Saturday, August 8, 2009

Political Blogcritics appraisal of Beat The Chip

"I think the issues you raise on your blog mostly fall on the serious side. RFID and the entire privacy issue are very real threats which need to be exposed and opposed. I've written some articles on the subject over the years, but there's so much more going on that I can't give it as much attention in the current environment.
The recent news about being able to read RFID chips from up to 30 feet away with easily obtainable hardware is very troubling.

If you'd ever like to write on the subject for blogcritics[...]We'd love to have more participants in the Politics section.
- Dave Nalles,
Blogcritics online.

Biometric requirement could make E-Verify worth billions

Industry closely watching Schumer bill that would require biometric data
  • Real ID Repeat?
  • Schumer's support critical
  • A question of how
Sen. Charles Schumer (D-N.Y.) enthusiastically supports adding a biometric identifier to the federal E-Verify employment eligibility verification system, which is setting the stage for potentially one of the largest federal biometric opportunities.

His newly proposed biometric identification program could be huge, potentially encompassing the entire U.S. workforce of 140 million employees. Naturally the biometrics industry is paying attention. Contractors are excited, but they also are tamping down their expectations while trying to sort through the political and social implications of the potential multibillion-dollar identity plan.

“Obviously, it will be a big boost for the industry,” said David Coleman, senior consultant at International Biometric Group consulting firm.

“This is clearly a big opportunity — one of the biggest in the United States,” said Neville Pattinson, vice president of government affairs and business development at Gemalto North America. ::: 4 Pg Article HERE:::

FLOGGER: Fun With DHS Press Releases!

National ID bashing with CATO's policy brand Jim Harper

Let’s fisk a DHS press release! It’s the “Statement by DHS Press Secretary Sara Kuban on Markup of the Pass ID Bill by the Senate Homeland Security and Government Affairs Committee.” Here goes [DHS news release in italics]:
On the same day that Secretary Napolitano highlighted the Department’s efforts to combat terrorism and keep our country safe during a speech in New York City,
This part is true: Secretary Napolitano was in New York speaking about terrorism.
Congress took a major step forward on the PASS ID secure identification legislation.
There was a markup of PASS ID in the Homeland Security and Governmental Affairs Committee. It’s a step — not sure how major.
PASS ID is critical national security legislation
People who have studied identity-based security know that knowing people’s identities doesn’t secure against serious threats, so this is exaggeration.
that will break a long-standing stalemate with state governments
Thirteen states have barred themselves by law from implementing REAL ID, the national ID law. DHS hopes that changing the name and offering them money will change their minds.
that has prevented the implementation of a critical 9/11 recommendation to establish national standards for driver’s licenses.
The 9/11 Commission devoted three-quarters of a page to identity security — out of 400+ substantive pages. That’s more of a throwaway recommendation or afterthought. False identification wasn’t a modus operandi in the 9/11 attacks, and the 9/11 Commission didn’t explain how identity would defeat future attacks. (Also, using “critical” twice in the same sentence is a stylistic no-no.)
As the 9/11 Commission report noted, fraudulent identification documents are dangerous weapons for terrorists,
No, it said “travel documents are as important as weapons.” It was talking about passports and visas, not drivers’ licenses. Oh — and it was exaggerating.
but progress has stalled towards securing identification documents under the top-down, proscriptive approach of the REAL ID Act
True, rather than following top-down prescription, states have set their own policies to increase driver’s license security. It’s not necessarily needed, but if they want to they can, and they don’t need federal conscription of their DMVs to do it.
– an approach that has led thirteen states to enact legislation prohibiting compliance with the Act.
“. . . which is why we’re trying to get it passed again with a different name!”
Rather than a continuing stalemate with the states,
Non-compliant states stared Secretary Chertoff down when he threatened to disrupt their residents’ air travel, and they can do the same to Secretary Napolitano.
PASS ID provides crucial security gains now by establishing common security standards for driver’s licenses
Weak security gains, possibly in five years. In computer science — to which identification and credentialing is akin — monoculture is regarded as a source of vulnerability.
and a path forward for ensuring that states can electronically verify source documents, including birth certificates.
We’re on the way to that cradle-to-grave biometric tracking system that will give government so much power over every single citizen and resident.

See? That was fun!

