On CBSSports.com: It's official: LeBron James is the best

IT Security

Host: Chad Perrin
Contact

The REAL ID Act has sparked a lot of controversy — but what is it?

The REAL ID Act of 2005 enshrines in law a set of federal standards for state ID and driver’s license authentication, issuance, and security protocols. Identification cards that do not meet these standards cannot, according to this law, be accepted by the federal government for “official purposes”. Those official purposes are defined by the Secretary of Homeland Security, who at present lists as “official purposes”:

  • boarding commercial airline flights
  • entering federal buildings that require identification
  • entering nuclear power plants

Additional regulations were signed into law as part of the REAL ID Act, which itself was passed as a rider on the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, 2005.

Judging by all that, it sounds like most of us shouldn’t be able to board commercial flights at all — but such a restriction hasn’t happened yet. Initially, a transitional period was prescribed setting a deadline of 11 May 2008 for compliance. In 2007, that deadline was extended to December 2009, and a subsequent extension of that grace period pushed the enforcement deadline for the REAL ID Act requirements back to 2011.

As of 2 April 2008, all 50 states had either applied for extensions beyond the deadline or received extensions from the federal government without asking.

This is where the controversy comes in. Several state legislatures have passed resolutions (in some cases, like Colorado, non-binding resolutions) refusing participation in the program and several are currently considering such resolutions. In March 2008, New Hampshire became the second of four states to acquire an extension without asking, after Montana, by the trick of simply telling the Department of Homeland Security how secure its state ID and driver’s license program already is, which the DHS accepts as an informal request for an extension to “save face” while still backing down from threatening to punish the state’s citizens for non-compliance.

Of course, while the polite letters forwarded to the Department of Homeland Security by several states informing it of their estimation that REAL ID Act compliance is not necessary at this time, not all statements made by state officials are offered in a strictly polite tone. Montana’s Governor Brian Schweitzer famously said, in an NPR interview, literally said that his state’s position on issues like the REAL ID Act, when push comes to shove, is to “Tell ‘em to go to Hell”.

But . . . why?

Isn’t greater security important? Doesn’t a set of national standards set a minimum bar for security, bringing nationwide compliance up to at least a tolerable level? Aren’t standards — especially for something as important as security — good things?

The answer is complex, but key points include:

  • effectiveness: As Governor Schweitzer points out in the above-linked interview, most of the identified 9/11 hijackers would have qualified to be issued an ID under the requirements of the REAL ID Act.
  • privacy: Among other issues of privacy, this Act aims to create a national database, available to many federal and state agencies, tracking personally identifying information about carriers of REAL ID compliant identification cards — which could also contribute to increased risk of identity fraud.
  • risks: Some of the requirements of the Act may actually increase security risks, rather than reducing them. This is a common problem with broadly applied standards enacted by people (like Congress) who have no security expertise. Among the problems is the mandate for RFID chips in your wallet — a source of security vulnerability about which I’ve already written, in What to do about RFID chips in your wallet.
  • legality: The law created by the passage of the REAL ID Act may itself be illegal. Specifically, it has been argued that it is unconstitutional, violating the 10th Amendment.

Bruce Schneier, the closest thing to a rockstar in the security industry today, eloquently points out some of the problems and fallacious thinking that underlie the REAL ID Act in Schneier on Security: REAL ID.

Not all hope is lost for those who oppose the Act, even though it has already been signed into law. Not only are states making headway in opposing the federal push for adoption and compliance, but President-elect Obama has announced his selection of Janet Napolitano as head of the Department of Homeland Security. Napolitano has proven a vocal and prominent opponent of the REAL ID Act program in the past.

There’s a lot more to be learned about the REAL ID Act, its implications (as regards not only matters of security, but other subjects as well), and the controversy that surrounds it. A good place to start, of course, is Wikipedia’s REAL ID Act article.

What do you think of the REAL ID Act?

View Results

Loading ... Loading ...

Chad PerrinChad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools. Read his full bio and profile.

