Privacy Digest

Congress Must Act Soon to Address the Privacy Disaster That is REAL ID - Via CDT - PolicyBeta:

Last month, after almost three years, the Department of Homeland Security released its much-anticipated final regulations to implement the controversial REAL ID Act of 2005.

In light of DHS’ final rules, CDT released an analysis of the REAL ID program, concluding that REAL ID will do little to make the driver’s license a more reliable identity document, but will create huge privacy and civil liberties risks for hundreds of millions of Americans.

We listed five main criticisms of REAL ID:

• The REAL ID card will become a de facto national ID card, particularly if it becomes required for more purposes. We recently blogged about such “mission creep.”
• REAL ID will likely result in the creation of a central ID database, which will threaten the privacy and security of 240 million Americans. I recently wrote an op-ed piece about this issue, which DHS has for the time being left unresolved. And when DHS is finally ready make a decision about what technical architecture will be built to implement REAL ID, the Department will likely not solicit public input.
• DHS is mandating a standardized and unencrypted Machine-Readable Zone (MRZ), which will facilitate intrusive tracking by both government and commercial entities, thereby exacerbating a serious existing problem.
• Following a lack of explicit Congressional authority under the Act, DHS failed to adopt meaningful privacy and security standards for the protection of personal information in the REAL ID system.
• In a related initiative, DHS is creating driver’s licenses with imbedded, insecure RFID chips (”Enhanced Driver’s Licenses”) that will threaten the personal privacy and security of American citizens, without Congressional oversight or an administrative rulemaking.

(more…)

(Read Original Article - Via CDT - PolicyBeta.)