PASS ID: A kinder, gentler National ID

12 Minute Hacks for RFID & More on DefCon Fed Scare

These updates in from

Death Metal writes with this excerpt from Computer Weekly, which casts some doubt on the security of the UK's proposed personal identification credential:"The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning. The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card. Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes."
FourthAge writes"Federal agents at the Defcon 17 conference were shocked to discover that they had been caught in the sights of an RFID reader connected to a web camera. The reader sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks. The 'security enhancing' RFID chips are now found in passports, official documents and ID cards. 'For $30 to $50, the common, average person can put [a portable RFID-reading kit] together,' said security expert Brian Marcus, one of the people behind the RFID webcam project. 'This is why we're so adamant about making people aware this is very dangerous.'"

Thursday, August 6, 2009

WIRED Digest: Words of warning from those who care

BTC - A relative sent me these two news items from Wired Magazine out of concern for my personal safety. Since we are on a WIRED kick this morning, we included alot we've missed.

Digitized Stalking Is the New World Order

The EFF writes that threats to “locational privacy” include:
* Monthly transit swipe-cards.
* Electronic tolling devices (FastTrak, EZpass, congestion pricing)
* Cellphones.
* Services telling you when your friends are nearby.
* Searches on your PDA for services and businesses near your current location.
* Free Wi-Fi with ads for businesses near the network access point you’re using
* Electronic swipe cards for doors.
* Parking meters you can call to add money to, and which send you a text message when your time is running out.

“In the world of today and tomorrow, this information is quietly collected by ubiquitous devices and applications, and available for analysis to many parties who can query, buy or subpoena it or pay a hacker to steal a copy of everyone’s location history,” the report said. “It is this transformation to a regime in which information about your location is collected pervasively, silently, and cheaply that we’re worried about.”

Read the report here.

c/o Charlie Sorrel for WIRED - GADGET LAB

As an ex-Brit, I’m well aware of the authorities’ love of surveillance and snooping, but even I, a pessimistic cynic, am amazed by the governments latest plan: to install Orwell’s telescreens in 20,000 homes.

£400 million ($668 million) will be spent on installing and monitoring CCTV cameras in the homes of private citizens. Why? To make sure the kids are doing their homework, going to bed early and eating their vegetables. The scheme has, astonishingly, already been running in 2,000 family homes. The government’s “children’s secretary” Ed Balls is behind the plan, which is aimed at problem, antisocial families. The idea is that, if a child has a more stable home life, he or she will be less likely to stray into crime and drugs.

It gets worse. The government is also maintaining a private army, incredibly not called “Thought Police”, which will “be sent round to carry out home checks,” according to the Sunday Express. And in a scheme which firmly cements the nation’s reputation as a “nanny state”, the kids and their families will be forced to sign “behavior contracts” which will “set out parents’ duties to ensure children behave and do their homework.”

And remember, this is the left-wing government. The Shadow Home Secretary Chris Grayling, batting for the conservatives, thinks these plans are “too little, and too late,” implying that even more obtrusive work needs to be done. Rumors that a new detention center, named Room 101, is being constructed inside the Ministry of Love are unconfirmed.

UPDATE: Further research shows that the Express didn’t quite have all its facts straight. This scheme is active, and the numbers are fairly accurate (if estimated), but the mentions of actual cameras in people’s homes are exaggerated. The truth is that the scheme can take the most troublesome families out of their homes and move them, temporarily, to a neutral, government-run compound. Here they will be under 24-hour supervision. CCTV cameras are not specifically mentioned, not are they denied, but 24-hour “supervision” certainly doesn’t rule this out from the camera-loving Brits.

It remains, though, that this is still excessively intrusive into the private lives of citizens, cameras or not. I have added links to the source and also more reliable reports.

Thanks to everyone who wrote in.

>>SIN BINS FOR WORST FAMILIES :THOUSANDS of the worst families in England are to be put in “sin bins” in a bid to change their bad behaviour, Ed Balls announced yesterday.

Wednesday, August 5, 2009

Israeli Privacy Council opposes biometric database


It warns of the risk of information leaks and says it will be the death knell for citizens' privacy.

Noam Sharvit
5 Aug 09 16:30

The Public Council for the Protection of Privacy today asked Prime Minister Benjamin Netanyahu not to set up a biometric database, because of the risk of information leaks and concern that it will be the death knell for citizens' privacy.
The council was set up to advise the minister of justice, and comprises legal and technology experts. The council expresses opinions on aspects of privacy and information security of bills and government measures and advises the registrar of databases.

In the letter to Netanyahu, the council said that the establishment of a biometric database, its maintenance and security, would likely carry a heavy financial burden. Countries that have considered setting up such databases estimate their cost in the billions of dollars, and the estimates are constantly rising.

