Real ID Exposed: It Is Worse than You Think

The Constitutional Alliance strongly opposes the Real ID Act 2005; our reasons go beyond the reasoning of other organizations.  Our primary reasons for opposing the Real ID Act are four-fold.  It is my hope and prayer that you will share a link to our web-site with everyone you are in contact with.  I do not ask a lot but I am asking now. You will learn while reading this essay why there is not as big a difference as you have been led to believe between states that are in material compliance with the Real ID Act 2005 and those that are not.

  1. The requirement that states collect a digital facial image/photograph of all driver's license applicants that is facial recognition compatible. Until the signing of the Real ID Act 2005 into law many states and territories were still using a low resolution, analog photograph that was not facial recognition compatible. The analog photograph used was not facial recognition compatible because of the very high error rate associated with low resolution photographs when facial recognition software was or is used.  It should be noted that a low resolution analog photograph is just as human recognizable on a driver's license as the high resolution digital facial image Real ID calls for. 

Prior to the passage of the Real ID Act in 2005 a majority of the states were not using facial recognition technology.  Today the number is roughly 35 states that are using facial recognition technology.

Facial recognition software/technology maps your face measuring the distances between key facial characteristics such as your lips, ears, nose and eyes. These distances we are told are unique to each person in the same way that we are told that our fingerprints are unique to each of us.

  1. The Real ID Act gives the DHS (Department of Homeland Security) unprecedented power by allowing the Secretary of DHS to solely determine for what "Official Purposes" citizens must present a Real ID materially compliant driver's license.  While there are three such official purposes today (  Download DHS (department of homeland security) Real ID Act of 2005 Final Rules Part 1 and 2 Document bottom of page 13 and top of page 14) the fact is this provision of the Real ID Act 2005 would allow for the Secretary of DHS to add to the current official purposes without consulting with or having the approval of Congress (same link as above - page 37).

The Secretary can add the purchase of a weapon and/or the purchase of ammunition to the current list of official purposes.  Also the requirement could be added to require a Real ID compliant driver's license to pick up a prescription.  The point is this unfettered discretion given to the Secretary of DHS is in our minds unconstitutional.  Nowhere in the Constitution is such broad and sweeping power given to the Executive Branch, let alone a cabinet member.

I think it is important to fully appreciate just how far DHS believes its power extends. In an opinion column written by Secretary Chertoff after the publication of the final rule, he said, "embracing REAL ID" would mean it would be used to "cash a check, hire a baby sitter, board a plane or engage in countless other activities." http://epic.org/privacy/id_cards/epic_realid_0508.pdf page 28. 

  1. The Real ID Act calls for state DMV database linking ( https://www.eff.org/issues/real-id ).  Federal authorities will have either direct or indirect access to all DMV databases This is especially important since the TSA has indicated that people will be able to board commercial airliners even if they do not have a Real ID compliant license or other alternative acceptable ID document (passport, military ID card, Enhanced Driver's License).  We envision the TSA asking an individual if they have been issued a driver's license or other valid issued state ID issued by state DMV's for those that do not drive. TSA would then have either direct access or indirect access to state DMV photo databases. Legally under the provisions of the Driver's Privacy Protection Act of 1994 the TSA could request and receive a copy of a person's photo from a state DMV database.

A reality of database linking is it exposes people to a much greater risk of being a victim of identity theft.

  1. The MRZ (Machine Readable Zone) of a Real ID compliant driver's license is not encrypted.  Privacy advocates commented during the RuleMaking process of the Real ID Act that the MRZ should be encrypted.  DHS felt that encrypting the MRZ would create technical challenges to the law enforcement officer in the field or in other locations.  What we have learned is the "swiping" of the MRZ has become a very real problem that is doing real harm to citizens.  Criminals and retailers have used the unencrypted MRZ of a driver's license for their own purposes.  http://www.consumerreports.org/cro/news/2013/12/drivers-license-identity-theft/index.htm

In order to in as brief of manner as possible articulate the arrogance of DHS about the power it believes it has I will leave you with the following which comes from the Final Rules of the Real ID Act:   "Notwithstanding the voluntary nature of the REAL ID Act, DHS  assumes that States will willingly comply with the regulation to  maintain the conveniences enjoyed by their residents when using their    State-issued driver's licenses and non-driver identity cards for  official purposes, particularly as it pertains to domestic air travel."  (Page 124 - Final Rules - Real ID Act   Download DHS (department of homeland security) Real ID Act of 2005 Final Rules Part 1 and 2 Document   )  As yourself when our right to travel and other rights became "conveniences"?  

