[Infowarrior] - Real ID worries domestic violence groups

[Richard Forno]

Real ID worries domestic violence groups
Posted by Anne Broache
http://www.news.com/8301-10784_3-9867257-7.html

Editor's note: A May deadline looms as just one flash point in a political
showdown between Homeland Security, privacy advocates, and states that
oppose Real ID demands. Friday's story follows a four-part series that we
published earlier this week.

Every year, about 1,000 domestic violence victims legally change their
Social Security numbers in an attempt to elude people who may pose threats,
and many more change their legal names, according to figures compiled by
advocacy groups.

But hiding from stalkers may become more difficult under a federal law
called the Real ID Act that's scheduled to take effect on May 11.

The U.S. Department of Homeland Security's new regulations mandate specific
standards for what personal information states must print on the face of
Real ID drivers licenses and encode on their machine-readable zones.
Although there's some consideration for people who qualify for special
confidentiality treatment, critics argue the protections don't go far
enough.

"The statute is troubling because it's trying very much to identify people
who are dangerous, such as terrorists, and at the same time, how do you do
that in a way that keeps everyday citizens and victims safe?" Cindy
Southworth, technology project director for the National Network to End
Domestic Violence, said of the Real ID Act, which Congress passed nearly
three years ago. "I think inherently there's a conundrum there."

Homeland Security did weigh some of the concerns voiced by domestic violence
prevention groups, as well as existing laws like the Violence Against Women
Act, before issuing its final rules.

Currently, 19 states have confidentiality programs for domestic violence
survivors, according to the National Conference of State Legislatures. The
agency's final rule appears to preserve that, saying: "A DMV may apply an
alternate address on a driver's license or identification card if the
individual's address is entitled to be suppressed under state or federal law
or suppressed by a court order including an administrative order issued by a
state or federal court."

That "alternate address"--which in many cases is a dummy address created by
the government that forwards to someone's real address--is also the only
address required to be encoded on the two-dimensional bar code. That means
that if convenience store clerks or police officers swipe the unencrypted
card, they'll in theory only gain access to limited information.

Still, victims-rights and privacy advocates remain concerned about one
important Real ID requirement, which dictates that state DMVs interlink
their databases and make all their drivers' records and identity documents
available.

The final rule says that both an individual's "full legal name" and "true
address" must be stored in the DMV database, regardless of what's displayed
on the card and encoded on its bar code. It also requires that motor vehicle
departments scan and store "source documents," such as birth certificates,
to verify a driver's license applicant's identity.

Homeland Security hasn't yet stipulated what information must be exchanged
among the state-to-state databases, saying only that it will be "limited,"
nor has it specified exactly how the database linking will work, leaving
lingering worries among privacy and victim advocates.

All it would take is a determined, persuasive stalker--many have tricks,
like saying an ex-spouse is suicidal or otherwise in need of help--and a
gullible or corrupt DMV employee, and a victim's identity could be divulged,
Southworth said.

"Given that there are less than six degrees of separation between most
abusers and a friend or relative who works for the DMV, we are concerned
about victims' location information housed in state databases that could be
searched nationally," Southworth said. "Prior to national search ability, a
victim could move to a different state and increase her safety and privacy,
but national search functionality could place countless victims at risk."

In response to privacy groups' concerns about DMV employees' access to the
databases, Homeland Security opted to require states to devise their own
"security plans" for Real ID. That plan is supposed to include, among other
things, "procedures to prevent unauthorized access, use, or dissemination of
applicant information and images of source documents retained pursuant to
the act" and background checks for some, though not all, DMV employees.

The final rule has offered little comfort, however, to some privacy
advocates.

"We still have this problem of the backbone of this system, which is that
we're creating this nationwide system of databases, all interlinked," said
Guilherme Roschke, an Electronic Privacy Information Center fellow who
focuses on domestic violence privacy issues. "A breach in one is a breach in
all of them."