December 11, 2015 10:13AM

What Is Real REAL ID Compliance?

This fall, the Department of Homeland Security and its pro-national ID allies staged a push to move more states toward complying with REAL ID, the U.S. national ID law. The public agitation effort was so successful that passport offices in New Mexico were swamped with people fearing their drivers' licenses would be invalid for federal purposes. A DHS official had to backtrack on a widely reported January 2016 deadline for state compliance.

DHS continues to imply that all but a few holdout states stand in the way of nationwide REAL ID compliance. The suggestion is that residents of recalcitrant jurisdictions will be hung out to dry soon, when the Transportation Security Administration starts turning away travelers who arrive at its airport checkpoints with IDs from non-compliant states.

At this writing, DHS's "REAL ID Enforcement in Brief" page lists just two non-compliant jurisdictions: Minnesota and American Samoa. You'd take this as a signal of broad compliance. But look closely at the list of "Compliant/Extension" jurisdictions, and you see that more than half of them are non-compliant and enjoying extensions themselves.

But here's the kicker: Even the 'compliant' states aren't compliant. DHS treats states as 'compliant' if they're synched up with a pared-back "material compliance checklist." It's DHS reducing the obligations of the law by fiat, and it's no different than extending the deadline indefinitely on a subset of the law's actual requirements.

When DHS bureaucrats tell state elected officials that the agency can no longer offer them extensions, this is false. DHS is currently giving every state in the union, including the ones it calls "compliant," extensions with respect to provisions of the law and regulations that don't appear on its checklist.

To help clarify what REAL ID compliance actually is, we've compiled a list of REAL ID's actual requirements, what the law and regulations would mean for states. REAL ID has nearly 100 requirements, ranging from very easy, standard ID-card practices to things that are currently impossible and ill-advised. States have to do all of them to be compliant.

We've grouped the requirements together for easy reading. Many are back-end mandates, requiring states to meet standards for facilities, data storage, employee background checks, and so forth. Notably, REAL ID requires states to make driver data available to every other state, which means that every DMV must open its state's residents' data to the risk of exposure to any state that lacks sufficient information controls. That ill-advised policy is currently impossible, luckily, because the data sharing network has not yet been built. Congress puts money into the project annually in the DHS appropriations bill.

The full REAL ID requirements make it easy to see why no state is in compliance today, and why no state should expend their taxpayers' money on the onerous, complex scheme to implement the U.S. national ID law.

Data Storage and Sharing Requirements

The regulations governing REAL ID require issuing authorities to meet certain standards for data storage, as well as to engage in data sharing with issuing authorities in other states and with DHS. This data sharing is the heart of the national ID, creating as it does a network of ostensibly state-level databases linked together according to federal standards.
•    States must maintain copies of source documents, applications and signed declarations
•    If the state allows for/recognizes name changes, it must maintain copies of the evidence of name change
•    If the state allows for/recognizes name changes, it must maintain a record of both the original and recorded names
•    If the state allows for alternate documents, it must maintain copies of the alternate documents
•    Paper copies of documents must be maintained for at least 7 years; digital copies and microfiche copies must be maintained for at least 10 years
•    States must store photo images (the aforementioned “mandatory facial image capture”) in JPEG 2000 format
•    States must maintain copies of the digital photograph of the applicant for a minimum of five years if no card is ultimately issued or for two years past the date of the card’s expiration if issued
•    States must store signature copies in TIF or TIF-compatible format
•    States must make photos retrievable for law enforcement, who can access said photos if they request properly
•    States must maintain databases that contain all fields printed on licenses/IDs and SSNs of holders
•    Databases must contain full legal names of drivers
•    Databases must contain all other data presented by driver to the DMV but not printed on license
•    Database must contain full drivers’ histories
•    States must provide electronic access to the driver database(s) to other states

“Visible” Card Regulations

These are regulations that are the most basic visible requirements of REAL ID: the physical format of the license/ID card and what information has to be displayed on it. These include the most basic information of the license holder, some of which are common to both REAL ID and "non-federal" licenses. They include:
•    Full legal name
•    Date of birth
•    Gender
•    Unique license/ID number
•    Digital photograph (black-and-white or color)
•    Holder’s primary address
•    Signature of holder (or an alternate mark/signifier for those unable to sign)
•    Machine readable bar code
•    Visible expiration date
•    Date of issuance
•    State/jurisdiction of issuance
•    Compliance mark (“Gold Star”)
•    Text exclusively in Latin script
Many of these requirements have been standard components of driver’s licenses for decades. The machine readable bar code requirement and the REAL ID compliance mark (the “Gold Star” on compliant licenses) are new with the act. In the event that the state/jurisdiction continues to make non-compliant licenses and IDs available to residents alongside compliant versions, two additional visible requirements exist:
•    Non-REAL ID licenses and IDs must prominently state on face that they are not for federal purposes
•    Non-REAL ID licenses and IDs must use unique designs and/or color indicators to differentiate them from compliant versions

Non-Visible Card Regulations

These are regulations which also deal with physical requirements for compliance. However, they are requirements which are not apparent from a casual inspection of a license, or which would not be apparent without some knowledge of REAL ID’s regulatory requirements or without special equipment. (Encoded information is dealt with in the next section). They include:
•    A digital photo which meets ISO/IEC 19794-5:2005(e) requirements (an international standard for identity document photographs)
•    A digital photo which is either black-and-white or color
•    A digital photo which has been taken with facial image capture technology
•    Name field of no less than 39 characters, and with truncation of longer names in case of extreme length
•    Multi-layered anti-fraud features (like watermarks, holograms and non-standard inks)
•    Durable physical materials used in production, which are unavailable to the general public and able to withstand inspection and use

