The graphic above is a screen scrape from http://www.realnightmare.org/news/105, which did an excellent job mapping the most recent status on this issue. 17 states actually enacted anti-Real ID acts similar to the above Minnesota proposed act which will hurt their people badly:
17 states where counter productive laws defying the federal Real ID effort were enacted:
WA ID MT NV ND NE CO AR OK MO IL TN GA SC NH ME HI14 Hero States - States that have not endangered their citizens by enacting counter productive laws defying the federal Real ID effort:
CA SD KS IA MS AL FL NC VA IN DE NJ CT DC
10 States where Harmful counter productive laws defying the federal Real ID effort were introduced but are being repelled:
TX WI MI KY OH NY MD MA RI AK
10 States where harmful counter productive laws defying the federal Real ID effort passed one chamber (at-risk states!)
OR AZ NM UT WY MN LA WV PA VT
Below is Minnesota Senate's 4/18/07 SF0984 (companion to my opponent Carlos Mariani's HF 1438) denying Minnesotans' gaining the benefits of Real ID. Gratefully HF1438 has not yet passed the House and neither has been approved by the Governor. http://ros.leg.mn/revisor/pages/search_status/status_detail.php?b=Senate&f=SF0984&ssn=0&y=2007
1.5 Section 1. NONCOMPLIANCE WITH REAL ID ACT.
1.6 In order to promote the security and well-being of the people of Minnesota, to avoid
1.7 unneeded expense to the people, and to preserve the principles of federalism embodied in
1.8 the Tenth Amendment to the United States Constitution, the commissioner of public safety
1.9 is prohibited from taking any action to implement or to plan for the implementation by
1.10 this state of those sections of Public Law 109-13 known as the Real ID Act.
1.11 EFFECTIVE DATE.This section is effective the day following final enactment.
The commissioner of public safety is Michael Campion.
http://www.dps.state.mn.us/
To "promote the security and well-being of the people of Minnesota" we would cooperate and lead the nation in this important Real ID effort as we have been doing by showcasing our DMV and the company we used to create a card that complies with the federal standards, http://www.digimarc.com/.
To "promote the security and well-being of the people of Minnesota" we would cooperate and lead the nation in this important Real ID effort as we have been doing by showcasing our DMV and the company we used to create a card that complies with the federal standards, http://www.digimarc.com/.
But perhaps the phrases "unneeded expense to the people" and "preserve the principles of federalism " most rankle.
The expense will only grow with each passing day the nation is divided on this issue.
The principles of federalism are in danger here not at the hands of those cooperating with Real ID but at the hands of those promoting divisive, defiant legislation. Real ID implementation is a national security issue addressed by 9/11 legislation in 2005 the principles of which must be implemented.
All states should cooperate with our president on this. 10 states including Minnesota have proposed legislation similar to that above. None have proposed alternatives.
Our own Pat McCormack of the DMV has already successfully implemented the standards.
Below is perhaps the strongest critic, EPIC, a technical website often quoted in the techy website slashdot.org, and involved in many electronic rights issues. http://www.epic.org/privacy/id_cards/
The expense will only grow with each passing day the nation is divided on this issue.
The principles of federalism are in danger here not at the hands of those cooperating with Real ID but at the hands of those promoting divisive, defiant legislation. Real ID implementation is a national security issue addressed by 9/11 legislation in 2005 the principles of which must be implemented.
All states should cooperate with our president on this. 10 states including Minnesota have proposed legislation similar to that above. None have proposed alternatives.
Our own Pat McCormack of the DMV has already successfully implemented the standards.
Below is perhaps the strongest critic, EPIC, a technical website often quoted in the techy website slashdot.org, and involved in many electronic rights issues. http://www.epic.org/privacy/id_cards/
EPIC:
The residential address requirements set out in the draft regulations endanger the ability of victims of domestic violence, sexual assault, and other crimes to hide from their abusers. Currently, many States allow domestic violence victims and others to protect the confidentiality of their residential addresses. States have created formal Address Confidentiality Programs and States have also provided general measures of residential address privacy. The proposed regulations override these substantial protections, and the overrides must be removed from the final regulations. The government must not make it easier for abusers to find their victims. For more information, see EPIC's REAL ID and Domestic Violence page.
Jamie's analysis:
The residential address requirements set out in the draft regulations endanger the ability of victims of domestic violence, sexual assault, and other crimes to hide from their abusers. Currently, many States allow domestic violence victims and others to protect the confidentiality of their residential addresses. States have created formal Address Confidentiality Programs and States have also provided general measures of residential address privacy. The proposed regulations override these substantial protections, and the overrides must be removed from the final regulations. The government must not make it easier for abusers to find their victims. For more information, see EPIC's REAL ID and Domestic Violence page.
Jamie's analysis:
Minnesota worked around this. Possibly not as big a problem as heralded. I will update.
EPIC:
Under the draft regulations, the REAL ID card would include a 2D barcode as its machine readable technology. To protect privacy and improve security, this machine readable technology must either include encryption, which is recommended (pdf) by the DHS Privacy Office, or access must be limited in some other form. Leaving the machine readable zone open would allow unfettered third-party access to the data and leave 245 million license and cardholders nationwide at risk for individual tracking. In its Privacy Impact Assessment of the draft regulations, the Privacy Office supported encryption "because 2D bar code readers are extremely common, the data could be captured from the driver's licenses and identification cards and accessed by unauthorized third parties by simply reading the 2D bar code on the credential" if the data is left unencrypted.
