2005 meets 1984?

There is a bill that has now passed both houses of congress, that I have yet to hear anything about in any news anywhere. Someone told me about it, and I've since found further information on the internet, but I haven't seen it anywhere else.

This bill, called the 'real-id act,' amounts to the institution of a rigorously controlled national ID card. My first thought was, 'so what?' Well, consider this: the bill calls for a universally standardized electronic method for reading information directly from the card. It fails to specify the nature of this system, instead leaving it up to the Dept. of Homeland Security. Thus, all of your personal information would be directly stored in a machine-readable format on the card itself. Apparently explicit in the bill itself is that the card would have to be scanned to board a plane, get a bank account, or make use of any government service, presumably among other things. It is essentially certain that any place requiring age verification would invest in the equipment necessary to scan these IDs so as to protect themselves against lawsuits. Further, it is at least likely that—"to prevent fraud"—you'd be required to scan the ID anytime you used a credit card, wrote a check, or possibly even executed a large cash transaction.

In other words, you'd be required to scan this ID all the time, everywhere. That starts to be a little scary. However, when you think about it, it's even worse: this information will have value to marketers. So, every time you scan the ID, that information is going to be sold. Which means not only that all the information on the card itself—including a verified physical home address, as required in the bill—will be available to anyone for a small fee, but also your spending habits. In other words, if you spend $100 per month at 7-11, that information will be in there. Or if you go to a strip club ever, that information will be in there.

But wait, there's more: the Dept. of Homeland Security, as I said above, gets to decide what format of machine-readable data storage the cards use. This could take the form of a magnetic strip, a bar code, or something essentially innocuous like that. But it won't. Homeland Security has apparently expressed a desire to use RFID technology. RFID is wirelessly scannable, something like those security tags in department stores. Proponents of the technology have apparently said that it's only scannable from a maximum distance of a few inches. If that's true, why bother?

Section excerpted, see below.

The obvious implication is that RFID scanners, operable to at least a few feet, will be put in the doors of federal buildings—for starters—so that law enforcement can keep track of who is going in and out of places they are already working to guard. The next step is to require those scanners at the doors of, for example, liquor stores—especially here in Texas, where minors are not allowed to enter. Then shops that sell or rent pornography, then bars.

To take it one step further, suppose they put these scanners at the entrances of hotels—for security reasons, or whatever. Now, consider again that this information is going to go into a big private database. Suppose someone wants to find out about you. So they cross-check where you are with where anyone else is. Suppose you always go to a hotel—perhaps the same hotel, perhaps different hotels—within one hour of another person, and then leave within one hour of that same person. If you're not actually having an affair, this information could still be used to imply that you are. And that's just a small potential use of it in the private sector.

This bill is the next best thing to putting a tracking chip on each and every person in the country.

Incidentally, RFID is absolutely about to be put into all new passports.

The rationale for all this, of course, is that it will make it harder for terrorists to do their thing. Considering that the people who crashed planes into stuff in 2001 were all not only in the country legally, but had legal driver's licenses and never entered a restricted area prior to breaking into the cockpits of those planes, it's really absurd to assume that real-id will make much difference for terrorists.

When I first heard about this, I wondered if I was being paranoid and that maybe there were significant law-enforcements benefits to it that I hadn't thought of. So I asked my friend's father. He (the father) was a high-ranking police officer, as well as having been in some branch of the military before. He has good credentials for having a valuable perspective on this. I expected to get a very different perspective, but we agreed on every point.

I don't know what to say about this, but that it's very dangerous.

If you want to look into it further, here is the last article I read. This is the first site I saw relating to it. Finally, here is a pretty good editorial about it.

Finally, let's review what exactly is going to be publicly available after your ID is scanned: your name, birth date, gender, an ID number, your real and verified physical home address, and your picture. In addition collateral information relating to the transaction that caused the ID to be scanned: where you are, what you're buying, etc. However, it is likely also that your social security number could be put in there. Since your citizenship or visa status must be verified in order to get the card, that will probably go on there. Further, Homeland Security is empowered to require pretty much anything they want be stored there—right down to a fingerprint and retinal scan, if they deem it necessary.

---

I previously wrote that "according to a 2003 supreme court ruling, the police are empowered to ask anyone for their ID at any time, for no reason at all." I was paraphrasing an article linked above. I've now read the actual decision, from beginning to end, and it's really not that at all. Thus we see the dangers of referring to your source's source.

The decision in question actually concerns whether it can be a crime not to identify yourself to a police officer. Specifically, in a case in Nevada, a man was fined $240 for refusing to identify himself to an officer investigating a domestic disturbance. He wasn't randomly selected, and the officer wasn't even asking to see ID: he was a reasonable suspect in suspicious circumstances refusing to verbally respond by telling the officer his name. The officer asked him 11 times before arresting him, according to the above-linked supreme court document. While I agree with the second dissenting opinion, I can't see that this case has a whole lot of bearing on the real-id issue.

I don't think that the highly specific nature of this ruling has any bearing, in particular, on the use of RFID as the data storage for real-id compliant cards. However, I don't think that it's an impediment either. I think we can expect RFID scanning of real-id compliant cards to become ubiquitous, and, further, I think that even if they somehow are barred from using RFID, having to physically take the card from your wallet to scan it will still become ubiquitous.