Results 1 to 10 of 13
Thread: The REAL ID Final Rules Are Out
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
-
05-29-2008, 11:52 PM #1
- Join Date
- Mar 2006
- Location
- Santa Clarita Ca
- Posts
- 9,714
The REAL ID Final Rules Are Out
This web site has all the info
http://www.unrealid.comJoin our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)
-
05-30-2008, 12:11 AM #2
Here is an opinion piece on the Real ID.
(quote)
Elizabeth Marsh Cupino
The Great Free State
Originally published May 29, 2008
O say, can't you see? Maryland is the birthplace of American liberty.
We're still trying. Maryland is one of only five states holding out on compliance with the federal REAL ID program. For the moment, anyway.
It looks like Gov. Martin O'Malley will ultimately cave in, toe the line with the unfunded REAL ID mandate, and retool the system that issues driver's licenses and other IDs. Otherwise, a Maryland ID will not be adequate documentation to get you on a plane to Cancun or into a Smithsonian exhibit.
I have a Real Problem with REAL ID. It's not so much about proof of citizenship. It's about Big Brother.
The Real purpose of REAL ID is to get every American citizen logged into the federal government's big central databases. Don't believe me? Check out Section 203 of the REAL ID Act: "Linking of Databases." Why isn't anybody picketing about this outside Maryland's MVA offices?
I'm not trying to say that the REAL ID program is, like, the Mark of the Beast or anything. I'm just saying it's another tentacle of a giant, radioactive federal surveillance octopus reaching in and attaching its suckers to our private information.
Besides the National Crime Information System and the National Instant Criminal Background Check System (which tracks everyone who's ever had a mental illness, been dishonorably discharged from the armed forces, or been "an unlawful user of or addicted to any controlled substance"), there's a big push by the FBI to get fingerprints and DNA from every person in this country. Congress recently passed legislation to prevent discrimination on the basis of genetic information, but somehow I'm not reassured.
The Bush Administration is establishing nationwide interoperable (shared) electronic medical records. It will be a requirement by 2014. As if giving the IRS all our financial information wasn't enough -- now your bout with Hep C or chronic fatigue syndrome will be captured and catalogued in a federal system.
(quote) clip
http://www.fredericknewspost.com/sectio ... ryID=75590
Romans 5:8Matthew 19:26
But Jesus beheld them, and said unto them, With men this is impossible; but with God all things are possible.
____________________
Join our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)
-
05-30-2008, 12:15 AM #3
- Join Date
- Jan 1970
- Location
- Round Rock, TX
- Posts
- 363
Looks like California DMV is already meeting all the requirements for the real ID.
-
05-30-2008, 12:20 AM #4
- Join Date
- May 2007
- Location
- South West Florida (Behind friendly lines but still in Occupied Territory)
- Posts
- 117,696
4410-10
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
6 CFR Part 37
Docket No. DHS-2006-0030
RIN 1601-AA37
Minimum Standards for Drivers' Licenses and Identification Cards Acceptable by
Federal Agencies for Official Purposes
AGENCY: Office of the Secretary, DHS.
ACTION: Final rule.
SUMMARY: The Department of Homeland Security is establishing minimum standards for State-issued drivers' licenses and identification cards that Federal agencies would accept for official purposes on or after May 1 1,2008, in accordance with the REAL ID Act of 2005. This rule establishes standards to meet the minimum requirements of the
REAL ID Act of 2005. These standards involve a number of aspects of the process used to issue identification documents, including: information and security features that must be incorporated into each card; application information to establish the identity and immigration status of an applicant before a card can be issued; and physical security standards for facilities where drivers' licenses and applicable identification cards are produced. This final rule also provides a process for States to seek an additional
extension of the compliance deadline to May 1 1,20 1 1, by demonstrating material compliance with the core requirements of the Act and this rule. Finally, taking into consideration the operational burdens on State Departments of Motor Vehicles, this rule extends the enrollment time period to allow States determined by DHS to be in compliance with the Act to replace all licenses intended for official purpose with REAL ID-compliant cards by December l,20 14 for people born after December 1,1964, and by December 1,20 1 7 for those born on or before December 1,1964. DATES: Effective Date: This rule is effective [INSERT 60 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER].
Com~lianceD ates: Extensions: Effective May 11,2008, Federal agencies
cannot accept drivers' licenses or identification cards for official purposes, as defined herein, from States that have not been determined by DHS to be in compliance with the REAL ID Act unless a State has requested and obtained an extension of the compliance date from DHS. States seeking extensions must submit a request for an extension to DHS no later than [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION IN THE
FEDERAL REGISTER]. Effective December 3 1,2009, any initial extension will terminate unless a State, no later than October 11, 2009, submits to DHS a request for an additional extension and certification that the State has achieved the benchmarks set forth in Appendix A to part 37. Effective May 1 1,201 1, drivers' licenses and identification cards will not be accepted from States that are not in full compliance with the provisions of REAL ID.
Enrollment: Effective December 1,20 14, Federal agencies cannot accept drivers' licenses or identification cards for official purposes, as defined herein, from any individual born after December 1, 1964, unless DHS has determined that the issuing State is in compliance with Subparts A through D of this rule and the card presented by the individuals meet the standards of this rule. Effective December 1,201 7, Federal agencies
will not accept any State-issued drivers' licenses and identification cards for official purposes unless such cards have been issued by States that have certified to DHS their compliance with Subparts A through D of this rule.
FOR FURTHER INFORMATION CONTACT: Darrell Williams, REAL ID Program Office, Department of Homeland Security, Washington, DC 20528 (202) 282-9829.
SUPPLEMENTARY INFORMATION:
Abbreviations and Terms Used in This Document
AAMVA-American Association of Motor Vehicle Administrators
ACLU-American Civil Liberties Union
CAC-U.S. Department of Defense Common Access Card
CDLIS-Commercial Drivers License Information System
CHRC-Criminal History Records Check
CRBA-Consular Report of Birth Abroad
DHS-U. S. Department of Homeland Security
DMV-Department of Motor Vehicles
DOS-U.S. Department of State
DOT-U.S. Department of Transportation
EAD-Employment Authorization Document
EDL-Enhanced driver's license and identification card
EVVE-Electronic Verification of Vital Events
FOIA-Freedom of Information Act
IAFIS-Integrated Automated Fingerprint Identification
ICAO-International Civil Aviation Organization
ID-Identification Card
JPEG-Joint Photographic Experts Group
LPR-Lawful Permanent Resident
MRZ-Machine Readable Zone
NAPHSIS-National Association of Public Health Statistics and Information Systems
NASCIO-National Association of State Chief Information Officers
NCSL-National Conference of State Legislatures
NCIC-National Crime Information Center
NGA-National Governors Association
NPRM--Notice of Proposed Rulemaking
PII-Personally Identifiable Information
RFID-Radio Frequency Identification
SAVE-Systematic Alien Verification for Entitlements
SEVIS-Student and Exchange Visitor Information System
SSA-Social Security Administration
SSI-Sensitive Security Information
SSN-Social Security Number
SSOLV-Social Security On-Line Verification
TIF-Tagged Image Format
TSA-Transportation Security Administration
TWIC-Transportation Worker Identification Credential
USCIS-U.S. Citizenship and Immigration Services
WHTI-Western Hemisphere Travel Initiative
Table of Contents
I. Background and Purpose
11. Discussion of the Final Rule
A. Extension of Deadlines and Material Compliance Checklist (Appendix A)
B. Implementation Dates
C. Verification and Data Exchange Systems Architecture
D. Marking of Compliant REAL ID Documents
E. Bar on Issuance of REAL ID Documents to Persons Holding Driver's
Licenses from Another State
F. Western Hemisphere Travel Initiative
111. Section-by-Section Analysis of Changes fiom the NPRM
IV. Discussion of Comments
A. General Comments on the Proposed Regulation
B. Scope, Applicability, and Definitions
C. Compliance Period
D. Privacy Considerations
E. State to State Database Queries
F. Document Standards for Issuing REAL ID Drivers' Licenses and
Identification Cards
G. Exceptions Processing for Extraordinary Circumstances
H. Temporary or Limited-Term Drivers' Licenses and Identification Cards
I. Minimum Driver's License or Identification Card Data Element Requirements
J. Validity Period and Renewals of REAL ID Drivers' Licenses and
Identification Cards
K. Source Document Retention
L. Database Connectivity
M. Security of DMV Facilities Where Drivers' Licenses and Identification Cards
are Manufactured and Produced
N. State Certification Process; Compliance Determinations
0. Drivers' Licenses and Identification Cards that Do Not Meet the Standards of
the REAL ID Act.
P. Section 7209 of the Intelligence Reform and Terrorism Prevention Act of 2004
Q. Responses to Specific Solicitation of Comments
V. Regulatory Analyses
A. Paperwork Reduction Act
B. Economic Impact Analyses
C. Executive Order 13 132, Federalism
D. Environmental Impact Analysis
E. Energy Impact Analysis
F. Executive Order 13 175, Tribal Consultation
I. BACKGROUND
A. Statutory Authority and Regulatory History
This final rule establishes minimum standards for State-issued drivers' licenses and identification cards that Federal agencies can accept for official purposes on or after May 1 1,2008, as required under the REAL ID Act of 2005. See, Public Law 109- 13, 119 Stat. 231,302 (May 11,2005) (codified at 49 U.S.C. 30301 note) (the Act).
During the terrorist attacks on the United States on September 1 1,2001, all but one of the terrorist hijackers acquired some form of identification document, some by fraud, and used these forms of identification to assist them in boarding commercial flights, renting cars, and other necessary activities leading up to the attacks. See, THE 911 1 COMMISSIORNEP ORTF, INALR EPORT OF THE NATIONAL COMMISSION ON TERRORIST
ATTACKUSP ON THE UNITEDS TATES (July 2004) (911 1 Commission Report), p. 390. The 911 1 Commission recommended implementing more secure sources of identification for use in, among other activities, boarding aircraft and accessing vulnerable facilities. In its report, the Commission stated Secure identification should begin in the United States. The federal government should set standards for the issuance of birth certificates and sources of identification, such as drivers' licenses. Fraud in identification documents is no longer just a problem of theft. At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.
-Id. at 390.
Congress enacted the Act in May 2005, in response to the 911 1 Commission's recommendations.
Under the Act, Federal agencies are prohibited, effective May 1 1,2008, from accepting a driver's license or a State-issued personal identification card for an official purpose unless the issuing State is meeting the requirements of the Act. "Official
purpose" is defined under $201 of the Act to include access to Federal facilities, boarding Federally-regulated commercial aircraft, entry into nuclear power plants, and such other purposes as established by the Secretary of Homeland Security.
Undoubtedly, the most significant impact on the public of this statutory mandate is that, effective May 1 1,2008, citizens of States that have not been determined by DHS to be in compliance with the mandatory minimum requirements set forth in the REAL ID Act may not use their State-issued drivers' licenses or identification cards to pass through
security at airports. Citizens in this category will likely encounter significant travel delays.
The Act authorizes the Secretary of Homeland Security, in consultation with the States and the Secretary of Transportation, to promulgate regulations to implement the requirements under this Act. Section 205(b) of the Act further authorizes the Secretary of Homeland Security to grant extensions of time to meet the minimum standards of the Act
when States provide adequate justification for noncompliance. The Act does not, however, give DHS the authority to waive any of the mandatory minimum standards set forth in the Act. Those mandatory provisions are set forth below.
Section 202(b) of the Act directs that REAL ID-compliant licenses and
identification cards must include the following information:
(1) The person's full legal name, date of birth, and gender;
(2) The person's driver's license or identification card number;
(3) A digital photograph of the person;
(4) The person's address of principal residence;
(5) The person's signature;
(6) Physical security features designed to prevent tampering, counterfeiting, or duplication of the drivers' licenses and identification cards for fraudulent purposes; and
(7) A common machine-readable technology, with defined minimum
elements.
Section 202(c) of the Act also mandates certain minimum standards that States
must adopt when issuing drivers' licenses and identification cards intended for use for official purposes (referred to as REAL ID-compliant cards). Those standards include, but are not limited to, the following:
The State shall require, at a minimum, presentation and verification of (1) a photo identity document (except that a non-photo identity document is
acceptable if it includes both the applicant's full legal name and date of birth);
(2) documentation showing the applicant's date of birth; (3) proof of the
person's Social Security Number (SSN) or verification that the applicant is
not eligible for a SSN; and (4) documentation showing the applicant's name and address of principal residence. tj 202(c).
The State shall require valid documentary evidence that the applicant is
lawfully present in the United States. Such evidence shall include
documentary evidence that the applicant: (1) is a citizen or national of the
United States; (2) is an alien lawfully admitted for permanent residence or
temporary residence in the United States or pending application for same; (3)
has conditional permanent resident status in the United States or pending
application for such status; (4) has an approved application for asylum in the United States, a pending application for asylum, or has been admitted to the United States in rehgee status; (5) was lawfhlly admitted to the United States using a valid, unexpired nonimmigrant visa; (6) has a pending or approved application for temporary protected status in the United States; or (7) has approved deferred action status. 9 202(c)(2)(B).
