Thread: No Fix for Real ID - oppose S.717 and H.R.1117

Originally Posted by jp_48504

Perhaps you are not as experienced with computers as I am, but nonetheless, to those who have read and studied the facts of the Real ID, ignore MW's rhetoric.

Experience in computers probably does make a difference in opposing the REAL ID. Having that knowledge is certainly why I oppose this legislation. Additionally, experts like world-renowned security specialist Bruce Schnier are opposed to the REAL ID from a security perspective.

I have shown on another thread why the REAL ID fails from a technological standpoint and how it greatly assists identity thieves. I took the silence that met that argument as confirmation that it was correct. But here it is again. If you are a rational person, you have to agree that the below is a problem and serious flaw of the REAL ID.

The REAL ID requires common machine readable technology. In other words, it would be easy to obtain a machine that can read the data on the back of the REAL ID. According to Sen. Akaka, that info is unencrypted. This means that anything the government wants to store on the REAL ID is easily and widely accessible to anyone with minimal time and effort. I see one such reader on ebay right now for $50.

Furthermore, all you need to open a credit card account is a name, date of birth, and social security number. You can lease and buy cars. You can get insurance. You can open bank accounts. One could even withdraw the life savings of another from certain banks with this info. This is not hyperbole. The REAL ID stores all necessary information in one place - it is a single point of failure. Losing my REAL ID card provides a one-stop shop for anyone who would want to steal my identity. Because the REAL ID unencrypted, easily accessible, and stores the amount of data it does, identity theft will be greatly assisted by the REAL ID Act.

apropos,
Most security experts do agree that this id creates a one stop shop for id thieves. Even if the information was encrypted, it wouldn't take long for a hacker to come up with an algorithm to decrypt it. Even if they used 1024 bit Encryption which is 4 times higher than most web sites, it wont be long before that is hacked as well. http://www.infoworld.com but too many people refuse to look at the big picture and that is simply the Real ID is a Real Mistake.

At the risk of jumping into the fray -

And, first let me add that my opinion on this, is straight down the middle.
I'm 50% against, and 50% for the REAL ID.

Having said the above, let me also add that: yes, I think there are very real concerns about the integrity of the structure and procedures outlined in the law. Anyone has a bonafide reason to be concerned about this stuff. The sad fact is, there is no shortage of governmental abuses into the private lives of it's citizens. At the same time, as a former Federal employee, I will also say that the overwhelming majority of people on the Federal payroll are honest, hard-working people just trying to do a job. I don't believe there is any over-representation or predisposition of evil people just because they find a job in government. There are plenty of other equally evil persons working in private industry - in big and small business, possibly in education, etc.

Second, I also believe that we have to do <something> to improve the granting and overall integrity of ID in the country. While I'd like to not have to make this a Federal initiative and let the states pick up the ball and run with it, I also fear that there is an impetus for some states to want to water-down the regs. for to political reasons. So, I honestly do not believe a state-by-state approach will work in the end as well (look at the ongoing Driver's License debate as a rough corollary).

So... after all that, here are my questions. I will try to distribute the pain equally to both sides - as to be fair and impartial as possible. Again, I am not taking sides, but am curious to hear the answers from two of the strong proponents and opponents of REAL ID.


MW: How can the Federal government be trusted to enact a national ID system given the failures to have standard and secure systems of ID at even the state level? (eg. what is different, and implied 'better' about the Federal approach that states should be removed from governing this process?)

jp: Given that many other countries of the world have de facto 'national ID cards' and such identification is now routine and a key method to identify citizens of such countries and these nations function in a manner unlike 'Nazi Germany', do you believe that ANY system of national ID is possible, or will it always be bad - regardless of the particular structure and procedures built into the system? (eg. is it just this particular REAL ID that is bad, or is it ANY Federal ID system that is bad?)

Because the REAL ID unencrypted, easily accessible, and stores the amount of data it does, identity theft will be greatly assisted by the REAL ID Act.

But, doesn't this amount to the irrefutable assertion? How do you KNOW that? You can think it, you can claim it, but how do you know for sure? Greater accessibility can also lead to greater transparency too.
Would you be for it if the data were encrypted?

The fact is the Real ID Act is not going to just help create a NATIONAL ID, instead it is helping to create an INTERNATIONAL Biometric ID Card. The world is being enrolled into a single global biometric ID system through documents purported to establish and authenticate identity - passports, driver's license Social Security card and others.

On March 1, 2007 REAL ID's "Notice of Proposed Rulemaking" was issued, revealing REAL ID's global biometric connection. The three main entities driving this system are: The Department of Homeland Security, The American Association of Motor Vehicle Administrators, (AAMVA) and the International Civil Aviation Organization (ICAO).

