 |
 |
 |
 |
March 2007 • Volume 12 Number 3
|
 |
|
Executive Director's Letter
This month the Department of Homeland Security released the long-awaited and much anticipated notice of proposed rulemaking for REAL ID, "Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes" (Docket No. DHS-2006-0030), available at http://www.regulations.gov. The document is long, so unless you have a lot of time on your hands, good luck reading the whole thing in one sitting. I went right to the important stuff – the MRT (machine readable technology). There on page 19, I found that the “proposed regulation would mandate the use of the PDF-417 2D bar code as the common MRT standard and DHS proposes to adopt most of the mandatory data elements described in the 2005 AAMVA Driver’s License/Identification Card Design Specifications, Annex D, as its MRT data elements model. PDF417 is a two dimensional, open source (public domain) barcode that is used to store and transfer large amounts of data inexpensively." Inexpensively is the key word here. This is where the document and DHS recommendation fall short. The core reason for the REAL ID legislation in the first place was supposed to be improved security, not the least expensive solution for storage and transmission of data that states could agree on. According to the opening summary, these new standards are intended to provide “physical security of the driver’s licenses and identification cards to prevent tampering, counterfeiting, and duplication of the documents for a fraudulent purpose.” Since this goal is stated up front, one could expect that the subsequent sections in the document would explain how the new driver’s license standard would go about achieving that goal. Instead DHS acknowledges that because 2D bar code readers are extremely common, there is a possibility that the data could be captured from the driver’s licenses and identification cards and accessed by third parties by reading the card’s 2D bar code. DHS failed to acknowledge that the proposed rulemaking has done nothing to prevent tampering with or illegal production of fraudulent driver’s licenses, since there is no active security in 2D barcodes that would prevent someone from altering or replacing a 2D barcode with a fake one. It appears that DHS decision weighed current state and AAMVA use and the relative expense of the implementation more than anything else in the decision to specify 2D bar code technology. In doing so, DHS is missing the once in a generation opportunity to set a higher standard for secure identity for U.S. citizens as has already been done by the international community (as led by ICAO and strongly supported by our State Department), who has specified new, stronger security standards for passports that will be used by citizens and foreigners to enter our country. Since our federal government is asking individual states to pay the lion’s share of the driver’s license implementation, a different standard of security was used in this recent DHS decision. DHS is inviting public comment on this proposed rulemaking and I would encourage all members to submit your views to DHS on this controversial document by the May 8th deadline. With the 6th Annual Smart Cards in Government Conference (April 10 – 13) just around the corner, you can bet that REAL ID and other federal identity initiatives including TWIC, Registered Traveler, ePassport, WHTI, and of course HSPD-12 will be a major part of the agenda. One of the best aspects of this annual conference each year is the dialog that takes place between the government policy makers, industry suppliers, and informed citizens about the tough choices and complex issues involving identity credentials and government. If you haven’t registered yet, there is still time to do so. With the extra room we gained by holding the event at the Reagan Building in beautiful downtown Washington, DC, we have room for more conference attendees and exhibitors than ever before – and we will be accepting registrations onsite as well. See you there!
Sincerely, Randy Vanderhoof
|
|
