Skip to content

New Proposal Changes Benchmarks for Secure IDs

April 17, 2009

New Proposal Changes Benchmarks for Secure IDs

The REAL ID Act, written in the wake of the September 11 attacks, has created the rules and regulations for states to follow, establishing minimum standards for secure state identification documents (IDs). Currently, a new piece of legislation named “Providing for Additional Security in States’ Identification Act of 2009” or PASS ID Act is accumulating signatures in the Senate and may be introduced. A new report from the Center for Immigration Studies shows how this legislation would change the current benchmarks for secure IDs.

The April 6, 2009 report, “The Appearance of Driver License Security: REAL ID Final Regulations and Proposed PASS ID Act of 2009,” was prepared by Janice Kephart, the Center’s Director of National Security Policy and former 9/11 Staff Counsel. It is available on the Center’s website at:

NOTE: Introduction and conclusion only:

The Appearance of Security: REAL ID Final Regulations vs. PASS ID Act of
By Janice Kephart
April 2009


The move toward more secure issuance of state identification documents
may be in jeopardy. The most recent iteration of the National Governors
Association secure ID bill circulating the Senate for signatures for possible introduction, the “Providing for Additional Security in States’ Identification Act of 2009” or PASS ID Act, gives the appearance of security for drivers licenses and non-driver IDs (DL/ID) when, in fact, security does not exist. The PASS ID Act would provide for insecure issuance practices by the states that, for the most part, were in place prior to 9/11. In many ways, the PASS ID Act is a step backward for most states, or at least an endorsement of the status quo, because nearly all states are implementing elements of the REAL ID Act1 – the 2005 measure designed to raise state ID standards in response to the 9/11 attacks – even in states that have passed legislation that precludes REAL ID implementation. However the new bill’s mandate to verify an ID applicant’s legal presence in the United States by 2013 is voluntary, as any state can opt out of PASS ID Act requirements.

In addition, the proposed bill pulls back on nearly all key recommendations included in the American Association of Motor Vehicle Administrators’ 2004 AAMVA DL/ID Security Framework,2 while undoing or leaving unanswered issues already resolved through the arduous comment process that led to the 2008 REAL ID regulations in operation today. In addition, the PASS ID Act leaves the 9/11 Commission secure ID recommendations in the dust, setting minimum standards that the 9/11 hijackers could easily have bypassed.

In essence, the PASS ID Act creates an atmosphere where an applicant’s identity du jour can pass muster and be issued a legitimate drivers license/ID with a “unique symbol” indicating the issuing state has complied with federal DL/ID issuance standards. This ID would then have expanded use, enabling not only access to federal national security facilities, boarding commercial aircraft, or entering nuclear power plants, but also for use in establishing identity for employment with programs such as E-Verify.

The PASS ID Act would have a result for state drivers license issuance similar to that uncovered by the March 2009 GAO report3 revealing the poor vetting processes for U.S. passports, weaknesses that enabled government investigators to acquire fast-track U.S. passports based on
phony Social Security and residence data, illegitimately obtained drivers licenses, and stolen birth record information.

In contrast to the current REAL ID Act regulations now in effect, the PASS ID Act would:

* Create new rulemaking that would not be completed for at least a year from enactment, leaving unclear the status of current REAL ID rules;

* Duplicate grant-making, leaving unclear the status of current REAL ID grant-making; and

* Push full compliance out until 2021, 20 years after 9/11 and four years past REAL ID.

The PASS ID Act does not repeal REAL ID, but instead replaces its substance by deleting identity verification and document authentication and replacing them with what is, for the most part, the status quo in most states, or standards that are less rigorous than those now in place. Certification that a state has complied with federal standards would not require a security plan to protect data or to protect against corrupt employee access to private data or production facilities. Moreover, there is no requirement that any state comply with the proposed law; state laws would pre-empt the PASS ID Act. If a state does choose to comply, there is little it has to do to prove compliance. For states well on their way toward REAL ID compliance, a simple letter from someone in the state (the bill even leaves the issue open of who) claiming compliance and seeking compliance certification from the DHS Secretary may be sufficient to have all licenses and IDs issued receive a federal stamp (“unique symbol”) of approval.

There is no requirement to electronically verify date of birth, Social Security number, or lawful residence status – merely that questions be
resolved with “appropriate action.” Known weaknesses such as those used by the 9/11 hijackers – such as multiple licenses or IDs in different states and use of a single document to show principal residence – are either pushed into demonstration projects for the next six years (the one driver/one license rule) or returned to pre-9/11 requirements (proof of residence). The proposed bill would likely lead to increased identity theft and license shopping.


As long as proof of lawful presence in the United States is not required of drivers license or non-driver ID applicants, anyone can take advantage of those vulnerabilities. In addition to terrorists, criminal of all kinds – identity thieves, counterfeiters, deadbeat dads, even underage teens seeking IDs to drink and drive – also use multiple IDs to hide their true identity from the law. In 2005, identity theft cost a staggering $64 billion, with $18.1 billion of that cost involving theft of a drivers license or ID. Individual consumers spend an average of 330 hours trying to undo identity theft and suffer $15,000 on average in losses. With REAL ID, drivers license identity theft will be much more difficult because more secure IDs will verify ID information before a DL/ID is issued and because the cards themselves will become more tamper-resistant and make it easier for law enforcement to determine fakes.

The proposed PASS ID Act would likely promote identity fraud by

weakening many of the security standards set by the REAL ID Act. In

essence, it would return license and ID issuance to pre-9/11 standards.

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: