Homeland Security Director Defends Real ID

An anonymous reader writes "Homeland Security chief Michael Chertoff is defending the upcoming rollout of the national ID card as vital for the nation's security. Chertoff reminded reporters of the importance of the initiative after this week's uncovering of an ID-forging ring. The Real ID Act of May 2005 dictates the uses and requirements for the documentation, which by 2008 may be required for everything from travel to banking. Just the same, the HSD has yet to dictate how exactly the cards will work. " From the article: "The Homeland Security chief, who is nearing his two-year mark with the agency, was likely trying to quell rampant skepticism about the IDs voiced by some privacy advocates, immigrants and other groups. Some have said they fear that the IDs are a stepping stone to a veritable police state, complete with ready surveillance of individuals. Some have argued that the idea of creating more tamperproof IDs is only a marginally better way to screen out those intent on committing terrorist acts because ID cards don't even begin to tackle a core crime prevention challenge: determining a person's unspoken intentions. "

Oh no, think about our children!

[Salvance (1014001)]

Speaking for all college students out there (even though it's been 10 years since I've been one), I say "down with national ID cards!" How are our college students supposed to enjoy the company of their elders in fine drinking establishments without easily forged IDs? Punishing the resourcefulness of underage drinkers that are no threat to national security is just a crime.

Re:Oh no, think about our children!

[ronanbear (924575)]

Terrorists don't carry ID.

Of all the stupid irrelevant measures to fight terrorism. Forcing everyone to carry ID will just make the existing millions of people in America who are out of the system go further underground. It will make it much easier for the terrorists to hide if they want to stay in America and it will be harder for the FBI to track anyone.

Re:Oh no, think about our children!

[Anonymous Brave Guy (457657)]

Actually, terrorists often do carry ID. In fact, in most major terrorist attacks in the West since 9/11, the terrorists have been carrying genuine ID. The 9/11 hijackers used real ID to get on the planes. The Madrid train bombers had official ID. The London transport bombers were not using false ID.

This is why the whole ID card scheme business, both over in the US and here in the UK, is one big sham. In fact, our government has moved the goalposts so often, as each successive "justification" has been debunked, that I can't even remember what useful stuff they do think they'll achieve now.

Re:Oh no, think about our children!

[KillerCow (213458)]

Actually, terrorists often do carry ID. In fact, in most major terrorist attacks in the West since 9/11, the terrorists have been carrying genuine ID. The 9/11 hijackers used real ID to get on the planes. The Madrid train bombers had official ID. The London transport bombers were not using false ID.

This is why the whole ID card scheme business, both over in the US and here in the UK, is one big sham. In fact, our government has moved the goalposts so often, as each successive "justification" has been debunked, that I can't even remember what useful stuff they do think they'll achieve now.

You see, the new IDs will come with this form when you apply for one. It will have these check-boxes on it:
(select one)
* I intend to commit a terrorist act
* I do not intend to commit a terrorist act, but I will in the future
* I am a criminal
* I am a pedophile
* I believe in personal freedoms
* I am capable of critical though and analysis
* none of the above, therefore I am an honest citizen

If your status ever changes, you will be required to apply for a new card. It's completely fool-proof.

Re:Oh no, think about our children!

[Qzukk (229616)]

Which is why it is believed that this initiative might help. If you're here legally, you'll have an ID.

Unless this Real ID thing is a giant glowing ball that hovers over our heads, this won't help jack shit. Look up how many drivers there are estimated to be on our roads without licenses (or even with revoked licenses). Just like those people, terrorists without a Real ID card are going to go about their daily lives without a single problem.

But we're going to be out how many billions of dollars paying committees and well-connected companies to study the issue, propose designs, assign some kind of identification and issue these cards?

Re:Oh no, think about our children!

[dangitman (862676)]

If you can't produce one, then maybe you're someone that law enforcement might want to know about.

But then again, maybe you're just someone who forgets things or leaves them at home. Maybe you're a victim of pickpockets. Perhaps you put on the wrong pants.

It's not going to help law enforcement be more efficient if they go around interrogating everybody who forgets or loses their ID card. Actual troublemakers will probably be sure to have ID at all times.

Re:Oh no, think about our children!

