REAL-ID Act implementation, enforcement, and resistance

Is gradual implementation of the REAL-ID Act cooking us slowly, like frogs who, if the temperature of the water is increased gradually enough, don’t realize that they need to jump out of the pot until it’s too late?

Last month was another of the deadlines set by the Department of Homeland Security for “implementation” and “enforcement” of the REAL-ID Act.  That also makes it time for stepped-up resistance to REAL-ID.

Understanding the meaning of this deadline, and the remaining deadlines to come, requires some background. Below is an overview of what the REAL-ID Act is, how and by whom it will be implemented and enforced, what it means to “comply” with the REAL-ID Act, what we can expect to happen next, and — perphaps most importantly — what we can do, now, to resist it.

[See this 15-minute video for an introduction to the REAL-ID Act, and the REAL-ID category in this blog for more recent updates.]

The REAL-ID Act of 2005 is a Federal law intended to mandate the creation of a distributed but integrated national database of personal identity records (including birth certificates or alternative “breeder documents” [sic]) linked to state-issued identity credentials. The REAL-ID Act also includes Federal standards for the physical ID cards, including drivers’ licenses or alternative non-driver ID cards, issued by US states and territories. But the real focus is on the database: what data will be included and how it will be normalized and made accessible through a single user query interface.

The Federal government can, and often does, bribe states with Federal funding to do things the way the Feds want. But the REAL-ID Act didn’t include funding for state-level implementation, and was based (like many other DHS programs, such as its multi-billion dollar mandates for modifications to airline IT systems to support surveillance and control of air travelers) on gross underestimates of its cost. In any event, some states strongly opposed the whole idea of a national ID scheme, and would probably have declined to participate even if the Feds had been willing to foot the bill.

The states already manage the issuance of drivers’ licenses and non-driver ID cards, which are most US citizens’ primary government-issued identity credentials.  Setting up a Federally-administered ID credential system would have been vastly more expensive and politically controversial than leaving it to the states.

So the problem for the architects of “REAL-ID” was how to induce all the states and territories to “comply” with goals and standards that would neither be officially binding on the states, nor financed by the Feds.

The workaround for indirect coercion of state governments was to threaten Federal sanctions against individual residents of states that don’t comply with the REAL-ID Act. The sponsors of REAL-ID hoped that these threats would scare voters into lobbying their state legislators’ to bring their states into line with the Feds’ desires.

The REAL-ID Act doesn’t officially “require” states or individuals to do anything.  Its “enforcement” mechanism is a prohibition on acceptance for “Federal purposes” of drivers’ licenses or other ID credentials issued by states or territories that don’t comply with the requirements in the Federal law and the implementing regulations issued by the DHS.

There was still a problem for the DHS and the other backers of REAL-ID, however: How to make the threat of sanctions against residents of “noncompliant” states sufficiently harsh and sufficiently credible to get them to pressure their state governments to comply, without catalyzing a mass movement of grassroots resistance by outraged victims (or potential victims, or their supporters) of those sanctions.

The strategy adopted by the DHS has been to phase in the sanctions very gradually, over a period of many years, starting with those which would have the least significant consequences.  The problem for the DHS is that those threats which are most intimidating are those which would be most likely to provoke blowback against the Feds, and lead to more pressure on Congress to repeal the REAL-ID Act. The result has been a decade-long game of chicken between the DHS and reluctant or resistant state governments.

The DHS won’t (and politically can’t) admit the possibility that states won’t kowtow to its demands. State legislators can’t believe that the DHS would really be able to get away with denying access to Federally-controlled facilities and programs (more on that below) to all residents of noncompliant states, as well as residents of compliant states who are unable and/or unwilling to satisfy the documentary prerequisites for issuance of a REAL-ID compliant ID card.

When states haven’t complied — because they didn’t want to, or because they couldnt’t afford to, or because it was taking longer than expected to develop the infrastructure for the distributed database  — the DHS postponed the deadlines.

It’s been a decade since the REAL-ID act of 2005 was enacted, and most residents of “noncompliant” states have yet to be subjected to any Federal consequences for not having a REAL-ID card.  The criterion for “compliance” is political obeisance and stated or inferred intent, not action. All states that said they intended eventually to comply were deemed to be “compliant”, and given extensions of time to get with the program in practice. Even some states which enacted state laws prohibiting state agencies from implementing REAL-ID procedures have been “certified” by the DHS to be in “constructive compliance” with the required intent to comply.

Is this DHS certiification wishful thinking? What will these states do as the deadlines approach? That remains to be seen, and depends primarily on what individual residents of those states do.

