Security

Why REAL ID is not secure ID

The REAL ID Act has received a lot of bad press, but it's not the existence of a national standard ID that is the problem; it's the implementation.

The REAL ID Act was nominally intended as a means of improving personal and national security by standardizing identification across the United States, and by improving the security of ID cards. Unfortunately, it may very well succeed only in having the opposite of this intended effect. Among the many problems that REAL ID compliant identification may introduce are one-stop shopping for criminals who want to commit identity fraud, easier violation of privacy by illegal operations such as the NSA wiretapping scandal during the Bush adminstration, and tying personal data to technological implementation standards developed by bureaucrats rather than security experts.

It is not the fact of a national identification card standard itself that is to blame for these problems, though. The real issue is the poor design for the program, which ignores decades of tested and proven security principles. A better, more secure, standardized ID program would have to meet certain basic criteria that any security expert should be able to list with little effort:

  • Voluntary Identity Verification: Any use of the identification document must be employed solely at the discretion of the person whose identity is to be verified. No identity verification should be possible without the conscious consent of the person. To allow verification without direct, conscious consent is to allow verification without the person's knowledge, and not only constitutes a violation of privacy but also requires technology implementations that introduce greater vulnerability to unauthorized access to identity verification data.
  • Anonymous Authorization Verification: Part of the problem with use of a Social Security Number (SSN) for identification, and part of the reason the law nominally prohibits mandatory SSN disclosure for any reason unrelated to matters directly related to Social Security taxes and benefits, is the fact that it is both easily captured and misused for identity fraud and prone to creating privacy related security problems by tying all the data about a single person together. One must be able to verify authorization without having to disclose the identity itself to maintain the privacy and security of one's legal identity.
  • Cryptographic Signature: In addition to verifying the individual, a secure ID system must also provide a mechanism for verifying authorizations granted by the individual, in connection with both identity verification and anonymous authorization, which is most likely to be achievable at this time via cryptographic signatures. Potential applications of this functionality include verifiable anonymous voting, contractual agreement, and privacy respecting census data gathering.
  • Default Authorization Policy: For basic citizenship rights and privileges, default policy should be one of authorization. That is, people should be allowed to assert citizenship rights and privileges by default, with exceptions used to denote individuals whose authorizations have been curtailed, as in the case of felons who are prohibited from voting. A system with a default policy of denial, with exceptions used to denote individuals who are granted authorization, not only contradicts the assumptions of a system of respect for individual rights such as that provided by the US Constitution, but also systemically encourages tracking of individuals who make use of such authorizations, thus presenting far greater danger to individual privacy.
  • Strong Multi-Factor Authentication: Authentication schemes for government issued ID cards around the world would be humorous in their inadequacy, if the situation that arises as a result wasn't so tragic. Private banks provide better authentication security, despite significant vulnerabilities.

You may have noticed that the REAL ID Act provides for none of those requirements of a secure ID system. The key problems with the way governments tend to think about ID cards appear to be that they think about them in terms of two things, first and foremost:

  1. protecting governmental ability to assert power over citizens
  2. preventing counterfeiting

They should be thinking about protecting citizen identities from fraud. When viewed from that perspective, the path toward good ID document development is obviously that taken by such concepts as public key cryptography. Instead, we are faced by government imposing policies that, with every modification to the standard, makes ID cards feel more and more like DRM -- treating our identities like someone else's property, easily "stolen" by third parties.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

12 comments
Nate360
Nate360

It's the same thing as RealID only technologically updated "I am not a number, I am a free man!" Iron Maiden - The Prisoner

Nate360
Nate360

I see SecureID as an updated version of the original RealID dogtag. And yes it is a dog tag because everyone's a dog to the us government. I am Not A Number; I am a FREE MAN!!! - Iron Maiden - The Prisoner

deepsand
deepsand

All of the flaws, both practical and philosophical, have already been been hotly debated here at [i]TR[/i], with several members vigorously supporting Real ID. Where are such now? Have they come to see the errors in their thinking? Have they simply resigned themselves to defeat? Or, do they quietly believe that they have in fact prevailed, that Real ID will inevitably come to pass?

