AOH :: PT-1436.HTM

Real ID Act regulations: a critique by Steven Adler

Real ID Act regulations: a critique by Steven Adler
Real ID Act regulations: a critique by Steven Adler



Previous Politech message:
http://www.politechbot.com/2007/03/07/real-id-act/ 

-------- Original Message --------
Subject: Re: [Politech] Real ID Act regulations finally released by 
Homeland	Security [priv]
Date: Wed, 7 Mar 2007 09:20:15 -0500
From: Steven Adler  
To: Declan McCullagh  

Declan,

The current rulemaking proposal has several key features:

1.  It establishes federal standards in document authentication for
drivers licenses:

2.  Jurisdictional control will remain at the state and county level, as
it is today, but data will be shared via remote query nationally and
globally

3.  There will be a machine-readable zone (MRZ) on the back of each
license in the form of a 2D-barcode

Privacy Issues:

Current privacy debate centers on the MRZ because it will provide the
first common electronic means to verify a drivers license.  MRZ readers
are cheap and common.  Law enforcement would like the full data set on the
front of the card to be written in the MRZ.

Only the drivers license ID# and Zip Code are necessary, and the data
should be encrypted.  Law Enforcement might use that minimum data set to
perform remote queries on the jurisdictional dataset and return different
kinds of information based on the business purpose of the transaction and
role of the requester.  Businesses might also use the MRZ for ID
verification and could have context-sensitive restrictions on access to
the PII.  For example, bars could swipe the MRZ and send remote queries to
verify drinking age and a return dataset might only indicate green for
above age, red for below.  They might still photocopy the contents on the
front of the card (a common practice), but electronic data gathering
opportunities would be minimized.

If the MRZ data is not minimized and encrypted, your drivers license will
become a new form of EZpass: a convenient method for electronic
authentication that will be easily linked to video and audio surveillance,
creating electronic records of all your activities far beyond anything
possible today.


Regards,

______________________________________________________________________
Steven B. Adler, CIPP
Program Director, IBM Data Governance Solutions
adler1@us.ibm.com 
(516) 944-2598 Work
(516) 643-1157 Mobile
(610) 956-2598 eFax

IBM Data Governance:
http://www.ibm.com/ibm/responsibility/pdfs/IBM_CorpResp_2004-05.pdf 
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/ 
Moderated by Declan McCullagh (http://www.mccullagh.org/) 


Make REAL money with your website!

The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.