Friday, June 03, 2005

Real ID, Part 2: Real Identity Theft

One blog wasn't enough to cover all the problems with Jim Sensenbrenner's new Real ID Act, so let's examine another little-known effect of this law: stealing your identity.

It sometimes seems that every magazine, newspaper, and bank statement insert is warning us about people who want to steal our personal information and turn it to their own benefit. When the Real ID Act is fully implemented three years from now, those of us who drive may be sitting ducks for identity thieves. The DMV will be keeping digital copies of our birth certificates and other forms of identification, and they'll be linked in a nationwide database. The Los Angeles Times tells why this is worrisome:
To some industry experts and activists concerned about the fast-growing crime of identity theft, putting so much data before more eyes guarantees abuse at a time when people are increasingly concerned about who sees their personal information and how it gets used.

"It's a gigantic treasure trove for those who are bent on obtaining data for the purpose of creating fake identities," said Beth Givens of the nonprofit Privacy Rights Clearinghouse. Armed with a stranger's name, Social Security number and date of birth, it's not hard for fraudsters to take out bogus loans that can wreck a victim's credit record.
DMV employees in every state will have access to information from every other state. Even if our own Wisconsin staff is entirely honest, there are plenty of other folks who will now be able to grab our data and sell it.

Feeling a bit uneasy yet? Let's turn our attention to the license itself. Under the Act, every state's license will contain personal information in an identical format that can be scanned like a credit card. From the Times again:
Critics predict the standardization will prompt many more merchants to scan customer licenses and then pass on the information to such data brokers as ChoicePoint Inc. and LexisNexis. The databases of both ChoicePoint and LexisNexis have been exploited by identity thieves.

"There's no data-protection law, so it can be sold to companies like ChoicePoint," said Bruce Schneier, the author of several books on security technology. "It would be silly not to, since it's a revenue stream."
By the way, in Wisconsin we can currently block wholesale requests for our information by filing an opt-out form with the DMV. That privilege would presumably fall by the wayside when we are at the mercy of other states.

So the bottom line seems to be that our own identities will be compromised in the name of security. But will we really be more secure? Can a terrorist submit a phony foreign birth certificate or passport? Perhaps. How about requesting a U.S. birth certificate for a child who died and assuming that child's identity? That's been done too. Just going without a driver's license would make life more difficult for the would-be terrorist, but not impossible. There are still plenty of loopholes in this system.

Was identity theft debated in Congress before the bill passed? Sadly, no. Since Real ID was attached to the military spending bill, it would have been unpatriotic to inquire into the details of the legislation. That's what Jim Sensenbrenner was counting on.

Wednesday, June 01, 2005

Real ID Act Will Cause Really Big Problems

Jim Sensenbrenner's "Real ID Bill" has now become law, and most Americans will be aghast when they find out what changes it will bring. Do you look forward to your periodic visit to the Division of Motor Vehicles to renew your driver's license? Well, break out the champagne, because that ritual is going to become longer and more involved.

Rep. Sensenbrenner wants you to provide proof of your identity and legal residence in the United States when you get or renew your license. But there are problems, as explained here:
States fear the new rules may force applicants to make more than one trip to motor vehicle departments, once to provide documents such as birth certificates that states must verify and a second time to pick up the license, state officials said.
But you won't be the only one enjoying the new system. Under this law,
by May 2008 every state will be required to contact the issuers of birth certificates, mortgage statements, utility bills, Social Security cards, and immigration papers before granting a driver's license. States will also have to keep copies of those documents for seven years.
And who will pay for all this? It gets even better:
Cheye Calvo, of the National Conference of State Legislatures, said the bill imposes big costs and sets an unrealistic three-year deadline for states without giving them a voice in the process. Congress estimated it will cost about $100 million to purchase the necessary equipment to meet the Real ID Act's demands, but Calvo said the real figure is likely to be $500 million to $700 million.

''We don't have a whole lot of confidence that the money is going to materialize in the federal budget to pay for all these tedious new mandates," Calvo said.
Sensenbrenner thinks his new law involves just standing in line for a few more minutes, and that will prevent thousands of people from being killed by an airplane attack. Wrong on two counts!

He, like many politicians, is totally out of touch with the life of regular people. (I think the DMV staff does a fine job of processing customers relative to the meager amount of resources they have, but my last renewal took almost two hours. What are the chances that F. James sits around that long?) And terrorists may well be in this country legally or at least have good forged documents to present to the harassed folks at the DMV. This law will not help prevent terrorism as much as, say, protecting nuclear power plants.

What it will do is create a set of state databases full of personal information on most of the U.S. population, ready for identity thieves to access. And our driver's licenses will be standardized in all states--the precursor of a national identity card?

Raise your hand if you think a Real ID is really worth having.