Saturday, December 19, 2009
DHS Bumps Real ID Deadline
c/o NextGov
After months of speculation, the Homeland Security Department officially moved back the compliance deadline for Real ID, which requires states to issue licenses that meet federal security standards.
In a statement released on Friday afternoon, Deputy Press Secretary Matt Chandler said, "In order to ensure that the millions of Americans traveling this holiday season are not disrupted," DHS would extend the required Dec. 31 Real ID material compliance deadline, which required states to meet 18 interim benchmarks that support the regulation. The criteria include improvements in driver's license and ID card physical security, authentication of source identity documents and protections of applicant's biographical data.
The May 10, 2011, deadline for full compliance remains in effect, Chandler said, adding that "Congress must act to address systemic problems with the Real ID Act to advance our security interests over the long term."
The extension comes after 46 of 56 states and territories informed DHS that they will not be able to meet the Dec. 31 deadline.
DHS Secretary Janet Napolitano has made no secret of her objections to Real ID, supporting instead efforts to enact PASS ID, which would require states to issue driver's licenses that are compliant with federal security standards by 2016 and create a $150 million grant program to help states digitize birth records. Last week, the department announced $48 million in grants for states "to help prevent terrorism, reduce fraud, and improve the reliability and accuracy of personal identification documents," Chandler said.
Friday, December 18, 2009
Mainstream spin goes “Democratic” on Real ID
NEWSFLASH - Mainstream, alt-news makers and pundits use a common polarizing tactic known as spin every day. Spin defined for us usually is clearly polemicized reporting from a blogger taking shots at a political stance or action. It’s a line or two at the bottom of some copy. It could be a graph to cast a negative and sundry light on those who espouse an undesired perspective.
Taking any political stand is tough. However, the consistent stand of this snarky blogger is that no form or manifest fashion of anything Real ID should be allowed to move forward without putting a hole in it.
Real ID, if implemented as designed today, would come crushing down on the average American individual for not having the right legal identity tender to do things like travel or enter federal buildings. There has also been significant coverage about the loss and complication of citizens’ privacy from data consolidation, biometrics and RFID tag use.
Lately certain news cretins, left leaning obviates, have gone subtle. What I have observed this week is AlterNet and NPR picking up Real ID and dusting it off in a favorable light. The news voice in support of Real ID in the past has always come from editorial page sledgehammers like Rep. James Sensenbrenner (R-WI) himself. This is a strange development after our witness history of support from the social justice NGOs, mostly Democratic and many many federal congressional Democrats sympathetic to public grief over Real ID.
NPR really surprised me with a rather disgusting display of irregular pandering to neo-con defense interests citing that a clause in the Real ID Act was passed to disallow terrorists on US soil.
So far, these rulings have not resulted in detainees' being released in the United States. But that is only because, at present, the detainees are physically kept outside of the country. In the 2005 Real ID Act, Congress barred aliens who either have been members of terrorist organizations or have received paramilitary training in terrorist camps from entering our nation. Though one judge has tried to order detainees released here regardless, his order was reversed on appeal. Other judges have been hesitant to hold that their power to review detention rulings implies a power to order detainees released, much less released in the United States, in defiance of statutory proscription.
TERRORISM IS ALWAYS ILLEGAL
My thoughts immediately jumped to the sheer stupidity and ludicrousness that ANY terrorist, obviously present for the causes of terrorism, would be allowed to be here for, any reason, legally- EVER. Between the FBI, the CIA, the DHS and any other public agency [who may or may not be off the pay-to-fail program] looped into the events leading to 9-11 attacks, there was easily enough intel to root out the terrorists. They simply didn’t heed the call to competence. Real ID doesn’t fix that issue with our government.
DO THE BEST WITH WHAT YOU’VE GOT
Where does NPR’s motivation to report this misinformation come from? The public funds this media, right? Not all the time. The rest of the time it’s the MacArthur Foundation and other Council on Foreign Relations regulars who play patsy to neo-con interests from time to time when it starts to look like the United States is not the manageable, cohesive group which will foster their corporate or globalized interests. FUN FACT: Dick Cheney was once a Director of the Council on Foreign Relations.