lheal
lheal

I am of two minds on the utility of a national ID card. As a nationalist, I like the idea of distinguishing citizen from non-citizen. But as a lover of liberty, I despise anything that extends power to the federal government. I go back and forth on this one. But a big problem with RealID is that to obtain one a person need only supply less-secure items such as a Social Security card or State driver's license (which are often based in turn on a birth certificate plus a utility bill or two). It turns items that are easier to forge into a token that is harder to forge, and which will confer on its bearer rights he or she should not have. In security terms, it attenuates trust. Far from combating identity theft, RealID would make it easier. It's typical of the pattern we find for the introduction of a new product or service: make it easy to use, to spur adoption, and then play security whack-a-mole as problems are discovered. Also at sourcery.blogspot.com

Dr_Zinj
Dr_Zinj

The question is not, "How do we implement Real ID?", it's supposed to be, "Should we have Real ID?" Since Real ID won't make us any more secure than we are now, will consume large amounts of tax payer dollars (and incidently mandate state spending on a federal program), and be one more thing for already task-saturated citizens to worry about, we should all write our Congreecritters and tell them no, No, 200 million times NO! Finally, follow the money, people. Who's pushing for this program, who's going to get the contract (which will be in perpetuity), and how do those companies connect to the people pushing the program? Their interests and goals are not what's best for the American people, it's what's best for their personal bank accounts.

bamyclouse
bamyclouse

And follow the power grabbers while you're at it. Someone competing with someone else for a good position in government could easily find a way to give their rival a black eye somewhere along the line. And it wouldn't be difficult. Check out the scanned documents on this site (admittedly conservative, but has the information): http://www.onenewsnow.com/Politics/Default.aspx?id=490506. Take a look at how they don't just blacklist people who have conservative views, but practically assume all returning Iraq/Afghanistan war vets are going to follow in Timothy McVeigh's footsteps - a real stretch, as thousands have returned and not one has blown up a government building full of little kids, even though many have been denied help for multiple conditions suffered as a result of the war, and have unemployment rates similar to those for disabled persons (over twice that of the normal populace by DOL statistics). To have them all compared to one whack job is a crime in itself IMO. If the government can, in official Homeland Security documents, class ordinary people with differing opinions as potential terrorists, therefore practically denying their first amendment rights, how much of a stretch is it to think they'll put this on a national ID card to ensure these folks are "controlled" for "the safety of the people"? How much stuff did the Soviet Union control in the supposed interests of "the people"? Just cross reference existing databases. You don't need anything more if you're interested in stopping fraud, and even that is dangerous enough.

misceng
misceng

The British government is well on the way to spending billions on an ID system. It has all the faults mentioned in the article. It is supposed to be secure because there are biometric elements coded into the card but no one has card readers which can access the biometrics and most companies won't be able to afford them. The advisers on biometrics have been forced to admit that they are not 100% effective so up to 60,000 people could find themselves classed as criminals because of unreliability in the system.

seanferd
seanferd

It's like a sieve pretending to be some kind of impenetrable barrier. And just like SSNs, regardless of how this national ID is designed, it will be used beyond its supposed scope for the convenience of government and and business. Therefore, I'd much rather it start out as a properly designed and secure instrument of identification. Thanks for the rather enlightening specific points you've provided. Always a pleasure to read your posts and learn something. (BTW, I found your post at SOB on the "imminent failure of Linux" entertaining as well.)

apotheon
apotheon

I tend to aim more for "thought-provoking" than "entertaining" here, for obvious reasons. Mostly, the "entertaining" happens at SOB -- and it's mostly "entertaining" by virtue of my attitude probably achieving comical heights of indignation or sardony when something gets my dander up. It's nice to know someone's reading (and enjoying) what I write.

bfpower
bfpower

...was when our governor here in Montana opposed the bill and told Homeland Security they could 'go to hell.' I'm not really a libertarian (and neither is Schweitzer), but I thought it was appropriate in the situation (even though we ended up complying in the end).

apotheon
apotheon

Last I heard, Montana was still saying "no". Did something change?

apotheon
apotheon

I've never been a fan of the approach to national security that consists of letting a bunch of security know-nothings make compromises, in the face of overwhelming evidence that they're cutting their own throats where security goals are concerned, just to make political gains. Somehow, though, this appears to be what everybody else in the United States chooses every election cycle. As a result, we end up with the REAL ID Act -- legislation that seems tailor made for the purpose of violating individual rights and privacy, counterproductive even in the goals of "national security" that are brought before Congress when the Act is debated, and doomed to security obsolescence before it is implemented -- instead of identification systems developed with input from independent security experts for the purpose of safeguarding each and every person who carries the resulting identification documents.

Editor's Picks