[Politech] Real ID Act regulations: a critique by Steven Adler [priv]

From: Declan McCullagh (declan@private)
Date: Wed Mar 07 2007 - 23:26:24 PST


Previous Politech message:
http://www.politechbot.com/2007/03/07/real-id-act/

-------- Original Message --------
Subject: Re: [Politech] Real ID Act regulations finally released by 
Homeland	Security [priv]
Date: Wed, 7 Mar 2007 09:20:15 -0500
From: Steven Adler <adler1@private>
To: Declan McCullagh <declan@private>

Declan,

The current rulemaking proposal has several key features:

1.  It establishes federal standards in document authentication for
drivers licenses:

2.  Jurisdictional control will remain at the state and county level, as
it is today, but data will be shared via remote query nationally and
globally

3.  There will be a machine-readable zone (MRZ) on the back of each
license in the form of a 2D-barcode

Privacy Issues:

Current privacy debate centers on the MRZ because it will provide the
first common electronic means to verify a drivers license.  MRZ readers
are cheap and common.  Law enforcement would like the full data set on the
front of the card to be written in the MRZ.

Only the drivers license ID# and Zip Code are necessary, and the data
should be encrypted.  Law Enforcement might use that minimum data set to
perform remote queries on the jurisdictional dataset and return different
kinds of information based on the business purpose of the transaction and
role of the requester.  Businesses might also use the MRZ for ID
verification and could have context-sensitive restrictions on access to
the PII.  For example, bars could swipe the MRZ and send remote queries to
verify drinking age and a return dataset might only indicate green for
above age, red for below.  They might still photocopy the contents on the
front of the card (a common practice), but electronic data gathering
opportunities would be minimized.

If the MRZ data is not minimized and encrypted, your drivers license will
become a new form of EZpass: a convenient method for electronic
authentication that will be easily linked to video and audio surveillance,
creating electronic records of all your activities far beyond anything
possible today.


Regards,

______________________________________________________________________
Steven B. Adler, CIPP
Program Director, IBM Data Governance Solutions
adler1@private
(516) 944-2598 Work
(516) 643-1157 Mobile
(610) 956-2598 eFax

IBM Data Governance:
http://www.ibm.com/ibm/responsibility/pdfs/IBM_CorpResp_2004-05.pdf
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Wed Mar 07 2007 - 23:39:42 PST