ZDNet: Homeland Security chief defends Real ID plan

Homeland Security chief defends Real ID plan:

"I think this is an example (of) when security and privacy go hand in hand," the Homeland Security chief said in a half-hour speech at George Washington University here. "It is a win-win for both."

The importance of such documents was magnified by an announcement Wednesday, Chertoff said. Federal authorities reported that they had made more than 1,200 arrests related to immigration violations and unmasked criminal organizations stealing and trafficking in genuine birth certificates and Social Security cards belonging to U.S. citizens.

"Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically.

First for the cheap shot: "a win-win for both?" Doesn't the term have two "wins" in it to signify that it's already about both? What would be a win-win for security or privacy alone?

Chertoff ignores the greater privacy implications of Real ID. One is that the states will have to collect a much greater array of information from individuals than they currently do. Another is that they're required to maintain it both electronically (that should make your skin crawl) and in hardcopy. Yet another is that they'll be forced to communicate with a number of other databases (leaking personal information) every time you need to interact with a card-issuing agency. It requires that I carry around a large chunk of machine-readable information on my identification card, and what's worse, makes no limitation on who can read that information and how it can be used. And finally, the Act requires that the states open up their databases to all of the other states. Enrolling in the Real ID system saps a big chunk of my privacy away from me.

Unfortunately, it adds no privacy protections (it even took some away.) The guy who can walk around with papers with my personal information isn't prevented from doing so with Real ID in place. There are no added limitations on the use of social security numbers, or of sensitive transactions, or the release of my records. There's no protection of state records release laws under Real ID, and it seems probable that any state in the Union could decide to start selling the records of any other state.

Is there added security? There's no suggestion of it in the Real ID Act. Much of the act worries about ensuring that cards can't be tampered with or counterfeited (and we all know this is a joke; if someone can make it, someone else can copy it.) There's little effort given to the notion of authenticating a card. Instead, security is supposed to come from looking at a card and making an assumption that if it looks like a Real ID-compliant card, it must be a Real ID-compliant card. That will work well the first time someone knocks over a delivery truck shipping Real ID-compliant cards to the DMV, or a former employee of the company making card materials for an agency absconds with the materials and sells them.

The tough part for me is figuring out who actually is receiving the wins from the win-win. I suppose mostly it's a flailing agency that needs any "positive" progress it can make and an industry anxious to start selling newer, more expensive identification card raw materials.