There is a reason that our first objection to the Real ID Act is the digital facial image. It is the position of the Constitutional Alliance that too much focus is being placed on the Real ID compliant licenses itself and not enough on the standard for the digital facial image collection required in the rules of the Real ID Act. The digital facial image/photograph standard is specific for the use of facial recognition software. This fact was addressed in the Privacy Impact Statement for the Real ID Act 2005 released by DHS.  Download DHS (department of homeland security) Real ID Act of 2005 Privacy Impact Assessment Document

The standard for the digital facial image can be found on page 68, footnote 17 of the NPRM (Notice of Proposed RuleMaking) issued by DHS in March, 2007.  Real ID Act's Notice of Proposed Rulemaking 

This "standard" is an adopted standard by the international community and is the standard of the ISO (International Organization for Standardization -  http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnu...

While some contend that Real ID is a national ID, the Constitutional Alliance contends that the operative word is "ID/identification." Real ID is global or international ID.  Both Interpol and Nlets (now called the International Justice and Public Safety Network http://www.nlets.org/ ) have and are using the standards of the ISO for collection and the sharing of biometrics. The ICAO (International Civil Aviation Organization) has also adopted the ISO standard(s). 

When it comes to identification, it does not matter whether an individual is in Paris, Texas or Paris, France, the individual can be identified by the use of facial recognition software and the use of international telecommunication systems/networks such as Nlets.  Nlets itself acknowledges that one of the primary sources of information Nlets provides is state DMV databases.  Further, Nlets acknowledges it does share biometric information/data/samples with countries all over the world.  http://www.nlets.org/about/what-we-do  (there is no requirement for a warrant).

The driver's license itself is a red herring in the long run.  The goal of TSA and DHS in general is to eliminate the need to focus on the ID document and focus on the use of biometrics. The FBI is spending over $1 billion to create the world's largest biometric database.

Normally when one thinks about the use of biometrics at a distance they think of facial recognition.  While at this time it does appear that facial recognition is the only biometric that allows for the capture of a biometric sample at a distance, it is clear that DHS along with others is working towards and has achieved with limited success being able to capture iris scans and fingerprints at a distance ( http://www.iflscience.com/technology/iris-scanners-can-now-identify-us-40-feet-away ).

Consider with the use of hand held biometric scanners ( http://www.bluesheepdog.com/handheld-biometric-technology-law-enforcement/) , biometric kiosks, the use of smart phones, CCTV, and drones the need to rely on driver's licenses is negated.  Biometric scanners, smart phones and other devices connect wirelessly to state DMV photo databases and other PII contained in DMV databases.  If Real ID was repealed tomorrow the goal today of the TSA/DHS would not change; the goal being not to rely on the ID document. Another fact to consider is the regularity of which we learn federal databases have been compromised/hacked ( http://www.cnn.com/2015/06/22/politics/opm-hack-18-milliion/ ).  Today I learned the number of people who had their information compromised may reach 30 million plus.  My point is knowing we are moving away from relying on the use of the ID document as evidenced by the use of hand held biometric devices, how long will will it before the ID process is moved from the ID document to directly on or in the body?

As far as the linking of databases or the ability to query state DMV photo databases, that is being done apart from the Real ID Act by an Interstate Photo (Sharing) Compact and the FBI's NGI (Next Generation Identification) program.  As a side bar:  At an earlier date in time the FBI stated they were not collecting the fingerprints of citizens who had not been convicted of a crime.  When the details of the FBI's "Rap Back" program was came to light it was and is obvious that the FBI is collecting the fingerprints of innocent citizens (  https://epic.org/2014/09/epic-foia---fbi-extends-rap-ba.html ).  

During 2013/2014 the United States Senate passed S744 (Comprehensive Immigration Reform).  Contained in the legislation is a requirement for all employers to submit a digital facial image/photograph to DHS to be used with a "photo matching tool."

This is a nice way to say, to be used with facial recognition software. Under current federal directives and policies agencies and departments of the federal government can share biometric information ( https://www.it.ojp.gov/biometricprivacyand http://fas.org/irp/offdocs/nspd/nspd-59.html ). The point is it should be expected that just as with fingerprints, the digital facial image/photograph of innocent citizens will find their way into the FBI's NGI database. 

