Focusing public attention on emerging privacy and civil liberties issues

PASS ID Act is REAL ID 2.0

Top News

Introduction

On June 15, 2009, S. 1261, the "Providing for Additional Security in States' Identification Act of 2009" or the "Pass ID Act" was introduced in the Senate. If the bill becomes law, it would establish a national ID card. Its provisions are similar to those contained in the controversial REAL ID Act. REAL ID has faced ongoing criticisms from state governments, technical experts, and privacy advocates. The REAL ID implementation posed a number of privacy threats because of document collection, retention, sharing, and use.

In 2007, EPIC and the Privacy Coalition organized a national campaign against REAL ID implementation.

The PASS ID Act states that, beginning one year after the final regulations are issued, no federal agency can accept a driver's license or state-issued ID card unless the issuing state is "materially compliant." Material compliance is determined by the Secretary of Homeland Security, based on whether a state has begun to issue PASS ID drivers licenses and state issued ID cards. The PASS ID bill then sets a deadline of six years after the final rule that prohibits all federal agencies from accepting any non-compliant drivers license or state identification card for any official purpose (e.g. boarding an airplane, applying for Social Security benefits, student loans, opening a post office box, entering a federal building, etc). This raises questions regarding the rights of the physically challenged, children, poor, and the elderly who receive benefits or services from federal government agencies. There are reasons why each may not hold a federally sanctioned, state-issued identification document. The PASS ID Act does not specify limits on the requirement of an approved identification document to access federal government services, benefits, or meet with federal employees in official settings. In effect, individuals will lose some level of citizenship and rights should they not hold a PASS ID. Further, there is no reason to assume that local and state governments and private sector entities will not develop requirements that persons seeking services must hold a PASS ID. Compliance means that, over time, all those issued drivers licenses and state ID cards will face the challenge of complying with the PASS ID rules written by DHS. This is the same situation that REAL ID attempted to create, and 24 states rejected.

The PASS ID Act gives the Secretary of Homeland Security "unreviewable discretion" to issue driver's licenses and state ID cards under the Minimum Issuance Standards Section (c)(2)(B) "Evidence of Lawful Status" items (v), (xii), as well as under Section (C) Temporary Drivers Licenses and Identification Cards item (i). The term "unreviewable discretion" raises questions about the definition of this term as it relates to oversight, privacy protections, and judicial review. This new authority in the context of the PASS ID bill will extend drivers licenses or state identification cards to persons who might otherwise be denied them. Extending rights or benefits of citizenship or legal residence status is a positive thing, but care should be taken to ensure that this authority is not expanded to include the power to withhold the issuance of a drivers license or state issued ID card to someone who is otherwise qualified to receive one.

PASS ID directs states to "[e]stablish an effective procedure to confirm or verify a renewing applicant’s information." States are provided access to two federal government databases: SSOLV (SSN Verification) and SAVE (Immigration status) at no cost. States are required to collect a wide range of original documents from applicants and retain them in digital form for as long as the document is authorized for use.

PASS ID Data Collection Requirements

The data collection requirements of PASS ID are virtually identical to those of REAL ID. The PASS ID exception is that it does not require retention of paper records, but the bill does not prohibit it. States are required to collect original "identity source documents" that support applicants' statements regarding age, name, address of principle residence (with exceptions), gender, citizenship status, and residency status. The documents that may be required could include: passport, original birth record, proof of address, proof of name (marriage license, divorce decree, adoption records, etc). There is no limitation on states should each decide to create its own list of documents that must be presented and the criterion that they may establish for the issuance of identification documents. Applicants for PASS IDs would require presenting several forms of identity source documentation to support all of the following:

  • Full name
  • Date of birth
  • Gender
  • Person's driver's license or identification card number
  • Persons address of principal residence (PASS ID exception for victims of domestic violence, for any person the state determines should be exempted from having an address on the face of the document for safety or security reasons)

Just as with the REAL ID, each person applying for a PASS ID must allow a facial digital image capture. Digital images are useful for searchable databases and can facilitate the use of facial recognition systems. Facial recognition is being developed to allow law enforcement agents to scan people using close-circuit television systems for the purpose of picking a face out of a crowd.

The PASS ID Act requires states to develop "an effective procedure to confirm or verify a renewing applicant's information."