States must establish procedures to verify each document required to be
presented by the applicant. The State also shall have entered into a
memorandum of understanding (MOU) with DHS to use the Systematic Alien Verification for Entitlements (SAVE system) to verify the lawful status of an applicant, other than a U.S. citizen. 9 202(c)(3)(C).
States also must confirm with the Social Security Administration (SSA) that the SSN presented by an applicant (as required under 9 202 (c)(l)(C)) is registered to that person. $202(d)(5).
States must ensure the physical security of facilities where drivers' licenses and identification cards are produced; and the security of document materials and papers from which drivers' licenses and identification cards are produced.
9 202(d)(7).
All persons authorized to manufacture or produce cards to appropriate security clearance requirements. 202(d)(.
Physical security features on the drivers' licenses and identification cards
designed to prevent tampering, counterfeiting, and duplication of the
documents for a fraudulent purpose. 9 202(b)(.
The Act also permits a State otherwise in compliance with the Act to issue
drivers' licenses and identification cards that do not conform to the Act's requirements.
See $202(d)(11). Federal agencies, however, cannot accept such drivers' licenses and identification cards for an official purpose and States must ensure that such cards or licenses must state on their faces that a Federal agency may not accept it for an official purpose. See tj 202(d)(1 l)(A). States also must use a unique design or color indicator so that it is readily apparent to Federal agency personnel that the card is not to be accepted for an official purpose. See tj 202(d)(l l)(B).
The Act requires DHS to determine whether a State is meeting the Act's
requirements based upon certifications submitted by each State in a manner prescribed by
DHS.
11. DISCUSSION OF FINAL RULE DHS published an NPRM on March 3,2007, proposing requirements to meet the minimum standards required under the Act. The proposed requirements included information and security features that must be incorporated into each card; application
information to establish the identity and immigration status of an applicant before a card can be issued; and physical security standards for facilities where drivers' licenses and identification cards are produced. For additional information, please see the NPRM at 72 FR 10820.
DHS received over 21,000 comments on the NPRM and supporting regulatory evaluation during the sixty-day public comment period for this rulemaking action.
Responses to those comments are set forth in Section IV of this final rule.
This final rule implements the requirements of the Act, but with significant changes from the NPRM as a result of public comment, as discussed below.
As discussed above, effective May 1 1,2008, Federal agencies are prohibited from accepting for official purposes state-issued drivers' licenses or identification cards unless an issuing State certifies, and DHS determines, that it has met the mandatory minimum requirements of 9 202 of the REAL ID Act. Several States have implemented - or are
working to implement - legislation prohibiting their Departments of Motor Vehicles (DMVs) from complying with the requirements of the Act or any related implementing regulations issued by DHS. DHS wants to make clear that effective May 11,2008, individuals from States who have not obtained an extension of the compliance date from DHS, or who have not submitted a Compliance Package to DHS under the deadlines
provided in this final rule, will not be able to use their State-issued license for federal official purposes, including for identification to board a commercial airplane. Residents of States that do choose to comply, however, through submission of their Compliance Plan or a timely-filed request for an extension, will be able to continue to use their current license to board commercial aircraft (and for other official purposes) through December 1,2014. Effective December 1,2014, Federal agencies will refuse to accept non-REAL ID-compliant drivers' licenses from all persons born before December 1, 1964 (i.e. under the age of fifty). Effective December 1,2017, anyone seeking to use a
State-issued driver's license or identification card for official purpose, including boarding of commercial aircraft, must have a REAL ID-compliant card.
A. Extension of Deadlines
Under section 205(b) of the Act, the Secretary of Homeland Security is authorized to grant extensions of the May 11,2008 compliance date to those States who provide adequate justification for their inability to comply by the statutory deadline. On March 1, 2007, the Secretary of Homeland Security announced, in conjunction with the release of
the NPRM, that the Department would grant extensions to all States requesting extensions, not to exceed December 3 1,2009. In the NPRM, DHS proposed that States that would not be able to comply by May 1 1,2008, should request an extension of the
compliance date no later than February 10,2008, and the proposal encouraged States to submit requests for extension as early as October 1,2007. Under this final rule, States must file requests for an initial extension no later than [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. That initial extension would expire on December 3 1,2009. Pursuant to 8 37.55 of this rule, States
must submit requests for extensions to the REAL ID Program Office. Contact information is provided in the "For Further Information" section of this rule. Requests for extension must be submitted from the highest level executive official in the State overseeing the DMV to the REAL ID Program Office.
DHS received numerous comments from States arguing that the lack of a
centralized verification system would make it impossible for most, if not all, States to comply with the minimum statutory requirements by December 3 1,2009. DHS recognizes the difficulty that many States may have in meeting the statutory requirements under the Act, but emphasizes that the Department has a critical responsibility to ensure
that identification documents used to board commercial air carriers or access Federal buildings are secure documents and adequately prevent persons fiom circumventing Federal security and screening requirements by use of false or fraudulent identification.
In balancing the operational needs of the States against the security
responsibilities of DHS and the Federal Government, DHS has decided to allow States to obtain an extension beyond December 3 1,2009. DHS, however, will only grant a second extension to States that demonstrate that they have achieved certain milestones towards compliance with the Act and the final rule. States unable to demonstrate this progress
will not be able to receive an additional extension. DHS has identified eighteen milestones, captured in the "Material Compliance Checklist," (Appendix A to part 37 of this final rule), that States must certify they have met in order to obtain an extension of the compliance deadline beyond December 3 1,2009. The eighteen milestones are all mandatory requirements under the Act; one of the most important ones, however, is the State's ability to verify that the applicant is l a h l l y present in the United States. Any second extension will terminate effective May 1 1,20 1 1, at which time, as discussed above, the State must begin issuing hlly compliant REAL ID cards.
B. Phased Enrollment Periods
DHS initially proposed that States determined by DHS to be in compliance with the Act and the final rule would have until May 1 1,201 3 to replace all drivers' licenses and identification cards with REAL ID-compliant cards. Under the NPRM, licenses intended for Federal official purposes issued by States on or after May 11,2008 and determined by DHS to be in compliance with the Act and this final rule would be REAL ID-compliant, and the State would have worked to replace existing licenses, through
standard renewal or replacement processes no later than May 1 1,20 13. Until that phased-in enrollment period concluded on May 1 1,20 13, Federal agencies would accept from residents of compliant States both REAL ID-compliant licenses dated on or after May 1 1,2008 or standard licenses issued before May 1 1,20 13. The NPRM also proposed the same phase-in period for States requesting initial extensions of the compliance date until December 3 1,2009, i.e., States receiving an extension would still have until May 1 l,20 13 to enroll their current drivers.
During the public comment period, a number of States and State associations noted that States obtaining an initial extension of the compliance date until December 3 1, 2009, would still be required to enroll their existing driver population (estimated to be approximately 240 million) by May 1 1,20 1 3. This would essentially halve the phase-in
period and create an untenable burden and increased costs on States who were committed to complying with the REAL ID requirements. Several commenters suggested that DHS consider a risk-based approach that would permit States and DMVs to defer enrollment of a proportion of the population that statistically may present a lower risk of obtaining
false or fraudulent identification to, among other potential purposes, circumvent Transportation Security Administration (TSA) passenger screening procedures and requirements or to access Federal buildings with a false identification.
DHS recognizes the significant operational impact on State DMVs if all licenses issued by a State were required to be REAL ID-compliant by May 11,2008, or May 11, 201 3; and believes that an age-based approach is the best way to balance operational concerns against security concerns. DHS has considered the best methodology to target preventive efforts against an individual attempting to fraudulently obtain an identification
document to gain access to a Federal facility, nuclear facility, or commercial aircraft. In the absence of threat reporting about particular individuals, to which the DMVs will not have access, DHS has determined that the most appropriate substitute criteria to apply is age.
DHS has determined that the most logical option to reduce the significant
operational burden on States is to allow States to divide their license-bearing population and re-issue REAL ID-compliant licenses through a two-phased enrollment. This approach would reduce the operational burdens on States, which otherwise would have to reissue licenses to the majority of their license-bearing populations within two years for States requiring and obtaining extensions until May 1 1,201 1. DHS also has determined
that a phased enrollment based on age is consistent with the intent of the REAL ID Act by focusing the first phase of enrollment on the population of persons that may have a higher propensity to obtain and use fraudulent identification.
To determine a logical age to use as a cut-off point for a two-phased enrollment, DHS determined, based on comments received and statistical analysis of incident reports obtained from the TSA, that solely for purposes of establishing an age-based enrollment for compliance with the REAL ID Act, the logical point of division would be to allow States to defer enrollment for persons over the age of fifty. The statistical analysis
supporting this determination was conducted by DHS utilizing TSA incident reports identifying persons arrested or detained for use of fraudulent identification at TSA screening areas during the period from October 1,2004 through July 25,2007. This analysis roughly indicates that persons over the age of fifty were less likely to be involved in TSA-related law enforcement incidents involving false or fraudulent identification. More specific information on the methodology underlying this assessment
is provided in Section 1V.C. below.
Accordingly, DHS, under this final rule, has developed a phased enrollment approach for States who have certified compliance with the requirements of the Act and this final rule, and have been determined by DHS to be in compliance with the Act and this rule. Under this final rule, once a State certifies compliance with the REAL ID Act and this final rule, the State may focus enrollment first on issuing REAL ID-compliant cards to individuals born after December 1, 1964 (those who will be less than fifty years of age as of December 1,2014, the date of full compliance). States may delay the full enrollment of persons born on or before December 1, 1964, for three additional years, until December 1,20 17.
DHS believes that this approach balances the security objective of improving the reliability of identification documents presented for official purposes, including the boarding of commercial aircraft, with the needs of the States to spread out their complikce costs over a greater period of time and to obtain the necessary legal and budgetary approval from within their States to comply with the regulations. DHS also notes that States will be able to reduce their overall compliance costs based on phased enrollment approach. The economic analysis is presented in section V. of this rule.
C. Verification and Data Exchange Systems Architecture
The REAL ID Act requires States to verify supporting documents with the issuing agency. Because our population moves freely among the States, each State will need the capability to verify documents from issuing agencies in all other States. Although the Act places this burden on the States, DHS has worked to consider several technical solutions that would provide States with this capability. DHS has initiated a verification systems design project to define the requirements for the optimal system for REAL ID.
DHS is working with the American Association of Motor Vehicle Administrators (AAMVA), the Department of Transportation (DOT), the Social Security Administration, the Department of State (DOS), the National Association of Public Health Statistics and Information Systems (NAPHSIS), and State representatives to define requirements for a "hub" based network and messaging systems to support the requirements of REAL ID.
DHS is assessing the extent to which the current AAMVA network, communications, and systems architecture can serve as a platform for deployment of REAL ID data verification and State-to-State data exchanges.
The backbone of this hub would be AAMVAnet, the network system that
AAMVA operates to facilitate data verification for State DMVs. DOT is currently funding an ongoing project to upgrade the capability of AAMVAnet by building in such security features as end-to-end data encryption and Federal Information Security Management Act-based security standards. The DOT-funded project will potentially expand AAMVAnet's capability to provide the capacity to handle the increased transaction volume for the required State-to-State transactions. Finally, the AAMVAnet backbone resides on a private network with no connectivity to the Internet. It has been, and will continue to be, a highly secure transportation layer for all communications between States and agency databases.
With respect to data verification, AAMVAnet already supports verification of both social security numbers (SSNs) and birth certificates. These application systems enable States to query the Social Security On-Line Verification (SSOLV) database managed by the Social Security Administration (SSA) and the Electronic Verification of
Vital Events (EVVE) system owned and operated by NAPHSIS. While 47 States currently verify SSNs through AAMVAnet, verification of birth certificates is limited to those States whose vital events records are available online. In both cases only State DMVs can initiate queries; personal data is verified and not exchanged; and no personal
information is created, modified, or stored as a result of the transaction. Working with both SSA and NAPHSIS, DHS is identifjring requirements for enhancements to both application systems.
U.S. Citizenship and Immigration Services (USCIS) is working to modify the SAVE system to allow States to facilitate their ability to meet the verification requirements under the tj 202(c)(3) of REAL ID Act, a requirement that States routinely utilize the SAVE system to verify the lawfkl status of REAL ID card applicants.
Currently, a majority of States have already entered into Memoranda of Understanding with USCIS to access and use SAVE, as required under section 202(c)(3) of the Act.
USCIS is developing a standard user interface to meet all State DMV business process needs for immigration-related transactions and to draft requirements for a common messaging system that takes advantage of the same AAMVAnet standards and infrastructure that support State DMV queries against SSOLV, EVVE, and other Federal and State databases.
DHS also is exploring the alternative of using the Commercial Drivers Licensing Information System (CDLIS) as the baseline platform for supporting the State-to-State data exchange requirements of the REAL ID Act and regulation. CDLIS currently supports queries to every State DMV every time an individual applies for a driver's license in any State or the District of Columbia. CDLIS already meets the data exchange
requirements of REAL ID for those drivers holding commercial drivers' licenses.