Under the subheader, Next They'll Put a Chip in Your Brain, AlterNet made sure to single out an African American Tea Party member paying negative tribute to his awareness of the incorporation of RFID technology in licenses. They also made sure to illustrate, Nate of the LA Tea Party, wasn’t doing enough for the black race and that he’s clearly guilty of being an Obama apostate. While RFID does have disastrous implications if allowed to move forward without certain vigilance, AlterNet’s bloggers won’t be there to insure you if there’s a massive digital invasion of your life personally. They can go ahead and take shots at the easy targets [Christian "Teabaggers"] because it’s fun to hate. Kool-Aide, anyone?
While AlterNet can get away with making Tea Party people look bad, they are not getting away with a cheap attempt to humiliate away the proliferation of a database state agenda. Alarm over RFID proliferation is simply a sensational head at the top of a monstrous digital privacy boil. A really nasty boil, I might add, that many privacy, technology and civil liberty groups spend their days lancing by outing complicit corporations. The root? Public-private dealmaking over otherwise illegal intel gathering. Americans are being led unwillingly down the inequitable slope where corporations and certain sectors of government feed each others avarice for information, power and of course, money.
I’ll go as far as saying that Democrats who don’t find problems with extended surveillance agendas plaguing the US have said, often directly, they have had their identity stolen - what more can they do to us with this license or database agenda?
I have to think about what they might really want. They want security in their government. They want protection from terrorists. Somewhere in the Democratic brain, where government is always the best path to problem solving, they may have said - unfunded mandate bad, extra surveillance as a compromise- OK! Which is why the Supermajority might continue to greenlight the PATRIOT Act and subsequent FISA agendas.
Moderate and even extreme left can understand when an agenda could lead to totalitarian behavior, but they often are not as sensitized at times to how that plays out in America. This is, unfortunately, in stark contrast to millions of Americans who are in between and outside of this 2 party system. There has been a general lack of sensitivity over issues made certain are problematic for civil liberty with the ’06 crop of Democrats. They were not necessarily the first to see what was wrong with the Real ID Act until a bunch of Republicans snuck it in without asking them first. Then it was: “How dare you ask for money!! That’s an unfunded mandate!!”
That was until 36 states and almost 5 years later the federal government was told to go pound sand until they can get the plan for average American identity right.
IT CAME FROM WASHINGTON!!
What the American people are left with is another food fight, but this time to save face over what was obviously a bad idea as the Real ID Act. Real ID has become a herald of 10th Amendment actions - nullification. States might think Real ID looks okay but they just couldn't get the nasty taste out of their mouth, no matter the incentive.
UK ID CARD ZOMBIES HAUNT LONDON AT CHRISTMAS
"ID cards? They're already dead." - "Oh no they're not!"
[BTC - No2ID keeps us from going absolutely crazy with speculation about national ID cards as globalist agenda item.]One of the dangers once you start winning the battle for public opinion is that people think it's game over already. Don't believe it for a minute - the ID scheme is NOT dead. Nor are ContactPoint or e-Borders. There are still a million innocent people on the DNA database, with more being added every week. Comms data, travel info, medical records, car
tracking, vetting and barring, profiling - despite all rumours and spin to the contrary, the database state rolls on.
The next several months are particularly risky. Even more so if people think we've already won.
Whitehall is doing what it can to entrench database state programmes and initiatives - making them as difficult as possible for a new government to scrap, roll back or disentangle. It won't often be as blatant as the latest push to upload millions of people's medical details onto the NHS Spine (newsletter 137) so we must be more vigilant than ever.
NO2ID has always been about informing yourself and informing others. Campaigning is not just about hitting the headlines, it's about engaging people where they live. You only have to look at the local groups section of each newsletter to see the phenomenal work that groups are doing - week in, week out helping spread the word, shift attitudes and
build opposition all over the UK.
A huge thank you to everyone who gives so generously of their time and energy, working with a local group. And special thanks to NO2ID's local and regional coordinators - we couldn't do it without you.
As 2009 draws to a close, I wish you and your families a peaceful, surveillance-free Christmas - and here's hoping 2010 will prove to be a good year for privacy and freedom!
Phil Booth
National Coordinator, NO2ID
Wednesday, December 16, 2009
Visions of a future without Real ID
The FBI issues tens of thousands of security letters to get records on individuals without warrants. Congress investigates and is appalled at the FBI's "underreporting". The FBI promises to do better (see 2009, and 2008 and 2007....). The 4th amendment continues to erode into meaninglessness.
* Real ID dies a deserved death and is abandoned in 2010. The brain dead idea of better-security-via-universal-ID unfortunately persists despite the enormous number of identity theft victims created by over-reliance on SSN.