Jamie's analysis:
This may be an insincere Red Herring meant to be confused with the other Red Herring, The RFID concern. In Real ID draft regulations, the 2-D barcode (currently on all new Minnesota driver licenses) includes probably only the license number printed on the card, or item 4 of the Real ID requirements.(1) The person's full legal name.(2) The person's date of birth.(3) The person's gender.(4) The person's driver's license or identification card number.(6) The person's address of principle residence.
The magnetic stripe may have all 6 items.In other words the barcode and mag stripe probably contain info the card holder physically controls. No additional info is obtained from a bar code reader or mag stripe reader. The card holder not only controls who gets the card info but they also KNOW what info is available via a bar code reader or mag stripe because it is probably the same info (and no more) as is printed on the card.And by law if there were additional info it could never be the social security number because it is forbidden in Minnesota by http://www.revisor.leg.state.mn.us/bin/getpub.php?type=s&num=171.07
EPIC:
DHS contemplates using the REAL ID system as part of its Federal border security program and requested comments on how States could incorporate long-range radio frequency identification ("RFID") technology into the REAL ID card so that it could be used as part of the Western Hemisphere Travel Initiative. Many groups have urged against the use of RFID technology in identification documents. There are significant privacy and security risks associated with the use of RFID-enabled identification cards, particularly if individuals are not able to control the disclosure of identifying information. The Department of State recognized these security and privacy threats and changed its E-Passport proposal because of them; the Department of Homeland Security has just abandoned a plan to include RFID chips in border identification documents because the pilot test was a failure; and both the Department of Homeland Security's Data Privacy and Integrity Advisory Committee (pdf) and the Government Accountability Office (pdf) recently cautioned against the use of RFID technology in identification documents.
Jamie's analysis:
The DHS (Dept of Homeland Security) CONTEMPLATES and REQUESTS COMMENTS on RFID. In other words, the DHS has not included RFID in any REAL ID regulations or guidelines. EPIC engages in self-serving alarmism.
Are you more concerned with the remote possiblity of a private individual's RFID-reader obtaining your RFID card's ID number (not any additional info) at 20 feet at the airport, or with people you trust (employers, relatives) possibly typing your Social Security number into a new convenient website and obtaining your credit or medical records? Perhaps a device such as Paypal's new Security key may be adapted by medical record aggregators' technical engineers https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside.
The DHS (Dept of Homeland Security) CONTEMPLATES and REQUESTS COMMENTS on RFID. In other words, the DHS has not included RFID in any REAL ID regulations or guidelines. EPIC engages in self-serving alarmism.
Are you more concerned with the remote possiblity of a private individual's RFID-reader obtaining your RFID card's ID number (not any additional info) at 20 feet at the airport, or with people you trust (employers, relatives) possibly typing your Social Security number into a new convenient website and obtaining your credit or medical records? Perhaps a device such as Paypal's new Security key may be adapted by medical record aggregators' technical engineers https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey-outside.
These are the hard questions we should be asking ourselves in the coming months as the principles of Real ID are implemented for the safety, security and privacy of everyone.Please comment below on your concerns for privacy and security.
Update:
The magnetic strip on a Minnesota driver license card contains the same information that is found on the front of the card, less the picture and signature.
The barcode on a Minnesota driver license card contains name, driver's license number and date of birthinformation.
RFID is not embedded on Minnesota cards.
The DVS has only implemented the card standard portion of Real ID that has been published which calls for a PDF417 2D barcode and anti-fraud items. The anti-fraud items are provided by Digimarc.com.
The portion of Real ID which directs the various Motor Vehicle Services across the nation which identification documents to remove has not yet been published nor has agency building security guidance been provided for re-negotiating the contracts for the Minnesota agency sites.The portion of Real ID which calls for flags on warrants has not been implemented.
The DVS dislikes encryption for magnetic strips. And "the encryption of any data in the 2D barcode would not enhance real privacy of the card holder".
When we cross the RFID (Radio Frequency identification systems) bridge we will need to be careful and possibly implement encryption. But RFID need not be implemented with Real ID and can be considered a separate issue.
Real ID can work. The hurdles across the nation are a technical challenge. But we can do it.
The barcode on a Minnesota driver license card contains name, driver's license number and date of birthinformation.
RFID is not embedded on Minnesota cards.
The DVS has only implemented the card standard portion of Real ID that has been published which calls for a PDF417 2D barcode and anti-fraud items. The anti-fraud items are provided by Digimarc.com.
The portion of Real ID which directs the various Motor Vehicle Services across the nation which identification documents to remove has not yet been published nor has agency building security guidance been provided for re-negotiating the contracts for the Minnesota agency sites.The portion of Real ID which calls for flags on warrants has not been implemented.
The DVS dislikes encryption for magnetic strips. And "the encryption of any data in the 2D barcode would not enhance real privacy of the card holder".
When we cross the RFID (Radio Frequency identification systems) bridge we will need to be careful and possibly implement encryption. But RFID need not be implemented with Real ID and can be considered a separate issue.
Real ID can work. The hurdles across the nation are a technical challenge. But we can do it.
No comments:
Post a Comment