Real ID opposition turns up the heat

Information technology experts intensified the controversy over the Real ID Act this week with warnings that the huge database required may never be secure from identity theft and privacy invasions.

"Computer scientists don't know how to keep a database of this magnitude secure," Bruce Schneier, IT security expert, testified at a Senate Judiciary Committee hearing on Tuesday. "The fact that the Real ID database is a 'one stop shop' for personal information exacerbates these risks."

"The policy behind Real ID has been flawed from the moment Congress proposed it. Without sufficient safeguards, it has the potential to enable identity theft on an unprecedented scale. The proposed rules are at best vague in addressing privacy, security and accuracy risks, and at worst, they increase these risks," Eugene Spafford, chairman of the U.S. Public Policy Committee of the Association for Computing Machinery and professor of computer science at Purdue University, said in a statement this week.

However, a national IT trade organization asserted that Real ID's privacy protections are superior to existing systems.

"What could be a more egregious invasion of privacy than the identity theft experienced by hundreds of thousands of Americans thanks in part to weak drivers' licenses?" Phil Bond, president of the Information Technology Association of America, said in a statement this week.

"Today's system is the system that helped to bring us the terrorist attacks of September 11, 2001," he said. "We know the problem and we have the technology to fix it."

The Real ID Act requires states to implement national standards in issuing driver's licenses. In practice, this will mean collecting and electronically storing personal information for millions of individuals. Information in the databases will be shared among states. Although the Real ID Act provisions were recommended by the 9/11 Commission, critics say that they will create, in effect, a national database and national ID management system that will make people more vulnerable to identity theft, privacy loss and racial tracking and other civil liberties threats.

Several other IT-related organizations and experts weighed in with opinions this week, with public comments due to the Homeland Security Department on Tuesday.

The Smart Card Alliance, an organization representing makers of smart cards and biometric technologies, said the two-dimensional barcode proposed by the federal government for the Real ID Driver's Licenses would be inadequate for security and privacy.

"The Department of Homeland Security should not rely on static 2D barcode technology to store citizens' personal information on Real ID driver's licenses or identification cards due to its inherent security drawbacks," the alliance said this week.

Instead, the alliance strongly recommended that DHS apply smart card technologies with computer chips, similar to those used in the State Department's e-passport and the Defense Department Common Access Card.