After years of fighting the post-9/11 law that added security standards for ID cards, states seem to be on board. It's going to cost them, though.
Remember Real ID? The act, passed in 2005, that requires states to follow federal security standards when issuing driver’s licenses or ID cards? After repeated delays to enforce it, the Department of Homeland Security (DHS) has set Oct. 1, 2020, as the final deadline. And after years of fighting it, states finally seem to be on board. Twenty-seven have complied, and the remaining states either have received an extension or are under review for one, according to DHS spokeswoman Justine Whelan.
So what has all the fuss been about? Following the 9/11 attacks, in which terrorists easily obtained fraudulent driver’s licenses, Congress pushed through the Real ID Act to beef up security standards, including the requirement that states verify that a license applicant is in the country legally, and that the states use biometrics to ensure the authenticity of the person. That meant setting up a federal database to crosscheck applications and to require drivers to show valid birth certificates and Social Security cards.
When the law passed, states balked at what they considered to be federal overreach. Some were concerned the new federal requirements for identification to board any flight within the U.S. would amount to an internal passport for citizens. And observers complained bitterly that it would severely impact privacy. “It was a bad piece of legislation that left many stakeholders out of the policymaking process,” says Jay Stanley, a senior policy analyst at the American Civil Liberties Union.
Seventeen states ultimately passed laws restricting or barring implementation. And as they dug in their heels, the federal government was forced to delay enforcement four times. Eventually, DHS dropped some of the more extreme measures, such as a national database.
Real ID was also assailed as a huge unfunded mandate for the states, according to Stanley. Back in 2008, DHS estimated the cost to the states at $3.9 billion; earlier estimates had it at more than $11 billion. While some of that expense involved training workers, a large share was for technology upgrades.
Today, as states slowly move toward compliance, they have begun to provide specific figures on what it will take to modernize their IT systems. Many departments of motor vehicles operate on technology that is several decades old, using software that can only be replaced, not upgraded. Maine, which recently rescinded its law blocking compliance, has been granted an extension until October 2018 and expects to spend as much as $3 million to install new software and train its staff on how to use it. Montana estimates the cost to become compliant at $4.6 million; Massachusetts expects to spend $62 million on new software that will replace a system that’s more than 30 years old. And California is planning to spend more than $220 million.
One piece of technology that could give states an upper hand in detecting the kind of fraud that Real ID wants to deter is biometric identification. But this ability to verify the identity of a person through digitized images of fingerprints or facial features remains too advanced for at least one state’s existing policies. Vermont’s attorney general recently suspended the use of biometrics, which was part of its motor vehicles department’s effort to be Real ID compliant, because the software apparently violates a state privacy law that restricts what type of personal information can be shared.
Meanwhile, DHS is urging the remaining 23 states to press on with their commitments to secure identification. Less than three years remain, a precariously short period for government when it comes to adopting a new policy tied to new technology.
This story was originally published on Governing.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.