License to Kill?

By Joseph Straw

Terrorists had no problem getting driver’s licenses, which they used as identification to get airline tickets for their 9-11 attacks. That prompted Congress to pass the REAL ID Act in 2005 to force states to beef up security for licenses. Later this month or early next year the federal government will finally issue draft or interim rules telling states exactly what they need to do to be in compliance with that law, which includes only general mandates; it requires states, for example, to verify so-called breeder documents, such as birth certificates, before issuing a license, but it doesn’t say how.

States are concerned about the lack of federal funding to support the mandate, estimated to cost about $11 billion to carry out, and about the logistical burden of implementation. States additionally question whether all the work will really achieve the objectives: a more secure ID that cannot easily be counterfeited and that criminals and terrorists cannot easily obtain through use of fraudulent breeder documents.

One issue is whether the Department of Homeland Security will mandate a single security configuration for driver’s licenses. That could effectively create a single point of failure for the documents, says Molly Ramsdell of the National Council of State Legislatures (NCSL), which is pushing for major changes to the program along with the National Governors Association and the American Association of Motor Vehicle Administrators (AAMVA).

“A counterfeiter who figures out how to do one state’s licenses has figured out how to do all 50,” Ramsdell says.

Scott Carr, an executive vice president with Digimarc, agrees, saying “That kind of approach favors the counterfeiters.” Digimarc provides security features for IDs and driver’s licenses in 32 states.

Another concern is the sheer magnitude of checking every breeder document. States will be required to verify personal documents with issuing agencies, whether it be the State Department, Immigration and Customs Enforcement, or the U.S. municipality where the person was born.

To tackle that problem, the National Association for Public Health Statistics and Information Systems (NAPHSIS) and AAMVA are partnering in a pilot project to apply a NAPHSIS system called EVVE—Electronic Verification of Vital Events—for use in vetting breeder documents.

The EVVE “hub,” which NAPHSIS initially developed under contract from the U.S. Social Security Administration, serves government users via an electronic message-based approach, which NAPHSIS says reduces opportunities for network security breaches.

The biggest concern remains the lack of federal funding. NCSL passed a resolution to urge repeal of the law if Congress does not provide full funding by the end of 2007. While it seems unlikely that Congress would agree either to repeal the law or to fully fund the mandate, they could decide to delay implementation. The REAL ID Act has an effective deadline of May 11, 2008, when noncompliant licenses would no longer be accepted as IDs by federal authorities or federally-regulated industries, including airlines.

But states have up to ten years to comply.

Meanwhile, states will soon have a chance to comment on the rules.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.