Proposed laws on ID tech take privacy to the extreme

State ID bills are disruptive -- and unenforceable

Backlash against the REAL ID act, which sets national standards for state-issued drivers’ licenses and ID cards, has resulted in some extreme prohibitions being introduced in state legislatures.

REAL ID is not a good law and does not adequately provide for the security of sensitive data that it requires states to collect and share. But some misguided legislators are attacking the law indirectly by proposing the banning of broad classes of technology that would be used in the cards and licenses. Although concerns about privacy are understandable, bills introduced in New Hampshire and Oklahoma would throw out the baby with the bathwater by prohibiting the use, respectively, of all biometrics and of Radio Frequency ID.

The bills’ authors show a fundamental lack of understanding about biometrics and RFID, and their legislation is at best unnecessary and at worst disruptive and unenforceable.

The most egregious is New Hampshire's HB 244, “An act restricting the collection of biometric data by state agencies and private entities,” introduced by Rep. Neal Kurk, which is so broad in its definitions and application as to be completely impractical. It defines biometrics to include not only such things as fingerprints, voice prints, retina scans and DNA, but also “facial feature patter characteristics” and the shape of handwritten signatures. The bill would prohibit any government or private entity from gathering such data, except for employee ID cards, and would ban any requirement of such biometrics as a condition of doing business with the entity.

Related coverage:

Cyber bill's FISMA mandate could be a step backward

As written, this would effectively ban the use of traditional signatures in the course of doing business and prohibit the use of photos for identification. Kurk no doubt would deny that this is the intent of the bill, but that’s what it says.

The Oklahoma bill, HB 1399, introduced by Paul Wesselhoft, would prohibit the use of any radio frequency identification tag or RFID ink on state drivers’ licenses or ID cards. Wesselhoft explained his concerns in a 2010 press release for a similar bill:

“Through technology, governments, corporate and private entities can track a person’s location and personal information if one’s driver’s license is embedded with a Radio Frequency Identification (RFID) chip or special ink,” he said. “They can be tracked by satellites, radio towers and even through doors in buildings as ones walks through them.”

There might be some legitimate concerns about personal tracking via RFID, but it is hard to imagine a state tracking its citizens via satellite or cell towers with a properly implemented RFID chip.

Earlier versions of both the Kurk and Wesselhoft bills failed in their previous legislative sessions; Kurk’s was defeated by a lopsided vote 267 to 39 and Wesselhoft’s was vetoed.

Privacy issues in the Real ID law, and in the implementation of any public or private identity verification scheme, should be addressed. The gathering, retention, management and disposal of personally identifiable information are serious concerns and there is no reason why states should not address those concerns with reasonable and enforceable standards and requirements.

But the problem is not the technology being used. Biometrics such as facial recognition and handwriting have been used for centuries and even millennia, and RFID can be a cost- and time-effective tool for sharing and validating information. It would make a lot more sense to focus on the real issues than on technophobic prohibitions that miss the point.

inside gcn

  • analytics (Wright Studio/

    3 data strategies to help crackdown on internal corruption

Reader Comments

Fri, Jul 8, 2011

This seems to be yet another "innovation" that is designed to make the government's collection of your information more "efficient." Don't you think that people have enough of your information already? These practices don't need to be made "better" or more "efficient" not only because it is the wrong thing to embrace from a civil rights view, but for every advance in technology supposedly for our protection, hackers and others quickly find ways to circumvent this new technologies. Once again it is only the law abiding citizen that must beat the unfortunate externalizations of these "innovations."

Tue, Mar 15, 2011 Guy Texas

If Texas should begin issuing drivers licenses with RFID, I shall begin carrying my license in an RF shielded envelope. I do not want my personal information available to anyone nearby with an RFID scanner.

Tue, Mar 15, 2011

As someone that uses this kind of information every day, all I can say is that there will always be some need for the government to have this information. The specter of abuse has always been there, and sometimes it's been real, but it comes down to ensuring oversight and hiring quality people that are less likely to abuse their position. Remember, Hoover did all his work long before we had satellites and RFID. It's not the technology but the way it's used. From the sounds of it, some of these legislators might benefit from wearing some tin foil helmets.

Tue, Mar 15, 2011

"it is hard to imagine a state tracking its citizens via satellite or cell towers with a properly implemented RFID chip." Really? You don't have much of an imagination then... While your point about over-reaching legislation is valid, your dismissal of the potential for abuse is short-sighted.

Tue, Mar 15, 2011

Government is already collecting biometric data for those citizens that have criminal records. Individuals are finger printed and face plated in many states. Additionally, a fair amount of personally identifiable information is collected and stored right now for individuals to apply for gain and get a driver’s license.
The real issue behind RealID is found in the 911 commission report. This report showed that many of the 911 hijackers had multiple identities (many of them real drivers licenses with fake information). Since the government (local, state and federal) does not have a clear way to identify its citizens it is not possible for government to identify who is a citizen and who isn’t. This makes it easier for foreigners to come in and get real US drivers licenses and/or fake ones. This puts them one step closer to becoming a US citizen (since we really don’t know who is and is not a citizen)….there Pandora’s box is now open

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group