Moreover, CDLIS is a secure, State-governed system that stores the minimum amount of personal information possible to facilitate the routing of queries and responses between States. DHS is considering an effort to define system requirements for REAL ID Stateto-State data exchanges based upon the CDLIS model or platform. This project would define a systems architecture for REAL ID State-to-State data exchanges that would leverage the ongoing CDLIS modernization project led by the DOT. DHS will work closely with DOT to build upon current and planned systems designs to meet the requirements of REAL ID.
D. Marking of Compliant REAL ID Documents Section 202(d)(ll) of the Act allows States to issue, in addition to REAL IDcompliant licenses, identification cards not intended to be accepted by Federal agencies
for official purposes. Under the Act, however, any such card must clearly state on its face that it may not be accepted by any Federal agency for federal identification or any other official purpose; and States must use a unique design or color indicator to alert Federal agencies and other law enforcement that it may not be accepted for any such purpose. DHS will leave the types of marking and unique coloring to the discretion of
the individual States, subject to DHS approval as part of the Compliance Package to ensure that DHS officials, such as TSA screeners, can adequately distinguish between REAL ID-compliant cards and those not intended for official purposes.
Based on an analysis of feedback from several cornrnenters, DHS, however, has determined it would be in the best interest of the nation's security for States to place a security marking on licenses and identification cards to allow Federal agencies to more readily determine which States are issuing licenses or identification cards that are REAL
ID-compliant or have been determined to be "materially compliant" (inc1uding verifying that REAL ID applicants are lawfully present in the United States). DHS will work with States concerning marking compliant licenses and identification cards that indicate whether the document was issued in material compliance of the Act's requirements, or in
full compliance of the Act's requirements as set forth in Subpart E of this rule.
E. Prohibition on States Issuing REAL ID Cards to Persons Who Hold a
Driver's License in another State Section 202(d)(6) of the Act requires that States "refuse to issue a driver's license or identification card to a person holding a driver's license issued by another State without confirmation that the person is terminating or has terminated the driver's
license." In the NPRM, DHS maintained that we are not regulating the issuance of drivers' licenses beyond that required under the REAL ID Act, but encourage the policy of "one driver, one license." Following comments on the rule, however, DHS believes it is necessary to clarify that the REAL ID Act mandates that a State cannot issue a REAL ID license to a person who is holding a license issued by another State or to an individual
who already holds a REAL ID card. (A person can, however, hold a REAL ID card and another non-REAL ID, non-driver's license identification card). DHS, therefore, revised 5 37.33, moving that provision to a separate section (§ 37.29)' to clarify and emphasize that a State cannot issue a REAL ID card without verifying that an applicant does not
hold another REAL ID card or a driver's license from another State, or if the applicant holds another driver's license, that he or she is taking steps to terminate that license. See 8 202(d)(6) of the Act.
F. Western Hemisphere Travel Initiative Section 7209 of the Intelligence Reform and Terrorism Prevention Act of 2004, as amended', requires the Secretary of Homeland Security, in consultation with the Secretary of State, to develop and implement a plan to require travelers entering the
United States to present a passport, other document, or combination of documents, that are "deemed by the Secretary of Homeland Security to be sufficient to denote identity and citizenship." This DHS and Department of State (DOS) initiative is referred to as the Western Hemisphere Travel Initiative (WHTI). DHS and DOS have issued several regulations implementing WHTI travel document requirements at air ports of entry, and proposing documents acceptable for cross border travel at land and sea ports-of-entry.
For additional information on the WHTI rulemaking actions, please see 71 FR 6841 1 (Nov. 24,2006)(final air rule) and 72 FR 35087 (proposed land and sea rule).
As part of WHTI, the Secretary of Homeland Security has the authority to
designate alternative documents that denote identity and citizenship that can be used for cross border purposes at land and sea ports-of-entry. In determining which documents should provide a convenient, low-cost alternative for U.S. citizens, particularly those residing in border states, DHS notes that State DMVs are well positioned to provide an
enhanced driver's license (EDL) to meet this need. DHS is coordinating efforts to ensure that an EDL, developed to meet the requirements of WHTI, will adopt standards that REAL ID requires, as they are defined through the REAL ID rulemaking process. For an ' Pub. L. 108-458, as amended, 118 Stat. 3638 (Dec. 17,2004).
EDL to be an acceptable WHTI document for land and sea cross-border travel, it can only be issued to U.S. citizens, denote such citizenship on the face of the card, must include technologies that facilitate electronic verification and travel at ports-of-entry. DHS will continue to work closely with interested states to develop drivers' licenses that can meet
both REAL ID and WHTI requirements.
The requirements outlined above constitute substantive changes between the March 2007 proposed rule and this final rule. A more robust discussion of this final rule and DHS's responses to comments are set forth below.
111. SECTION-BY-SECTION ANALYSIS OF THE FINAL RULE
Section 37.0 1 Avplicability DHS added a reference to 5 202(d)(ll) of the REAL ID Act to make it clear that the provisions of this rule apply to States who intend to issue drivers' licenses or identification cards that can be accepted by Federal agencies for official purposes and that intend to be determined by DHS to be in compliance with section 202 of the REAL
ID Act.
Section 37.03 Definitions DHS added a definition of "fill compliance" to clarify the relationships between full compliance with the requirements of Subparts A through D, and "material compliance" with the procedures in Subpart E that allow a State to file for and receive an extension.
DHS refined the definition of "covered employees" in this final rule to clarify that employees refers to DMV employees.
DHS added a definition of "duplicate" for drivers' licenses and identification
cards issued subsequent to the original license or card bearing the same information and expiration date as the original.
DHS has modified the definition of "full legal name" to bring it closer to existing name conventions used by the Social Security Administration, the Department of State, and other issuers of source documents.
DHS has added the definition of "material change" to provide clarity for States as to when an individual may be required to make an in-person visit to a DMV office to obtain an updated REAL ID driver's license or identification card when certain information changes from the time they obtained their previous REAL ID document. For the purpose of this final rule, a change of address of principal residence does not constitute a material change.
DHS has added a definition of "material compliance" as a basis for establishing the benchmarks that DHS will use to evaluate State progress toward meeting the requirements of this rule. States in material compliance with Subparts A through D of this rule will be granted a second extension until no later than May 10,20 1 1 to meet all the requirements of this rule.
DHS maintained the same definition of "official purpose" as that proposed in the NPRM and set forth in the REAL ID Act; to mean "accessing Federal facilities, boarding Federally-regulated commercial aircraft, and entering nuclear power plants."
DHS also added a definition for "personally identifiable information" as it
pertains to these rules and the REAL ID Act.
DHS changed the definition of "principal residence" from the location where a person has his or her true, fixed, and permanent home and intends to return, to the location where a person currently resides even if this location is temporary, in conformance with the residency requirements of the State issuing the driver's license or identification card, if such requirements exist. DHS made this change in response to
comments that the prior definition would unfairly prevent persons such as military personnel or students residing temporarily in a State from obtaining a driver's license or identification card from that State.
DHS revised the definition of "sexual assault and stalking" to incorporate the meaning of these terms given by State laws.
DHS broadened the scope of the term "State address confidentiality" to allow States to cover not only victims of violence or assault, but also "other categories of persons" that may need to have their addresses kept confidential.
DHS added a comprehensive definition of the term "verify" to clarify the scope of application in the rule. The definition makes it clear that verification includes two interrelated procedures: (1) inspection to see if the document is genuine and has not been altered, and (2) checking to see that the identity data on the document is valid.
Section 37.05 Validitv Periods and Deadlines for REAL ID Drivers' Licenses and Identification Cards.
The proposed language in 9 37.05 required that all cards issued, reissued, or renewed after May 1 1,2008 had to be REAL ID-compliant by May 1 1,201 3 in order to be acceptable by Federal agencies for official purposes. As discussed in Section I1 above and the responses to comments in Section IV below, DHS has determined that the
following enrollment schedule will apply under this final rule: (1) effective December 1, 2014, Federal agencies will be prohibited from accepting State-issued drivers' licenses or identification cards for official purpose from individuals born after December 1, 1964, unless the individual presents a REAL ID-compliant card from a State that has certified
and that DHS has determined compliance with the REAL ID Act and this final rule; and (2) effective December 1,201 7, Federal agencies will be prohibited from accepting for official purposes from any individual (regardless of age) State-issued drivers' licenses or identification cards that are not REAL ID-compliant.
Section 37.1 1 Avvlication and Documents the Applicant Must Provide.
DHS proposed, in the March NPRM, that States must maintain photographs of individuals who applied for, but ultimately were denied a REAL ID card by the State, for up to one year. However, DHS also proposed that States must maintain photographs of persons denied REAL ID cards based on suspected fraud for ten years and reflect in the
State's records that a driver's license or identification car was not issued by the State because of suspicions of fraud. In response to comments, this final rule was amended to provide a uniform photograph retention provision of five years for persons who are denied a REAL ID card, regardless of the reason that the State denies issuance of a REAL ID card. DHS has also added a provision requiring States to retain the photo for two years after expiration of the card to allow individuals to renew licenses after they have expired.
The NPRM also proposed to require, under 5 37.1 1 (b), that States retain with applicant source documents the required signed declaration that the information presented by the applicant is true and accurate. This final rule no longer requires States to retain the required declaration with the applicant's source documents, the retention of which is
mandated under $202(d)(2) of the Act. Instead, recognizing the operational burdens on
the States, DHS is exercising its discretion on this matter to require only that the
declaration must be retained by States consistent with applicable State document
retention requirements or policies.
Under $ 37.1 l(c), DHS has added a provision that would allow DHS to change
the list of documents acceptable to establish identity following publication of a notice in
the Federal Register.
DHS also has provided States a broader latitude to accept documents other than
documents issued by a Federal or State-level Court or government agency to establish a
name change. Moreover, where State law or regulation permits, the State may record a
name other than that contained in the identity document on the face of the license or card
as long as the State maintains copies of the documentation presented pursuant to $ 37.3 1,
and maintains a record of both the recorded name and the name on the source documents
in a manner to be determined by the State.
The NPRM proposed, under $ 37.1 l(e), that an applicant for a REAL ID card
must provide documentation establishing a Social Security Number (SSN) or the
applicant's ineligibility for an SSN. This final rule amends that proposed requirement
to allow an applicant, if a Social Security Administration account card is not available, to
present any of the following documents bearing the applicant's SSN: (i) a W-2 form, (ii)
a SSA-1099 form, (iii) a non-SSA-1099 form, or (iv) a pay stub bearing the applicant's
name and SSN. A State, however, must verify the SSN pursuant to $ 37.13(b)(2) of this
final rule.
DHS has amended proposed $ 37.1 1 (f) to give States more discretion in the
acceptance of documents required to demonstrate the applicant's principal address by
removing specific requirements that documents used to demonstrate address of principal
residence be issued "monthly" and "annually."
In response to comments regarding demonstrating the applicant's lawful status in
the United States, DHS has amended $37.1 1 (g) with regard to which identity documents
may serve as satisfactory evidence of the applicant's lawful status. While all identity
documents listed in $ 37.1 1 (c) must be verified by the State in the manner prescribed in $
37.13, State verification of some of the identity documents also provides satisfactory
evidence of lawful status. Therefore, if the applicant presents one of the documents listed
under $ 37.1 1 (c)(l)(i)-(viii)(except for (v)), the issuing State's verification of the
applicant's identity in the manner prescribed in 5 37.13 will also provide satisfactory
evidence of lawful status. State verification of the remaining identity documents listed in
$ 37.1 1 (c), however, does not provide satisfactory evidence of lawful status and the
applicant must provide additional documentation of lawful status as determined by
USCIS.
In response to comments on the exceptions process proposed in $ 37.1 l(h), DHS
has amended this final rule to allow U.S. citizens to utilize the process to prove lawful
status. In response to comments that it was unrealistic and too costly to require States to
provide quarterly reports analyzing the use of their exceptions process, this proposed
requirement has been replaced with a requirement that States must conduct a review of
the DMV's use of the exceptions process and submit the report to DHS as part of their
certification package per § 37.55. Section 37.1 1 (h) has also reduced the information
required to be maintained by the State when the exceptions process is used.
Section 37.13 Document Verification Requirements.
Based on numerous comments and ongoing State DMV programs, the rule now
includes the provision that the State must make reasonable efforts to ensure that the
person has not been issued identification documents in multiple or different names.
Identified by several responders as the top priority for reducing the number of fraudulent
licenses issued, this requirement has been reformulated and moved from tj 37.11 to 37.13.
In response to concerns that a number of the verification systems contained in the
proposal would not be operational by the verification deadlines, the final rule gives States
more flexibility in verifying documents and identity data.
DHS added language that provides that nothing in this section precludes a DMV
from issuing an interim license or a license under 5 202(d)(11) of the Act to permit an
individual to resolve any non-match issue, but clarifies that such cards cannot be accepted
for official purposes.
Section 37.1 5 Physical Security Features for the Driver's License or
Identification Card.
DHS has deleted the proposed card design standards in response to comments
which stated that the standards were an undue burden on the States. DHS has added
language that States must conduct a review of their card design and submit a report to
DHS as part of its certification package that indicates the ability of the designs to resist
compromise and document fraud attempts.
