Web extra: States face Real ID privacy dilemma
The Real ID Act requires states to confirm personal information with one another, which worries some privacy advocates
- By Alice Lipowicz
- Jan 10, 2008
A major issue slowing progress on Real ID implementation is whether states should share copies of identification documents or only confirm information.
Until there is an answer to that question, developing back-end information technology systems to support the initiative will be difficult.
Privacy may hang in the balance. Some advocates believe the risks of identity theft and loss of personal privacy in Real ID may be lessened if states use a pointer system to verify critical personal information from birth certificates and other documents held in other states. States would query one another to confirm information without sharing the documents themselves.
"A pointer system is acceptable," said Barry Steinhardt, director of the technology and liberty program for the American Civil Liberties Union. "We have said we have no objections to a pointer system."
An alternative is for states to participate in a network of connected databases, called a federated database system, in which digital copies of original documents are available to all participants in the system.
However, some experts believe privacy would be better protected if the data was shared through a central hub rather than widely distributed because stronger security controls could be placed on the information.
"If you centralize it, it would be easier to manage in terms of security and privacy," said Harold Kocken, business solution manager of BearingPoint's national motor vehicle solutions group. "There would be fewer people with the possibility of interfering with the database."
State and industry representatives are discussing the possibility of states creating a consortium or working with an organization such as the American Association of Motor Vehicle Administrators to build such a hub. It would be able to direct queries to verify information such as birth dates, full names and license status in other states. A hub may send four or five such queries at a time to different databases.
The Homeland Security Department released grant guidance last month to help states apply for $35 million to begin implementing the data-sharing requirements of the Real ID Act. The department is considering several potential solutions, including pointer systems, said DHS spokeswoman Amy Kudwa.
State motor vehicle administrators have discussed expanding the AAMVA's Commercial Driver's License Information System, which has records for about 13 million drivers, to encompass the 240 million drivers in Real ID. The system, which has been operating for two decades, is used to allow states to check applicants' driving records in other states.
The CDLIS is a pointer system that operates based on queries sent among the states, and it does not share original documents, said Jason King, an AAMVA spokesman.
"This model has been effective in keeping bad drivers off the road," King said. "It could be feasible to expand it to all drivers." Increasing the system's scope would require greater capacity to handle network traffic and a more robust system, and the AAMVA examining those possibilities, he said.
DHS plans to make available $4 million through the Real ID Vital Events Verification State Project Grant program to help states establish systems to verify birth certificates. The goal is to allow officials in one state to electronically verify birth certificates presented from another state.
The verification grant program will expand a pilot project run by the National Association for Public Health Statistics and Information Systems. Named the Electronic Verification of Vital Events, it is operating with three states that can originate queries and nine states that can respond to the queries. Using the system, operators type information for verification, such as someone's full name and date of birth, and the system automatically processes the query to determine if there is a match with the original birth certificate. The response is either "match" or "no match." It attaches notes about suspected misspellings and near matches.
The system takes advantage of states' efforts to digitize birth records in recent years. About 85 percent of birth records after 1935 are available electronically, said Garland Land, the association's executive director.
The association is working with Kentucky to test software that links to the Electronic Verification of Vital Events system. Grants will be available to states to enable similar links, Land said.
"We are getting a 90 percent match rate in the pilot project," Land said. "We feel that is acceptable."
However, Steinhardt said 90 percent matching does not necessarily mean 90 percent accuracy because there could be false positives in the system.Alice Lipowicz (firstname.lastname@example.org) is a staff writer for Washington Technology.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.