PASS ID Data Retention Requirements

REAL ID's paper record data retention requirement was 7 years, while the PASS ID data retention requirement is digital copies of supporting documents for "at least as long as the applicable driver's license or identification card is valid." The PASS ID Act limits the validation period for drivers licenses and state identification cards to eight years. Because the PASS ID establishes a floor for data retention and not a ceiling, states may retain electronic copies of original documents indefinitely. The PASS ID Act also mimics language found in REAL ID regarding the use of technology to record digital images of identity source documents, which can include birth records, immigration documents, marriage licenses, court change of name or gender reassignment, divorces, adoption records, etc. There may also be requirements to provide medical records as proof of medical conditions that affect the collection of biometric or other PASS ID related information. Scanning technology for paper records digitizes these records and creates the same privacy challenges as other digital records systems. Privacy is implicated when digitized paper record systems are coupled with Optical Character Recognition (OCR) applications because they can facilitate searching of documents based on words and phrases.

National ID systems such as PASS ID create inherent and substantial risks of fraud and identity theft. Identification documents should be made more secure. However, the integration of secure identity cards with interconnected databases raises additional privacy risks. Privacy enhancing techniques that minimize the collection and use of personally identifiable information should also be considered.

A key provision of privacy protection is that data can only be used for the purpose it was collected. PASS ID proposes to use federal databases created for government benefit programs, tax collection, and immigration purposes. States are provided access to two federal government databases: SSOLV (SSN Verification) and SAVE (Immigration status) at no cost. Because neither of these systems was developed to manage the issuance of drivers licenses or state ID cards, problems can be anticipated with data matching and verification. The collection is for driver’s licenses and IDs. If there is a need for another use, then courts should be used for lawful access. Another key issue is how attractive DMV records will be for other government purposes, such as federally funded local and state fusion centers.

The PASS ID Act states that a person cannot be denied boarding a commercial flight solely based on failure to present a driver’s license or ID Card. However, six years after the date that final regulations are promulgated federal agencies can refuse to accept state driver's licenses or IDs that do not meet the requirements. The bill also sets out that federal government agencies may deny service to persons who do not hold a PASS ID. The law does outline exceptions for shielding of home address as provided for by the Violence Against Women's Act (PL 109-162) or for persons who the State determines should be exempt to protect their safety or security.The features of the PASS ID include:

  • Digital, photo of the applicant
  • Signature
  • Security features
  • Machine readable technology (PASS ID expands the collection of machine readable information to the "data elements available on the face of the driver's license or identification card.)
  • A unique symbol designated by the Secretary of Homeland Security to indicate compliance with the requirement under this section.

The PASS ID Act mandates that a unique symbol on the face of the document be created to represent DHS. The agency already has a unique symbol called a "seal," which would be readily identifiable as belonging to DHS. The agency's seal is a unique symbol that is readily identifiable and can serve this purpose. If the symbol is not known or associated with DHS it would defeat the purpose of transparency.

Information in the machine readable zone (MRZ) of the PASS ID includes all information on the face of the document, but may not include the Social Security Number (SSN). The PASS ID makes it "unlawful for any person, knowingly and without lawful authority to scan the information contained in the machine readable component of a driver’s license or identification card; or to resell, share or trade that information with any other third parties; track the use of a driver’s license or identification card; or store the information collected." The PASS ID Act does not extend physical protection to MRZ information by limiting the type and availability of MRZ readers that can access the information on the card. This would extend MRZ privacy protection in such a way that only licensed users could obtain these DMV readers and the possession of an unlicensed MRZ reader could more easily be detected by authorities. The problem with MRZs is that they can make it easier to quickly collect the information and create a database on people who present their license or ID as proof of identity. The best defense for privacy protection is to not collect the information, but if MRZs are used, physical and legal barriers should be created to using the information for unlawful purpose. Access to the information should be limited to reasons related to the operation of a motor vehicle.

PASS ID Gives the Secretary of DHS Unreviewable Discretion

The PASS ID Act uses the phrase "unreviewable discretion." This raises issues of oversight and accountability. The question is how does this affect the balance of power among the branches of government. This phrase has been used in other legislation relating to the authority of the DHS Secretary regarding border security, which might be necessary considering the fluid nature of that environment. More needs to be done by Congress to spell out what this phrase means in the context of the legislation. In the PASS ID Act, it is used to extend authority to the Secretary of DHS to provide rights to others for State issued drivers licenses and ID documents.