Section 37.17 Requirements for the surface of the driver's license or
identification card.
In response to comments that some States allow a name other than the full legal
name on the identity document to be on the surface of the license, this section has been
amended to require full legal name as demonstrated on the applicant's identity document,
but an individual may establish his or her name with other documentation where State
law or regulation permits, as long as the State maintains copies of the documentation
presented pursuant to 8 37.3 1 and maintains a record of both the recorded name and the
full legal name on the identity document in a manner to be determined by the State.
Under 37.17(d), the unique license or card identification number must only be
unique to each license or card holder within the State and not unique across all the States
and other covered jurisdictions.
With regard to full facial digital photographs pursuant to 8 37.17(e), DHS has
clarified the discussion to bring it into closer compliance with DHS, Federal and national
standards. Language was added that allows photographs to be in black and white or
color.
To provide States with greater flexibility in protecting confidential addresses, 5
37.17(f) contains new language that allows the display of an alternative address on the
license or card, if a State permits this, and acceptance of an administrative order issued
by a State or Federal court to show that an individual's address is entitled to be
suppressed. States may also use an address convention used by the U.S. Postal Service
where a street number and street name have not been assigned.
Further, tj 37.17(g) now requires that States establish an alternative procedure for
individuals unable to sign their names. The requirement to use the Roman alphabet has
been replaced with use of the Latin alphabet which is more common.
In response to several comments from States and AAMVA that REAL IDcompliant
documents should be marked or "branded" as REAL ID-compliant, DHS has
added 37.17(n) which requires that REAL ID-compliant licenses and identification cards
bear a DHS-approved security marking in accordance with the level of compliance with
the Act.
Section 37.19 Machine readable technolony on the driver's license or
identification card.
This section contains technical conforming changes to reflect the changes made
in 37.1 1(c)(2) allowing a name other than the full legal name to appear on the license or
card if a State law permits. State or territory of issuance has been added to the MRZ data
fields to accommodate instances where a State may not have a residency requirement or
may allow use of an out-of-State address to receive a license.
Section 37.21 Temporary or Limited-Term Drivers' Licenses and Identification
Cards.
In response to comments that the term "temporary" may cause confusion under
current terminology practices with some DMVs, this section adds new terminology and
now refers to such licenses/cards as "limited-term or temporary." DHS also added
language that provides that the verification of lawful status for such licenses/cards may
be through SAVE, or "another method approved by DHS."
Section 37.23 Reissued REAL ID Drivers' Licenses and Identification Cards.
In response to comments, 5 37.23 now provides that States may conduct a non-inperson
(i.e., remote) reissuance of a driver's license or card if State procedures permit the
reissuance to be conducted remotely, except that a State may not remotely reissue a
license or card where there has been any material change in information since prior
issuance.
Section 37.25 Renewal of REAL ID Drivers' Licenses and Identification Cards.
Section 37.25(a)(2) adds language that requires the States to reverify SSN
information to ensure that the applicant's information is still valid. DHS has also added
explicit language requiring that the State must verify electronically information that it
was not able to verify at a previous issuance or renewal, if the systems or processes exist
to do so.
Section 37.27 Drivers' Licenses and Identification Cards Issued During the Age-
Based Enrollment Period.
This section has been added to affirm the acceptability of drivers' licenses and
identification cards issued, reissued, or renewed prior to the end of the age-based
enrollment period. For example, if an individual is 60 years of age and their license
naturally expires in 2009, the State may issue that individual a license under that State's
current practices, and that license will be accepted for official purposes until 201 7, after
which time that individual must present a license that complies with this rule for that card
to be accepted for official purposes. As of December 1,20 14, individuals born after
December 1, 1964 (that is, under fifty years old on that date) must present a REAL ID
card when they present a State-issued driver's license or identification for official
purposes. As of December 1,2017, all individuals presenting a State-issued driver's
license or identification card for official purposes must present a REAL ID card. The
new section reemphasizes that an individual's driver's license will continue to be
accepted for official purposes until the expiration of the individual's applicable
enrollment period.
Section 37.29 Prohibition against holding more than one REAL ID card or more
than one driver's license.
In response to numerous comments to clarify the "one driver one license" concept
in the REAL ID rules, DHS has created a stand-alone section, 8 37.29, that specifically
states that an individual may hold only one REAL ID card, whether it is a REAL ID
identification card or a REAL ID driver's license. In addition, prior to issuing a REAL
ID driver's license, a State that is complying with REAL ID must check with all other
States to determine if the applicant currently holds a driver's license or REAL ID
identification card in another State, and if so, the receiving State must take measures to
confirm that the person has terminated or is terminating the driver's license or REAL ID
identification card issued by the prior State pursuant to State law, regulation or
procedure.
Section 37.3 1 Source document retention
DHS has added language to $ 37.3 1 to reiterate the requirement that States must
protect any personally identifiable information collected pursuant to the REAL ID Act as
described in the Security Plan (5 37.41).
In response to comments, DHS deleted the following requirements from this
section:
that States must replace black and white imagers with color imagers by
December 3 1,20 1 1 ;
that States using digital imaging to retain source documents must use the
AAMVA Digital Exchange Program or a standard that has interoperability with
the AAMVA standard;
that all images must be linked to the applicant through the applicant's unique
identifier assigned by the DMV; the amended requirement now states that all
images must be retrievable by the DMV if properly requested by law
enforcement.
DHS has also added a provision that allows States to record information from birth
certificates in lieu of retaining an image or copy if State law permits and if requested by
the applicant. This will protect medical and other personal information not relevant to
REAL ID.
Section 37.33 DMV Databases
DHS changed the title of this section from "Database connectivity with other
States" to "DMV Databases." This section has also been amended to require that the
DMV database allow capture of the full legal name and any other name recorded under $
37.1 1 (c)(2) without truncation.
Section 37.4 1 Security Plan.
DHS amended this section to clarify that each State submit a single security plan
to address DMV facilities involved in the enrollment, issuance, manufacturing and
production of drivers' licenses and identification cards, rather than all State DMV
driver's licenselidentification facilities as stated in the NPRM. This change is in response
to comments that it does not enhance overall security to require every DMV office
(which could be interpreted to include administrative offices) to submit a security plan
and individual risk assessments.
Furthermore, in response to comments asking for clarification, 5 37.41(b)(iii) now
provides that the release and use of personal information must, at a minimum, be
consistent with the Driver's Privacy Protection Act, 18 U.S.C. 2721 et seq.
This section of the final rule now indicates that the fraudulent document training
requirement would be satisfied by a fraudulent document training program approved by
AAMVA. DHS has also deleted the requirements that the security plan contain
procedures to revoke and confiscate drivers' licenses or identification cards fraudulently
issued in another State, in response to comments that States have no authority to carry out
such a requirement.
A new section has been added to 5 37.41 to state that the Security Plans contain
Sensitive Security Information and must be handled and protected in accordance with 49
CFR Part 1520.
Section 37.43 Physical security of DMV production facilities
This section is unchanged.
Section 37.45 Backmound Checks for Covered Employees
Section 37.45(d) has been amended to recognize background checks that are
similar to those required under 5 37.45 and that were conducted on or after May 11,
2006, and that the DMV does not have to check references from prior employers for
individuals that have been working with the DMV for at least two consecutive years prior
to the Act taking effect. (The Act becomes effective on May 1 1,200. Therefore DMVs
would not have to seek references from prior employers of employees who have been
with the DMV consecutively from May 1 1,2006 to May 1 1,2008. The final rule
clarifies that the waiver provision in 5 37.45(b)(l)(v) allows a waiver of requirements for
the determination of arrest status and includes circumstances where the individual has
been arrested, but no final disposition on the matter has been reached.
In response to comments, DHS deleted the requirement that States must conduct a
financial history check as part of the background check of covered employees.
Section 37.45 now requires that the State confirm the employment eligibility of
the covered employee, rather than lawful status through SAVE, and recommends that the
State participate in the USCIS E-Verify program (or any successor program) for
employment eligibility verification.
Section 37.5 1 Compliance - General Requirements
DHS has modified this section in response to many comments. DHS recognizes
that States will be unable to meet the all the requirements of this rule beginning on
January 1,2010, the day after the termination of the extension period proposed by DHS
in the NPRM. For example, requirements for State verification of source documents
depend upon the deployment of electronic systems that have not yet been developed.
Therefore, DHS proposes that States meeting key benchmarks for progress toward
compliance with the REAL ID Act be granted an additional extension until no later than
May 10,201 1 to meet all the requirements of Subparts A through D. States seeking a
second extension would submit a Material Compliance Checklist to DHS no later than
October 1 1,2009, documenting their progress in meeting the benchmark requirements.
States meeting these benchmarks would also be able to issue drivers' licenses and
identification cards bearing security markings indicating that the license was issued in
conformity with REAL ID standards.
Section 37.55 State Certification Documentation
The title of the section was amended to reflect the changes to the certification
process discussed above. The required contents of the State certification have been
amended in the final rule to delete the requirement for a copy of all statutes, regulations,
and administrative procedures and practices related to the State's implementation
program. DHS has amended the requirement that a State's governor certify compliance
to read that a State's highest level official with oversight responsibility over the DMVs
certify compliance. In addition, the frequency of certification reporting has been
modified to be similar to the three-year intervals required by several Department of
Transportation programs. Thus, in accordance, 937.57 "Annual State Certifications" has
been removed.
Section 37.59 DHS Reviews of State Compliance
DHS has rephrased the information requirement in the section to require any
reasonable information pertinent to determining compliance with this part as requested by
DHS. Also, DHS must now provide written notice to the State in advance of an
inspection visit. The final rule provides that, in the event of a DHS preliminary
determination that the State has not submitted a complete certification or that the State
does not meet one or more of the minimum standards for compliance under this part,
DHS will inform the State of the preliminary determination within forty-five days.
Finally, this section now includes DHS procedures for reviewing a Material Compliance
Checklist as part of the procedure for granting States an additional extension until no later
than May 10,2011.
Section 37.6 1 Results of compliance determination.
The final rule now states that DHS will determine that a State is not in compliance
when it fails to submit the certification as prescribed or to request an extension as
prescribed in the subpart.
Section 37.63 Extension of Deadline
The NPRM was not clear on the timing of submissions for requests for extension.
Although proposed regulatory text stated that requests for extension must be submitted no
later than October 1,2007; the preamble requested submission of compliance plans and
strongly encouraged "States to communicate their intent to certify compliance or request
an extension by October 1,2007." We clarify the deadline for submission of requests for
extension in the final rule, providing that requests for extension must be submitted to
DHS "no later than [INSERT DATE 60 DAYS AFTER DATE OF PUBLICATION IN
THE FEDERAL REGISTER.]." DHS will notify a State of its acceptance of the
extension within forty-five days of receipt.
This section now includes the procedure for requesting an additional extension
until no later than May 10,201 1. States seeking an additional extension shall submit a
Material Compliance Checklist to DHS no later than October 1 1,2009, documenting the
State's progress in meeting certain benchmarks. States meeting the benchmarks included
in this checklist will be granted a second extension until no later than May 10,201 1.
Section 37.65 Effect of Failure to Comvly with this Part
DHS amended this section to provide that REAL ID drivers' licenses and
identification cards issued by the State during the term of any extension will continue to
be acceptable for official purposes until the card expires.
Section 37.67 Non-REAL ID drivers' licenses and identification cards
This section was renumbered to $ 37.71, consistent with the structure of the Part.
The section was also renamed to "Drivers' licenses and identification cards issued under
$202(d)(ll) of the REAL ID Act" to further clarify that DHS interprets this section of
the Act to apply only to States that certify and DHS determines are compliant with the
REAL ID Act, as defined by these regulations, and that choose to also issue drivers'
licenses and identification cards under the Act that are otherwise not acceptable by
Federal agencies for official purposes.
111. Discussion of Comments
During the sixty-day comment period, DHS received over 21,000 comments on
the NPRM. DHS received numerous requests to extend the comment period past the
sixty days provided in the NPRM. DHS has carefully considered the comments and
determined not to extend the comment period for the NPRM. As discussed above, under
the REAL ID Act, Federal agencies will be prohibited from accepting drivers' licenses or
other State-issued identification cards from States that are not in compliance with the
requirements of the Act by May 1 1,2008, less than one year away. Given the complexity
of the Act's requirements and these implementing regulations, extending the comment
period beyond sixty days would serve only to delay issuance of this final rule and deprive
States of the information necessary for their DMVs to begin preparations and adjust their
operations consistent with the requirements of this final rule and the Act. Further, in
addition to the 60-day comment period, DHS provided several opportunities for
additional public participation through such events as the May 1,2007 public meeting in
Davis, California (with participation also available via webcast); and meetings with
stakeholders. We determined that the 60-day comment period and additional DHS
outreach during the comment period provided adequate time for the public to consider
and provide meaningful comment on the NPRM.
