Thecurrently says that driver's licenses and other identification documents issued by state governments must comply with a stringent set of rules devised by the U.S. Department of Homeland Security. But some state legislatures are weighing whether to stand up to the federal government and oppose federalized identifications, which two weeks ago.
"I have no problem with the Real ID Act," Paula Arcioni, the chief information security officer for New Jersey's Office of Information Technology, said during a panel discussion at thehere. She said that adding a microprocessor to the national IDs--thereby making them smart cards--would create "cost savings from an overall comprehensive strategic approach."
Arcioni's comments show that the Real ID rebellion, which began last April when New Hampshire's House of Representatives, has not reached critical mass. Although bills are pending in legislatures including Georgia, Massachusetts, Montana and Washington, it remains unclear whether enough opposition will develop in state legislatures to force the federal government to amend or delay the Real ID rules.
Sen. Daniel Akaka, a Hawaii Democrat, and John Sununu, a New Hampshire Republican, introduced a bill in December to repeal the Real ID Act. On Friday, Sen. Susan Collins, a Republican from Maine, is expected to hold a press conference to announce similar legislation.
"We're certainly not the rabble-rousers out there trying to lead a rebellion," said Denise Blair, the assistant deputy director of the California Department of Motor Vehicles, referring to Maine's efforts.
Blair, who favors the Real ID Act, did say, however, that it will cause some administrative headaches for California when more than 3 million more people a year are visiting local motor vehicle offices.
Blair lauded better data-mining practices and sharing information between states, which is what Real ID is designed to encourage. If the Real ID had been in place six years ago, she said, data mining could have led to flagging some of the Sept. 11, 2001, hijackers before they boarded the planes: "The bulk of those could have been identified previously."
How it's supposed to work
The Real ID Act says that, starting on May 11, 2008, Americans will need a federally approved identification card--a U.S. passport will also qualify--to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service. States will have to conduct checks of their citizens' identification papers and driver's licenses likely will be reissued to comply with Homeland Security requirements. State motor vehicle databases are also required to be linked together.
In addition, the national identification cards must be "machine readable," with details left to Homeland Security, which hasn't published final regulations yet. That could end up being a magnetic strip, enhanced bar code, or radio frequency identification (RFID) chips.
One audience member, who said he worked at a state criminal justice data center, said: "This Real ID isn't going to work unless there's some mandatory biometric involved." (Real ID permits, but does not require, Homeland Security to mandate biometric identifiers such as fingerprints, retinal scans, or DNA samples.)
"The biometric part, I absolutely agree, it ought to be in there," said Dan Combs, Iowa's former director of digital government. Combs is now president of Global Identity Solutions, which sells identification-related services to governments and corporations.
After other panelists made similar remarks, moderator Denley Chew, assistant vice president at the Federal Reserve Bank of New York, said: "We seem to be in violent agreement."
Chew warned, however, that "the ACLU will be at the door." The ACLU has set up an anti-Real ID Web site called RealNightmare.org and has been lobbying state officials to oppose the plan.
Arcioni, the New Jersey state official, suggested implanting Real IDs with microprocessors, which would be required to access government services.
Even if the initial federalized ID doesn't have it, future versions will, Arcioni predicted. "Did they think it was going to be some stupid plastic card that didn't have any electronics putting some smart technology on it, a microprocessor?" she asked. "I can't even imagine Real ID not having smarts, at least as something that could be leveraged down the road."
Companies could also require the microprocessor-equipped IDs for authentication, Arcioni said. "That's useful when you're delivering services, whether it's the commercial sector or the public sector."
Identification cards implanted with microprocessors are commonly called smart cards. They generally have a processor, memory and a "tamper-resistant" mechanism to prevent unauthorized people from altering the hardware or software. Smart cards can rely on physical contact, like a mobile phone SIM, or feature RFID technology.
Smart cards aren't as popular in the United States as they are in Europe, where cryptographically protected smart cards are used for applications such as ATM cards and fuel cards.