AAMVA is an international association of motor vehicle and law enforcement officials and is responsible for international biometric driver's license ID card standards and an international information sharing agreement.

ICAO monitors travelers, designed biometric "e-passports" required for "Visa Waiver Nations" and is affiliated with the United Nations.

Together, DHS, AAMVA and ICAO are fulfilling the three elements necessary for a global biometric system. The fact is, whether it is your intention or not, by including Sections 201 and 203 into the SAVE Act, you are aiding this international ID effort. This won’t increase security, but rather prepare us for a tyranny unknown in human history.

Center Opposes SAVE Act. You should check this out at, http://www.newswithviews.com/DeWeese/tom105.htm

What I'm getting is that the Save Act and the Real ID are intertwined.
I posted a letter this morning in general discussion RE: Tom DeWeese's response to Roy Beck. See " Save Act Yes Or No ?
It's confusing, to say the least.

Originally Posted by Once_A_Democrat

MW add Terry Anderson to the list of supporter for the RealID. He has said it many times and he doesn't understand why someone would be against it.

Terry Anderson is a stellar proponent of securing our borders, and stopping the illegal invasion. I've heard him say on Kevin Shannon's old radio show, and on Peter Boyles' that he is very narrowly focused on illegal immigration, and that he doesn't talk about issues like the North American Union. Without delving into SPP/NAU, I think Terry is missing the big picture, via REAL ID.

Terry is also rightfully very cynical about our elected officials and unelected bureaucrats, and their roles in facilitating the illegal invasion. I can't help but wonder why he thinks this legislation, that was tacked onto an Iraq appropriations bill, and championed by DHS, is on the up and up. I also wonder if he's aware of the loopholes writen into the legislation for "immigrants".

But, doesn't this amount to the irrefutable assertion? How do you KNOW that? You can think it, you can claim it, but how do you know for sure? Greater accessibility can also lead to greater transparency too.
Would you be for it if the data were encrypted?

The basis for this assertion comes from the findings of Senator Akaka, who is the chairman for the Senate Homeland Security and Governmental Affairs Committee (in charge of implementing the REAL ID).

"The massive amounts of personal information that would be stored in state databases that are to be shared electronically with all other states, as well as the unencrypted data on the Real ID card itself, could provide one-stop shopping for identity thieves," Sen. Daniel Akaka said at a Senate Homeland Security and Governmental Affairs Committee hearing April 29, [2008].

Even if the data was encrypted, that would not solve the fundamental problem of the REAL ID, which is: the government is storing all information in one place, which makes it a single point of failure. It would not protect against insider attacks, such as the recent data breaches of Clinton and Obama passport information by official subcontractors highlighted. Also, key management - not to mention secure key management - would be an absolute nightmare if they wanted to encrypt the data. There is also the "common machine readable" requirement of the REAL ID Act, which is something that does not seem to go particularly well with encrypting the data.

There are enough facets of in encryption - is the key transported securely? is the cipher mathematically sound? are parties in possession of the infrastructure reputable? are insider attacks impossible? have computers become powerful enough to break our cipher? is there ample profit here for someone to put forth the time and effort to break the encryption? will advances in mathematics render the cipher easily reversible? - to say that no, I would not treat encryption as an ample security measure of the REAL ID. It's still a single point of failure. And our government has shown it can''t even build a border fence.

PhredE wrote:

MW: How can the Federal government be trusted to enact a national ID system given the failures to have standard and secure systems of ID at even the state level? (eg. what is different, and implied 'better' about the Federal approach that states should be removed from governing this process?)

Good questions, and I will attempt to answer them to the best of my ability, PhredE.

The federal government is not enacting a national ID system. What the feds are doing is simply requiring that all states adhere to a set minimum standard in the issuance of a "secure" driver's license, and/or identification card. Responsibility for issuance of the "secure" driver's license still rests with the state DMV, nothing has changed in that regard. However, enhanced security will now require that the states verify the authenticity of each document submitted to obtan the "secure" ID. The documents will be scanned and copied into the state maintained database. While it's true that each state can link nationally to other state databases, I'm not sure that alone qualifies the ID as a National ID Card. Linking nationally will allow the state DMV to check for licenses that may be held by an individual in other states. It will also reveal outstanding warrants issued by other states. All this information will be provided simply through a scan of the Real ID. Furthermore, Real ID should prove to be an extremely valuable tool for local law enforcement.