Further down I will discuss the religious implications of a global system of identification that links our body to our ability to buy, sell, work and travel. Being that I explained how S744 will ensure that even more citizens are enrolled into this global system of identification and financial control this is an appropriate time to discuss other legislation that ties our bodies to our ability to buy and sell using biometrics as the linchpin.

Currently there is legislation, The Legal Workforce Act before Congress that will require every employer regardless of size to collect the biometrics of each prospective employee.  The employer then would be required to provide the biometrics to the Department of Homeland Security. 

Previously, on multiple occasions The Photo Identification Security Act was introduced in Congress.  We expect this legislation to be introduced again.  The Photo Identification Security Act requires all financial institutions to collect the biometrics of all customers.  There is no definition within the legislation that defines what a financial institution is.  It can be any place where any form of money is exchanged, used, or deposited.  Literally our ability to work, travel, buy and sell is being tied to our body or in other words, our body is becoming our ID.  

Some argue that there are states that are not and will not comply with the Real ID Act 2005.  While this is true that some states are standing by the laws or resolutions passed in those states that prohibit participating in or complying with the Real ID Act, the fact is even in these states DMV's are continuing to meet the first 18 benchmarks of the Real ID Act to be considered in material compliance.   Download The 39 Benchmarks to Full Real ID Act of 2005 Compliance Document

While at first glance it may seem I am contradicting myself by saying some states are not complying yet I also say DMVs in these states are continuing to meet the benchmarks, the fact is this is what is happening.  While one may ask how this be true, the answer is simple.  The state DMV's that are continuing to meet the benchmarks even though there is a state law or resolution against participation or compliance with Real ID are doing so under the premise that they are complying with the best practices of AAMVA (American Association of Motor Vehicle Administrators), not the provisions of the Real ID Act.  This is a distinction without a difference but has been accepted by state legislators.

There is not one state that has not met more benchmarks than they had already met at the time the Real ID Act rules were published.  It has also been rightfully said that not one state has met all 39 benchmarks of the Real ID Act.  While this is true, it is also true that the reason for this being the case is not because of the lack of will but rather because of logistical limitations that exist today.

It is true that AAMVA said they opposed the Real ID Act but it was not because they thought the Real ID Act went too far but rather most likely because it was not strong enough in some areas.  We should ask ourselves if AAMVA opposed the Real ID Act 2005 why didn't AAMVA object to being named the "hub" and "backbone" of the Real ID Act?  The words hub and backbone come directly from the Final Rules of the Real ID Act issued by DHS in 2008 (  Download DHS (department of homeland security) Real ID Act of 2005 Final Rules Part 1 and 2 Document page 10) 

When I had the opportunity to question Darrell Williams, The Real ID Act Program Director for DHS at the time, while he was under oath, Director Williams provided false testimony.  I asked him "What is the relationship between the federal government and AAMVA? Director Williams responded by saying "There is no relationship between the federal government and AAMVA."

There has been a relationship between the federal government and AAMVA for decades. One can choose to go back to the Commercial Motor Vehicle Safety Act of 1986, which was the first time a federal law called for the collection of a biometric from commercial motor vehicle drivers, or the 1996 Illegal Immigration Reform & Immigrant Responsibility Act where within the law itself, not the Rules, Congress mandated the Secretary of Transportation to consult with AAMVA about the issuance of licenses and use of biometrics.

The Supreme Court has ruled that citizens to have a right to anonymity.  An officer must be able to articulate reasonable suspicion if the officer requires an individual to produce an identification document.  There have been multiple occasions where we know that law enforcement has used facial recognition to determine the identity of an individual absent reasonable suspicion.  Currently there is no federal law, or laws in most states that would prohibit the use of facial recognition to determine an individual's identity.

The following three links (not all inclusive but provided just as examples) are to instances of facial recognition being used absent the knowledge or consent of the individual: http://www.computerworld.com/article/2472997/data-privacy/undercover-cops-secretly-use-smartphones--face-recognition-to-spy-on-crowds.html and http://www.engadget.com/2014/08/15/boston-pd-surveillance/

finally http://www.theguardian.com/us-news/2015/jun/08/keystone-protesters-fbi-watchlisted-terrorism