* The Transportation Security Administration stops wasting billions of dollars in traveller delays by confiscating water bottles and removing shoes. Instead it focuses on real threats based on rational risk assessment, not security theater based on movie-plots (hat-tip Bruce Schneier). OK, unlikely, but I can dream, can't I?
As always, I will revisit these at the end of the year and provide a critical analysis of my success rate.
Happy New Year everyone, and thank you for reading!
ALSO: Health privacy undermined: Worst breaches of 2009
http://www.networkworld.com/slideshows/2009/090209-health-breaches.html
Tuesday, December 15, 2009
More Borderwall Waivers attributed to Real ID
The San Pedro Riparian National Conservation Area in Arizona was the next to feel the brunt of the Real ID Act's destructive power. When the Sierra Club and Defenders of Wildlife challenged the construction of the border wall across this World Heritage site and home of Arizona’s last free-flowing river, a federal court agreed that the Department of Homeland Security had ignored the requirements of the National Environmental Policy Act, and handed down an injunction temporarily halting construction. Rather than comply with the law, DHS Secretary Chertoff waived it, once again suspending the laws that were the basis of a successful suit, along with 18 others. Within days of the waiver, DHS restarted construction.
Apparently hoping to head off further court challenges to the border wall, in April 2008 DHS Secretary Chertoff issued two waivers. One waived 27 federal laws to allow for the insertion of border walls into the existing flood control levees in Hidalgo County, Texas. The second waiver covered every other section of border wall scheduled for construction from the Pacific to the Gulf of Mexico. This border-wide mega-waiver suspended 36 federal laws. Along with the environmental laws set aside in earlier waivers, Chertoff waived the Farmland Protection Policy Act, the National Historic Preservation Act, the Religious Freedom Restoration Act, the Native American Graves Protection and Repatriation Act, and a host of others, along with all state and local laws related to the subjects of the waived federal laws.
Privacy concerns about those Electronic Health Records
One published study is based on views of more than 1,000 family practice and specialist physicians in Massachusetts who were asked whether they thought electronic health information exchange (HIE) would drive down costs, improve patient care, free up their time and preserve patient confidentiality. They were also asked whether they would be willing to pay a monthly fee to use the system.
The electronic exchange of health information (HIE) among different long- distance providers has become the focus of intense national interest, following recent legislation and moves to offer cash incentives for those who switch to the system.
The responses showed widespread support for the use of HIE, even though only just over half were actually using electronic health records.
Most (86%) said that HIE would improve the quality of care and seven out of 10 thought it would cut costs. Three out of four (76%) felt that it also would save time.
But 16% said they were "very concerned" about potential breaches of privacy, while a further 55% were "somewhat concerned."
The authors note that the responses indicate a lower level of concern than expressed by physicians in the UK, but suggest that this might change if breaches occur to a greater extent than currently recognized.
Despite their overall enthusiasm, physicians were not willing to support the suggested $150 monthly fee, and nearly half were unwilling to pay anything at all.
A second study reported in JAMIA, suggests that mental health professionals have significant concerns about the privacy and security of data on electronic health records.
Of 56 responding psychiatrists, psychologists, nurses, and therapists -- out of 120 who were sent the survey--based at one academic medical center, most (81%) felt that the system permitted the preservation of "open therapeutic communications." Most also felt that electronic records were clearer and more complete than paper versions, although not necessarily more factual.
When it came to privacy, almost two-thirds (63%) were less willing to record highly confidential information to an electronic record than they would to a paper record.
More than eight out of 10 (83%) said they if they were to become a patient, they would not want to include their own mental health records to be routinely accessed by other providers.
The authors point out that previously published surveys of patients/consumers have reflected a lack of confidence in tight security, and that people with mental health issues already face stigmatization.
While the narrative data of patients' life histories and experiences inform clinical decision-making in psychiatric care, the threat of security breaches makes them vulnerable to potential misuse or misinterpretation, the authors say.
Adoption of electronic health records has been slower than anticipated, the authors add. And they conclude: "Designers of future systems will need to enhance electronic file security and simultaneously maintain legitimate accessibility in order to preserve confidence in psychiatric and other [electronic health record] systems."
"The ramifications of data security cover more than the psychiatric domain, implying a need for considerable reflection," they say.
