Homeland Security Issues Specs And Guidelines For Controversial Real ID
The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code.
The federal government plans to extend the deadline for states to adopt its controversial Real ID program, which state legislatures have protested.
The Department of Homeland Security released guidelines and specifications for Real ID on Thursday. The release of the guidelines in a notice of proposed rule making initiates a 60-day comment period, allowing people to put their views in writing and possibly influence modifications to the final rules.
Congress passed the Real ID Act in 2005, with the intent of creating more secure identification and a better system for screening people entering federal buildings, boarding airplanes, and accessing other areas that could appeal to terrorists.
The final rules will provide states with minimum requirements for standardizing state driver's licenses, a move recommended by the 9/11 Commission.
"For terrorists, travel documents are as important as weapons," the commission has stated. "All but one of the 9/11 hijackers acquired some form of identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities."
Fearing the law would create cumbersome processes and requirements, create a national ID card, fail to protect citizens' privacy, and prove costly, state lawmakers are critical. The National Conference of State Legislatures wrote a letter opposing Real ID in 2005. This year, about a dozen states are considering bills protesting the federal law. Maine passed one. Opposition is growing in neighboring New Hampshire and other states. The National Governors Association, the American Civil Liberties Union, several libertarian and privacy groups, as well as members of both major political parties have voiced opposition.
Unless the federal law is repealed, DHS is obligated to issue rules. Under the guidelines proposed this week, states would have to verify applicants' identities and legal status in the United States through specific original documentation. The cards would have to include security features and personal information (printed and in a bar code) and could be encrypted.
"DHS leans towards encrypting the data on the barcode as a privacy protection and requests comments on how to proceed given operational considerations," the department announced in a prepared statement.
The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code. The proposal recommends that the cards have standardized appearances, while stating that the information will not be in a national database and employees from one state cannot "go fishing" for information from other states.
Under the proposed rules, facilities where licenses are issued would also have to meet physical security standards. State deadlines have been extended. States would have until October to submit their plans for implementation to the federal government, and unless they seek an extension by Feb. 1, they would begin issuing the new licenses by May 11, 2008, according to the plan proposed this week. Those who have received extensions would have to issue cards beginning Jan. 1, 2010. Drivers would obtain new cards when their licenses expire. In order for states to comply with the federal law, all U.S. drivers with licenses would have to be using the new cards by May 10, 2013.
DHS has proposed grants that could help states cover up to 20% of costs, but Congress would have to allocate any additional federal funding to cover the mandate.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.