Biometrics and our right to anonymity must be raised in federal court or we will as a country be accepting reasonable suspicion being based on "Big Data" rather than observation.  Once a law enforcement officer "captures" a person's facial image when the person is in public and then compares the facial image captured to facial images in a myriad of databases including state DMV databases, the officer will not only be able to determine a person's identity but also be able to find an infinite amount of other PII (Personal Identifiable Information) about the individual.  This PII would include what charities a person gives to, what magazines the person subscribes to, which political party a person has supported or is supporting, what medication a person has been prescribed, and many other tidbits of personal information that federal law enforcement and/or state law enforcement has access to.  https://www.syncfusion.com/blogs/post/Data-Mining-the-Criminal-Mind-Big-Data-and-Law-Enforcement.aspxand http://techcrunch.com/2015/01/11/leaked-palantir-doc-reveals-uses-specific-functions-and-key-clients/also http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display_arch&article_id=121&issue_id=102003

Unless the public has a better understanding of how integral biometrics is to the goal of the federal government, specifically DHS and the FBI, the public will be fooled into believing biometrics should not be the focus but rather the repeal of the Real ID Act 2005. The goal of the federal government is to remove any and all anonymity ( http://www.nbcnews.com/id/21742399/ns/us_news-security/t/intelligence-official-us-must-redefine-privacy/ ). 

It is the position of the Constitutional Alliance that any organization that would support the use and/or mandating of biometrics to achieve immigration reform or for any other purpose outside of correctional institutions and where warrants are required is furthering the erosion of our right to anonymity and thus eroding other rights such as the right to free speech, the right to peacefully assemble, the right to seek redress of our grievances, and our right to religious freedom.  There are religious objections to both being photographed (Christians such as the Amish/Mennonite sects (http://biblehub.com/library/watson/the_ten_commandments/2_2_the_second_commandment.htm and http://www.kalonaiowa.org/amish.htm ), some Jewish people (Exodus 20:4, Exodus 24:14, Leviticus 26:30, Numbers 33:52, and numerous Chapters and verses of Deuteronomy), and by a growing number of Evangelical Christians (mostly Southern Baptists and some Baptists) to being enrolled into a global system of identification and financial control (  Religious Objections to Biometric ID ).   

The question of how expansive has the use of biometrics become on the world stage is one that must be answered for anyone to fully appreciate the threat to all freedom loving people.  The following two links answer that question:http://www.prnewswire.com/news-releases/half-the-worlds-population-will-have-chip-based-national-electronic-identity-eid-cards-by-2018-849190273.html and http://www.biometricupdate.com/201410/interpol-facial-recognition-experts-meet-to-develop-global-guidelines  

What is undeniable after reading the two links provided above is that in a few short years 3/4 of the countries in the world will have implemented "national/international" ID's that incorporate biometrics.  The 3/4 of the world represents approximately 90% of the world's population.  Interpol has 190 member countries.  As a point of information I ask that you realize that there are countries that have national/international ID's but are not counted as a country with a national/international ID because the governments in these countries refuse to acknowledge they do in fact have such ID's.  The United States in one of these countries.  

If a person was to try and ascertain just how many countries there are in the world the answer they would find is somewhat "gray."  This is because some count territories as countries and some people do not.  In any case there are only a handful of countries that do not belong to Interpol.  As an example I will use Cuba and Venezuela, neither of which belongs to Interpol.  Both Cuba and Venezuela have their own biometric ID's for their citizens.  

Often I am asked how could there ever be near total or total global biometric enrollment since so many people live in areas that do not have running water let alone electricity. The answer is what is called mobile biometric enrollment centers.  India has a population of about 1/2 billion people.  Their national/international ID program, Aadhaar is the most ambitious program to date in the world.  About 1/2 the population is already enrolled. Mobile biometric enrollment centers are used allowing the Indian authorities to enroll people even in the most isolated places within India.  Within a short time officials expect to reach 1 billion people in enrollment.  The rate of enrollment is astounding https://www.mapr.com/blog/architecting-worlds-largest-biometric-identity-system-aadhaar-experience#.VYmz5vm6fIU

An additional point to consider - In the past an individual rarely came into contact with law enforcement.  Unless a person created reasonable suspicion that an officer could articulate, was the victim of a crime, a witness to a crime, or committed a traffic violation, the person generally did not come into contact with law enforcement. 

Today DHS, the FBI, and others want every person to come into contact with law enforcement every day. The contact does not need to be necessarily physical contact. The "contact" can be achieved through the use of biometrics and surveillance tools such as but not limited to CCTV, smart phones, and drones (expected to be 15,000 or more drones in U.S. by 2020).  One should be cognizant of the reality that contact need not be defined within the context of just when a person is "out in public" but also when a person is in their home with the use of smart meters and other technologies.