[tbo (35008)]

If it was a rational world, the drinking age would be the same as the age at which you can sign up for the army to fight and die for your country. It seems pretty ridiculous that you could drive a tank at 19, but not have a beer afterwards. That said, you have brought up a good point: the negative consequences of accurate, reliable ID.

There are really three things people are worried about here:
1 - The possibility of fraud inherent in even an ideal ID system.
2 - The possibility of fraud in a real-world system implemented by the US government (i.e., one that will probably be poorly designed).
3 - The negative consequences of an accurate ID system.

There are positives, too. I'll classify them as follows:
1 + Personal benefits of an ideal ID system.
2 + Benefits to companies from an ideal ID system.
3 + National / social benefits.

Before I get into details, what do I mean by an ideal system? One in which you can prove to anyone you wish any of the following information, or some subset thereof: name, age, eligibility to work, driving license, professional certifications, credit "card" account, etc. For instance, you might want to prove to a bar's bouncer that you're of legal age, but not reveal your name, credit card number, or even your exact age. How could this work? As soon as you reach legal age, the government sends you a digitally signed "certificate" that includes your photo and a statement that you can drink. When you go to a bar, you can upload the certificate to the bouncer's PDA or whatever, and he checks to see the picture is you. If it is, you're in. To break this, you'd need to break public key cryptography, which you can probably only do with a quantum computer.

Now, let's get into details.

1 - Fraud in an ideal ID system
Even in an ideal system, the card will only be as good as the information used to create it. While such a system is being adopted, there's a window of opportunity for people to forge old-style IDs, then use them to get a new "official" ID with the forged information. This is commonly done with birth certificates now. This is the main issue.

2 - Fraud in a real-world system
Even compared to other governments, the US seems particularly bad at large-scale IT projects. It's surprising, considering all the IT talent in the country. A system designed by the US government would probably start with bad specs, have a bad design, and be poorly implemented. A disaster, in short. I suspect radical changes in the process might help here. Put NIST in charge of designing open standards, with the NSA consulting. Get Bruce Schneier, the EFF, and others involved. Maybe try something like the AES challenge.

3 - Negative consequences of an ideal system
This is the most insidious of all the negatives. An accurate, effective, ubiquitous ID card will be used for more and more things, and will become a method for tracking and controlling people. We'd need some really good privacy laws to prevent this, as well as a smart design that puts people in charge of their own information and how much they reveal.

1 + Personal benefits
Wouldn't it be great to ditch all those cards in your wallet and just have one thing to carry? I know I'd like that. It would also be great to not have to worry about ID theft (at least, not in an ideal system). Depending on how the backend worked, a unified ID could also mean not having to change your address in a gazillion databases every time you move (for instance, did you know the California DMV driver license database is independent of the California vehicle registration database, and you have to change your address separately in both?) Really, this category boils down to convenience and reduced vulnerability to ID theft, IF the system is well-designed.

2 + Benefits to companies
This one's pretty simple--reduced fraud leads to reduced expenses, for banks, credit card companies, and merchants. It probably also simplifies a lot of transactions, which wo

Straight outta sci-fi

[mandelbr0t (1015855)]

Can't remember the name of the book, but I know how this ends. Some guy who doesn't like me steals my ID card and/or replaces it with an invalid one, and I end up in jail because I can't prove who I really am. Federated identity is important; we can't have a single authoritative source for IDs or this sort of abuse will definitely happen.

mandelbr0t

Re:Straight outta sci-fi

[dunkelfalke (91624)]

first i wanted to point out that a national id works pretty much everywhere else in the world without the problems described by you.
but then i remembered that for example universal healthcare works pretty much everywhere else, too.

A few questions.

[CanSpice (300894)]

So how exactly would these new ID cards be forge-proof? If people are already forging IDs, what's to stop them from forging these new ones? And what problem does this national ID card solve?

Well, it can make a difference to a limited extent

[Sycraft-fu (314770)]

Most forgeries aren't perfect, in fact I'd say the vast majority are actually pretty shoddy comparatively. The problem comes when there are tons of kinds of IDs you need to recognise. Think about driver licenses. There are 50 different state variants and within those states there are often different types. I have seen not less than 4 variants on the Arizona license in the last 10 years, all of them still in circulation. That means that often those checking the IDs aren't able to do much more than a cursory job and make sure it's nothing something obvious like a paper picture glued on top. They aren't aware of all the security features to look for.