PASS ID- REAL ID: YOUR STATE, YOUR IDENTITY
1 § 37.11(a) Subject each applicant to a mandatory facial image capture and retain such image even if a driver license (DL) or
identification card (ID) is not issued
[DEADLINE =] 3/2010 DMV’s new software system will integrate this requirement. Work flow of DL/ID transaction being reconfigured. Work stations will now include cameras to capture digital photos of all DL/ID applicants
Conversations on Travel turn to Real ID
"We are not doing anything about it at this time, at the airline level. Here's why: at this stage it is a "head-butting" contest between TSA, Homeland Security, and Congress, which passed the law. "
- Tim Smith for American Airlines
Problem was, no one likes the Real ID program. Not even Janet Napolitano, Secretary of Homeland Security. It is expensive, invasive, and stepped all over states rights issues.
However, if a state didn’t conform to the requirements spelled out in the bill, residents would not be allowed to fly on domestic flights operated by commercial airlines.
A compromise called Pass ID was created instead. However, in the midst of all the other chaos in government, Congress has shown little interest in pushing that bill through. In the meantime, the states, one by one, have made their licenses more and more secure in keeping with the spirit of the law.
Currently there are over 30 states that have not agreed to Real ID and are therefore out of compliance. On January 1st, unless an extension is granted by DHS (and it appears they WILL issue that extension), residents of those states have IDs that are not acceptable under the Real ID act and will not be able to use their driver’s licenses for identification for domestic flights.
Strangely, the airlines have said nothing at all about this issue. So, I contacted American Airlines and Southwest Airlines, two carriers with a significant presence in Albuquerque and Texas which also cover much of the United States.
Here’s what American Airlines spokesperson Tim Smith said:
Well, that effectively removes the airlines from the playing field.
He continues: "With more than half the states in America unable to comply with the [Real ID] law at this time, we believe that this issue will have to be worked out among those parties in some fashion. We suspect none of them is prepared to turn away tens of thousands of travelers on January 1."
Stranded travelers? This had the potential to be a world-class headache for the airlines, and I wondered why American Airlines wasn’t more concerned.
FLOGGER: REAL ID Retreats Yet Again
In May of 2008, with many states outright rejecting this national surveillance mandate, the DHS issued blanket waivers and set a new deadline of December 31, 2009 by which states were supposed to meet several compliance goals.
They have not, and the threat that the DHS/Transportation Security Administration would prevent Americans from traveling has quieted to a whimper.
The reason why? The federal government would be blamed for it. As Neala Schwartzberg writes in her review of the push and pull over REAL ID:
If I was a betting person (and I am from time to time) I’d bet the backed-up-down-the-corridor traveler who is then turned away after presenting his or her state-issued, official complete with hologram ID will blame Homeland Security.
Does the ongoing collapse of REAL ID leave us vulnerable?
Richard Esguerra of the Electronic Frontier Foundation says in this Wired article that REAL ID “threatens citizens’ personal privacy without actually justifying its impact or improving security.”
REAL ID remains a dead letter. All that remains is for Congress to declare it so. And it may be dawning on Congress that passing it a second time under the name “PASS ID” will not work.
E-Verify vendor vows to sue state, MPR
AM.MN: State’s Texas vendor let new hires’ personal data all hang out
The Texas firm hired by the State of Minnesota to vet new hires for legal work status says the state and Minnesota Public Radio can expect a lawsuit, after MPR reported that Lookout Services made employees’ private data accessible online.
MPR’s News Cut quotes Lookout Services CEO Elaine Morley promising to include the news organization in legal complaint. What the complaint is about is unclear, beyond a statement on the firm’s website (pdf) alleging unauthorized access by both state government and MPR:
[L]imited portions of the company’s proprietary software may have been illegally compromised by The State of Minnesota and Minnesota Public Radio. … “We have contacted the FBI and other law enforcement officials and we are fully cooperating with their investigation into this matter,” said Elaine Morley, CEO of Lookout Services. Lookout Services Inc., filed suit against The State of Minnesota on December 10,The re-election/recount campaign of former U.S. Sen. Norm Coleman made similar statements after local technology experts called attention to campaign donors’ private financial data being left unprotected on the campaign’s website early this year.
2009.
At that time, Coleman’s spokesmen said a U.S. Secret Service investigation would get to the bottom of the breach, with legal repercussions for alleged hackers — but no such consequences for Wikileaks or those who raised the alarm have come to light.
And when the Minnesota Independent last checked, nothing had come of charges that Coleman violated state law by failing to notify donors about the breach.
Liberty vs. Safety: Driver Texting and REAL ID
One is the issue of whether motorists should be allowed to send texts while driving; the other is whether the state should adopt federal REAL ID standards for driver's licenses.
