USACM Fears Identity Theft Risks from National ID Plan Rules
Association for Computing Machinery
Advancing Computing as a Science & Profession
||ACM Public Policy Office|
USACM FEARS INCREASED RISKS TO IDENTITY THEFT FROM IMPLEMENTATION RULES FOR NATIONAL ID PLAN
Computing Group Favors More Effective Efforts to Increase Security, Reduce Fraud
Washington, DC – January 15, 2008 -- ACM’s US Public Policy Committee (USACM) today released a statement pointing to flaws in the final standards issued by the U.S. Department of Homeland Security (DHS) restricting how state driver’s licenses and ID cards are provided. The standards, announced on January 11, were issued as part of the requirements of the 2005 REAL ID Act with the intention to make it more difficult to fraudulently obtain a driver’s license. USACM said the standards for state-issued driver’s licenses and personal identification cards as recently issued will not meet their stated purpose of providing a “gold standard” for identification. In addition, the new standards will require expanded collection of personal information and documents, and necessitate storage of this material in a form that makes this sensitive information easier to copy and falsify for fraudulent purposes.
“The emphasis placed on the use of REAL ID will provide greater incentives to obtain fraudulent IDs that will then be accepted as ‘proof’ of identity nationwide,” said Eugene Spafford, USACM Chair, and professor of computer science at Purdue University. He noted that USACM has repeatedly emphasized in its official statements that national access to personal data collected as part of the ID process, when coupled with weak or non-existent security controls and penalties, will only serve to encourage efforts to obtain IDs with fraudulent documents, and to subvert local officials responsible for issuing these materials.
Spafford concluded that these rules represent a major step backward in preventing identity theft. “Under this system each state is required to collect detailed personal information from each applicant including birth certificate data and digital photographs, and to store this information in a database. These state databases are then required to be linked with each other and with national databases, potentially providing thousands of places where personal information can be stolen, accessed, or manipulated.”
USACM experts have noted in comments to DHS that the system as proposed does not sufficiently define effective privacy and security plans for adequately protecting this trove of private information, and thus, further compounds the significant risk of unauthorized access to personal information.
USACM strongly supports efforts to increase security against criminal activity, but Spafford disputed the notion that standardized driver’s licenses or identity cards would achieve that goal. “Identity should not be confused with intent. Simply because people’s names are known does not prevent them from engaging in criminal behavior or terrorist activities,” he said, adding, “The main idea behind REAL ID is based on this false premise – that if we know who people are, it will prevent them from committing crimes.” (For more information on differentiating identity and identification, view this short explanation at http://www.acm.org/usacm/Issues/identity.pdf)
USACM also objected to requirements that these driver’s licenses would be the only valid licenses for individuals to fly on planes or gain access to Federal buildings, as indicated in the rules. “If an ID is required for entry, then any good ID should suffice; if it must be federally certified, then a Federal identification document should be issued. The state driver’s license is not intended for these purposes. Knowing how to drive should not be a requirement for passengers to board a plane,” Spafford concluded.
The claim that the REAL ID standards do not constitute a national ID program was also challenged by USACM. By setting uniform standards, establishing nationally linked databases, and then requiring these documents to be displayed for normal activities, USACM noted that the whole process will be a de facto national ID program.
USACM also said that the provision to extend deadlines in the final ruling simply spreads to state taxpayers the significant costs of complying with the rules over more time. Currently, one third of state governments have passed resolutions or legislation prohibiting compliance with REAL ID because of cost and privacy considerations.
For more information on USACM’s position on privacy, national ID systems, and database protection, please visit http://www.acm.org/usacm/.
USACM is the U.S. Public Policy Committee of the Association for Computing Machinery (ACM). USACM members include leading computer scientists, engineers, and other professionals from industry, academia, and government.
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.
# # #