As the preceding discussion should make clear, “implementation” and enforcement of the REAL-ID Act consists of four distinct sets of actions, on different timetables, by different actors:

  1. The DHS, other Federal agencies, state agencies, and their outsourced contractors such as the American Association of Motor Vehicle Administrators (AAMVA) had to develop a data “hub” to allow all state ID databases to query each other and to function as a single distributed database.
  2. Each state and territory (District of Columbia, Puerto Rico, American Samoa, etc.) has to comply with the REAL-ID Act by indicating that it intends to (a) connect its state ID database to this bidirectional data exchange and query hub, (b) collect and store specified data including digital photographs of all ID holders and scanned images of all documents submitted as evidence of identity, citizenship or immigration status, and residence, and (c) label as “not valid for Federal purposes” any ID card issued to someone who is unwilling or unable to provide these documents and have them scanned into the database.  Eventually — although there is no hurry, suggesting that there is no real crisis but only opportunistic political exploitation of a purported crisis — each state and territory will have to actually collect this data, connect to the hub, and start labelling 2nd-class “not valid for Federal purposes” ID cards (if it issues them at all) for 2nd-class citizens and residents who don’t produce compliant prerequisite documents.
  3. The DHS will implement the REAL-ID Act by issuing regulations and supplemental (secret) orders directing Federal agencies and contractors not to accept ID cards issued by “noncompliant” states for specified “Federal purposes”, as of specified dates.  Some of those dates have been set (although they have previously been extended through the same DHS rulemaking process, and could be again), while no date for the final projected “Phase 4” has yet been announced.
  4. Federal agencies and their contractors will enforce the REAL-ID Act by denying access to Federal facilities or refusing to accept for “Federal purposes” ID cards issued by noncompliant states.

The pointy end of the stick is what is defined as a “Federal purpose”, and as of what enforcement date(s).

Phases 1 and 2 of REAL-ID enforcement, starting in 2014, involved access to “restricted” areas of the DHS headquarters, other Federal facilities, and nuclear power plants. Most regular workers use badges issued by their employers, rather than state-issued ID cards, for access to these facilities. As we noted last year, these phases of REAL-ID implementation and enforcement did affect some contractors and other visitors, but the numbers affected are relatively small, and in many cases the only impact is that they have to be escorted by an employee while in the building rather than being allowed inside without an escort.

Phase 3 of REAL-ID enforcement, restricting access to most other Federal facilities (including those generally open to the public) is scheduled to take place this year. It’s divided into two sub-phases: Phase 3a (for facilities designated as “Facility Security Levels 1 or 2”) on January 19, 2015, and Phase 3b (for military facilities and facilities designated as “Facility Security Levels 3, 4, or 5”) on October 10, 2015.

What’s a “Facility Security Level” (FSL), and how can we tell which facilities have been designated with which levels? The DHS REAL-ID FAQ refers to Section 4 of this Interagency Security Committee Standard for more information about Facility Security Levels.  That document describes a point-scoring system to be used in assigning Facility Security Levels.

“Drawing the attention of protest groups” or being the site of political demonstrations are defined as “threats”, rather than as appropriate uses of public spaces and activities protected by the First Amendment. “Public contact is occasionally adverserial” or a “history of demonstrations at the facility” gets the same number of threat points as a “history of violence directed at the facility”.

Many portions of the threat scoring standard have been removed from the version posted on the DHS website as being “For Official Use Only” (FOUO).  And the actual FSL designations are to be made on a facility-by-facility basis by a designated member of each facility’s interagency or interdepartmental “Facility Security Committee”.

“FOUO” is an invented designation which has no relevance to whether a document is exempt from release in response to a FOIA request. So we’ve made a FOIA request for all of the missing portions of, and appendices to, the Interagency Security Committee Standard. We’ve also made FOIA requests for the minutes of the Facility Security Committees — which should include records of the Federal Security Level designations — for a variety of local and regional Federal courthouses, buildings, offices, parks, military bases, and other facilities.

There’s an important exception, according to the DHS REAL-ID enforcement FAQ: During Phase 3, “Access to Federal facilities will continue to be allowed for purposes of applying for or receiving Federal benefits.” Presumably, the DHS realizes that denial of Federal benefits, as a result of denial of access to a Federal facility, would be exactly what is needed to give victims of REAL-ID a legal cause of action. The only reason for this exception is to frustrate, or at least delay, judicial review of REAL-ID enforcement.

What constitutes a “Federal benefit” for purposes of this exception remains to be determined. So far as we can tell, DHS has given no public clue as to what it thinks, nor has any court yet addressed this question.  For example, is the right to observe Federal court proceedings, or to participate as a pro se party to a Federal lawsuit, a “Federal benefit”?

To date, we haven’t heard about anyone who has been turned away from a publicly-accessible Federal facility when they presented an ID card issued by a REAL-ID noncompliant state.  (We have heard from people who have been turned away from Federal faciltities, but those were facilities generally open only to employees, contractors, and pre-approved visitors by appointment, and presumably included in REAL-ID Phase 2, not facilities generally open to the public on a walk-in basis and included in REAL-ID Phase 3.) If this happens, or has happened, to you, please leave a comment or let us know the details: What ID did you present, if any? At what facility? For what purpose? What, if anything, were you told about the reasons for your exclusion from the facility and/or about or any process for administrative or judicial review of your exclusion?