I don't personally profess to know every security requirement the individual state DMV will be required to incorporate into their systems. However, let it be known that I welcome a plan that forces every state to play by the same rules. For example, let's look at New Mexico - they're supposedly issuing driver's licenses like candy to the many illegals that have flooded into the state over the last few years. Theoratically, Real ID could put the skids on states that fail to differentiate between citizens and illegals when issuing driver's licenses. I suspect that there won't be many illegals who will step forward for a driving permit that paints a big bullseye on their forehead labeling them as an illegal. As for immigrants on a temporary visa, Real ID requires that their license expire when the visa does. In other words, should a visa holder decide to stay beyond visa expiration, their life will suddenly get much tougher because they will not be able to renew their license. Additionally, all illegal aliens that currently have a valid license will no longer be able to renew their licenses because they will be required to produce verifiable documentation of status.

If I failed to satisfy your questions sufficiently, please let me know. Thanks for the question, PhredE.

Thanks apropos, MW.

apropos - Thanks for the answer/reply. Just a couple of quick follow-up points... 1. I am basically in agreement with on on the computing/security side of the argument. I do have some basic knowledge of the area, and do appreciate and believe your criticisms there. 2. I think the one monkey wrench to the concept of the plan is this: the difference between a single point of failure vs. what conditions exist now, is that there are other ways to do the ID theft and compromising of a person's data. It is just done in a sloppier, less efficient way (eg. multiple failure points vs. a single one) - the result, however, is basically the same. I guess I'm still only 50% convinced. Thanks

MW - You did fine. I was trying to get at the relations between the state's involvement and the Federal government in steering the rules and protocols behind all this. It seems a big part of this debate centers around, and hinges upon, the relations and actual mechanics of how the Federal government is going to structure and or implement the cooperative use of state databases. From a purely structural computing perspective, it is not at all necessary for a single central physical database to be the sole repository of state-specific information. State's could easily (and, in fact, often already do...) house and maintain their own databases but simply create web services to securing share / distribute information within those databases. I don't believe the contention that 1 single physical "Federal" database need even exist. Feds could easily and securing gain access via a specific protocol designed to share the information.
I think this is what a your answer outlines or alludes to overall. Thanks

jp: Given that many other countries of the world have de facto 'national ID cards' and such identification is now routine and a key method to identify citizens of such countries and these nations function in a manner unlike 'Nazi Germany', do you believe that ANY system of national ID is possible, or will it always be bad - regardless of the particular structure and procedures built into the system? (eg. is it just this particular REAL ID that is bad, or is it ANY Federal ID system that is bad?)

I'll repeat this one more time in case no one has read it, there is no such thing as a secure database

There is no such thing as a safe federal Identity system. The feds know that they cannot even create a national id card, so they do it through legislation which could not be passed on its own merit.

Any government who has overstepped its authority in gathering too much data about its citizens has the potential of becoming another Germany or USSR. China keep tabs on all of its citizens and anyone who has a bible in that country has to register it. Those who speak up against their government end up having to flee the country, in prison or executed.

This system is full of holes and full of opportunities for abuse. A Government who collects DNA, Financial records, medical records, education records in a fusion center is bad enough.

Now the feds want to collect biometrics, birth certificates( with mother's maiden name) and social security number (if you don't have one, too bad) and allows for DHS to add anything they want to the cards, which could include DNA, fingerprints, religious or political affiliations without oversight. No governmental agency should have unfettered authority.

Originally Posted by PhredE

Thanks apropos, MW.

apropos - Thanks for the answer/reply. Just a couple of quick follow-up points... 1. I am basically in agreement with on on the computing/security side of the argument. I do have some basic knowledge of the area, and do appreciate and believe your criticisms there. 2. I think the one monkey wrench to the concept of the plan is this: the difference between a single point of failure vs. what conditions exists now, is that there are other ways to do the ID theft or compromises with a person's data. It is just done in a sloppier, less efficient way (eg. multiple failure points vs. a single one) - the result, however, is basically the same. I guess I'm still only 50% convinced

PhredE,

When looking at the REAL ID, and those in the Federal Government that are enthusiastic boosters of it, please consider the following rhetorical question: If the REAL ID's real purpose is to make it harder for illegal aliens and terrorists to get driver's licenses, why is George W. Bush so keen on it, when he's done everthing in his power since taking office, to encourage the illegal invasion?

If preventing terrorists from entering the country and then getting drivers' licenses was a big priority for the Bush Administration, securing the borders would have been the logical first step, post-9/11

Here's a White House statement on it: www.politechbot.com/docs/bush.id.endorsement.020905.pdf