Homeland Security Issues Specs And Guidelines For Controversial Real ID - InformationWeek
02:08 PM

Homeland Security Issues Specs And Guidelines For Controversial Real ID

The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code.

The federal government plans to extend the deadline for states to adopt its controversial Real ID program, which state legislatures have protested.

The Department of Homeland Security released guidelines and specifications for Real ID on Thursday. The release of the guidelines in a notice of proposed rule making initiates a 60-day comment period, allowing people to put their views in writing and possibly influence modifications to the final rules.

Congress passed the Real ID Act in 2005, with the intent of creating more secure identification and a better system for screening people entering federal buildings, boarding airplanes, and accessing other areas that could appeal to terrorists.

The final rules will provide states with minimum requirements for standardizing state driver's licenses, a move recommended by the 9/11 Commission.

"For terrorists, travel documents are as important as weapons," the commission has stated. "All but one of the 9/11 hijackers acquired some form of identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities."

Fearing the law would create cumbersome processes and requirements, create a national ID card, fail to protect citizens' privacy, and prove costly, state lawmakers are critical. The National Conference of State Legislatures wrote a letter opposing Real ID in 2005. This year, about a dozen states are considering bills protesting the federal law. Maine passed one. Opposition is growing in neighboring New Hampshire and other states. The National Governors Association, the American Civil Liberties Union, several libertarian and privacy groups, as well as members of both major political parties have voiced opposition.

Unless the federal law is repealed, DHS is obligated to issue rules. Under the guidelines proposed this week, states would have to verify applicants' identities and legal status in the United States through specific original documentation. The cards would have to include security features and personal information (printed and in a bar code) and could be encrypted.

"DHS leans towards encrypting the data on the barcode as a privacy protection and requests comments on how to proceed given operational considerations," the department announced in a prepared statement.

The draft guidelines do not specify the use of RFID cards as a minimum standard, but states can choose to use them in addition to the bar code. The proposal recommends that the cards have standardized appearances, while stating that the information will not be in a national database and employees from one state cannot "go fishing" for information from other states.

Under the proposed rules, facilities where licenses are issued would also have to meet physical security standards. State deadlines have been extended. States would have until October to submit their plans for implementation to the federal government, and unless they seek an extension by Feb. 1, they would begin issuing the new licenses by May 11, 2008, according to the plan proposed this week. Those who have received extensions would have to issue cards beginning Jan. 1, 2010. Drivers would obtain new cards when their licenses expire. In order for states to comply with the federal law, all U.S. drivers with licenses would have to be using the new cards by May 10, 2013.

DHS has proposed grants that could help states cover up to 20% of costs, but Congress would have to allocate any additional federal funding to cover the mandate.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll