Taking License

Virginia's proposal to use radio frequency identification tags for drivers' licenses raises hackles.

by / January 26, 2005
When a subcommittee of the Virginia Legislature began exploring the idea of using radio frequency identification (RFID) technology to store biometric data in a "smart driver's license" in October 2004, the issue exploded into a national controversy.

The issue of modernizing drivers' licenses, which Virginia set out to investigate, is one now challenging all states. In fact, the National Conference of State Legislatures (NCSL) identified the problem of securing the integrity of drivers' licenses as one of the top 10 issues for 2005 legislative sessions. Protecting privacy generally from emerging technologies like RFID, as well as Internet spyware and fraud, was cited as another top issue.

The fact that many of the 9/11 terrorists held drivers' licenses, some fraudulently issued and some from states with lax issuance standards, already has propelled many states to improve driver's license integrity.

Two issues in particular now dominate the discussion: integrity of license issuance, ensuring that the person receiving a license meets necessary driving competency standards and has a verifiable identity; and verifiability, providing means for law enforcement officials to authenticate the license and identity of the license holder.

A study by the Council of State Governments and the NCSL, Driver's License Integrity, concluded among other things, that drivers' licenses need to have tamper- and counterfeit-proof features, and they need accurate and reliable personal identifiers that are verifiable in real time by appropriate law enforcement officials. Additionally states need to share information about drivers with one another in real time so the information is available to law enforcement nationally. Placing chips on drivers' licenses seems to be one obvious solution that would help accomplish much of this.

RFID tags, which respond to signals sent out by special reader devices, have broadcast ranges of 30 feet or more. This prompted privacy and civil liberties advocates to strongly voice concerns about potential problems with the technology.

"The idea that a chip could be read from a distance is a security nightmare," said Chris Calabrese, counsel for the American Civil Liberties Union's Technology and Liberty Program, when he testified before the subcommittee. "Personal information including your photograph, home address, date of birth and signature would be available to anyone with a reader. The potential for criminal conduct is staggering."

He and others paint a picture of criminals loitering on street corners stealing identities by remotely gathering personal information from the wallets of passersby. Government agents armed with pocket readers could sweep up the identities of everyone at a political meeting or protest march. And using the tags in conjunction with global positioning systems, government agencies could one day even compile comprehensive pictures of citizens' movements.

The subcommittee, chaired by General Assembly Delegate Kathy Byron, concluded that no immediately proposed legislation should come out of its study, and the issue should go to the Virginia Joint Commission on Technology and Science because it was such a complex and technically difficult topic.

Joe May, chairman of the Virginia General Assembly's House Science and Technology Committee, explained that Virginia takes individual privacy concerns seriously and will proceed slowly on such issues. "Does that mean I don't think there is a place for smart drivers' licenses? Of course not, but we are going to be very careful about what we turn loose on the public at large."

The joint commission, a policy-making group that meets outside the normal legislative session, will conduct a more formal study of smart drivers' licenses that will examine the possible shortcomings and advantages of different technologies, such as RFID tags.

"When the issue was first raised in Virginia with Delegate Byron's subcommittee, a number of privacy people came out and predicted the end of the world," May said. "A number of technology people said, 'You are not proposing to do nearly enough.' It's one of those situations where I think if you average it all together, you probably come out with about the right answer. That will be the objective of the commission study -- to find out how much is enough and how much is too much."

May said he expects the study to proceed throughout the year, and the commission may have some recommendations prepared by October 2005.

At a recent NCSL meeting in Savannah, Ga., the issue was hotly discussed at some length. "We had about six different groups represented, and we heard the topic of chips on drivers' licenses described as the end of a free society and the second coming," said May. "But really, the smart driver's license is a small subset of a much broader topic -- information of a personal or sensitive nature that has suddenly become available because of technology.

"However, I think the promise of smart drivers' licenses is pretty apparent," May added. "In Virginia, it's not the promise that concerns us. It is the possible downside that we perhaps don't anticipate that is causing us to move very slowly on this."

A Sensible Approach
The Progressive Policy Institute is one group arguing for the introduction of chips on drivers' licenses.

"I think the way most people get the smart drivers' licenses story wrong is that there are two kinds of smart cards -- contactless and contact chip cards," said Robert Atkinson, vice president of the Progressive Policy Institute. "There is no inherent reason to do a contactless RFID driver's license. In fact, I would argue that there are pretty good reasons to not do a contactless driver's license -- security being one of them, and paranoia from the nut cases being another.

"I think it will be a sizable enough hurdle just to get chips on the card," he added. "Why go and open yourself up to one more point of distortion by adding a contactless chip? It simply gives the Luddites one more line of attack and just confuses the debate."

Atkinson argued that placing a contact chip on drivers' licenses can effectively solve several issues. Done right, it makes the drivers' licenses virtually impossible to counterfeit or tamper with. Equally important, a contact chip ties the card to the person the card was issued to.

"For example, you could have a thumbprint encoded in the chip," he said. "And whenever I present myself and my card, I would just put my thumb on a reader that wouldn't capture the thumbprint, but would just check for a positive match."

Atkinson said we must define exactly what problems we are trying to solve, and then decide what technology will most improve the situation without raising privacy or civil liberty concerns unnecessarily.

"The anti-technology crowd just wants to sow a little doubt," he said. "As I said at my NCSL presentation, there are really two strategies this crowd has. One is to make it look like the technology won't work or won't solve the problem. The other one is that there are necessarily all these privacy, Big Brother threats from it. Both of them are simply wrong."

Federal Standards
Moves such as those in Virginia may soon be superseded by a new federal initiative to improve driver's license security through national standards.

The anti-terrorism bill passed and signed by President Bush in December 2004, though largely aimed at improving the nation's intelligence-gathering operations, also instructs the Homeland Security and Transportation departments to set uniform security standards for drivers' licenses within 18 months.

"Now the 9/11 legislation is really going to be driving this as we move forward," said Atkinson. "The real $64,000 question is going to be, 'What's the standard?' Does the Bush administration have the guts to require a chip on the card? Or are they going to cave in and for political reasons take a second-best, less than effective solution?"

Whether the standard requires a chip on drivers' licenses or not, a uniform standard is certainly a step in the right direction, said Virginia's May. This is something the NCSL has already been urging.

"What's wrong with making drivers' licenses uniform so you can get maximum benefit out of the information that is on there with legitimate reason?" asked May. "Of course, some people have already said that is the first step toward a national ID. Against that backdrop, when it comes to smart drivers' licenses, unless we can guarantee [the licenses] are not going to be abused, then I don't think they will succeed.

"The Virginia approach is show me first, it is safe, and second, there is benefit to it," May said. "Unless you can meet those criteria, we are probably not going to experiment with new technologies. Now the federal government may change that for us, but we hope not."
Blake Harris Contributing Editor