The council argues that, because of these costs, the US government recently cancelled its Real ID program. The British government does not mandate citizens to carry biometric ID cards and will probably cancel the entire project because of its huge cost and broad public opposition.
The council adds that it supports the issuing of smart ID cards and travel documents, and does not oppose documents with biometric features. However, it does not believe there is a need for a central biometric database for these purposes, because there are simpler and better alternatives for fraud prevention during the issuing process. For example, Germany issues biometric passports and ID cards without a central database because of concerns about the over-concentration of power that would harm individual rights.

Published by Globes [online], Israel business news - - on August 5, 2009

Feds at DefCon Alarmed After RFIDs Scanned

Wired Magazine, Kim Zetter 

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture.

But the device, which had a read range of 2 to 3 feet, caught only five people carrying RFID cards before Feds attending the conference got wind of the project and were concerned they might have been scanned.::MORE HERE:::

Travel Screening and The PASS Act

  • In the other chamber of Congress, the PASS ID Act (S. 1261) introduced in the Senate on June 15th contains a provision in Section 242 (a) (1) (B) that “no person shall be denied boarding a commercial aircraft solely on the basis of failure to present a driver’s license or identification card issued pursuant to this subtitle.”  This is part of a terrible bill, which we strongly oppose. We agree completely with Jim Harper’s take that this is merely a “lite” version of a national ID law, and that there is no good reason to “replace” the REAL ID Act rather than simply repeal it.  The PASS ID Act would still leave loopholes for the TSA to deny “permisison” to travel on other grounds, such as failure to “cooperate with screening”. But we welcome the initiative — again, the first such in the Senate since the creation of the TSA — to anticipate and preclude a TSA assertion of new authority. (The PASS ID Act would also make it a “unlawful for any person, knowingly and without lawful authority– (1) to scan the information contained in the machine readable component of a driver’s license or identification card; or (2)(A) to resell, share or trade that information with any other third parties; (B) track the use of a driver’s license or identification card; or (C) store the information collected.”  This provision is apparently intended to include a prohibition on reading of the data on RFID chips in Enhanced Drivers Licenses.)

In the absence of any explicit rules or any judicial, legislative, or executive oversight, the TSA has felt no need to seek authority for its ever-expanding assertions of authority through legislation or rulemaking. Nor has the TSA recognized any duty of self-restraint or self-policing to ensure its actions conform to the law. Instead, the TSA has simply wielded its power to do whatever it wished, on the disgraceful assumption that, “If we’re doing something wrong, the courts will tell us — if and when someone can afford to sue us, and they win a court judgement against us.” In the meantime, the TSA will do, and claim the right to do, anything that hasn’t already specifically been ruled illegal. Kind of like the thief who assumes that they can steal whatever they want, and that if something turns out not be theirs, they’ll give it back if and when someone sues and wins a court judgement ordering its return.

Time and again we’ve pointed out this failure to subject the TSA to the rule of law. See, for example, our most recent prior post on this topic, our agenda on the right to travel submitted to the Obama Administration and Congress after the 2008 elections, and our comments earlier this month at the Computers, Freedom, and Privacy conference session with Obama Administration representatives and others at 1:45:53 of this video. Until recently, however, neither the Courts, the Congress, nor the Executive branch have wanted to confront the question of what rules govern the TSA.

We’re please to report that this is finally beginning to change, in small ways but on numerous fronts. ::: MORE HERE:::

EFF Releases Interim Report on the Automated Targeting System

Cindy Cohn for EFF

EFF today released an Interim Report on the Automated Targeting System (ATS) through which the Department of Homeland Security monitors and assigns risk assessment scores to Americans and others who cross into or out of the United States. The data reviewed under the ATS system includes seven large government databases, plus the Passenger Name Record data from the airlines (which includes data like whether you've ordered a Muslim or Hindu or Jewish special meal). Effectively, if you travel internationally, ATS creates an instant, personal and detailed dossier on you that CBP officers use to decide whether you get to enter the country, or will be subject to an enhanced (and potentially invasive) search. EFF's report details what we've learned about the ATS program from the over 2,000 pages released by the government so far. We note that because of government's very heavy redacting and refusal to release key information Americans remain in dark about how this powerful system is used on travelers. EFF's Interim report was written by Shana Dines.

DHS has continued to release documents to EFF so we'll update the report as additional useful information comes out.

FOIA Litigation for Accountable GovernmentTravel Screening

FEEDBACK LOOP: Tell DHS what you REALLY think...

