The REAL ID Act and the States SEARCH Membership Group Meeting July 18, 2007
P.L Statute passed May 11, 2005 Repealed Intelligence Reform Act driver license provisions Contains May 11, 2008 deadline NPRM published March 1, 2007 Requires 245M people to “re-enroll” in 3 years and 4 months
Implementation Schedule October 1, 2007 –Deadline for requesting extensions to May 11, 2008 deadline –Maximum extension through December 31, 2009 –Submit Compliance Plan “no later than six months from the date on which the extension is granted” February 10, 2008 –Deadline for filing certification packages (if extension not granted) May 11, 2008 –DL/IDs not accepted “for Federal purposes” if States are not certified or granted extensions –Implementation target ►some [?] States issue REAL IDs January 1, 2010 –All States issue REAL IDs May 11, 2013 –Full compliance with REAL ID statute & regulations
Reality Cannot force 245 million people through the funnel in 40 months and 11 days Increased staff, facilities, hardware and software will be expensive Customer service disruptions will be inevitable
AAMVA-NGA-NCSL Recommendations Allow states to implement a 10-year re- enrollment period Allow reciprocity for persons already vetted by the federal government (e.g., U.S. passport, military ID, federal employee HSPD-12 identification credential)
Verification of Eligibility All-State DL/ID Records System Department of State U.S. Passport System EVVER (Electronic Verification of Vital Events Records) Birth Records SSOLV (Social Security On-Line Verification) SAVE (Systematic Alien Verification for Entitlements)
AAMVA-NGA-NCSL Recommendations Privacy and security of personal information must be an overriding guiding principle in system development and use. Verification system development must minimize the effect on state DMV processes and must be integrated into the AAMVAnet infrastructure. Any cost or development of any system must be borne by the federal government to meet this federal requirement. DHS should focus on verification systems that have the highest impact and best value for DMVs to address abuse and fraud in DL/ID issuance systems. DHS should view the implementation of verification systems through a phased and flexible approach, recognizing that some systems such as SSOLV and tools such as AAMVA’s digital image exchange capability have the highest value and risk mitigation. Re-enrollment verification must be left up to states based upon their own individual processes, computer system capabilities, as well as their own knowledge of risk mitigation and fraud prevention and detection.
Physical Security Features for DL/ID Cards Intricate, fine-line, multicolored design produced via offset lithography Optically variable feature providing adequate protection against copying Ultraviolet (UV) long wave responsive feature Variable data applied via laser engraving Card stock: -- UV dull or possess a controlled response to UV -- Use of printing methods to resist duplication or facsimile reproduction -- Security pattern resistant to counterfeiting by scanning, printing or copying
Machine Readable Technology on the DL/ID Card States must use PDF417 2D bar code standard with these data elements: –Expiration data –Holder’s name. At least 125 characters in MRZ to capture full name history, including full legal name and all name changes. –Issue date –DOB –Gender –Address –Unique ID number –Revision date, indicating the most recent change or modification to the visible format of the card –Inventory control number
DHS Sought MRZ Comments Whether the data elements currently proposed for inclusion in the MRZ should be reduced or expanded? Whether they should be encrypted for privacy reasons to protect the data from being harvested by third parties, and whether encryption would have any effect on LE’s ability to quickly read the data and identify the individual interdicted? What would it cost to build and manage the necessary IT infrastructure for State and Federal LE agencies to be able to access the information on the MRZ if the data were encrypted? How best to secure the data, or whether or not to employ protections for the data encoded on the 2D bar code needs to be protected at all, while permitting LE access and what technologies may be available to accomplish this balance? Whether a technology, such as the NLETS, or other system currently being used by LE, could be used by the States to provide LE ready access while maintaining the security of the information on the DL or ID card.
DHS Sought MRZ Comments What data elements should be included in the MRZ and the privacy considerations regarding the selection of such data elements and this technology? Whether a demonstrable LE need exists to include address in the MRZ portion of the REAL ID card, as currently proposed in the regulations? If a State chooses to produce DL and ID cards that are WHTI-compliant, whether citizenship could be denoted either on the face or machine-readable portion of the card, and more generally on the procedures and business processes a State DMV could adopt in order to issue a REAL ID DL or ID card that also included citizenship information for WHTI compliance? How States would or could incorporate a separate WHTI- compliant technology, such as an RFID-enabled vicinity chip technology, in addition to the PDF417 barcode requirement?
Data Retention and Storage States must retain copies of the application, declaration and source documents presented. States that choose to keep paper copies of source documents must retain the copies for a minimum of 7 years. States that choose to transfer information from paper copies to microfiche must retain the microfiche for a minimum of 7 years. States that choose to keep digital images of source documents must retain the images for a minimum of 10 years. States currently using black and white imagers must replace them with color imagers by December 31, 2011.
Data Retention and Storage States using digital imaging to retain source documents, must use the AAMVA digital image exchange program, or other standard that has interoperability with the AAMVA standard, so that the digital images are retained in electronic storage in a transferable format. Photo images must be stored in the Joint Photographic Experts Group (JPEG) 2000 standard for image compression, or a standard that is interoperable with the JPEG standard. Document and signature images must be stored in a compressed Tagged Image Format (TIF), or a standard that is interoperable with the TIF standard. All images must be linked to the applicant through the applicant’s unique identifier assigned by the DMV.
AAMVA-NGA-NCSL Recommendations States should not be required to capture and store documents presented by an applicant to verify address of principal residence. States, working together, should be able to determine what documents can and should be transferred between states and to determine the technical requirements. Color images should not be required. While a state may opt for the operational efficiencies associated with integrating the image storage with the driver file, it should not be required as long as the image is retrievable.
“Show Me the Money”! $23.1 billion – DHS estimate to implement $40 million – What Congress has appropriated so far $50 million – In the House Homeland Security Appropriations bill
Contact Information Tom Wolfsohn Chief Policy Officer AAMVA 4301 Wilson Blvd. Suite 400 Arlington, VA