We also received several comments that were filed well past May 8,2007, the
close of the comment period. As discussed above, given the upcoming May 1 1,2008,
compliance deadline and the adequacy of the sixty-day comment period and public
outreach, DHS has not accepted or considered comments that were filed after the May 8,
2007 close of the comment period. Because DHS did not extend the comment period,
allowing some commenters to file late - or to provide late filed supplements to their
comments - would disadvantage those commenters who did not file late and would also
have preferred additional time to file comments or amend the comments that were filed
within the deadline. Comments that were timely filed, but not processed immediately by
DHS due to technical errors by the submitter or DHS, are not considered to have been
filed late and were considered in the development of this final rule.
A. General Comments on the Proposed Regulation
1. General Comments in Support of the Proposed Regulation
Comments: SeveJoin our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)
-
05-30-2008, 12:22 AM #5AprilGuestWhat Is 'Real ID'?
from the Hartford Courant, Oct. 30, 2001
Real ID = National ID Card
The REAL ID Act is a national ID card scheme that was passed by Congress back in 2005. It turns drivers licenses into national ID cards. There was no debate whatsoever on REAL ID as it was tacked onto a must-pass appropriations bill to fund the wars in Iraq and Afghanistan.
>> Browse the archive of faxes sent to Senators from this site...
Since it was passed, sixteen states have passed legislation rejecting REAL ID, making nation-wide implementation next to impossible.
So what, really, is REAL ID?
• A Multi-Billion Dollar Boondoggle.
According to Homeland Security's lowball guesstimates, it'll cost over 23 billion dollars to create this national ID card system. Almost 8 billion dollars of this will be paid by individual citizens through higher costs to obtain a REAL ID drivers license. Another 14.6 billion dollars for this is to be shouldered by the individual states.
• A Waste of Your Time.
Ready to renew your license? No matter how long you've had your drivers license, you'll have to get ahold of a Social Security Card with your full legal name on it (Married? Better fix your maiden name!), a certified copy of your birth certificate, and a ton of other documents just to renew or replace your license. Don't have them? That's your problem.
• A Boon to Criminals and Terrorists.
Once you do go through the trouble of getting your documents together, the DMV will make high-resolution digital copies and put them onto a computer network that can be accessed by any DMV worker, anywhere in the country. The data on your license or ID card will be able to be called-up by any federal or state agency, anywhere. And your information will be put in either a chip or unencrypted barcode on the back, making it easy for anyone to skim your personal information.
With so many databases sharing your information, all it takes is for one breach, anywhere in this massive data collection sharing system, and your information is out in the open, forever.
• A Back-Door National Gun Registry.
There are many states that don't respect the 2nd Amendment the way we do here in Alaska: gun registration in those states is often tied to drivers licenses. Once these state firearms databases are linked together with existing federal data systems, there begins the national gun registry. All that is then needed is to force all the pro-gun states to comply.
• A Threat to Freedom.
"Your Papers, Please" is not a phrase that sits well will freedom-loving Americans. A national ID card system flies in the face of everything we as Americans believe in. Across the country, the individual states are rising-up and saying 'no' to REAL ID. Now is the time for we citizens to stand-up for our fundamental rights and add our voice to the chorus.
What Do We Want From The Senate?
The REAL ID Act has never been debated on the US Senate floor. They've never talked about it in any committee. Heck, most of them haven't even read it! Yet they passed it unanimously, no questions asked back in 2005.
In order to make a single irresponsible Congressman with totalitarian leanings happy, the Senate leadership let him write the bill and then slipped it into a another bill, one that would keep our fighting men and women taken care of in Iraq and Afghanistan. Supporting our troops means making sure thy come home to a free nation, not a surveillance state.
The Senate Can Fix Their Mistake.
The Baucus-Tester and the Grassley-Baucus amendments to the current immigration bill making its way through the Senate will strip all REAL ID provisions from the bill. Fax your Senators and tell them to support these amendments and say 'No' to REAL ID in the Immigration Bill.
>> Take action now!
http://www.unrealid.com/what.html
>> Browse the archive of faxes sent to Senators from this site...
-
05-30-2008, 12:22 AM #6
- Join Date
- May 2007
- Location
- South West Florida (Behind friendly lines but still in Occupied Territory)
- Posts
- 117,696
full legal name and apply it to all Federal records, rather than depending on the State
DMVs to resolve this in the face of multiple Federal approaches. Due to discrepancies
among naming conventions, one commenter suggested that DHS provide a list of most
acceptable to least acceptable documents used to establish full legal name. Several
commenters wrote that documents evidencing a name change may come from local or
foreign government sources in addition to Federal and State governments.
Response: DHS agrees that there is no standard naming convention currently
used by Federal agencies. It would be beyond the scope of DHS's rulemaking authority
to impose such a convention on all Federal agencies. Nevertheless, the lack of a common
Federal standard does not mean that DHS should not establish minimum standards for the
States to follow as required by the REAL ID Act. However, based on comments
received, DHS is slightly modifying the definition of the definition of "full legal name"
to bring it closer to existing name conventions used by the Social Security
Administration, the Department of State, and other issuers of source documents.
Comment: AAMVA and numerous States commented that the States need
flexibility and DHS should drop the prohibition against using initials and nicknames.
One State wrote that the name on the driver's license should be the one the person
chooses to use, with the full legal name stored in the database and in the MRZ, and that
without common naming conventions, it is imprudent to assume that a regulatory
requirement forcing the public to adopt a single name will achieve any desired end. One
State commented that it should be able to use an alternative name if the applicant's
source documents clearly show a link between that name and the name presented on other
source documents.
Response: As noted above, DHS agrees that where State law permits an
individual to establish a name other than that contained on the identity document
presented for a REAL ID driver's license or identification card, the State must maintain a
record of how the name was established in a manner to be prescribed by the State. The
use of initials or nicknames shall not be permitted, except to the extent that an initial is
necessary to truncate a name longer than 39 characters in length, in which case the name
should be truncated pursuant to ICAO-9303 standards. Where the individual has only
one name, that name should be entered in the last name or family name field, and the first
and middle name fields should be left blank. Place holders such as NFN and NMN
should not be used.
Comment: Both States and victim advocacy groups objected to the full legal
name requirement because the rule would not provide exceptions for victims of domestic
violence. The rule would require that past names be included in DMV records, which
would expose victims to danger. In addition, the SSA requires victims to change their
names before changing SSNs and prohibits them from revealing previous names and
SSNs. Cornrnenters wrote that the proposed rule conflicts with this prohibition by
requiring that the previous names be revealed as well as with the court orders under
which many victims are granted new identities.
Response: The REAL ID Act does not include any exceptions for victims of
domestic violence not to provide their full legal names. DMVs may want to take
appropriate measures to protect the confidentiality of those records so that a stalker or
victimizer could not use the DMV database to locate the individual.
Comment: Many commenters noted concern with the name requirement for the
MRZ, particularly inclusion of the name history on the MRZ. States questioned whether
some name histories would fit on the MRZ. Others questioned the need for the
requirement if the history is available in the State DMV database and cited the potential
for abuse. Many also commented that the requirement would result in a complete rewrite
of States' systems and is one of the most costly parts of the rule. For example, one State
commented that the 125-character field would delay its implementation for 3 to 5 years
until it can obtain a new mainframe.
Response: DHS agrees with the comments and is no longer requiring that the
name history be stored on the MRZ.
Comment: One State asked for guidelines for translating names from other
alphabets: a name in the Cyrillic alphabet can be changed to the Latin alphabet a variety
of ways. Another cornmenter recommended referencing the AAMVA name
specifications generically rather than a particular edition. The commenter also suggested
changing "Roman alphabet" to "Latin alphabet." Commenters noted other problems with
the full legal name requirement, such as naming conventions in other countries and
cultures, conversion of these names onto various immigration documents, and the
"Americanization" of foreign names when living in the United States.
Response: DHS has changed "Roman" alphabet to "Latin" alphabet in the final
rule. DHS is not requiring any particular transliteration method, but notes that both
AAMVA and ICAO have published standards that address the issues raised in these
comments.
2. Gender
Comment: Two States raised issues about how gender is determined for
transgender individuals and whether gender will be included as a verifiable identifier
through EVVE.
Response: DHS will leave the determination of gender up to the States since
different States have different requirements concerning when, and under what
circumstances, a transgendered individual should be identified as another gender. Data
fields in EVVE are outside the scope of this rulemaking.
3. Digital vhotog~a~h
Comment: A number of States objected to the requirement to take the
applicant's photograph at the beginning of the licensing process because doing so would
require extensive changes to State processes, facilities, and vendor contracts. According
to one commenter, only seven States currently take an applicant's photo at the beginning
of the process. One State requested a cost-benefit analysis for taking the photograph at
the start of the process. One comrnenter suggested using an inexpensive image capture at
first, then replacing the image with the final digital photo on issuance.
Response: Under 202 (d)(3) of the REAL ID Act, States must subject each
person applying for a driver's license or identification card to a mandatory facial image
capture. Submission of an application for a driver's license occurs at the beginning of the
licensing process, and as such, requires that the photo be taken at the beginning of the
process. Additionally, from a law enforcement and operational perspective, an up-front
image capture process serves as a deterrent to individuals attempting to present fraudulent
documents or to "office shop" within a jurisdiction when their application may have been
already denied in another office.
Comment: A number of commenters objected to the requirement for a color
photograph because it would bar the use of laser engraving. One commenter stated that,
photographs are better for checking identities. However, AAMVA and other States
recommended that the required image be in color.
Response: DHS agrees with those commenters that a black and white photograph
should also be acceptable in order to facilitate the use of laser engraving technology by
States choosing to employ this technology to deter counterfeiters, and the altering and
tampering of their drivers' licenses and identification cards. The final rule has been
changed accordingly.
Comment: One commenter suggested that DHS replace the ICAO 9303
standard's aspect ratio with the AAMVA's aspect ratio, which is the Universal Camera
Aspect Ratio.
Response: DHS believes the proposed ICAO aspect ratio, with an Image Width:
Image Height aspect ratio range of 1 : 1.25 and 1 : 1.34, will accommodate the AAMVA
Universal Camera Aspect Ratio of 1 : 1.33.
Comment: Several commenters wrote that requiring photographs could burden
the free exercise of religion for some groups, such as Amish Christians and Muslim
women. One commenter noted that banning the wearing of veils and scarves would
require new State legislation. Another commenter asked DHS to clarify that a person
may not wear any garment that affects the reliability of facial recognition technologies.
Another State said the regulation should require States to refuse a license or ID to anyone
who appears in disguise or distorts the face when photographed.
Response: As DHS stated in the preamble to the NPRM, the REAL ID Act
requires a facial photograph, which serves important security purposes. Given these
security concerns and the clear statutory mandate, DHS believes that a driver's license or
identification card issued without a photograph could not be issued as a REAL IDcompliant
driver's license or identification card. Many States now issue non-photo
drivers' licenses or identification cards based on the applicant's religious beliefs. States
may continue to issue these drivers' licenses or identification cards to such individuals
and DHS recommends that these drivers' licenses and identification cards be issued in
accordance with the rules for non-compliant drivers' licenses and identification cards at $
37.71.
While the final rule does not specifically address individuals who appear in
disguise or who distort their face when photographed, DHS expects that States will
implement their own procedures to ensure that the photographs are accurate
representations of the individuals.
Comment: Some States objected to the requirement for a profile photograph for
people under 21 years of age because it will defeat biometric facial recognition systems.
One cornrnenter suggested printing the cards with a different orientation to differentiate
under-2 1 licensees while allowing for facial recognition technologies.
Response: A typographical error in the NPRM left the misimpression that DHS
was requiring a profile photograph for individuals under age 21. The final rule does not
require a profile photograph for people under 21, and instead requires a full facial digital
photograph.
Comment: One commenter recommended that States be required to share their
images. Another State commented that the requirement to retain images of people
suspected of fraud would mean that they had to keep all images because the suspicion of
fraud may occur long after the license is issued, and data storage costs would be
significant.
Response: DHS agrees that there would be substantial value in preventing the
acquisition of multiple identity documents if States were able to exchange images of their
license holders with one another. DHS believes that the States have the same interest and
therefore States must ensure that the same individual does not have multiple drivers'
licenses or identification cards from the same State. DHS also encourages States to
participate in AAMVA Fraud Early Warning System (FEWS) or similar system for
exchanging information on fiaud or attempted fraud in the issuance of drivers' licenses or
identification cards. DHS believes that the volume of images of individuals who start, but
do not complete the application process, will not be so great as to impose substantial data
storage costs on the States.
4. Address of principal residence
Comment: One State noted that it has a "homeless exception" to its proof of
residency requirement where proof of residency documents are waived if the applicant
provides a letter, on letterhead, signed by the director of a homeless shelter, certifying
that the individual is homeless and stays at that shelter. It suggested that this be an
acceptable action under an "exceptions process" for the homeless. Other States voiced
concern that the rule does not address the "truly homeless," those not living in a shelter.
Response: DHS agrees that a letter, on letterhead, signed by the director of the
homeless shelter, certifying that an individual is homeless and stays at that shelter, should
be sufficient to establish an individual's address of principal residence under a State's
exceptions process. As noted above, States have wide latitude to address issues
concerning an individual's address of principal residence within their State-specific
exceptions process.
