The REAL ID Act was nominally intended as a means of improving personal and national security by standardizing identification across the United States, and by improving the security of ID cards. Unfortunately, it may very well succeed only in having the opposite of this intended effect. Among the many problems that REAL ID compliant identification may introduce are one-stop shopping for criminals who want to commit identity fraud, easier violation of privacy by illegal operations such as the NSA wiretapping scandal during the Bush adminstration, and tying personal data to technological implementation standards developed by bureaucrats rather than security experts.
It is not the fact of a national identification card standard itself that is to blame for these problems, though. The real issue is the poor design for the program, which ignores decades of tested and proven security principles. A better, more secure, standardized ID program would have to meet certain basic criteria that any security expert should be able to list with little effort:
- Voluntary Identity Verification: Any use of the identification document must be employed solely at the discretion of the person whose identity is to be verified. No identity verification should be possible without the conscious consent of the person. To allow verification without direct, conscious consent is to allow verification without the person’s knowledge, and not only constitutes a violation of privacy but also requires technology implementations that introduce greater vulnerability to unauthorized access to identity verification data.
- Anonymous Authorization Verification: Part of the problem with use of a Social Security Number (SSN) for identification, and part of the reason the law nominally prohibits mandatory SSN disclosure for any reason unrelated to matters directly related to Social Security taxes and benefits, is the fact that it is both easily captured and misused for identity fraud and prone to creating privacy related security problems by tying all the data about a single person together. One must be able to verify authorization without having to disclose the identity itself to maintain the privacy and security of one’s legal identity.
- Cryptographic Signature: In addition to verifying the individual, a secure ID system must also provide a mechanism for verifying authorizations granted by the individual, in connection with both identity verification and anonymous authorization, which is most likely to be achievable at this time via cryptographic signatures. Potential applications of this functionality include verifiable anonymous voting, contractual agreement, and privacy respecting census data gathering.
- Default Authorization Policy: For basic citizenship rights and privileges, default policy should be one of authorization. That is, people should be allowed to assert citizenship rights and privileges by default, with exceptions used to denote individuals whose authorizations have been curtailed, as in the case of felons who are prohibited from voting. A system with a default policy of denial, with exceptions used to denote individuals who are granted authorization, not only contradicts the assumptions of a system of respect for individual rights such as that provided by the US Constitution, but also systemically encourages tracking of individuals who make use of such authorizations, thus presenting far greater danger to individual privacy.
- Strong Multi-Factor Authentication: Authentication schemes for government issued ID cards around the world would be humorous in their inadequacy, if the situation that arises as a result wasn’t so tragic. Private banks provide better authentication security, despite significant vulnerabilities.
You may have noticed that the REAL ID Act provides for none of those requirements of a secure ID system. The key problems with the way governments tend to think about ID cards appear to be that they think about them in terms of two things, first and foremost:
- protecting governmental ability to assert power over citizens
- preventing counterfeiting
They should be thinking about protecting citizen identities from fraud. When viewed from that perspective, the path toward good ID document development is obviously that taken by such concepts as public key cryptography. Instead, we are faced by government imposing policies that, with every modification to the standard, makes ID cards feel more and more like DRM — treating our identities like someone else’s property, easily “stolen” by third parties.