PASS ID Privacy Threats

PASS ID does have specific language under Section 202 (d)(6) that mirrors Fair Information Practices (FIPs), which is the foundation of privacy protection. FIPs were created after the development of computer record keeping to address privacy threats posed by the collection, retention, sharing, and use of personal information. FIPs have been codified most notably by the Federal Privacy Act, and Fair Credit Reporting Act

The PASS ID Act directs the establishment of administrative and physical security for the integrity and confidentiality of personally identifiable information. However, the bill does not explicitly state that this protection extends to the MRZ or RFID technology, which is important to the document holder's protection against physical threats, or identity thieves. The regulations developed by the Department of Homeland Security to guide the states in creating the PASS ID are directed to:

  • Prevent unauthorized access to, or use of, personally identifiable information;
  • Provide public notice of security and privacy policies, including the use, storage, access to, and sharing of personally identifiable information.
  • Establish a process for individuals may access, amend, and correct, as determined appropriate by the State, their own personally identifiable information.
  • Prohibit the storage of the social security number in the machine readable zone of the document.

In the isolated context of a state controlled DMV records system, this would be a step in the right direction. While concrete measures to provide privacy protection in federal, state, or local statutes are always encouraged, it is important to keep the application for PASS ID data collection in perspective. The intent of this legislation is to facilitate a National ID system. Federal, state, and local government agencies are already engaged in efforts like fusion centers to develop an Information Sharing Environment (ISE), which seeks to break down barriers to information controlled by all levels of government. In addition, government efforts to develop an ISE also include plans to gain access private sector data warehouses.

One prime example of an ISE are information fusion centers, which facilitate bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. The term "fusion center," seems to have originated from the Department of Defense (DOD,) and refers to the fusing of information for analysis purposes. In the Department of Justice funded Fusion Center Guidelines' Summary of Key Data Elements, the following is said about DMV records, "Leverage the databases, systems, and networks available via participating entities to maximize information sharing. Obtain access to an array of databases and systems. At a minimum, consider obtaining access to driver’s license information, motor vehicle registration data, location information, law enforcement and criminal justice systems or networks, and correctional data..."

Machine Readable Zone of PASS IDs

As EPIC's report "REAL ID Implementation Review: Few Benefits, Staggering Costs" says, there are significant threats to individual privacy and security that would be created by unfettered access to REAL ID national information system data, which endorsed the use of machine readable zones on drivers licenses and state issued IDs. The data that would need to be present and available to card swipe systems include all information on the face of the card:

  • Full name
  • Date of birth
  • Gender
  • Person's driver's license or identification card number
  • Digital photo of the person
  • Persons address of principal residence (PASS ID exception for victims of domestic violence, for any person the state determines should be exempted from having an address on the face of the document for safety or security reasons)
  • Signature

The PASS ID does prohibit third-parties from scanning and collecting "information contained in the machine readable component of the driver's license or identification card." However, information within the machine readable zone of the document is not protected by security features designed to prevent scanning and collecting of drivers license and state ID information. Identity theft security can be improved by extending full Privacy Act protection to all personal information related to drivers license issuance and use. Enhanced civil and criminal penalties for abuse or misuse of the information would add further protection. Although the document prohibits the machine readable zone from providing access to the SSN, the other information may be used by identity thieves to guess the holders SSN. A report presented at a security conference outlined the vulnerabilities of using SSNs for other purposes and the ease with which they can be guessed.

RFID Use in PASS IDs

The PASS ID Act extends additional authority to DHS by allowing the Secretary to certify any driver's license or ID card, including Enhanced Driver's Licenses and the Western Hemisphere Travel Initiative (WHTI) cards as approved under the PASS ID Act. Enhanced Drivers Licenses and/or WHTI IDs use contactless radio frequency identification (RFID) technology.

An early application of RFID technology was the tracking and management of cattle. The cost and size of RFID tags made it impractical for other uses. Over time the RFID tag has gotten much smaller and cheaper, so much so that it is now finding broader applications. RFID chip devices are now so small that they can be physically incorporated into most retail items, not just the packaging they come in. The device can transmit data that is stored on the chip to a hand held reader device up to 30 feet away. RFID readers are cheap and available to the general public. RFID technology systems are a common work tool in most retail settings, where manufacturers, wholesalers, and retailers use them to track merchandise from production to final sell.