Comment: AAMVA, other commenters, and many States commented that DHS
allow States the authority to provide for the confidentiality of individual's address of
principal residence, including the categories of individuals who would be subject to the
address exception. One commenter suggested that DHS devise standard rules governing
address confidentiality rather than allowing each State to devise separate and unique
requirements. One State claimed that a confidential address program is unnecessary.
Response: DHS agrees that States should have broad authority to protect the
confidentiality of the address of principal residence for certain classes of individuals.
DHS has added additional clarifying language in the final rule that should help to
alleviate any uncertainties.
Comment: Numerous commenters claimed that the confidential address
provision in the rule did not address all individuals who may have legitimate reasons for
protecting their addresses from public disclosure. Comrnenters noted that $ 37.17(f)(1)
was too narrow and would not qualify individuals who would otherwise be protected
under State law. Several States recommended additional address exceptions for the
following categories: sitting and former judges, Federal officials in limited
circumstances, covert law enforcement officers as long as the officer provides a letter of
authorization, State administrative personnel engaged in law enforcement, participants in
the witness protection program, and victims of domestic violence. One commenter stated
that the exemption should include family members when laws or court orders suppress
the addresses of those individuals.
One commenter claimed that the partial exemption to the principal address
requirement is inadequate by removing the option of not listing an address and relying
solely on State laws that cover a limited number of individuals. The commenter noted
that only 24 States have confidentiality programs in place, which is a requirement for the
exemption to apply. Victims in the remaining jurisdictions will not be protected unless
they can obtain a court order suppressing their addresses. Another commenter wrote that
States have created formal address confidentiality programs and have also provided
general measures of residential address privacy and this rule overrides these substantial
protections.
Response: As noted above, DHS agrees that States should have broad authority
to protect the confidentiality of addresses. DHS has clarified language in the final rule so
that it is clear that a DMV may apply an alternate address on a driver's license or
identification card if the individual's address is entitled to be suppressed under State or
Federal law or suppressed by a court order including an administrative order issued by a
State or Federal court.
Comment: A few States claimed that use of alternative addresses is justified on
the REAL ID cards, but that the principal residence must be captured and stored in a
secure database. They requested clarification from DHS on how States would meet the
requirements related to the protection of the principal residence addresses. Another State
noted that it has no confidential address program, but it permits a post office box to be
displayed on the identification document if requested, but again it retains the permanent
address in a database. One commenter stated that the better level of protection would be
to note in the MRZ that the individual's address is protected and provide a pointer to
whatever relevant authority handles those addresses for that jurisdiction. This process
would also serve a secondary purpose in that anyone seeking the address would make a
request that could be logged and validated.
Response: DHS agrees that an individual's true address must be captured and
stored in a secure manner in the DMV database even if an alternate address appears on
the face and MRZ portions of the driver's license or identification card.
Comment: One commenter recommended that the final rule allow courts to issue
administrative orders suppressing the collection of REAL ID information or its display on
identification documents in any jurisdiction where the legislature has not acted to protect
privacy.
Response: DHS agrees with this comment and has changed the final rule to
reflect that an address may be suppressed by a court order including an administrative
order issued by a State or Federal court.
5. Signature
Comment: Two States and another commenter stated that the rule needs to allow
for people who cannot sign the card, such as minors, and older or disabled persons. If
States use a signature match, an alternative process must be available.
Response: DHS agrees with these comments. Section 37.17(g) now provides
that a State "shall establish alternative procedures for individuals unable to sign their
names." This language gives the States wide latitude in how to address situations where
an individual is unable to sign his or her driver's license or identification card.
6. Physical Security Features
Comment: Numerous States and other commenters stated that DHS should
provide security objectives or performance standards, and not specify particular
technologies, materials, or methods. AAMVA wrote that States are using the AAMVA
Driver LicensingIIdentification Card Design Specification as the minimum standard and
to change direction now would be costly for States. AAMVA Wher commented that
restricting all State-issued drivers' licenses and identification cards to a single security
configuration could introduce new security vulnerabilities rather than protect the drivers'
licenses and identification cards against fraud. AAMVA wrote that it is not aware of any
jurisdiction that uses all the listed security features with the proposed card stock in its
card design or production. Numerous cornmenters stated that the proposed requirements
would eliminate over-the-counter issuance systems and place an unnecessary financial
burden on States.
Response: DHS understands that there are challenges States may face in
producing secure drivers' licenses and identification cards. The final rule removes
requirements to use specific technologies, and provides the flexibility for States to
implement solutions using a combined set of security features that provide maximum
resistance to counterfeiting, alteration, substitution, and the creation of fraudulent
documents from legitimate documents. DHS will work with stakeholders to develop
performance standards and a methodology for adversarial testing.
Comment: Cornrnenters were concerned that DHS was not targeting its security
enhancement properly, and that increased security features would not accomplish the goal
of reducing fraud. AAMVA and another State commented that major DMV fraud and
abuse issues are not associated with the cards, but with source documents that cannot be
verified, system breakdowns, and people who breach integrity. Another State
commented that unless airports, Federal facilities, and nuclear plants have document
authentication systems, implementation of REAL ID is without purpose. One State also
stated that unless inspectors are trained in fraud detection or equipment is available for
detection, fraud will continue. One cornmenter recommended that the AAMVA
fraudulent document recognition training be used.
Response: DHS agrees, generally, that no single solution eliminates all fraud
relating to an identity document. That is why the NPRM proposed, and the final rule
requires, steps to improve internal procedures at DMVs as well as the physical driver's
license or identification card issued by the States. DHS agrees that fraud detection
training is an important element in an anti-fraud regime and endorses the use of
AAMVA's fraudulent document recognition training or equivalent by the States.
Comment: AAMVA stated that States cannot consider making any changes until
existing contracts with card integrators expire or they will face high penalties for
breaking existing contracts; any change would require States to proceed though the
competitive bidding processes, evaluate proposals, award new contracts, and implement
the complex and expensive process of re-engineering their issuance processes. Any
wholesale change in card design will be costly, complex, and time consuming. Several
States also noted that contractual processes will slow implementation.
Response: DHS understands that existing vendor contracts make it difficult for
some States to make changes during the term of their card contracts. The final rule
provides flexibility in card solutions. DHS will require States to take appropriate
measures to issue drivers' licenses and identification cards that are resistant to tampering,
alteration or counterfeiting.
Comment: Commenters, particularly States that issue drivers' licenses and
identification cards "over the counter," objected to check digit specification, unique serial
number, application of variable data, and laser printing. One commenter supported
associating card stock serial number with a customer. One State agreed with
incorporation into the card of taggant (a radio frequency identification chip) and marker,
but said that only State employees need to know if the State is using such embedded
technology. One State noted that it uses seventeen overt, covert, and forensic security
features to make counterfeiting difficult; it recommended that States use different designs
and combinations of security features to deter counterfeiters. One commenter wrote that
the proposed rule includes a requirement for an optically variable feature and suggests
that a "diffiactive optically variable feature" be included to enhance protection. The
commenter said it is unclear how this feature enhances protection over existing Stateissued
drivers' licenses and identification cards as many already use such technology.
The commenter recommended optically variable ink as a security feature. This ink
technology, currently used in U.S. passports and outlined in the FIPS 201 security
standards, is not reproducible using commonly used or available technologies, and
requires much less training to authenticate quickly. No readers or special equipment are
required to observe the color shifting effect, meeting the requirements in the proposed
rule for a Level 1 security feature. Additional forensic security, such as micro-flakes
with etched on numbers, logos or words that are visible under low-power magnification
can be included in the micro-flakes of the overt optically variable color shift technology,
meeting the requirements in the proposed rule for a Level 2 and Level 3 security features.
Response: The final rule provides for a performance-based, not prescriptive,
approach to card solutions. Specific security requirements are not mandated in the rule.
However, the final rule includes requirements for three levels of document security
designed to provide maximum resistance to counterfeiting, alteration, substitution, and
the creation of fraudulent documents from legitimate documents that are not reproducible
using common or available technologies. DHS encourages States to explore the range of
existing and still-to-be developed technologies in this area. The final rule requires States
to use card stock and printing materials that are not widely available commercially in
order to significantly decrease the likelihood that a driver's license or identification card
could be easily counterfeited or altered.
Comment: One commenter recommended inclusion of a digital signature as a
Level 3 security feature.
Response: The final rule provides for performance-based, not prescriptive
requirements for implementation. While digital signatures offer a higher level of
security, States may choose to invest in other, similarly secure technologies. DHS
encourages States to consider the use of this and other security features.
Comment: States asked for clarification as to the meanings of "inspector,"
"microline text," "micro print," "external surfaces," "taggant," and "marker."
Response: DHS has removed the requirements involving these terms, so does not
need to clarify these terms.
Comment: Two commenters stated that security features should not make it
impossible to copy or create a digital image of a license, and that the rule should make it
clear that any print on the image must not obscure the features. One State asked that
DHS remove language forbidding reproducible security features and retain $ 37.15(0(2).
Response: DHS agrees that the security features employed should not make it
impossible to copy or create a digital image of a license. Many private sector industries,
including the banking sector, often need to reproduce and retain a copy of an individual
account holder's driver's license or identification card. DHS also agrees that print on the
image should not obscure the individual's features.
Comment: One commenter recommended incorporating some security features
in the substrate.
Response: The final rule requires level 1,2 and 3 security features that provide
multiple layers of security, and States may adopt security features that meet their needs,
including incorporating security features into the substrate.
Comment: One commenter stated that requiring a color photo and laser printing
means that two printers will be needed.
Response: The final rule allows for either a color or black and white photograph.
Laser engraving, while a very effective security measure, is not a requirement of this rule.
Comment: One State commented that it currently uses adversarial testing for its
cards and provided detailed information on its process. AAMVA and several States said
that there are no adversarial testing standards and that DHS should develop them and
either take responsibility for testing the cards or certify the testing organizations.
Another commenter recommended that there should be a single center for adversarial
testing using a single set of criteria to avoid the undue influence of vendors and disparate
standards. Some States suggested alternatives to adversarial testing, such as card design
security programs or security audits. One commenter'suggested that adversarial testing
occur only if the State card has changed rather than annually. Another commenter
recommended testing every five years or at contract changes.
Response: The development of standards and adversarial analysis and testing of
drivers' licenses and identification cards is an effective approach to ensuring that these
documents provide maximum resistance to counterfeiting, simulation, alteration and
creation of fraudulent drivers' licenses and identification cards. DHS will work to
develop performance standards and adversarial analysis and testing.
Independent adversarial testing is an important tool in limiting the ability of
someone to tamper, alter, or counterfeit a driver's license or identification card. DHS
agrees with the comments that there are no recognized testing standards to date and a lack
of available and accredited testing facilities. Therefore, DHS has removed the
requirement for States to obtain an independent adversarial test of their card security.
Comment: Numerous commenters objected to the card stock requirement,
stating that the NPRM design specification essentially calls for polycarbonate material
and AAMVA and its members do not support polycarbonate as the only option for the
cards. This material is not used anywhere in the United States today, is the highest cost
card material in production today, and is only available from a limited number of
vendors, which negates State requirements for competitive bidding. Another commenter
noted an inconsistency between polycarbonate card stock and the requirement to meet
ICAO 9303. The ICAO standard requires a color photo, but polycarbonate card stock
allows only black and white photos.
Privacy groups supported use of polycarbonate cardstock in conjunction with
laser engraving because laser engraving on other card stocks may be removable. One
commenter indicated that other stocks would function as well. Another commenter stated
that requirements for card stock durability should be based on the renewal period used by
the State. One State asked to whom missing card stock should be reported.
Response: The final rule reflects a less-prescriptive approach to card security,
and does not mandate the use of a specific card stock and prescriptive security features.
The final rule requires States to use card stock and printing methods that are not widely
available commercially in order to significantly decrease the likelihood that a driver's
license or identification card can easily be counterfeited or altered. States should develop
and utilize a system of reporting missing card stock and other secure supplies and
equipment related to the production of drivers' licenses and identification cards to other
State DMVs and law enforcement.
7. Machine Readable Technology
Comment: Privacy groups and several States recommended laws limiting the
collection and storage of Machine Readable Zone (MRZ) data by third parties. Several
other States commented on the importance of accessibility for law enforcement and noted
that the same information is available on the front of the identification cards in humanreadable
form. Some commenters wanted MRZ access restricted to law enforcement,
while others supported also providing access for bars and liquor stores to help prevent
underage drinking but limiting their collection and storage of the personal information.
One commenter stated that nothing in the REAL ID Act authorizes Federal agencies to
read and collect information contained in the MRZ and cited to the Conference Report
statement that the MRZ must only be able to be read by law enforcement officials. One
commenter opposed any indication in the MRZ that a person was an owner or buyer of
firearms or was licensed to carry a firearm; the commenter also asked that DHS forbid
the inclusion of this information unless required by State law.