Print/View all Posts Comments on this blog

REAL ID in a nutshell apotheon | 01/08/09
We don't need to stinkin' Big Brother Sterling "Chip" Camden | 01/08/09
With corporate intrusion a half-second behind seanferd | 01/12/09
little difference apotheon | 01/12/09
Aye. seanferd | 01/14/09
Right, TonytheTiger | 01/14/09
I almost opted for the choice The Scummy One | 01/08/09
I went for the "good idea, poorly executed' option. Palmetto | 01/08/09
I'm with you on this one NickNielsen | 01/11/09
IDs, et cetera apotheon | 01/11/09
ss pgit | 01/12/09
There's mandatory, and there's mandatory. apotheon | 01/12/09
Standard <> Mandatory FatNGristle | 01/13/09
exactly apotheon | 01/13/09
Real SSN vs Fake SSN Palmetto | 01/13/09
@Palmetto: fraud? Sterling "Chip" Camden | 01/13/09
Chip, please re-read the post. Palmetto | 01/13/09
National ID scarville@... | 01/13/09
A military ID is NOT a National ID. deepsand | 01/21/09
Would the following scenario be eliminated by REAL ID? Jlona | 01/14/09
Incidental update Palmetto | 01/14/09
My point exactly Jlona | 01/14/09
I agree with you Palmetto | 01/14/09
choice words pgit | 01/12/09
Truth be told spam2@... | 01/12/09
Whaddya mean "can be" TonytheTiger | 01/14/09
yep! pgit | 01/15/09
When in school The Scummy One | 01/15/09
ah, Novell in school... fond memories Neon Samurai | 01/15/09
During this course The Scummy One | 01/15/09
a good teacher does make a difference Neon Samurai | 01/16/09
good teacher indeed... pgit | 01/17/09
RE: REAL ID in a nutshell SSkawronska@... | 01/08/09
If it's anything like the bogus Clear pass, then NOOOOOOO jmgarvin | 01/08/09
I think everyone is saying santeewelding@... | 01/08/09
No trial by ordeal, thanks for asking Sterling "Chip" Camden | 01/09/09
Thank you santeewelding@... | 01/09/09
You're doing it wrong. apotheon | 01/09/09
Alas santeewelding@... | 01/09/09
Christians weren't the first to believe that Sterling "Chip" Camden | 01/10/09
And it all follows w2ktechman | 01/10/09
Yes: The desired result seanferd | 01/12/09
RE: REAL ID in a nutshell z0phi3l@... | 01/08/09
It's more like mixed nuts. apotheon | 01/08/09
Got foresight? boxfiddler | 01/09/09
It's about liberty, not conspiracies Sterling "Chip" Camden | 01/09/09
Not nuts... JCitizen | 01/13/09
RE: REAL ID in a nutshell picobot@... | 01/09/09
Tin foil, aisle 9. Palmetto | 01/09/09
uh huh picobot@... | 01/09/09
I must say DMambo | 01/09/09
Thanks, but this frightened child misspoke. Palmetto | 01/09/09
They shouldn't have let you post... Sterling "Chip" Camden | 01/10/09
That's just as misleading as UFO denial seanferd | 01/12/09
There is Tinfoil then there is Tinfoil scarville@... | 01/13/09
Okay, that's a hoot. Palmetto | 01/13/09
Aluminum soup pot... boxfiddler | 01/09/09
normally steel melts at 1510?C but the CIA lowered it on 9/11 kpthottam@... | 01/14/09
Close, but wrong timeline Palmetto | 01/14/09
Now you've gone and done it... CaptBilly1Eye | 01/14/09
Did I miss a sarcasm tag? NickNielsen | 01/14/09
No molten steel in the basement? kpthottam@... | 01/14/09
BTW Eagar logic pseudo explains only for the floors with fires kpthottam@... | 01/14/09
Get your eyes fixed NickNielsen | 01/14/09
It isn't a pack of cards, there were bolts, rivets holding them together kpthottam@... | 01/15/09
So what you're saying NickNielsen | 01/15/09
Your right they couldn't... JCitizen | 01/15/09
momentum transfer calculation kpthottam@... | 01/16/09
That's a good analysis NickNielsen | 01/16/09
Not to mention.... JCitizen | 01/16/09
Mmmmmm . . . agnesium. apotheon | 01/17/09
Yes, and with a little oxygen... JCitizen | 01/17/09
Following santeewelding@... | 01/18/09
Its just one example... JCitizen | 01/18/09
floor joists analysis and more kpthottam@... | 01/19/09
Are you kidding? NickNielsen | 01/19/09
you just echoed what is explained in the link I provided kpthottam@... | 01/20/09
Poor choice of words NickNielsen | 01/20/09
how many core columns? kpthottam@... | 01/20/09
Again I ask...are you kidding? NickNielsen | 01/20/09
empirical analysis makes the difference for me kpthottam@... | 01/21/09
All things considered . . . apotheon | 01/21/09