If there's a single, universal ID then the forgeries need to be much better. If you only need to learn about one ID, you can learn all the features on it and become quite familiar with it. Likewise any machine that checks it can be tailored to check all the security features to a high degree. This raises the bar a ton as now you have to produce essentially perfect forgeries and there aren't a lot of forgers that can do that.

Now please don't mistake this for an endorsement of the national ID concept, however it is a legit point. I can tell you to a very high degree of accuracy if an Arizona ID is real or not, at least if it's one of the newer ones, since I've looked at them quite carefully and gotten a list of the things to look for. However you give me a California ID and basically all I can do is look for stupid mistakes. I've no idea how it ought to actually look.

Re:Well, it can make a difference to a limited ext

[dgatwood (11270)]

On the other hand, most forgeries are bad precisely because there are so many types of IDs. Therefore, forgers must use fake base materials. All this will do is provide a single set of legitimate base materials that can be stolen anywhere and will be considered "trusted" everywhere. So now, instead of faking the materials in a local forgery ring, they'll buy the legitimate raw materials on the black market from someone who stole them in another state. Once that shift in operation occurs, all fake IDs will be almost indistinguishable from the real thing, making things worse than they are now, not better.

Re:A few questions.

[Chris Burke (6130)]

I find this worth mentioning in any article about national IDs that mentions a connection to fighting terrorism:

All of the 9-11 hijackers had valid ID.

If necessary, read that again and let it sink in.

I can't tell you what problem a national ID card solves, but I can tell you for sure what problem it doesn't solve.

Re:A few questions.

[mpaque (655244)]

I can't tell you what problem a national ID card solves

Oooh! I know! I know!

The problem is that right now it's just too darn hard to dig up information on the person whose ID you are checking. Under The Real ID Act, though, the state ID authority (usually the DMV) will be required not only to examine your birth certificate and social security card, but also to scan and create digital copies of them in their system, as well as collecting further information on their forms. This makes the database so created a convenient one stop shopping point for identity theft^Wverification.

Citizens, rest assured that the millions of checkpoints in airports, police cars, banks, and doctor's offices will all keep this information secure, protecting you from Evil and ensuring your continued Freedom. You do want to be Free, don't you? Just hand over the document, and you'll be Free to pass this checkpoint...

Re:A few questions.

[Maxo-Texas (864189)]

Biometrics stored in a secure national database.

Hell right now we could get most of that with your SSN, a picture of you, and a thumbprint stored centrally that had to be verified against.

The problem is not the id card. The problem is that soon after it comes in, it will be used for a lot of uses we never thought of. Ministers will be provably caught with gay or straight hookers, We'll know Ms Straight and Narrow down the corner buys leather whips and cuffs, We'll know john has a drug problem and that suzy buys a lot of booze.

As long as we have cash or some way to anonymize our credit (Xrost, etc) it's not such a big issue.

But they will be able to track where you are/go/etc.

HOWEVER

Weighed against that is the fact that we will never be able to secure our borders unless we have a national ID. And the risks of having non-citizens here are growing. When the likelyhood strangers will kill a couple million of us grows high enough-- we'll either give up the kinky sex or just say "to hell with it- I like kinky sex".

As MOST of us give up our secret's we will either become a straightlaced nation of prudes or we will become fairly jaded. But at least the illusions and lies will be reduced.

Who cares?

[mangu (126918)]

how exactly would these new ID cards be forge-proof?

It doesn't matter. Suicide terrorists couldn't care less about people knowing their real identities, it isn't as if they would have to repeat their crimes and worry about being recognized the second time...

Where do they think they get this power from?

[MalleusEBHC (597600)]

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people.

Where does the federal government claim to derive the power to mandate federal IDs? Are they using the interstate commerce clause yet again? There's one part of the Constitution that has been seriously misused time and time again and is in dire need of fixing.

Re:Where do they think they get this power from?

