USACM Urges Revisions To National Identification Policy
Proposes Delay in Real ID Implementation to Assure Individual Privacy and Security
The Association for Computing Machinery
USACM URGES REVISIONS TO NATIONAL IDENTIFICATION POLICY
Washington, DC - May 8, 2007 - ACM's US Public Policy Committee (USACM) today issued a series of recommendations that address serious flaws in the nation's REAL ID Act. In comments to a proposed rulemaking setting out regulations for implementing this law, USACM said the proposed regulations fall short of protecting privacy, ensuring security, and maintaining accurate personal information. USACM also noted that the regulations fail to set clear standards for states to use in implementing drivers' licenses and identification cards, which are required under the law.
The REAL ID Act is intended to be the 'gold standard' for identification purposes in the U.S. It establishes a de facto national identification system by requiring states to collect, maintain, and share vast amounts of personal information, and to issue standard forms of identification to all Americans.
"The policy behind REAL ID has been flawed from the moment Congress proposed it. Without sufficient safeguards, it has the potential to enable identity theft on an unprecedented scale. The proposed rules are at best vague in addressing privacy, security and accuracy risks, and at worst, they increase these risks." said Eugene Spafford, USACM Chair, and professor of computer science at Purdue University. "States are likely to be financially strapped when they begin to implement REAL ID. Simply punting the implementation details to the states is a recipe for disaster. We could see a multitude of standards with minimal resources dedicated to ensuring that privacy, security and accuracy concerns are addressed."
USACM commented that the proposed regulations do not specify minimum standards or accountability for states to manage state-to-state data exchanges openly and comprehensively, and they are silent on key privacy, security, and accuracy issues. For example, the Act and the proposed rules do not consider insider threats to security, which represent a signification percentage of identity theft. There are also no procedures in place to handle common mismatches of data on official documents, which are likely to deny proper identification through honest mistakes.
USACM's comments recommend that the REAL ID act implementation procedures push for stronger, more detailed privacy, security and accuracy provisions, including:
- Delaying implementation until all underlying databases and inquiry systems have been fully tested and are operational
- Minimizing the data stored on identification cards and drivers licenses
- Specifying privacy, security and accuracy standards for licenses, databases and inquiry systems
- Basing privacy standards on the Fair Information Practices, the cornerstone of modern privacy practice
- Requiring security consistent with established standards, such as those developed by the National Institute of Standards and Technology (NIST) and the International Standards Organization (ISO)
- Including strong access control procedures for REAL ID documents and data
- Requiring data breach notification procedures for agencies controlling REAL ID data or documents
- Limiting the scope of the usage of REAL ID to only those uses specified by law
- Requiring mandatory logging of access to sensitive information to protect privacy and combat misuse
The comments from USACM also urged the Administration to send Congress proposed legislation that addresses the many issues that cannot be resolved within the rulemaking process.
For more information on USACM's comments on the notice of proposed rulemaking for minimum standards for driver's licenses and Identification cards, please visit http://www.acm.org/usacm/.
USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). USACM members include leading computer scientists, engineers, and other professionals from industry, academia, and government.
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world's computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
ACM/Press Release. Last updated May 8, 2007 by Steven Geringer