If there is one lesson all citizens should take from the Snowden revelations it is, if the capability does exist, it will be utilized.  In other words if law enforcement and/or our intelligence community have the technology to spy on citizens, that technology will be utilized regardless of the Constitution and/or the law.

A great deal of discussion has taken place recently over the last few months about the militarization of local law enforcement. It is not a secret that the DOD (Department of Defense) develops many technologies that end up in the hands of federal, state, and local law enforcement.  When we consider the budget of the DOD it should be obvious that money or funding is not really an issue when it comes to developing invasive technologies.  In many ways the same is true of the NSA (National Security Agency). One example of the development of a new technology that will find its way to law enforcement is the development of 3D binoculars the have facial recognition capability built in and connect wirelessly to databases ( http://www.defenseone.com/technology/2015/05/navys-new-binoculars-can-identify-you-700-feet-away/112963/ ).  My point in bringing up new technologies is the law is falling farther and farther behind in terms of dealing with invasive technologies.  

My biometrics is just that; they are mine.  My biometrics is unique to me. Biometrics is often defined as measurements of the body.  "Bio" meaning body and "metrics" meaning measurements.  How can I be secure in my person as the 4th Amendment says I shall be if in fact I am required to provide my biometrics to any government entity without a warrant? 

It is not the role of state lawmakers to be surrogates of the federal government.  State lawmakers must be the buffer between an overreaching federal government and the citizens.

One area I have not addressed is the largest vendor who provides biometric capabilities to local, state and the federal government.   Safran's U.S. subsidiary is Morpho Trust.  If you have any type of valid state issued ID including a driver's license, the reality is that this document was most likely produced by Morpho Trust. Safran, 22% owned by the French government proclaims it has a nearly 40 year partnership with Red China and boasts of offices all over the world including in China and Russia.  Safran also has a part in India's biometric program(s).  UPDATE.  Safran is now owned 22% by the French government. 

Ask yourself why both the Bush and Obama administrations believe our Personal Identifiable information including out biometrics should be in the hands of a foreign company, partly owned by a foreign government, when U.S. companies have the technical capability to do what Morpho Trust does?  This makes no sense.  Safran has been under investigation in a number of countries for bribery and other serious charges.  

I would be remiss if I only discussed the problem and did not offer one possible alternative.  The question(s) asked after 9/11 were two-fold, how to we make sure a person is who they say they are and how do we make sure a person does not have more than one driver's license?  The answer(s) is we call the "State to State Identity Verification System."  I and a Board member of the Constitutional Alliance, an organization I co-founded developed this system after speaking with people both inside and outside our government.  An overview of The State to State Identity Verification System  Download The Solution SSIVS2411 (Power Point)

Breeder documents are documents that are used to establish who a person is.  States use birth certificates and social security cards as primary and secondary forms of identification.  We provide such documentation when we apply for a driver's license or valid state issued ID for those that do not drive. 

It is much better to number the document, not the person.  We had the biometrics of eleven Russian spies in the United States but the biometrics did not tell us who they really were because they used fraudulent breeder documents to establish their identity.  France issued hundreds of thousands of E-Passports (biometric and RFID) to people who also used fraudulent breeder documents.  Puerto Rico has issued tens of thousands of driver's licenses to people who used fraudulent breeder documents.  These are people that can travel around our country just as you and I can. 

If you have not looked at our proposed solution, the State to State Identity Verification System provided earlier via a link, you should now.  Our solution among other things provides for the authenticating of breeder documents and making sure a person is not using a breeder document of a deceased person. This is not as difficult as you may believe. It is based on numbering the documents and creating the software to know when the breeder document (e.g.. birth certificate, certificate of birth, Baptism record, etc.) is used to obtain a driver's license or other valid issued ID.  The system would also inform the DMV making the request if the breeder document was used to obtain another state ID from any other state. The bottom line is no two people could use the same breeder document or a fraudulent/counterfeit one.  Perhaps best of all, our personal information does not need to go to DHS before we can buy, sell, work or travel.

You cannot reconcile a free society with a surveillance state!!!

 


Bonus Guide: Get "Top 5 Secrets of The Real ID agenda (Including 1 which makes You less secure)" - a free guide that reveals secrets revealed by the proponents of The Real ID Act of 2005. Get the guide.

ConstitutionalAlliance_50.pngAbout The Author

Mark Lerner is co-founder of Constitutional Alliance, an alliance of groups and individuals who support the Mission Statement.