As of today, the Real ID Act—which will require all US IDs to meet minimum federal security standards—enter the first stage of its multi-year enforcement. That has a lot of people pretty nervous; whether legislators use the term or not, it smells an awful lot like a national ID card. But what is Real ID, exactly?
In 2005, President Bush signed an $82 billion military spending bill, part of which went towards creating an electronically readable, federally approved standard for all American ID cards. Currently, each state's ID card can be wholly different from one another; non-uniform ways of reading means that actually determining if the card is legitimate becomes nearly impossible beyond state lines. Real ID would end that confusion.
In a way, this act is merely the next step toward implementing the 9/11 commission report's ID card recommendations made back in 2004. In other words, legislators are hoping that more secure ID cards will help hinder terrorism. While the bill was still being debated back in 2005, Rep. F. James Sensenbrenner (R-WI) noted:
[It will] hamper the ability of terrorist and criminal aliens to move freely throughout our society by requiring that all states require proof of lawful presence in the U.S. for their drivers' licenses to be accepted as identification for federal purposes such as boarding a commercial airplane, entering a federal building, or a nuclear power plant.
Basically, any ID card will now be required to contain a minimum amount of data, be accessible by other states, contain security and fraud prevention standards, and have all backing documents verified.
The first phase of Real ID—the one kicking in today—only applies to the Department of Homeland Security (DHS). The vast majority of us won't notice its effect for a long time, if ever. In fact, twenty-one states already have IDs that comply, with 20 more well on their way. The only time you might run into a problem is if you have an outdated state ID a few years from now and you try to enter a federal building or travel, well, anywhere.
So with most states getting ready to comply and the final phase of the Act's rollout not coming until 2016 at the earliest, it's easy to wonder why we should even care that the government wants to set security standards for our legal identification cards.
For starters, the DMV is going to be even more of a hellscape than it is today. Once Real ID is fully implemented—no matter which state you're in—you're going to need a photo ID, documentation of birth date, documentation of legal status (i.e. a valid visa) and/or social security number, and documentation of your name and principal address.
Then, as soon as you hand that stack over, DMVs are going to have to verify the legitimacy of every single one of those documents—a vetting process that the states will be covering largely out of their own pocket (just like almost every other aspect of the bill that forces a change in protocol). Once verified, the documents will be digitized and permanently stored in a state database.
The IDs themselves will, in many cases, need to be more information-dense than ever before. In order for a state to be compliant, its ID must contain your full name, signature, date of birth, gender, ID number, principal address, and a front-facing photograph. All of this needs to be accessible in the form of machine readable data—bar codes, smart card technology, etc. And although the prospect of RFID chip-embedded cards had been tossed around, at least for now, that particular stipulation (fortunately) has yet to make it into actual law.
None of this would really be a problem if it was just about upping anti-counterfeit standards across the board. But complying with the standards isn't quite enough; in order to qualify for any federal funding, states are required to link their databases with every other states' so as to "provide electronic access by a state to information contained in the motor vehicle databases of all other states."
While some states were already sharing some of their DMV-collected details, the Real ID Act mandates that this national pool of private info has to include photographs conducive to facial recognition—a scary thought for most. Basically, anyone with access to this database—which is many people in the government!—would have more information on you than they could ever hope for, all with a simple, innocuous face scan.
Of course, the supposed reasoning behind connecting the databases has to do almost entirely with catching potential terrorists, duplicate applications, and illegal immigrants. According to Richard Sobel, a public opinion expert currently acting as a Northwestern visiting scholar:
Digital photos in the Homeland Security databank can be used to match anyone anywhere using facial recognition surveillance technology. Because the standards are cross-national and the U.S. exchanges information with other governments and global organizations, the digital photos will probably be shared with foreign and international intelligence and police agencies.
While you won't be required to have it on you at all times or necessarily use it in any non-government-related capacity, the fact that we'll now have a searchable database of virtually every American citizen could qualify Real ID as a national ID card.
That doesn't mean that the US is going to turn into a police state overnight, or ever. But concerns do seem to be at least somewhat justified. According to Barry Steinhardt, the director of the American Civil Liberties Union's technology and Liberty program:
It's going to result in everyone, from the 7-Eleven store to the bank and airlines, demanding to see the ID card. They're going to scan it in. They're going to have all the data on it from the front of the card...It's going to be not just a national ID card but a national database.
While Steinhardt's prediction is probably more than a little extreme, as we know all too well by now, that sort of data is a goldmine to the very people you least want to have access to it. Hackers, of course, would be particularly attracted to a national ID database; any encryption we try to pile would probably be a mere speed bump to the more dexterous cyber criminals.
But there's another type of fiend who would love nothing more than to get hold of all that precious data: marketers. A database of this sort would be the ultimate source of mass mailings, targeted marketing, and any other number of obnoxious sale tactics.
The chances of your state not complying are pretty slim. Today, 21 states are already in compliance with the Real ID standards soon to go into effect: Alabama, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Iowa, Indiana, Kansas, Maryland, Mississippi, Nebraska, Ohio, South Dakota, Tennessee, Utah, Vermont, Wisconsin, West Virginia, and Wyoming.
What's more, 20 states are supposedly "on the pathway toward achieving" compliance: Arkansas, California, District of Columbia, Guam, Idaho, Illinois, Michigan, Missouri, New Hampshire, Nevada, North Carolina, North Dakota, Oregon, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, Texas, U.S. Virgin Islands, and Virginia.
And that leaves us with the 15 black sheep that are not yet Real ID compliant: Alaska, American Samoa, Arizona, Kentucky, Louisiana, Maine, Massachusetts, Minnesota, Montana, New Jersey, New Mexico, New York, North Marianas, Oklahoma, and Washington State.
So what happens to those states if they don't comply? Their cards will be marked along with a statement that they're not to be accepted by any federal agency. You also, again, won't be able to board a plane or access federal services.
Could this be the extent of the government's regulation on identification cards and their subsequent mass database? Sure! And that would be intrusive but understandable. If the NSA revelations of the last year are any indicator, though, Uncle Sam is going to do what he wants with as much information as he can possibly get. Real ID is just streamlining the process.
Image: Shutterstock/Jim Barber