Page 2 of 2   < Real ID's Real Problems

Not unreasonably, the states want to be responsible for verifying only tje information they can access. If, for instance, they can't electronically connect with the immigration database when the IDs launch, the states shouldn't have to verify immigration information. Given the added time and cost required to verify the information via fax or, heaven forbid, snail mail, such an exemption seems to make sense. You could argue, though, that we'd be better off, and the Real ID program's goals better met, if agencies simply waited for all the pieces to fall into place before launching the new IDs.

Guidelines in the Real ID Act set up requirements for background checks on employees, and the physical security standards at DMV facilities, for example (see my prior column on this topic for more detail.). But the more crucial issue of security standards for the ID cards themselves is left vague and therefore up to the DHS, to DMVs, and to states to figure out.

Knowing that RFID is one of the technologies in strong contention for the cards (and is also set to be used in e-passports), and that the technology has raised security concerns , the California legislature in August passed the Identity Information Protection Act . Sponsored and supported by a variety of consumer advocacy groups, the bill laid out security standards for any state RFID-equipped card.

The mandated safeguards included making the cards tamper-resistant, encrypting the data, and requiring authentication of both the card and reader so that authorities could be sure a card was genuine and cardholders could be sure unauthorized people were not reading their information. Also required: mechanisms that let cardholders allow or block the wireless transmission of their ID's information in order to prevent tech-savvy snoops from tracking cardholders or gaining access to card information being broadcast. Another provision stated that cardholders had to be informed about how the agency issuing the card intended to use it, what information was being collected and stored any time the card was read, what the basic risks of the technology were, and which precautions were available to keep the card from being read remotely (either with or without the holder's knowledge).

California Governor Arnold Schwarzenegger vetoed the legislation at the end of September, saying he didn't want to put something on the state's books that might contradict the forthcoming national standards. He also expressed concern that the law would apply to an overbroad set of cards and that it imposed too many restrictions on state agencies, among other things. However, the bill could easily serve as a model for national IDs, since most of its provisions would apply to many different technologies that could be adopted.

Whichever technology is chosen, however the data gets verified, and no matter which methods are used to safeguard it, two things are sure: You and I will have to wait longer to get our driver's license, and it will cost us more--whether in federal or state taxes or in fees paid directly to the DMV.

The current plan dictated by the Real ID Act requires that states replace all IDs during a five year period starting in May 2008. As the report by the states points out, because new documentation and verification will be required, the process will be like obtaining a new license all over again--no Internet or mail-based renewals will be allowed. All those in-person visits will take time, as will all the double-checking that the motor vehicle bureaus have to do before they issue new licenses.

Regardless of whose estimates are more realistic, the new systems, new training, and new cards will increase costs, not just for the DMV but for any agency that has to read the cards. It's obvious that you and I will foot that bill, one way or another.

<       2

© 2006 PC World Communications, Inc. All rights reserved