Will the state's traditional hostility to infringement on personal liberties -- think of how long it's taken for smoking bans to take hold, or about how there is no helmet law for adult motorcyclists -- carry the day?
Or will the state's moralistic streak -- the one that condones infringements on liberty in terms of gay marriage, blue laws and abortion -- win out?
The texting issue has come up because several bills introduced in the State House would ban drivers from the practice, which has been shown in studies to cause distraction.
The REAL ID issue is one that has been around for awhile but has come up again because Gov. Sanford is asking the federal Department of Homeland Security to give South Carolina a pass on the adoption of REAL ID, which passed Congress in 2005 but has lagged in implementation. The adoption of REAL ID involves new security requirements for state driver's licenses.
REAL ID is seen by the feds as a necessary tool for law enforcement and, more specifically, combatting terrorist plots. Some states, South Carolina among them, have criticized the law as an infringement on personal privacy, not to mention an expensive unfunded mandate.
South Carolina's political culture is one of hostility to many federal initiatives. Is the governor right to take a stand on this, or is he grandstanding?
And what about texting while driving? It's been proven to cause distraction, but is it worse than other driver habits? And if a law passed, would Sanford veto it like he vetoed an ATV safety bill?
What's your take? What do you think our state WILL do, and what do you think we SHOULD do on these issues?
Monday, December 14, 2009
EFF: Real ID Follies Persist & PASS ID Waits in the Wings
Richard Esguerra, for EFF
As 2009 draws to a close, we're inching ever deeper into the corner that Congress painted us into by passing Real ID under the table in 2005. (Recall that Real ID is the failed, Bush-era attempt to turn state drivers licenses into national ID cards by forcing states to collect and store licensee data in databases, and refusing to accept non-compliant IDs for federal purposes, like boarding a plane or entering a federal building.
The official deadline for states to comply with the Department of Homeland Security's (DHS) final Real ID rule is December 31, 2009, and an estimated 36 states will not be in compliance by then, leading to some ambiguity for many citizens. For example, will residents of Montana be able to board planes in January 2010 with only a driver’s license (a state-supplied, technically non-compliant document) and without a passport (an identity document issued by the federal government)?
Past history strongly suggests that DHS will issue last-minute waivers to states that have not amped up their drivers licenses to adhere to Real ID. Early in 2008, states that actively opposed Real ID received waivers from DHS, nominally marking the states as "compliant" despite strongly-stated opposition to ever implementing Real ID.But waiting in the wings is PASS ID, a bill that attempts to grease the wheels by offering money to the states to implement ID changes. Despite having the appearances of reform, PASS ID essentially echoes Real ID in threatening citizens' personal privacy without actually justifying its impact on improving security. For this reason, PASS ID is not popular -- privacy advocates refuse to support the bill because it still creates a national ID system. It still mandates the scanning and storage of applicants' critical identity documents (birth certificates, visas, etc.), which will be stored in databases that will become leaky honeypots of sensitive personal data -- prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database. And on the other side, short-sighted surveillance hawks are unhappy with the bill because they support the privacy violations architected into the provisions of the original Real ID Act.
As such, advocates of PASS ID are publicly wringing their hands over the deadline in order to encourage Congress to approve the PASS ID Act before the end of the year. But the fracas over health reform is suffocating any chance for meaningful debate about the merits of PASS ID before the Dec. 31st deadline.
A pragmatic analysis should show that Real ID is dead. To date, 24 states have enacted resolutions or binding legislation prohibiting participation in Real ID, and the varied, desperate efforts to reanimate it are misguided. Whether the states or the federal government signs the invoice, the cost ultimately falls to taxpayers, who should be troubled that neither Real ID nor PASS ID is likely to fulfill the stated goal of stopping terrorists from obtaining identity documents. (Just this week, noted security expert Bruce Schneier linked to a report about government investigators successfully using fake identity documents to obtain high-tech "e-passports," which were then used to buy plane tickets, and board flights -- the point being that a fancy, "secure" identity document doesn't stop individuals from exploiting a weak bureaucracy.)
On the other hand, the resulting databases filled with scanned identity documents will create tantalizing targets for identity thieves and headaches for people whose digital documents are pilfered; and a national ID system will invite mission creep from the government as well as private entities like credit reporting agencies and advertisers. It's high time for reason to replace the reflexive defense of a failed scheme. Congress should repeal Real ID for real and seek more inspired, protective solutions to identity document security.