I must agree with apotheon here seanferd | 01/22/09
I thought as well santeewelding@... | 01/22/09
Thus is the danger of ranging off topic.. JCitizen | 01/22/09
Here's your true conspiracy theorist Sterling "Chip" Camden | 01/09/09
well if you lack the data... picobot@... | 01/09/09
Barker at the entrance santeewelding@... | 01/09/09
Better leave a trail of thread Sterling "Chip" Camden | 01/10/09
two things apotheon | 01/09/09
so then you think... picobot@... | 01/09/09
There's more than one side of each story . . . apotheon | 01/09/09
Also remember the #1 rule of US intelligence Sterling "Chip" Camden | 01/10/09
Are you dumb or just stupid? jdclyde | 01/09/09
You're not being nice to the new kid. Palmetto | 01/09/09
Ok, how about this jdclyde | 01/09/09
actually, I'm an IT professional and... picobot@... | 01/09/09
Prove a negative . . . ? apotheon | 01/09/09
"thats the reason they installed bush in the first place" Palmetto | 01/09/09
shocked -- You Dont Know shocked The Scummy One | 01/09/09
HA!..LOL!... laugh (NT) JCitizen | 01/13/09
Uh, 5:40pm? Sterling "Chip" Camden | 01/10/09
Fact Checking -- oops w2ktechman | 01/10/09
What I liked NickNielsen | 01/11/09
I caught onto that too w2ktechman | 01/12/09
Actually, I'm a trained structural engineer... JCitizen | 01/13/09
Prison sex? shocked jdclyde | 01/14/09
Evacuation... JCitizen | 01/15/09
You had better be careful.... CaptBilly1Eye | 01/14/09
HA!.. MIB!! Good one Cap'n!! ....=) JCitizen | 01/15/09
What amazes me about conspiracy theorists neilb@... | 01/09/09
Oooh santeewelding@... | 01/09/09
That's not the biggest. apotheon | 01/09/09
That's pretty big santeewelding@... | 01/14/09
Antithesis boxfiddler | 01/14/09
Complement santeewelding@... | 01/14/09
Thank you. boxfiddler | 01/14/09
nah apotheon | 01/14/09
When you want to be santeewelding@... | 01/14/09
By any chance jdclyde | 01/09/09
I hadn't but I've just watched it neilb@... | 01/09/09
who dropped a mud puppy in the urinal jdclyde | 01/09/09
Pity. boxfiddler | 01/09/09
The only GOOD mud puppy jdclyde | 01/09/09
I was talking about boxfiddler | 01/09/09
@boxfiddler re: crawdads Sterling "Chip" Camden | 01/10/09
@sterling... boxfiddler | 01/10/09
I went all over the place santeewelding@... | 01/09/09
A partial link jdclyde | 01/09/09
Thank you so much, jd santeewelding@... | 01/09/09
This is what I watched first neilb@... | 01/10/09
the link picobot@... | 01/12/09
No, that's not THE link Palmetto | 01/12/09
We've already been there NickNielsen | 01/11/09
He may also wish santeewelding@... | 01/11/09
But that would require s/h/it were to open his/her/it's mind jdclyde | 01/11/09
That sounds interesting NickNielsen | 01/14/09
Probably not santeewelding@... | 01/14/09
Privacy-Anonymity Security-Transparency bboyd@... | 01/09/09
With Interest The Scummy One | 01/09/09
Coincidence? Or something more?!? DMambo | 01/09/09
Better play TAPS Sterling "Chip" Camden | 01/10/09
You mean it's NOT Jaqui | 01/09/09
Actually it's a world wide signon doug@... | 01/12/09
Quit screwing around. Just chip me. doug@... | 01/12/09
Oh Brave New World Sterling "Chip" Camden | 01/12/09
3 forms? pgit | 01/12/09
The problem . . . apotheon | 01/12/09
No, the problem is that we accept it. doug@... | 01/13/09
Yes but wayoutinva | 01/13/09
No cancer. doug@... | 01/14/09
No cancer? shocked NickNielsen | 01/14/09
Everything causes cancer. apotheon | 01/14/09
Just ask Joe Jackson. boxfiddler | 01/14/09
Cancer is hereditary in lab rats. No text. Palmetto | 01/14/09
They shouldn't smoke, either. santeewelding@... | 01/14/09
Now wait a minute NickNielsen | 01/14/09
RE: REAL ID in a nutshell david.shane@... | 01/13/09
Yep wayoutinva | 01/13/09
The states have to go along. doug@... | 01/14/09
Damn, that's depressing. apotheon | 01/14/09
Please reference my other post to you on States powers.. JCitizen | 01/16/09
Self--defeating System gary@... | 01/13/09
frangible bullets apotheon | 01/13/09
Nobody cares if mistakes are made. doug@... | 01/14/09
REAL ID: Welcome to the United Fear States of America jgmsys@... | 01/13/09
Hmmm... blanchoid@... | 01/13/09
