Alliance Activities : Publications : REAL ID NPRM Response
Smart Card Alliance Response to the Department of Homeland Security Federal Register Notice, “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes”
- Click here to download the complete response.
The Smart Card Alliance is hereby submitting comprehensive comments in response to the Department of Homeland Security (DHS) Notice of Proposed Rulemaking (NPRM) for REAL ID driver’s licenses and identification cards [REAL ID NPRM] (6 CFR Part 37, Docket No. DHS-2006-0030, RIN 1601-AA37, Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes; Proposed Rule).
The purpose of the REAL ID Act of 2005 is to provide a trustworthy driver’s license or identification card issued by States whose purpose:
“includes but is not limited to accessing Federal facilities, boarding federally regulated commercial aircraft, entering nuclear power plants, and any other purposes that the Secretary shall determine.”
The REAL ID Act emphasis is also on the application, proofing and vetting of the individual’s identity, and the authentication of the individual’s documented credentials.
The actual REAL ID document is required among other things to support:
“(8) Physical security features designed to prevent tampering, counterfeiting, or duplication of the document for fraudulent purposes.
(9) A common machine-readable technology, with defined minimum data elements.”
It is the opinion of the Smart Card Alliance that the published DHS REAL ID NPRM fails to adequately address (8) and (9) above, by:
- Providing weak document security by using only printed security features and selecting a static technology (PDF-417 2-dimensional bar code) which will lead to counterfeiting and fraudulent card creation;
- Providing no linkage of the bearer of the card to the card itself by relying on authentication of the bearer by human inspection of visual card components only;
- Providing no ability to secure the information stored in the machine-readable technology (MRT) and protect citizen privacy;
and therefore will not meet the purpose and intent of the REAL ID Act of 2005.
In addition, the REAL ID NPRM:
- Fails to consider other national and international standards for identity documents that have already addressed the need for strong document security and protection of citizen privacy.
- Incorrectly dismisses smart card technology from consideration by states and mis-states its applicability to a REAL ID driver’s license or identification card.
- Does not consider how smart card technology provides a cost-effective solution for REAL ID driver’s licenses and identification cards that not only improves privacy and security, but also allows states to leverage their significant investment in REAL ID documents and processes for other identification programs and government applications.
The Smart Card Alliance supports driver’s license reform and DHS efforts to specify processes and technologies to meet the requirements of the REAL ID Act. However, the REAL ID NPRM falls woefully short in its specification of the common MRT to be used by all states. 2D bar code technology is inadequate to meet the security and privacy requirements mandated by the REAL ID Act and is not consistent with international and U.S. standards that have been set for secure identity documents. The selection of an antiquated, insecure technology for the next generation of driver’s licenses is also short-sighted in not recognizing the opportunity that this affords for states to issue driver’s licenses that can be used for identity verification for other government applications.
The Smart Card Alliance recommends that DHS reconsider the MRT chosen for REAL ID driver’s licenses and identification cards and specify smart card technology as the common MRT to be implemented in all REAL ID documents. The same smart card technologies that have been chosen to improve and protect the identity documents used in a wide range of Federal and international identity applications should be used to secure the federally-mandated REAL ID driver’s licenses and identification cards that citizens will be required to use (and almost certainly pay for) if they are to gain access to the locations and services restricted by the REAL ID Act. Smart card technology is cost-effective and proven, can meet the security requirements of the REAL ID Act, and can protect the privacy of citizens’ personal information. In addition, smart card technology offers states a technology platform that provides the flexibility for REAL ID driver’s licenses and identification cards to respond to future opportunities.
The incorporation of smart card technology into REAL ID driver’s licenses and identification cards makes the REAL ID document a valuable citizen identity credential within our demanding information society. Having an electronic identity verification device in the hands of all citizens can enable a host of applications that presently lack a trusted identity authentication credential. The Federal Trade Commission (FTC) recently released a strategic plan for better authentication in our society as a countermeasure to identity theft. A smart card-based REAL ID credential is the most appropriate platform to significantly improve the trust and reliability of identity in our society. A trusted federally-specified, state government-issued citizen electronic identity credential would also form the foundation to stimulate e-commerce and e-government applications in our society.
- Click here to download the complete response.
About this Document
The Smart Card Alliance Identity Council developed and submitted this response to the Department of Homeland Security Federal Register notice, “Minimum Standards for Driver’s Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes,” Docket No. DHS-2006-0030.
The response was submitted to the Department of Homeland Security on May 7, 2007.