This in from The Clue Meter

The Department of Homeland Security's Quadrennial Homeland Security Review is coming up, and you can give your input here.
  • Think TSA should only screen people wearing keffiyas and burkas? Or maybe they should be strip-searching everyone?
  • Or maybe you think hardening the cockpit doors was sufficient and we can forget about all that other so-called security stuff as "Security theater."
  • Believe we should open the gates wide and let in anyone who wants to come?
  • Or maybe you think ICE should shoot all illegal aliens on sight?
  • Should Alcohol, Tobacco, and Firearms be the name of a convenience store, or the government agency that is going to save us all from The Evil Guns?
  • FEMA: Federal disaster response/relief coordinating agency, or manager of secret concentration camps?
  • REAL ID: Reasonable effort at standardization, or Mark of Cain?
  • Veterans: Heroic patriots, or right-wing extremist wing nuts?
Obviously, if you do participate in their "dialogue", that you actually have more or less constructive things to say, as opposed to, you know, snarky comments as above... 

[BTC- This would be a challenging input for us.  We prefer to watch the "game" at the local political bar and throw food at the TV while heckling the talking heads, but what-everrrrh. ]

I think what should come up in this meeting is the lack of public awareness about the integration of local police enforcement agencies as federal & immigration law enforcement officers, training excercises and when such a major advance takes place in State governments.

Mercenaries training US local police a new trend

There are many police and law enforcement officials who are concerned with the growing trend of using military-experienced mercenaries to train and work with local police officers in the United States, but there are many who believe the events of September 11, 2001 dictate the need for this new paradigm.

For example, Kentucky’s Lexington Police Department contracted Blackwater Security International to provide what’s described as homeland security training. Meanwhile that city’s Mayor Jim Newberry and its chief of police Anthony Beatty refused free training provided by the US Immigration and Customs Enforcement federal program that prepares police officers to enforce immigration and border security as part of their duties.

Lexington is on the nation’s list of so-called Sanctuary Cities in which police officers are prohibited from working with ICE or Border Patrol agents in the United States. Critics are angry over the use of local tax dollars to hire Blackwater personnel to train the police.

But Lexington isn’t the only city using hired guns to help local police officers. In New Orleans, heavily armed operatives from the Blackwater private security firm, infamous for their work in Iraq, are openly patrolling the streets of that beleaguered city.

Some of the mercenaries were reportedly “deputized” by the Louisiana governor and were issued gold Louisiana State law enforcement badges to wear on their chests and Blackwater photo identification cards to be worn on their arms.

While they are working in Louisiana, Blackwater officials say they are on contract with the Department of Homeland Security and have been given the authority to use lethal force if necessary. Some of the mercenaries assigned to patrol the streets of New Orleans recently returned from Iraq, where they provided personal security details for the former head of the US occupation, L. Paul Bremer, and the former US ambassador to Iraq, John Negroponte.

Blackwater, which is based in North Carolina, is one of the leading private security companies providing security personnel in Iraq and Afghanistan. Along with other companies such as Wackenhut Security, Inc., it has several lucrative US government contracts and provides security services — including bodyguard work — for many senior US diplomats, foreign dignitaries and corporations.

The company received international exposure when several of its security officers were captured, tortured and killed in Fallujah; two of their charred bodies were hung from a bridge in March 2004.

Although many politicos are saying Blackwater is not performing police functions, their own statement seems to imply that they will provide whatever services a government — federal, state and local — desires.

“Man-made and natural disasters require an immediate robust response. Blackwater Worldwide’s extensive training facility and staff of former military and law enforcement professionals can provide the needed training and operational expertise to prepare security teams to effectively support state and federal emergency response units,” according to Blackwater’s mission statement.

“I’m troubled by the use of military personnel — whether they be US soldiers or private mercenaries — performing a police or law enforcement function. While they may be experts in fighting wars, they are not constrained by the US Constitution as to how they operate as cops,” said former NYPD detective and owner of FLT Security Services, Sid Frances.

“Soldiers are soldiers and cops are cops. What’s next? Using smart bombs to crash into drug dens?” he asked.

Since its inception in 2003, the US Department of Homeland Security has faced significant challenges related to recruiting, retaining, and managing its workforce of over 170,000 employees.

Recently, the US Congress requested the Government Accountability Office to analyze DHS’s attrition, efforts to recruit and retain staff, use of external employees such as officers from private companies, and compliance with certain provisions of the Vacancies Reform Act, which requires agencies to report to Congress and the Comptroller General vacancies in certain presidentially-appointed positions requiring Senate confirmation.