Response: The REAL ID Act does not provide DHS with authority to prohibit
third party private-sector uses of the information stored on the REAL ID card. As noted
in the proposed rule and the PIA issued in conjunction with the rulemaking, at least four
States (California, Nebraska, New Hampshire, and Texas) currently limit third-party use
of the MRZ, and AAMVA has issued a model Act limiting such use. DHS encourages
other States to take similar steps to protect the information stored in the MRZ from
unauthorized access and collection. In response to commenters urging that the rule limit
Federal agency access to the MRZ, DHS is not aware of any current plans by Federal
agencies to collect and maintain any of the information stored in the MRZ. If a Federal
agency should decide to use the MRZ to collect and maintain personally identifiable
information in the future, any such information collected from the MRZ will, of course,
be subject to the protections of the Privacy Act and other Federal laws and policies
regulating the use and handling of personally identifiable information. This final rule
does not require (and the NPRM did not propose) that the MRZ contain any information
about firearm ownership.
Comment: Many commenters suggested data elements that should or should not
be in the MRZ. AAMVA stated that the final rule should limit the MRZ elements to
those set out in its driver license card design standard. Another commenter wrote that
DHS should set the minimum data elements in the MRZ at zero and the maximum at full
legal name, date of birth, and license number. Other commenters stated that data on the
MRZ should be limited to what is on the face of the document. One State recommended
inclusion of the issuing State in the MRZ to facilitate the routing of NCIC inquiries by
law enforcement agencies using in-car bar code reading equipment. Another commenter
suggested limiting the MRZ data to a pointer that does not correspond to the ID number
that would link to a database limited to law enforcement. One commenter recommended
including the digital image in the MRZ using the ISOIIEC 1801 3-2 standard. Two States
opposed including an inventory control number (ICN). One commenter objected to the
PDF standard because the NPRM preamble had referenced adopting most of the data
elements in the 2005 AAMVA Driver's LicenseIIdentification Card Design, which
includes coding for race.
Response: The final rule mandates that the States use the PDF417 2D bar code
standard with the following defined minimum data elements: expiration date; holder's
legal name; issue or transaction date; date of birth; gender; address; unique identification
number; revision date (indicating the most recent change or modification to the visible
format of the license or identification card); inventory control number of the physical
document; and State or territory of issuance. The proposal in the NPRM to include the
full name history, including all name changes, has been dropped. Race is not a data
element contemplated in this rulemaking and the reference in the NPRM to the AAMVA
standard was not intended to include race as a data element in the MRZ for REAL ID.
The majority of commenters on the issue of data elements recommended limiting
the data elements to those needed by law enforcement and the DMVs to carry out their
duties. The final rule sets the minimum elements to include, but recognizes the authority
of the individual States to add other elements such as biometrics, which some currently
include in their cards.
Changes in technology in the future may enable the States to reduce the elements
to a pointer that would electronically link to a database and provide only authorized
parties access to information that today is stored in the MRZ. The current technology
available to State DMVs and most law enforcement officers, however, does not provide
that capability.
Comment: Several commenters said the 2D barcode is easily copied and
reproduced. One commenter supported the 2D barcode, but noted that it is not meant to
be a security feature; the 2D barcode does not allow an upgrade of an encryption scheme,
does not employ. dynamic forms of authentication, does not store audit trails, and does not
use other security features. One commenter stated that the rule for the barcode was
insufficient, particularly that there was no barcode standard specified which would
facilitate the common machine readable technology requirement mandated by the REAL
ID Act. Two existing standards could provide the basis for what is needed: one is the
AAMVA format and the other is the format in the draft of part 2 IS0 standard 18012.
However, the proposed rule required fields that are specified differently or are just not in
either of these standards. One commenter objected to the standard because the selected
version includes coding for race. One cornrnenter stated that mandatory requirements
make it difficult to keep up with technology. A security group and one State stated the
bar code should include a revision date.
Response: DHS recognizes that a 2D barcode may have security vulnerabilities
and technology limitations compared to other available technologies. However, the
PDF417 2D barcode is already used by 45 jurisdictions and law enforcement officials
across the country. A different technology choice could hamper law enforcement efforts
and may pose an additional financial burden on the States. DHS supports efforts of
States to explore additional possible technologies in addition to the PDF417 2D barcode.
DHS disagrees with the notion that the standard selected should be rejected
because it includes coding for race. DHS has never stated that race should be encoded on
the license, and specifically stated in the proposed rule that it was not incorporating
wholesale the card data elements currently required by AAMVA.
Comment: One cornrnenter supported the decision to omit an RFID device. It
stated, however, that the NPRM does not discuss what information from a card should be
made available digitally and what purpose it would serve.
Response: DHS is not requiring that States employ RFID in REAL ID Act cards;
rather the only technology required by the final rule is the use of the PDF4 17 bar code,
which most States already use on their cards. The information stored on the MRZ
enables law enforcement officers to compare the information on the MRZ with the
information on the front of the card to determine whether any of the information on the
front has been altered and to automatically populate law enforcement reports, increasing
officer safety. The ability to run the MRZ through a scanner device also enables an
officer to quickly retrieve the information on the card and request from their dispatch
office additional information on the individual, while maintaining visual contact with a
suspect, a safety consideration for the officer.
8. Encryption of MRZ information
Comment: Commenters were divided on whether some or all data in the MRZ
should be encrypted. In general, groups concerned with privacy issues supported
encryption, although one commenter argued that encryption would provide a false sense
of security. Three States supported encrypting MRZ data. Groups supporting encryption
cited the following:
--The capture of data by other users, such as financial, retail, or commercial
institutions that could retain, use, and sell the personal data.
--The possible inclusion of additional private information in MRZ, such as
residential address, race, [translgender, or legal name history that could expose the holder
to harm if captured and revealed.
--Congressional intent to limit use of the data to law enforcement.
Some commenters stated that if DHS does not mandate encryption, it should at
least not prohibit it. Others supported encryption of only some data, specifically data not
available on the front of the card. One supporter stated that DHS should have done a
comprehensive analysis of encryption systems and their costs and presented that data.
Numerous other commenters, including the States and AAMVA, opposed
encrypting the data. Other commenters were divided among those who believed it is
feasible to encrypt the data, those who considered it infeasible, and those who offered
alternative technologies, particularly smart cards and public key infrastructure.
Commenters opposing encryption cited the following reasons:
--The difficulty of managing encryption keys that could be used to decrypt any
REAL ID. If a single key was used, once the key was compromised, every driver's
license issued with the key would be insecure. If multiple keys are used (e.g., different
keys for each State), then every law enforcement agency would have to be able to access
all of the keys. Multiple keys would limit the threat because key compromise would
affect fewer drivers' licenses, but would increase the difficulty of using the MRZ data
across the country. Once a key is compromised, any license issued using that key would
have to be replaced to be secure.
--The cost of systems for law enforcement. The costs cited included the cost to
replace existing readers plus the cost of setting up an encryption system and the ongoing
costs of managing keys.
--The additional time required for law enforcement. Particularly if multiple keys
are used, law enforcement and DMV officials may need more time to read the data. This
added time requirement would limit the ability to check the validity of documents
quickly, particularly those from other States.
--The inability of non-law enforcement to use the data to verify the validity of the
information on the face of the card. Businesses also use the MRZ data to determine if the
document is genuine. Eliminating that ability would harm businesses that rely on the
driver's license and would affect the ability of restaurants and bars to confirm ages.
These businesses can help identify criminal use of false documents using the MRZ.
Some commenters argued that the government should set limits on the retention and use
of the data rather than encrypt the MRZ.
--The futility of encrypting data present on the fiont of the card. Commenters
stated that if the data included in the MRZ are readable on the fiont of the card,
encrypting the MRZ provides no protection because optical scanning readers are capable
of translating the card data into a database. The information can also be copied or
transcribed.
Response: DHS considered the many comments on this issue and acknowledges
that the skimming of the personally identifiable information from the MRZ raises
important privacy concerns. Nevertheless, given law enforcement's need for easy access
to the information and the complexities and costs of implementing an encryption
infrastructure, no encryption of the MRZ will be required at this time. If the States
collectively determine that it is feasible to introduce encryption in the future, DHS will
consider such an effort, as long as the encryption program enables law enforcement to
have easy access to the information in the MRZ. Moreover, DHS, in consultation with
the States, DOT, and after providing for public comment, is open to considering
technology alternatives to the PDF4 17 2D bar code in the future to provide greater
privacy protections.
J. Validity Period and Renewals of REAL ID Drivers' Licenses and Identification
Cards
1. Validity period
Comment: At least two commenters said that the proposed eight-year validity
period is too long, because it would give counterfeiters and forgers too much time to
learn how to simulate or alter cards in circulation. The groups recommended that DHS
require States to adopt a validity period of no more than five years. AAMVA and one
State said that State DMVs should be allowed to determine the duration of their licenses
based on business processes and needs. A few States said that a validity period of no
more than eight years would create difficulties for elderly and some disabled persons who
are clearly not national security risks. These States asked for the flexibility to
grandfather these populations or to issue cards with extended validity periods.
Response: The REAL ID Act establishes a maximum license validity period of
eight years. Nothing in the Act or the rules precludes a State from adopting a shorter
validity period for business, security, or other needs.
2. Reverification of source document information
Comment: AAMVA and several States expressed strong opposition to the
requirement that States re-verify information and source documents for renewals and
replacements of drivers' licenses and identification cards. They said that this requirement
would be costly, burdensome, and unnecessary in part because of the processes that many
States already have in place for renewals and replacements. In addition, some
commenters claimed that the requirement to re-verify source documents such as address
documentation is impossible to comply with because there is no electronic system to do
so. One State DMV pointed out that because Federal and State databases are not updated
in real time, it is likely that changes would not be immediately verifiable.
One State supported requiring re-verification of birth certificates because changes
to the birth certificate, such as a name change, could be made after the original birth
certificate verification occurred. This suggestion would also allow for matching against
State death information to prevent fraud. Another State endorsed the re-verification of
information for temporary REAL ID licenses and for driver and ID card holders who do
not have Social Security numbers.
Response: DHS agrees with the comments that it is not necessary to re-verify all
source documents at renewal. DHS proposed this requirement in the NPRM since it
recognized that the quality of recordkeeping in both Federal and State databases would
improve over time. Instead DHS has amended the rule to require reverification of SSN
and lawful status prior to renewal and verification of information that the State was
previously unable to verify electronically.
Comment: Several State DMVs asked DHS to clarify exactly what they would
need to do to "re-verify" information. For example, one State asked if States would be
required to verify each source document and imaged piece of information if electronic
verification systems were not available at the time of initial enrollment. One State asked
if States could use original source documents to re-verify applicant information if the
documents have expired since the date of original verification. Another State asked DHS
to explain the difference between "verified" and "validated" as referenced in 5
37.23(b)(l)(ii) of the NPRM.
Response: As noted above, DHS is not requiring States to re-verify source
documents at renewal. However, States must reverify the SSN and lawful status upon
renewal and electronically verify information that the State was previously unable to
verify electronically.
Comment: AAMVA said that DHS should allow States to determine if they
want to re-verify information that has already been verified by another State. AAMVA
said that the new State of residency should be able to determine whether to "re-vet" an
applicant's information. One State requested that DHS allow a license transferred from
another State to be renewed or replaced remotely, even if the new State of residence does
not have electronic copies of the applicant's identity documentation. One State said that
the renewal of a REAL ID-compliant card should only require the minimum combination
of a REAL ID document and some proof of address. Another State suggested that States
be allowed to exempt from re-verification applicants who have been verified at initial
enrollment as U. S. citizens and who have had no changes to name or Social Security
information. A few commenters mentioned that a birth certificate should not be reverified
if there was a copy of it maintained at the DMV.
Response: The NPRM did not propose any requirements for how a State should
treat a REAL ID issued by another State except to propose that a REAL ID driver's
license or identification card be accepted as an identity document, to establish name and
date of birth. When an individual moves from one State to another, the new State would
still be required to verify the individual's SSN and ensure that he or she is lawfully
present in the United States
3. Renewals
Comment: AAMVA recommended that 5 37.23 be entirely stricken except for
paragraph (b)(2)(iii) of the NPRM, which would require holders of temporary REAL ID
cards to renew them in person each time and to present evidence of continued lawful
status.
Response: DHS disagrees with the comment and believes that it is necessary to
have standards governing the renewal of a REAL ID-compliant driver's license or
identification card.
Comment: One commenter wrote that the rule would make it far more difficult
and expensive for current holders of a commercial driver's license (CDL) to renew or
replace their licenses, that delays and the expense in having a license renewed or reissued
are particularly important for this segment of the population, and that they might force
drivers to seek other employment altogether.
Response: DHS disagrees with this comment. DHS has not been presented with
evidence that CDL holders will be affected disproportionately by the REAL ID
requirements or that the REAL ID requirements will force commercial driver's license
holders to seek other employment.
Comment: Commenters expressed strong opposition to the restriction that
remote transactions would be allowed only if "no source information has changed since
prior issuance" ($37.23(b)(1) of the NPRM). In particular, many States, AAMVA, and
other commenters wrote that applicants should be able to make address changes without
having to appear in a DMV office, and that only material changes (e.g., name change)
should prompt the need for an in-person visit. In general, commenters wrote that they do
not currently require an office visit for address changes, and some said they do not issue a
new card when notified of an address change. They said that requiring in-person visits
for address changes would dramatically increase the number of visitors to DMV offices,
with huge cost increases for State agencies (which some DMVs said the Federal
government should cover), without necessarily improving national security. Some States
further commented that making address changes more difficult for customers will result
in these individuals simply not notifying the motor vehicle department of new addresses,
which creates greater problems for State and local government and law enforcement.
