective database solution between competing vendors.

With enthusiasm for the program distinctly lacking, DHS abandoned its plan to award grants competitively and just divvied up the money state by state.

[A]lthough many states did submit proposals in response to the REAL ID guidance, according to a source knowledgeable of the evaluation process who requested anonymity, many of the state proposals for REAL ID grants were very poor. Evaluators who examined the proposals received by March 7 were surprised by the number that did not even request the funds for the specific program, instead asking for the money to spend on emergency response equipment and other needs.

No-bid contracts and funds for a program the states don’t want? Congress should not allow DHS to throw this good money after bad.

AP and the Future of News

The tech blogoshpere is up in arms about efforts by the Associated Press to curb quoting of its articles online.

Last week, we published a TechKnowledge called “The Future of News: A Golden Age for Free Speech?”. In it, Steve Boriss discussed some history of the AP, Thomas Jefferson’s vision of the free press, and the challenges that the modern era presents to the news publishing business.