While DHS’s overall attrition rate for permanent employees (excluding those in the Senior Executive Service and presidential appointments) declined from 8.4 percent in 2005 to 7.1 percent in 2006.

These rates, which were still above the roughly 4 percent average rate for all cabinet-level agencies, were affected by high levels of attrition (about 14-17 percent) among transportation security officers at DHS’s Transportation Security Administration. With the security officers excluded, DHS’s attrition rate was 3.3 percent.

DHS implemented agreements under the Intergovernmental Personnel Act, allowing nonfederal employees — private contractors — to be temporarily assigned to a federal agency to meet mission needs.

Tuesday, August 4, 2009

Global Update on Compulsory Identity Technologies

The run on global identity continues

"The Western Hemisphere Travel Initiative was just about proving you were a citizen, not that you had to do it by any specific kind of technology. We are close to the point now that if you don't want RFID in any of your documents that you can't leave the country or get back into it." -Michigan State Representative Paul Opsommer 

From Global Research of Canada

Enhanced driver's licenses have built-in radio chips providing an identifying number or information that can be accessed by a remote reading unit while the license is inside a wallet or purse. The technology already had been implemented in Washington State, where it is promoted as an alternative to a passport for traveling to Canada . So far, the program is optional. But there are other agreements already approved with Michigan, Vermont, New York and Arizona, and plans are under way in other states, including Texas [who passed state transportation code for both RFID & biometrics in 2007].

Many countries besides the Security and Prosperity Partnership [United States, Mexico, Canada] members have jumped on the RFID bandwagon, which has become a multibillion dollar global enterprise.

[On June 1st, 2009, the first day of the Western Hemisphere Travel Initiative (WHTI) full implementation, Border Trade Alliance (BTA), is asking U.S. and Canadian citizens to use Twitter to post their cross-border travel experiences with WHTI to collect feedback on the program at land ports throughout North America.]

On July 15, 2009, the Indian government announced that India is going to issue biometric ID cards to its 1.2 billion citizens. The Government in Delhi recently created the Unique Identification Authority, a new state department charged with the task of assigning every living Indian an exclusive number. It will also be responsible for gathering and electronically storing their personal details, at a predicted cost of at least £3 billion.

On July 28, 2009, President Felipe Calderon proclaimed that Mexico will start issuing nationwide identity cards for its citizens starting this year and by 2012 everyone will have one.

Compulsory national identity cards are used in about 100 countries including Germany, France, Belgium, Greece, Luxembourg, Portugal and Spain.

German police can detain people who are not carrying their ID card for up to 24 hours.

South Korean, Brazilian, Italian and Malaysian ID cards contain fingerprints. Cards in some countries contain information on any distinguishing marks of the holder. In the European Union some cards can be used instead of a passport for European travel. ID cards are not used yet in the US , Canada , New Zealand , Australia , the Irish Republic , and the Nordic countries. :::MORE HERE:::

Mexico to issue citizens national identity card

AP Latin America/CBS News

President Felipe Calderon says Mexico will start issuing nationwide identity cards for its citizens starting this year, and by 2012 everyone will have one.

The cards will carry the bearer's photograph. It will also include information on fingerprints and biometric data, including facial and iris scans, on a magnetic strip.

Most Mexicans currently use their voter ID cards for identification. They contain a photo, signature and one fingerprint. They will continue to be issued.

Interior Secretary Fernando Gomez Mont said Tuesday the new cards will help in the fight against organized crime, and ensure transparency in government aid programs.

Drug traffickers frequently use false identification documents to evade law enforcement.

Concerns Surface About Some PASS ID Amendments

BTC-  The PASS Act is a new legislation.  In every new potential law there are dynamics for unintended consequences and nuance that need to be explored.   

Even for watchdogs like us, we are still discovering problems for both privacy and civil liberty. Initially we thought the PASS Act's pilot program was a "good idea".   That was until we learned it was supplemental development for States to play into a centralized hub. Poorer states like Mississippi can't afford to build their own versions of fusion centers.  So the federal government would give them money for the build, with all the strings attached.  

Anti-national ID Governor's, like Mark Sanford,  found fault with the potential run on personal information in the pilot program's hub development.   In this Privacy Digest article, more reservations are bubbling to the surface over exactly how much integrity the privacy considerations had in the PASS Act.  We managed to gather that it wasn't that big of a change from Real ID.

