"REAL ID", REALly Bad IDea

On Tuesday night the Senate passed the "REAL ID" legislation that was bundled with an Iraq spending bill. For those who don't know, The REAL ID Act (text of the bill and the Congressional Research Services analysis of the bill) establishes uniform standards for state driver's licenses, effectively creating a national ID card. Americans overwhelmingly reject national IDs in general, so Congress used the Iraq spending bill as a cover to once again place yet another unfunded mandate on States that wrestles even more liberty from the hands of individuals. And I thought that Republicans were supposed to be federalists.

While I have many theoretical and philosophical problems with a National ID card, I want to talk about some of the practical problems we can expect to have to deal with. As a database engineer I feel I have a unique perspective on this.

Any National ID card system would have to be made up of at least 2 major components and 2 systems.

1. The physical card that contains information about the individual (name, address, photograph, physical description, birthday, etc...) is the first component. The legislation requires that the card include a "common machine-readable technology" (i.e., barcode, magnetic strip, or a RFID chip) as well as requires anti-counterfeiting technology. To truly be national, these technologies will need to be standardized and agreed upon by all the states. Can you imagine trying to get 50 technologist to agree that one kind of technology is better than another?
   
2. Besides the actual physical card, there would need to be a database somewhere that contains all of the same information. This database would need to be accessible by tens of thousands of people and other systems (such as all 50 states' current driver's licencesing systems). The two major systems would have to be able to interact with this database.
   
1. There has to be a system for checking the card data against the database. The database will have to be available to people who need to verify the cards, otherwise it is useless.
   
2. There has to be some sort of registration procedure that verifies the identity of the applicant and the personal information, puts it into the database, and issues the card. Also, there must be a way to change that information (mistakes happen, from data entry errors to fraudulent information provided).

"So what?" you say. Well, that fact is that we have to understand the weaknesses of each of these modules. Any one of these components can fail.

1. Most obvious is that the cards can be counterfeited. Yes, I know that the manufacturers of these cards claim that their anti-counterfeiting methods are perfect, but there hasn't been a card created yet that can't be forged. Nor will there ever be. It is a fact of technological life that all technologies have flaws that can be exploited. All you can really do is try to make the cost of exploiting the technological flaw greater than the benefit of the exploit. If the benefits of breaking that technology are great enough, you will have people expend the necessary resources to break the system.
   
   Identity theft is already a big problem; if there is a single ID card that signifies identity, forging that will be very beneficial to crooks. I guarantee that there will be a great premium for stolen IDs just like stolen U.S. passports are worth thousands of dollars in some Third World countries. Biometric information, whether it be pictures, fingerprints, retinal scans, or something else, does not prevent counterfeiting; it only prevents one person from using another person's card. Of course, there is always the human component. How do you guarantee the person verifying the card is paying attention. How many times have you had a store clerk actually compare your credit card signature to your driver's license? How do underage teens get by using cards that clearly belong to someone else?
   
   
2. The database can and will fail. While I am sure that proper precautions will be taken to guarantee against hardware failure (redundant locations, replication, etc...) there are conceivable scenarios where the entire tele-communications infrastructure will fail making that data inaccessible.
   
   Add to that fact that large databases of information always have errors and outdated information. I maintain databases of students, courses, and personnel for 30 institutions that serve about 100,000 students a term. This is small compared to what the REAL ID database would need to be to handle. Anyway, we are always finding dirty data. Some of that is data entry errors. Sometimes it is incomplete information. Sometimes the information given was fraudulent. We try to have validations, checks and balances...but even then, we don't always catch errors. Then, as standards evolve and data definitions change, the old data no longer conforms. I can see these problems being magnified 100 times in this system. How many of you have had to deal with a company to try and get some information in their database changed about you? Hours and hours on the phone. Then, some peon says he has updated the info, but the next time you call or whatever, you find the old info still there. Then you find out that it may take weeks and weeks for a company to replicate changes to all of its different databases. If ID cards become ubiquitous and trusted, it will be harder than ever to rectify problems resulting from erroneous information.
   
   Let's investigate for a moment the very real risk that the information in the database will be used for unanticipated, and possibly illegal, purposes. Any of the tens of thousands of users of the database can use the information in the database for illegitimate purposes. There is no technological mechanism available that can protect information from the unethical and unscrupulous people. As a moral person, I see myself as a data steward. I am entrusted with protecting and using that data appropriately. I don't have to; I choose to. It is ludicrous to imagine that all the people who would have to have access would hold the same moral standards concerning the data that I do.
   

   In this country, there isn't a government database that hasn't been misused by the very people entrusted with keeping that information safe. IRS employees have perused the tax records of celebrities and their friends. State employees have sold driving records to private investigators. Bank credit card databases have been stolen. Sometimes the communications mechanism between the user terminal -- maybe a radio in a police car, or a card reader in a shop -- has been targeted, and personal information stolen that way.

3. There are insecurities in the registration mechanism. It is certainly possible to get an ID in a fake name, either with insider help, with forged source documents, or through ineptness of the issuing personnel. There have been cases where motor vehicle employees were issuing legitimate drivers licenses in fake names for money. Two of the 9/11 terrorists were able to get drivers' licenses even though they did not qualify for them.
   
   Most important, the database has to be interactive so that, in real time, authorized persons may alter entries to indicate that an ID holder is no longer qualified for access -- because of death or criminal activity, or even a change of residence. It is important to remember that the Great Wall of China was never breached but that China was attacked due to bribery of a gate guard. An interactive database has as its gatekeepers, people.

While I could talk about the potential privacy encroachment and the totalitarian potential of national IDs, my main objection to the national ID card is that it won't work practically. It won't make us more secure.