[morleron (574428)]

You are absolutely correct in that, according to the Constitution the Federal government has no power to impose this sort of regulation. The problem is that our masters in Washington have gotten into the habit of ignoring that document when they find it inconvenient for their purpose of expanding government police powers. I for one am tired of this "we need to be more secure" bullshit. Let's see, so far all of the terrorist attacks against Americans, on and off our shores have killed probably fewer than 5K people, certainly fewer than 10K and yet the average American seems to be convinced that terrorists are just around the corner and only more government surveillance will protect them. Why is this? I think it's because average Americans suffer from two major problems: they are unable to assess what poses the real risks in their lives and, thanks to our public uneducation system, they are convinced that the government is the source of all good and wisdom in our society. This makes it possible for power-mongers such as Chertoff to foist their specious reasoning off on the majority of the sheeple as gospel.

When one considers that the new REAL ID cards will probably have RFID chips embedded in them how long do you suppose it will be before the thousands of police surveillance cameras, that now keep tabs on a lot of our public spaces, will be equipped with RFID scanners so that a record can be kept of exactly who is within the camera's view at any given time. Welcome to the Soviet Union of America, where the government's police powers rampage unchecked and the citizenry have voluntarily surrendered their liberty - making that horrible trade-off of liberty for "security". Somehow or other this move must be stopped or we will run the very real risk of this ID turning into an internal passport - which it will be in some sense right out of the gate when one considers that it will be required in order to travel via airline to anywhere.

The idea that privacy will be better protected by the implementation of REAL ID is laughable. Not only will RFID chips make it easy for police to track the whereabouts of everyone, but you can bet that the same people who developed the technology to clone cell-phones won't be long in developing technology to allow criminals to read the REAL ID chips themselves. Then, the whole world will open up to them as no one will question my assertion that I'm you when I present them with a forged REAL ID card that has the stolen info on its own RFID chip. This whole scheme is nothing but a way to stick yet another part of the camel of unfettered State police powers into the the tent of people's private lives.

Since our Congresscritters are showing their usual lack of concern about the continual erosion of our civil liberties I think it's time we rubbed their noses in our concern. Let's put together a March on Washington for next July 4. I urge everyone reading this to go to Washington and just show up on the Mall come next 4th of July. We'll turn Washington into a "free speech zone" and tell our government that we're tired of the continual and expanding use of the police powers of the State to interfere with and monitor the affairs of normal American citizens. It's time that we show President Bush and the rest of the anti-civil liberties crowd that at least some of us take this threat seriously and we won't take it lying down. Marches and peaceful civil disobedience worked in the 60s and they can work again if people can be made to understand the fact that their own government is a far greater threat to their safety than any number of terrorists. I'd rather take my chances as a free man, thank you.

Just my $.02,
Ron

Re:Where do they think they get this power from?

[Jherek Carnelian (831679)]

It's not "mandatory", but any state that does not abide by the Real ID requirements won't recieve any federal funding for roads and such.

Which is a tactic that is abused even more than the interstate commerce clause. They take our money as federal tax and then ransom it back to us to make us do things we don't want to do.

Where they get this power from

[The Monster (227884)]

They take our money as federal tax and then ransom it back to us to make us do things we don't want to do.

And that is due to the twin abominations ratified in 1913, the 16th and 17th Amendments, which gave the national government the power to extract huge sums of money directly from the people, and took from the state legislatures their delegates in the Senate.

Imagine that you are a US Senator, elected to that position by the legislature of your state. A bill is proposed that will demand that the same legislature enact a certain law, and the state executive branch enforce it to the satisfaction of some national executive agency, or have funds withheld. Now imagine you want to be re-elected by that legislature. How do you think you're going to vote?

The result of these changes is that more and more decisions are being made in the US Congress and by the faceless mass of bureaucrats in national agencies, rather than in state capitals, county courthouses, and city halls. The concentration of power favors well-funded lobbyists who represent powerful interests, for whom the return on their investment can be huge; against diffuse interests of common citizens.

Instead of 50 different 'distros' of government, with the chance to learn from each other and merge improvements that succeeded elsewhere, we get stuck with a single implementation. Any flaws in that monoculture are global and potentially catastrophic.