Many technology experts predict the development of a seamless network of millions of RFID readers strategically placed around the globe in airports, seaports, highways, distribution centers, warehouses, retail stores, and consumers' homes, all of which are constantly and silently reading, processing, and evaluating the behaviors and conduct of individuals. Where, when, and how RFID technology is deployed is as important as the deployment and use of RFID reader technology. The use of RFID in Enhanced Drivers Licenses was proposed as a way for border agents to routinely check the documents of groups of people simultaneously.

The REAL ID final rule issued by the Department of Homeland Security Department did not include a requirement that states incorporate RFID technology into the drivers licenses and state IDs. DHS's Data Privacy & Integrity Advisory Committee issued a report stating that RFID technology, "may not be best suited for purposes of identifying individuals and other solutions should be considered." The PASS ID Act as currently written would allow the use of RFID technology in identification documents. Use of RFID tags poses exponentially greater risks to personal privacy.

Although REAL ID did not include regulations on the use of RFID technology, the agency's rule on Enhanced Drivers Licenses did. On May 29, 2009, the Department of Homeland Security's U.S. Customs and Border Protection published in the Federal Register an announcement that the enhanced driver's licenses and identification documents issued by the states of Vermont and Michigan and the Canadian Provinces of Quebec, Manitoba, British Columbia, and Ontario as acceptable documents for the Western Hemisphere Travel Initiative.

Insider and Outsider Threats

Under the PASS ID, the government would have easy access to an incredible amount of personal data stored in distributed databases. The presence of the ISE and fusion centers is likely to create opportunities to access state DMV records at will--achieving the effect of a national database. There is no language in the PASS ID Act to change the language of the final rule for REAL ID that established 56 State and Territory databases, each of which can access all others through a "hub"-based network.

Further, the value of the original documents and the DMV database would be very attractive to identity thieves. Identity theft is a large and growing problem. A Federal Trade Commission report estimated that 8.3 million victims suffered ID theft in 2005. Document storage, security, and management will offer opportunities to insiders who may use their access for illicit purposes. Large-scale data breaches have occurred at State DMVs across the country. If the databases are linked, it may require a breach of only one to gain access to data held by the others. The Privacy Rights Clearinghouse documented several data breaches that include the following: Oregon's DMV lost half a million records in 2005; Georgia's DMV fail victim to an insider threat compromising 465,000 records; and North Carolina's DMV lost a laptop with information on 16,000 in 2006.

Background Checks Do Not Address Insider Threats

Persons with a known criminal record would be most impacted by this approach, while those who had no criminal record, or a particular interest in accessing information on someone known to them would be missed.

Background

National Identification systems are established for a variety of reasons. Race, politics and religion often drive the deployment of ID cards. The fear of insurgence, religious differences, immigration, or political extremism have been all too common motivators for the establishment of ID systems that aim to force undesirables in a State to register with the government, or make them vulnerable in the open without proper documents.

Christian Parenti's "The Soft Cage, Surveillance in America from Slavery to the War on Terror," explored this history by covering the treatment of Native Americans, African Americans, Chinese Americans, and Japanese Americans. In the United States various forms of domestic identification systems developed during the colonial period and extended well into the second century of its existence. The first "pass" laws were established in 1642 in the state of Virginia to control the movement of indentured servants--many of which were European. Any white person attempting to leave the colony was required to have a "pass" from the governor. The "pass" system extended to Native Americans to control their entry and passage into the colonial territory. By 1687, South Carolina established a "pass" law to control the travel of African Americans.

South Africa's Apartheid system of government was maintained by a system of "pass laws" that controlled the movement of people of that nation. Protests against the pass system resulted in a government crackdown and violence. The protests in Sharpville involved persons refusing to carry their government issued "pass book." The end of apartheid was marked by the abolishment of the nation's "pass laws."

The current attempt at a U.S. National ID system, REAL ID, has failed. EPIC and 24 experts in privacy and technology submitted detailed comments (pdf) in May 2007 on the draft regulations explaining the many privacy and security threats raised by the REAL ID Act. The fundamentally flawed national identification system is unworkable and the REAL ID Act must be repealed. In particular, the group admonishes DHS for its failure to include adequate privacy and security safeguards for this massive national identification database. DHS's own Data Privacy and Integrity Advisory Committee has refused to endorse the agency's plan. "The Committee feels it is important that the following comments do not constitute an endorsement of REAL ID or the regulations as workable or appropriate."

News

Resources