www.al.com


Sunday, June 05, 2005
JOSEPH MENN
Los Angeles Times

A federal law designed to make it harder to assume someone else's identity may instead have the opposite effect, critics of the measure say.

The Real ID Act, attached to a crucial bill for military spending and tsunami relief that was signed by President Bush on May 11, sets new rules for issuing driver's licenses and requires states to share electronic access to their records.

The standards are intended to weed out impostors applying for licenses, in part by requiring state employees to check on the validity of birth certificates and other supporting documents. After states adopt the necessary changes, anyone applying for or renewing a license will get one reflecting the new standards.


But once the law takes full effect three years from now, it will also give many more bureaucrats access to personal information on people nationwide. And it will add more data to each file - including digital copies of documents with birth and address information.

To some industry experts and activists concerned about the fast-growing crime of identity theft, putting so much data before more eyes guarantees abuse at a time when people are increasingly concerned about who sees their personal information and how it gets used.

It's a gigantic treasure trove for those who are bent on obtaining data for the purpose of creating fake identities," said Beth Givens of the nonprofit Privacy Rights Clearinghouse. Armed with a stranger's name, Social Security number and date of birth, it's not hard for fraudsters to take out bogus loans that can wreck a victim's credit record.

The new licenses themselves must contain some data - as yet unspecified - that can be scanned electronically like a credit card reader. Virtually all states make machine-readable cards now, but they use differing technologies.

Critics predict the standardization will prompt many more merchants to scan customer licenses and then pass on the information to such data brokers as ChoicePoint Inc. and LexisNexis. The databases of both ChoicePoint and LexisNexis have been exploited by identity thieves.

"There's no data-protection law, so it can be sold to companies like ChoicePoint," said Bruce Schneier, the author of several books on security technology. "It would be silly not to, since it's a revenue stream."

The concerns of privacy advocates received little airing before the bill became law. Greater attention went to the bill's changes in the procedures for people requesting political asylum, its treatment of other immigrants, and what some decried on civil liberties grounds as a move toward a national identification card.

But the more basic provisions in the law might have the most profound effect on ordinary Americans already beset by a rising tide of identity theft and related credit card fraud.

"We will have all this information in one electronic format, in one linked file, and we're giving access to tens of thousands of state DMV employees and federal agents," said American Civil Liberties Union Legislative Counsel Timothy Sparapani.

The bill was introduced following a recommendation of the 9/11 Commission that the United States should strengthen its means for identifying people. Noting that some of the 9/11 hijackers held fraudulent papers that helped them rent cars and board planes, the panel wrote that "sources of identification are the last opportunity to ensure that people are who they say they are."