Concerns Surface About Some PASS ID Amendments

c/o Privacy Digest -MacRonin

Last Wednesday, the Senate Homeland Security and Governmental Affairs Committee agreed on several amendments to the PASS ID bill [S. 1261] andsent the legislation on to the Senate.

Let’s take a look at some of the changes:

• Exceptions to the anti-skimming provision:

A key privacy protection we support in PASS ID restricts the collection and use of information scanned from the machine-readable zone on your driver’s license or ID card. However, in response to the concerns of retailers and other third party users of driver’s license information, the committee introduced an amendment that directs the Federal Trade Commission (FTC) to issue regulations establishing exceptions to this anti-skimming provision.

While CDT recognizes that there are legitimate uses for data scanned from licenses, we are concerned by how broadly some of the proposed exceptions are described. The FTC can and should protect the privacy and security of cardholders even under these acceptable uses; otherwise, we risk gutting the anti-skimming provision entirely. As a general matter, the privacy protections the FTC could build in to protect this information will only be more effective if Congress provides specific statutory guidance now for addressing the types of secondary uses of specific information we are most concerned about.

In particular, allowing third parties to store information to “prevent consumer fraud” without building in limits on how long information can be stored and how it could be further shared, aggregated, and used would create a massive loophole in this otherwise much needed protection. We have seen how bars and sellers of tobacco products have collected information from licenses and ID cards ostensibly to verify age, but then go on to use and share that information for marketing and other purposes—often with no notice to the cardholder.

Just as worrisome is the very real possibility that states will begin to store much more information in the machine-readable portion of driver’s licenses than what is already visible on the face of the card, including data elements like race or ethnicity. Given the potential for abuse and misuse of such sensitive information if stored and aggregated, CDT strongly urges further limiting any exemptions to only information that is also visible on the face of the card.

• Boarding a plane without a PASS ID-compliant driver’s license or ID card:

The committee struck language from the bill that would have prevented individuals from being turned away at the airport solely on the basis of failure to present a PASS ID-compliant driver’s license or ID card. While the stated justification behind this change is to preserve the status quo—that is, maintaining the Transportation Security Administration’s (TSA’s) discretion to deny access to airplanes for good reason—the status quo isn’t so great from a civil liberties standpoint to begin with. There is scant transparency around how TSA officials exercise this discretion, leading to potential abuse or discrimination in its application while offering no redress for those whose rights may be violated. Keeping such policies secret also doesn’t inspire much confidence in the flying public that we are any safer for them since there is little ability to assess their effectiveness or relevance.

• Funding the digitization of “breeder documents” and birth record verification:

The amended bill also now requires birth records to be verified with the issuing agency no later than six years after the final regulations are issued, so long as the electronic system enabling such verification (i.e., the Electronic Verification of Vital Events (EVVE)) is up and running by that deadline. The bill also provides funds to states to digitize remaining birth records and connect state records to the electronic verification system.

This change takes us one step back towards REAL ID, which required birth certificate verification through the EVVE system. While the bill gives the DHS Secretary room to make sure any such system includes adequate privacy protections, EVVE still centralizes highly valuable personal information and would become a magnet for internal fraud and identity thieves.

• Abbreviated rulemaking timeline:

Finally, the amended bill authorizes DHS to issue an interim final rule to implement PASS ID, bypassing the full Notice of Proposed Rulemaking (NPRM) process. While there is considerable pressure from many corners to not delay implementation of PASS ID, this change is curious considering the contentiousness of the REAL ID debate of the past four years. Taking into account the concerns of affected stakeholders from the outset of the program seems imperative to help avoid the same kind of impasse that REAL ID has engendered.

CDT is concerned about these changes and will work with members to address them as this issue moves to the floor. Stay tuned for more updates as the bill moves forward.

Monday, August 3, 2009

PODCAST: The ACLU on a Real ID Repeal

BTC Exclusive

AUDIO:::> The ACLU on a Real ID Repeal 

The ACLU's Chris Calabrese, veteran legal counsel assigned to the anti-Real ID effort in Washington updates listeners on a newly filed legislation. The new bill filed by Rep. Cohen in the House of Representatives, would repeal Real ID entirely and replace it with language allowing for a negotiated rulemaking process. The rule making process, part of a 9-11 Commissions reform bill, was itself repealed by the Real ID Act of 2005. We observe the modern marvel of when the ACLU can finally agree with the Secretary of DHS on something - that Real ID is dead. More is also included on the PASS Act.