Response: DHS agrees with these comments and has removed the requirement
that an address change must be accomplished through an in-person visit to the DMV.
Additionally, there is no requirement in the final rule for States to issue a new card when
notified of an address change.
Comment: DHS received several comments on some of the methods listed in the
preamble for authenticating identity prior to issuing a renewed license.
Response: Since DHS is only requiring that States establish a procedure to
ensure that the proper individual is receiving a renewed document and is not requiring
any specific method, these comments are not discussed as they are deemed outside the
scope of the regulation.
Comment: AAMVA commented that the requirement that every other renewal
take place in-person to allow for an updated photo would penalize residents of States with
shorter renewal cycles. One State suggested that $ 37.23(b)(2) of the NPRM should be
changed to require in-person renewals and recapture of a digital image once every sixteen
years, regardless of the period of validity of a State's cards. Two comrnenters stated that
allowing sixteen years between photo updates might be too long because a person's
appearance can change significantly during that time, and that the usefulness of the
photos for facial recognition (manual or computerized) would greatly diminish over a
sixteen-year time period. One State recommended that DHS adopt a ten-year in-person
renewal cycle. Two States commented that exceptions to in-person renewals should be
established for active military and the elderly.
Response: DHS disagrees with the comments and is retaining the requirement
that a new photo be taken at every other renewal of a REAL ID driver's license or
identification card. Enabling States to maintain their own renewal cycles permits States
to plan for the flow of people through the DMVs. While DHS agrees that an individual's
appearance can change significantly over sixteen years, DHS has concluded that an
every-other-cycle photo requirement will meet State needs to reduce in-person visits at
the DMVs while not posing an unacceptable security risk. States are free to impose a
more frequent photo requirement.
4. Reissuance of documents
Comment: One State said that it would be overly burdensome to require all
applicants for replacement drivers' licenses or ID cards resulting from lost, stolen, or
mutilated documents to personally appear at a DMV office. Another State wrote that, in
many instances, the affected customer will not have the supporting documents readily
available, which may result in some individuals driving without a license.
Response: DHS agrees with the comments. In the final rule, States may replace
a lost, stolen, or mutilated document without requiring an in-person transaction. Current
State practices will dictate what documentation needs to be presented for replacement
drivers' licenses and identification cards.
Comment: Some States, AAMVA, and several other commenters recommended
against requiring a new card for address changes and asked that DHS allow States to
propose interim methods of tracking address changes between renewal cycles without the
requirement for issuance of a replacement card (unless State law requires it).
Response: DHS agrees with the comments. The final rule does not mandate that
a State reissue a driver's license or identification card for an address change unless
otherwise required by State law.
Comment: A number of States suggested that the definition of "reissued" be
changed to indicate that the license contains material changes to the personal information
on the document. An applicant for a "reissued" document would be required to
personally appear at a DMV office to provide proof of the change. Furthermore, the
State suggested that DHS create a definition of "duplicate" as a card that was issued
subsequent to the original document that bears the same information and expiration date
as the original.
Response: DHS agrees with the comments. The final rule does not mandate a
personal appearance at a DMV for a reissued driver's license or identification card unless
material information, such as name or lawfbl status, has changed. The final rule adopts
the proposed definition for a duplicate card.
K. Source Document Retention
Comment: AAMVA expressed concern about the proposed requirements dealing
with transferring document images and linking document images to the driver record, and
opined that the requirement to color scan and exchange documents using AAMVA's
Digital Image Exchange program is misplaced. Another commenter stated that this
program deals only with photos and that "it would be a giant leap to consider its use for
documents." Several commenters objected to the costs of purchasing scanners, using
computer storage space, retaining color images, and integrating the image into the driver
record. Some commenters believed the document retention period should be the same for
paper copies and electronic storage, while others believed that the retention period for
paper copies should be shorter than electronic. A few commenters pointed out that the
Driver Privacy Protection Act and State laws had their own record retention
requirements. Some commenters objected to the storage of documents containing
sensitive personal information as such documents are attractive target for criminals and
hackers, and thereby pose significant privacy and security risks.
Response: The specific record retention period for imaged documents and paper
documents is required by the REAL ID Act and the final rule applies those time periods.
However, DHS agrees with the comments that some source documents may contain
sensitive personal information and has modified the document retention requirements for
birth certificates. Under the final rule, a State shall record and retain the applicant's
name, date of birth, certificate numbers, date filed, and issuing agency in lieu of an image
or copy of the applicant's birth certificate, where such procedures are required by State
law and if requested by the applicant.
L. Database Connectivity
Comment: AAMVA stated that DHS has yet to provide specific information on
how this "query" system will work and does not expect to provide that information until
the comment period is over. AAMVA wrote that final rulemaking should not take place
until there is opportunity for another round of comments and an extension of compliance
dates.
Privacy groups argued that the proposal does not define security standards or a
governance structure for managing any of the shared databases and systems. In their
view, this abdication places the States in an impossible position: they are being forced to
make their own citizens' personal information available to every other State with no
guarantee of privacy or security.
One commenter recommended that the PC1 Data Security Standards that apply to
the credit card industry should be applied to DMV databases. One group suggested a
decentralized query system that allows States to check all other States to see if an
applicant already holds a REAL ID and returns a yes or no answer, rather than providing
detailed data. One commenter recommended audit logs and audits to ensure compliance
with privacy policies.
Response: DHS has provided a brief overview of the proposed architecture for
data verification and State-to-State data exchange in the sections above. This architecture
will likely build on the existing architecture of AAMVAnet and the systems design
principles of its hosted applications. The proposed architecture will also build upon the
security, privacy and governance principles that have guided AAMVA and the States for
decades.
In addition, DHS will work with DOT, AAMVA and the States to reinforce the
security and privacy features of this communications and systems architecture.
Comment: A commenter stated that DHS had exceeded its authority in the
requirement that interstate access must be "in a manner approved by DHS." This
commenter stated that since the rule does not describe, even in general terms, what the
approval is based upon, States are left to guess at the DHS criteria for approval. Since
the database exchange and the connectivity thereto are of utmost importance to States, the
conditions upon which approval will be based need to be specified in the rule. They
should not be provided by some yet to be developed guideline issued by DHS after the
rule has become final.
Response: DHS will work with DOT, AAMVA, and the States to develop a path
forward for both verification systems and State-to-State data exchange, including criteria
DHS will employ to evaluate the adequacy, security, and reliability of such data
exchanges.
M. Security of DMV Facilities Where Drivers' Licenses and Identification Cards
are Manufactured and Produced
1. Physical security of DMV facilities
Comment: A few States said the security requirements would force closure of
many DMV offices. At least one State said that the security requirements would lead to
closure of remote offices, and that this could lead the State to opt out of complying with
REAL ID requirements.
Response: In general, DHS does not agree with comments that indicate a State
would prefer to have a security vulnerability rather than take the necessary steps to close
it. There have been a number of well-documented instances where DMV offices have
been burglarized and the equipment and supplies to manufacture drivers' licenses and
identification cards taken, highlighting the need to ensure that adequate procedures are in
place to protect the equipment and supplies necessary for the production of REAL ID
drivers' licenses and identification cards. Protecting these materials and equipment are
critical to reducing the possibility of fraud and identity theft.
Comment: While a few States supported the proposed ANSIINASPO-SAv3.
OP-2005, Level I1 standard, numerous States said that this standard was intended to
apply to manufacturing facilities, not to the issuance of drivers' licenses. The
commenters opposing use of the ANSI/NASPO standard stated that until a reasonable
standard is developed, States should have the flexibility to determine what works for their
issuance processes. Privacy groups are concerned that without a uniform standard, States
could have 56 different security and privacy policies with different levels of protection.
One State supported a narrow application of the ANSINASP0 standard only to
the DMV facility containing the database on license holders, while another State thought
that the standards should apply only to the DMV production facilities. One commenter
wrote that the NASPO standard needs to be reviewed every two years and that
requirements should be added throughout the supply chain.
Response: DHS agrees with the comments that the proposed NASPO standard
may be more appropriate to manufacturing and production facilities, as opposed to
issuance sites. DHS is not requiring the use of the ANSIINASPO standard in the final
rule, but commends to the States the proposed standards as a good practice for securing
materials and printing supplies.
Comment: One commenter proposed additional requirements for alarm systems,
disposals, and suppliers. Another commenter suggested allowing DMVs to secure part of
a building, rather than the whole building. The commenter wrote that the standard did
not address the security of work stations and recommended biometric passwords. One
commenter noted that providing the license directly to the person, rather than mailing it,
was more secure; one State noted that the Post Office does not guarantee delivery.
Response: The final rule specifies what must be addressed in a security plan,
including physical security of the buildings used to produce drivers' licenses and
identification cards, storage areas for card stock and other materials used in card
production, and security of Personally Identifiable Information (PII).
If a DMV is located in a building shared by other offices or tenants, the area
dedicated to the manufacture or issuance of drivers' licenses and identification cards,
storage of card stock and related materials, and PI1 must be secured in such a fashion to
prevent unauthorized access. This requirement covers any equipment utilized to produce
drivers' licenses and identification cards as well as storage, access and retrieval of PII.
States will determine how these items are protected in their security plans.
The rule does not mandate central issuance versus over-the-counter issuance.
2. Security plan
Comment: One State said that DHS had exceeded its authority under the Act in
the requirement that a State's security plan address "reasonable administrative, technical
and physical safeguards to protect the security, confidentiality, and integrity of ...
personal information stored and maintained in DMV ... information systems." Another
State wrote that the Act does not authorize DHS to compel States to establish or make
available standards or procedures for safeguarding the information collected by motor
vehicle agencies. AAMVA asserted that tools such as information security audits,
individual employee access audits, employee confidentiality polices, and privacy and
security plans are already used in many DMVs.
Privacy groups commented that the rule must provide meaningful privacy and
security protections and that the lack of clear privacy and security guidance in the Act
does not preclude DHS from providing strong protections in the regulations. In fact, they
urged DHS to include specific standards or minimum criteria against which the State
plans could be evaluated.
At least two States objected to the provision that DHS could require "other
information as determined by DHS." The States argued that any further requirements
should be agreed upon and clearly identified in the regulations. One State said that
unspecified requirements should not be left to DHS to develop outside of the regulatory
process. Another State wrote that the access badge requirement is unrealistic.
Response: DHS believes that it has the authority to require States to take
reasonable measures to safeguard the confidentiality of PI1 maintained in DMV
information systems pursuant to the REAL ID Act. DHS believes that inherent in the
Act's requirement that States must provide electronic access to the information contained
in their databases is the principle that such information must be protected, and this
concept is supported in the legislative history for section 202(d)(12) of the Act which
states that "DHS will be expected to establish regulations which adequately protect the
privacy of the holders of licenses and ID cards . . . ." H.R. Rep. No. 109-72, at 184
(2005)(Conf. Rep). Failure to protect the PI1 held in DMV databases could result in
identity theft and undermine the very purpose of the Act, which is to strengthen the
validity of the cards. DHS also believes that it can require States to provide other,
reasonable information that DHS determines is necessary in the future without requiring
future rulemaking.
Comment: AAMVA and several States requested guidance on what "written risk
assessment of each facility" means and a template. Another State asked for guidance on
which law enforcement officials should be notified. One State recommended that the rule
limit the amount of data in any State's database and create stronger protections for
information to limit the danger of aggregating information on 240 million Americans.
Response: DHS, DOT, AAMVA and the States will work together to develop
bestJoin our efforts to Secure America's Borders and End Illegal Immigration by Joining ALIPAC's E-Mail Alerts network (CLICK HERE)
-
05-30-2008, 03:43 PM #7Originally Posted by April
BTW, Alaska just passed Legislation to not comply with the Real ID.I stay current on Americans for Legal Immigration PAC's fight to Secure Our Border and Send Illegals Home via E-mail Alerts (CLICK HERE TO SIGN UP)
-
05-30-2008, 03:50 PM #8
JP wrote:
There sure will be a lot more uninsured unlicensed Americans on the Highways if they pull this Real ID off."The only thing necessary for the triumph of evil is for good men to do nothing" ** Edmund Burke**
Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts athttps://eepurl.com/cktGTn
-
05-30-2008, 07:10 PM #9Originally Posted by MWI stay current on Americans for Legal Immigration PAC's fight to Secure Our Border and Send Illegals Home via E-mail Alerts (CLICK HERE TO SIGN UP)
-
05-30-2008, 10:02 PM #10
JP wrote:
You're bright enough to figure it out for yourself."The only thing necessary for the triumph of evil is for good men to do nothing" ** Edmund Burke**
Support our FIGHT AGAINST illegal immigration & Amnesty by joining our E-mail Alerts athttps://eepurl.com/cktGTn
Arizona GOP pushing tough, new border policies, but faces strong...
05-05-2024, 10:24 AM in illegal immigration News Stories & Reports