[PLUG-TALK] Comment: DHS-2006-0030
Paul Heinlein
heinlein at madboa.com
Tue May 8 19:17:31 UTC 2007
>From Bruce Schneier:
I've written about the U.S. national ID card -- REAL ID --
extensively. The Department of Homeland Security has published draft
rules regarding REAL ID, and are requesting comments. Comments are due
today, by 5:00 PM Eastern Time. Please, please, please, go to this
Privacy Coalition site and submit your comments. The DHS has been
making a big deal about the fact that so few people are commenting,
and we need to prove them wrong.
Source: http://www.schneier.com/blog/archives/2007/05/real_id_action.html
Comments need to be directed to oscomments at dhs.gov and must reference
DHS-2006-0030.
My comments are below. Others can be found online:
http://www.privacycoalition.org/stoprealid/sampletext.html
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
---------- Forwarded message ----------
To: oscomments at dhs.gov
Subject: Comment: DHS-2006-0030
Dear Secretary Chertoff:
I write to urge the Department of Homeland Security to seek repeal of
the REAL ID Act and withdraw regulations supporting it (docket no.
DHS-2006-0030).
The personal data aggregated under REAL ID rules are unsafe, too
difficult to correct, and too easily exploited by criminal and
commercial interests. I am completely unconvinced that I am in any way
safer with REAL ID.
* No federal official has yet to make a convincing argument that
REAL ID will actually enhance homeland security. Which ghastly
terrorist activities would have been prevented had REAL ID been
in effect? There are certainly no arguments that the benefits of
such a system outweigh the risks inherent in aggregating the
personal data of the entire citizenry of the United States of
America.
* Data stores are too easy to lose or steal, in whole or part. Backup
tapes, executive laptops, and weakly guarded Internet sites are
the most obvious technological weak links, but there are others.
Since the data can be used in, e.g., identity theft crimes, the
risks associated with missing data are high.
* The data are too easily viewed, stored, and stolen by DHS employees
and other authorized agents. Further, the task of creating a true
and assured audit trail for all viewing transactions is a
technological nightmare.
* Unlike a financial institution which faces real market-driven
penalties for losing sensitive data (loss of assets and customers),
the government and its employees have no inherent interest in
safe-guarding my data.
* No federal official has yet to demonstrate a clear and easy
method by which citizens may view and contest data associated
with their identity.
* There are no significant or deterring penalties threatened against
officials who enter false, incomplete, or misleading data. Such
data in a national database are tantamount to a criminal
conviction, but citizens are unable to face their accuser(s) in a
court of law, a violation of the Sixth Amendment of the U.S.
Constitution.
* There are no significant incentives for DHS agents to quickly
and transparently update contested data. Nor are there criminal
or civil deterrents against officials who delay the process of
correcting data.
Respectfully submitted,
Paul Heinlein
More information about the PLUG-talk
mailing list