02:08 PM
Connect Directly
Repost This

Homeland Security Issues Specs And Guidelines For Controversial Real ID

The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code.

The federal government plans to extend the deadline for states to adopt its controversial Real ID program, which state legislatures have protested.

The Department of Homeland Security released guidelines and specifications for Real ID on Thursday. The release of the guidelines in a notice of proposed rule making initiates a 60-day comment period, allowing people to put their views in writing and possibly influence modifications to the final rules.

Congress passed the Real ID Act in 2005, with the intent of creating more secure identification and a better system for screening people entering federal buildings, boarding airplanes, and accessing other areas that could appeal to terrorists.

The final rules will provide states with minimum requirements for standardizing state driver's licenses, a move recommended by the 9/11 Commission.

"For terrorists, travel documents are as important as weapons," the commission has stated. "All but one of the 9/11 hijackers acquired some form of identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities."

Fearing the law would create cumbersome processes and requirements, create a national ID card, fail to protect citizens' privacy, and prove costly, state lawmakers are critical. The National Conference of State Legislatures wrote a letter opposing Real ID in 2005. This year, about a dozen states are considering bills protesting the federal law. Maine passed one. Opposition is growing in neighboring New Hampshire and other states. The National Governors Association, the American Civil Liberties Union, several libertarian and privacy groups, as well as members of both major political parties have voiced opposition.

Unless the federal law is repealed, DHS is obligated to issue rules. Under the guidelines proposed this week, states would have to verify applicants' identities and legal status in the United States through specific original documentation. The cards would have to include security features and personal information (printed and in a bar code) and could be encrypted.

"DHS leans towards encrypting the data on the barcode as a privacy protection and requests comments on how to proceed given operational considerations," the department announced in a prepared statement.

The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code. The proposal recommends that the cards have standardized appearances, while stating that the information will not be in a national database and employees from one state cannot "go fishing" for information from other states.

Under the proposed rules, facilities where licenses are issued would also have to meet physical security standards. State deadlines have been extended. States would have until October to submit their plans for implementation to the federal government, and unless they seek an extension by Feb. 1, they would begin issuing the new licenses by May 11, 2008, according to the plan proposed this week. Those who have received extensions would have to issue cards beginning Jan. 1, 2010. Drivers would obtain new cards when their licenses expire. In order for states to comply with the federal law, all U.S. drivers with licenses would have to be using the new cards by May 10, 2013.

DHS has proposed grants that could help states cover up to 20% of costs, but Congress would have to allocate any additional federal funding to cover the mandate.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government, May 2014
NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work?
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.