Barcode Regulations

Machine readable barcodes are typically placed on the back of compliant licenses. These barcodes are encoded with the bearer’s personal information, largely duplicating the visible printed data, and including information on the card’s current design and how it was produced (an inventory control number). The barcode is designed to be scanned by law enforcement, government entities, and others with access to the appropriate reader.
•    Encoded legal name
•    Encoded date of birth
•    Encoded gender
•    Encoded address
•    Encoded state/jurisdiction of issuance
•    Encoded expiration date
•    Encoded date of issue
•    Encoded identification number
•    Encoded revision date of license/ID design
•    Encoded inventory control number

Application Requirements

These requirements deal with what has to be presented by the applicant during the application process for a REAL ID compliant license or ID card. They are the only set of requirements incumbent upon the applicant; all the other requirements are incumbent upon the issuing authority or the Department of Homeland Security. To receive a compliant license or ID, the applicant must present:
•    Recognized photo ID document
•    Proof of name change (if applicable)
•    Proof of date of birth
•    Proof of Social Security number OR proof of ineligibility for a number
•    Documentation of permanent address
•    Proof of lawful status
•    No foreign documents allowed, except for a foreign passport
•    Signature
•    Signature upon document attesting, under penalty of perjury, validity of everything presented

Issuing Requirements

These requirements are the counterpart to the application requirements; they are the requirements incumbent upon the issuing authority during the application and license/ID issuance process.
•    Verification of photo ID
•    Verification of date of birth
•    Verification of full Social Security Number
•    Verification of documentation of permanent address
•    Verification of proof of lawful status
•    Verification of presented ID documents with issuing authority
•    Subject each applicant to a photo utilizing “mandatory facial image capture”
•    Resolve any issues arising from SSN verification or document verification
•    Confirm with other appropriate states/jurisdictions that any prior out-of-state licenses have been terminated (or will be terminated upon receipt of the new license)
•    Make a reasonable effort to ensure that the applicant does not hold a license in another jurisdiction under a different name
•    Verify out-of-state REAL IDs (if presented as a form of ID) with the issuing authority
•    Limit validity of new license/ID to 8 years maximum
•    States are not required to comply with all of the requirements if the license/ID is to be issued in support of federal, state, or local criminal justice (i.e. witness protection programs, federal judges with protected addresses, federal law enforcement officials etc.)

Renewal Requirements

These requirements follow from the issuing requirements, and deal with additional protocols during a renewal. One non-in-person renewal is allowed for a REAL ID compliant license/ID during each renewal cycle; the next renewal must be in person.
•    States may permit remote renewal, if state law allows for it
•    During a remote renewal, the state must re-verify the license holder’s SSN
•    However, states must require in-person renewal of the license/ID no less frequently than every 16 years
•    Re-verify the license holder’s SSN during an in-person renewal
•    Re-verify the license holder’s proof of legal presence if the holder is a non-citizen/permanent resident
•    Take an updated digital photograph of the holder
•    If there has been a material change in the applicant’s material information (i.e. a name change, a sex change etc.) an in-person renewal is mandatory
•    Renewed licenses issued prior to the material compliance date set by DHS will be accepted for official purposes until that date

Exemption/Alternate Requirements

•    States may establish a well-documented and DHS-approved exemptions process for applicants able only to present alternate/non-standard documents
•    States with exemption processes must make an effort to authenticate alternate documents and they must note the use of alternate documents in their records
•    States must conduct period reviews of the exemptions process
•    States will only issue temporary REAL ID-compliant licenses/IDs to persons under certain categories of legal status (like refugees, certain visa holders)
•    Temporary licenses/IDs shall only be valid for the period of authorized stay or, if indefinite, one year (subject to renewal)
•    Temporary licenses must prominently display expiration date
•    Temporary licenses shall only be renewed upon presentation of valid documentary proof of continued/extended status
•    Presented documents for continued/extended status must be verified with the appropriate federal authorities

DMV Security/Physical Requirements

•    States must produce a security plan, which must be submitted to DHS as part of REAL ID certification
•    The plan must ensure the physical security of locations where licenses and ID cards are produced
•    The plan must ensure the physical security of document materials and papers from which licenses and IDs produced
•    The plan must address the security of personal information held at responsible DMV facilities
•    The plan must address document and physical security features of the card, consistent with regulations
•    The plan must address access control for employees and systems
•    The plan must establish fraudulent document recognition training programs for DMV employees
•    The plan must address emergency/incident response at facilities
•    The plan must address internal audit controls
•    The plan must include an affirmation that the State possesses both the authority and the means to produce, revise, expunge, and protect the confidentiality of REAL ID driver's licenses or identification cards issued in support of Federal, State, or local criminal justice agencies or similar programs that require special licensing or identification to safeguard persons or support their official duties
•    States must ensure the physical security of materials and locations used in the production of licenses/IDs, consistent with security measures detailed in the security plan
•    The state must subject all persons authorized to manufacture or produce licenses and IDs to appropriate security requirements
•    The state must perform background, criminal history, employment history, and reference checks on REAL ID-responsible DMV employees
•    Employees subject to checks prior to 2006 need not be rechecked