Previous Politech message: http://www.politechbot.com/2007/03/07/real-id-act/ -------- Original Message -------- Subject: Re: [Politech] Real ID Act regulations finally released by Homeland Security [priv] Date: Wed, 7 Mar 2007 09:20:15 -0500 From: Steven Adler <adler1@private> To: Declan McCullagh <declan@private> Declan, The current rulemaking proposal has several key features: 1. It establishes federal standards in document authentication for drivers licenses: 2. Jurisdictional control will remain at the state and county level, as it is today, but data will be shared via remote query nationally and globally 3. There will be a machine-readable zone (MRZ) on the back of each license in the form of a 2D-barcode Privacy Issues: Current privacy debate centers on the MRZ because it will provide the first common electronic means to verify a drivers license. MRZ readers are cheap and common. Law enforcement would like the full data set on the front of the card to be written in the MRZ. Only the drivers license ID# and Zip Code are necessary, and the data should be encrypted. Law Enforcement might use that minimum data set to perform remote queries on the jurisdictional dataset and return different kinds of information based on the business purpose of the transaction and role of the requester. Businesses might also use the MRZ for ID verification and could have context-sensitive restrictions on access to the PII. For example, bars could swipe the MRZ and send remote queries to verify drinking age and a return dataset might only indicate green for above age, red for below. They might still photocopy the contents on the front of the card (a common practice), but electronic data gathering opportunities would be minimized. If the MRZ data is not minimized and encrypted, your drivers license will become a new form of EZpass: a convenient method for electronic authentication that will be easily linked to video and audio surveillance, creating electronic records of all your activities far beyond anything possible today. Regards, ______________________________________________________________________ Steven B. Adler, CIPP Program Director, IBM Data Governance Solutions adler1@private (516) 944-2598 Work (516) 643-1157 Mobile (610) 956-2598 eFax IBM Data Governance: http://www.ibm.com/ibm/responsibility/pdfs/IBM_CorpResp_2004-05.pdf _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Wed Mar 07 2007 - 23:39:42 PST