National ID:Security::DRM:Data

[Alaren (682568)]

DRM for your data and national ID systems for your security. It's like a broken record. Making it harder to forge IDs will do... what exactly? The number of illegal immigrants who use no ID whatsoever should be our first clue.

This is yet another example of politicians who need to Do Something(TM). It's not really about protecting anyone or making the world a better place. It's about being able to say "we're hard at work here in DC, curtailing your civil liberties and ignoring the 10th amendment to the best of our abilities." It's about being able to say, next time something bad happens, "Well, we did something to prevent it, guess we need to do even more..."

When did government change from something that protects our freedoms from invaders and criminal elements into something that curtails our freedoms? I'm pretty sure it hasn't always been this way, though perhaps it is a predictable enough historic trend.

And this does... what?

[pluther (647209)]

So next time there's a terrorist suicide attack, they'll know who the people involved were, because they showed ID? Kinda like... last time... ?

But, if people enter the US from other countries, they'll be using their passports for ID, not this thing, so... um... what was the point again?

Ah, but if they made everyone, even people visiting from other countries, get one of these, then it's much more secure than showing the passport. And how would they get one? They'd need some other ID first... like, for instance, a passport...

So, what possible good can this do? Well, I guess it'll make it harder for underage kids to buy beer. Other than that? Nothing, really...

SSN

[Myopic (18616)]

I'm not exactly in favor of a national ID card, but this new program for implementing one makes me marginally happy. Why? Because we already have a national ID card, and it's a terrible one, trivial to abuse, trivial to forge, and used in contexts where it makes no sense: the Social Security Card. When the SSN card was first introduced, it was derided as a national ID card, but the proponents promised it wasn't. Well, it was, and we can see that by looking around us now. Do you want a driver's license? Well you better have a valid SSN card because one is required to get a license (this is a new rule as of summer 2006, so many of you might not realize this yet). Do you want a bank account? Need one. You need one for everything. My local video store demanded my actual physical SSN card before they would rent me a video. (I almost refused but I really really wanted to see Weekend At Bernie's II.)

So, shit, even though I don't want there to be a national ID card, the one coming soon is sure to be better than the one we have now.

I just really hope my new Social Conformity Number is 54601.

"realID" !! you know it's real, it's in the name!

[finkployd (12902)]

The DHS is run by over promoted bureaucrats who know absolutely nothing about security. We all know this, here is why this time:

First lets talk about passwords. One thing I run into that people who set corporate policies for passwords often do not understand is that the password strength is very rarely the weak point in an attack. Quite often the requirements will be sent to something crazy like 20 characters, no repeating characters, enforced alphanumeric, (you all know the usual strong password requirements) and they feel that is it. Oh, but to reset a forgotten password all you need to know is your mother's maiden name or some such. THAT is the weak link, you have effectively made every user's password their mother's maiden name. All of the other password strength requirements are irrelevant.

"How does this relate, finkployd, you arrogant prick?" I hear most of you asking. Simple, how does one get one of these super duper realID cards? I strongly suspect it is by showing OTHER, PRE-EXISTING forms of ID. How else would it work? The problem of how to distribute these cards in such a way that you know they are being generated for and sent to the proper people pales in comparison to actually designing the damn thing in the first place. It will certainly depend in some way on existing forms of ID, meaning it is absolutely no more secure then them.

Of course the government and financial institutions will inevitably consider it to be the absolute last word in authentication, so expect that if your identity is ever stolen via a false realID card, nobody will ever believe you. YOU will be financially (and likely criminally) responsible for anything done if your realID is spoofed. Good luck everyone, we are screwed :)

Finkployd

How would "Real ID" stop fraud?

[khasim (1285)]

Now that I'm older and I've been damaged by identity theft ($1k and counting, not to mention the credit damage and IRS audit)
I can't wait.

How would "Real ID" stop "identity theft"? Particularly since "identity theft" is basically fraud.

If anything, it will make it more difficult to "prove" that you did not apply for those loans, run up those credit cards, etc.

Nothing will stop fraud until the banks start having to pay for it instead of dumping the expense on their clients.

And the more a single piece of ID is accepted as "proof" of identity, the more valuable it becomes and the more people will try to forge it. Or just get a job in the office issuing them.