Are you sure about that? apotheon | 01/13/09
Ever flown to Israel? Palmetto | 01/13/09
Hmmm... blanchoid@... | 01/13/09
Don't need it, Don't want it! blanchoid@... | 01/13/09
England is already requiring RFID id's doug@... | 01/14/09
I live at the border. We need a TRUE delimeter other than a broken fence. Photogenic Memory | 01/13/09
I can't support the card as currently proposed, Palmetto | 01/13/09
You didn't see the updated plans jdclyde | 01/14/09
You're joking, but Palmetto | 01/14/09
drone planes help jdclyde | 01/14/09
illegal arms smuggling apotheon | 01/14/09
Absolutely Incorrect Ap. Photogenic Memory | 01/14/09
Yup, they are already w2ktechman | 01/14/09
Wrong and non-sensical Photogenic Memory | 01/14/09
The nice thing about drones jdclyde | 01/15/09
Why go over the fence when you can go under. Photogenic Memory | 01/14/09
Over, under, or through. Palmetto | 01/15/09
Well, the fence idea is just misdirection doug@... | 01/16/09
bah, humbug apotheon | 01/13/09
the nice thing jdclyde | 01/14/09
And one you forgot. Palmetto | 01/14/09
A real case with Walmart jdclyde | 01/14/09
Clarification, please - Edited Palmetto | 01/14/09
You have no idea..... jdclyde | 01/14/09
You know what they say about assumptions jdclyde | 01/14/09
Well, what could be better than chips? doug@... | 01/14/09
And this solves what problem exactly? The Scummy One | 01/14/09
Cloning the chip doesn't work. doug@... | 01/15/09
Famous last words.... TonytheTiger | 01/15/09
Just because it is done The Scummy One | 01/15/09
Do you understand what a picture is? happy doug@... | 01/16/09
People change appearance w2ktechman | 01/16/09
Ah yes. boxfiddler | 01/14/09
laugh The Scummy One | 01/15/09
Chips AND dip? seanferd | 01/15/09
An Acid dip works well The Scummy One | 01/15/09
Real ID, perhaps not the better idea... JCitizen | 01/13/09
The difference is the centralized database. doug@... | 01/15/09
I realize the control of the data needs to be centralized.. JCitizen | 01/15/09
It's not that complicated. doug@... | 01/16/09
I agree... JCitizen | 01/16/09
You're right, states are free to not use digital licenses doug@... | 01/18/09
Laws can be repealed NickNielsen | 01/18/09
You niggle, Nick. santeewelding@... | 01/18/09
both doug and Nick apotheon | 01/18/09
@santee... JCitizen | 01/18/09
JCitizen santeewelding@... | 01/18/09
@santee... JCitizen | 01/18/09
J santeewelding@... | 01/18/09
Cool! Thanks for the input!....(NT) JCitizen | 01/18/09
What . . . would come to pass? apotheon | 01/18/09
indubitable...(NT) JCitizen | 01/22/09
Re. "Wouldn't it be much more secure if ... " deepsand | 01/24/09
How is this for secure? seanferd | 02/03/09
Oh yeah!... JCitizen | 02/05/09
For those who mocked the Faraday Cage wallet seanferd | 02/05/09
It's got rot in it - that is for sure... JCitizen | 02/05/09
You can clone them but you can't change them. doug@... | 02/06/09
You think so . . . ? apotheon | 02/06/09
For now, just assume an RFID-only scenario seanferd | 02/06/09
indeed apotheon | 02/07/09
Yes seanferd | 02/07/09
It's a bit late to be complaining doug@... | 02/08/09
I think that's the idea. doug@... | 02/08/09
Not sure seanferd | 02/08/09
I think that's a bad idea. apotheon | 02/08/09
Well, it is more secure than signets! deepsand | 02/07/09
This santeewelding@... | 02/07/09
But spectroscopic analysis of the wax seanferd | 02/07/09
The modern signet . . . apotheon | 02/08/09
Get with your new colleague, Michael santeewelding@... | 02/08/09
But, if it's open, then ... deepsand | 02/11/09

What do you think?

White Papers, Webcasts, and Downloads

Recent Entries

TR on Twitter

Archives

TechRepublic Blogs


IT Manager's Tool Kit, Third Edition
Proven peer-authored advice and over 30 templates cover a variety of management topics to help you overcome staffing, financial, disaster planning and other technology challenges.
Buy Now
Essential IT Forms
From computer account access requests to help desk trouble tickets and more, IT departments of all sizes will find these forms invaluable to their resource-tracking and record-keeping efforts.
Buy Now

Meet Doc

advertisement
Click Here