In theory, it should be easier (although more expensive) for many US citizens without papers to obtain Federal ID, in the form of a US passport, than to obtain REAL-ID compliant state ID. That’s because, as we’ve noted in the past, State Department regulations at 22 C.F.R. § 51.28 explicitly allow a passport applicant to establish their identity by means of an affidavit from an identifying witness in lieu of documentary evidence of identity. Unfortunately, as we’ve also noted, the State Department avoids telling passport applicants about this document bootstrapping option, and tries to avoid making the requisite form available. (If you need it, we’ve posted a copy of State Department Form DS-71.)

Phase 4 of planned REAL-ID Act enforcement, to take place at a date to be named later by the DHS (but no earlier than 2016), will be when the DHS tells airlines, TSA staff, and airline and TSA contractors not to accept ID cards from REAL-ID noncompliant states for purposes of boarding commercial aircraft.

There are many problems for the DHS with this plan, and it’s not clear whether the TSA is actually prepared to try to carry out this threat.

At least at one time, TSA Standard Operating Procedures we obtained in response to a FOIA request called for anyone without government-issued ID credentials to be treated as a “selectee” for “secondary screening” (i.e. more intrusive search of their person and possessions).  And travelers without ID are asked to complete TSA Form 415,  “Certification of Identity”, under penalty of perjury.  But the TSA still has never gotten Form 415 approved by the Office of Management and Budget, so nobody can be required to complete it or subjected to any sanctions for declining to do so.

In court, the TSA has always said (even when it was contradicted by TSA signage in airports, but the TSA website, and often by the facts on the ground) that no ID at all is required to board flights. Provided they submit to secondary screening, and depending on what happens with the TSA’s “ID verification” procedures (and whether they are legal, something no court has yet been asked to consider), travelers with ID from REAL-ID noncompliant states, like travelers without ID today, should be allowed to fly.

In June 2013, we filed a FOIA request for the TSA’s reports of how many people have been subjected to these ID verification procedures, how many were eventually allowed to fly, and how many were denied their right to travel.  We’ve still received no response to this request.  [Update on the first partial response to our FOIA request, April 9, 2015: Why did the TSA prevent these people from flying?]

Phase 4 of REAL-ID Act enforcement would also prompt court challenges to the ID verification procedures and the denial of the right to travel by air to those who decline to submit to these procedures, decline to complete Form 415, or give answers to the “ID verification” questions from a contractor’s call center that don’t match the data in their Acxiom file. That’s something the TSA has clearly been anxious to avoid.

Of course, the TSA threat is that these ID verification and secondary screening procedures will create disastrous delays at airports for residents of REAL-ID noncompliant states. That may be true, but the open question is whether delayed travelers would direct more of their their rage at state legislators who voted against submission to the demands of the DHS, or at the TSA. We think the flying public would be smart enough to put the blame where it belongs: on Congress (for enacting the law), the TSA, and the DHS.

Let’s not wait until REAL-ID implementation and enforcement gets that far.  The time to resist the REAL-ID Act is now, wherever and whenever it is used as the excuse for interfering with our rights.

15 Responses to “REAL-ID Act implementation, enforcement, and resistance”

  1. James Says:

    This is the only time I’ve heard of someone being denied entry into a federal building for a non-compliant document.

  2. James Says:

    here is another:

  3. Edward Hasbrouck Says:

    We’ll be discussing the status of the REAL-ID Act on a lunchtime panel on “The U.S. National ID Law at Ten Years” at the Cato Institute in Washington, DC, on Monday, May 11, 2015:

    The event is free and open to the public (who says there’s no free lunch!), and will be webcast at:

  4. Papers, Please! » Blog Archive » Smile for the camera, citizen! Says:

    […] As we’ve noted, the key goal of the REAL-ID Act of 2004 is to induce states to link their drivers license and state ID databases, including “biometrics” in the form of facial images, to an interstate hub operated by a private contractor that will enable all states’ photo and ID databases to be searched with a single query, as though they were a single distributed database. […]

  5. Edward Hasbrouck Says:

    Streaming video and an audio podcast of the discussion of this topic at the Cato Institute on May 11, 2015, have been posted at:

  6. Edward Hasbrouck Says:

    “The Feds’ Bad Bluff on REAL ID” Cato Institute daily podcast with Edward Hasbrouck of the Identity Project, May 18, 2015):

  7. Papers, Please! » Blog Archive » DHS still playing politics with FOIA requests Says:

    […] to one of our requests for information about the “Federal Security Level” (FSL) that determines the date of applicability of certain REAL-ID Act rules for access to Federal […]

  8. Edward Hasbrouck Says:

    The U.S. National ID Law at Ten Years (Edward Hasbrouck):

  9. Papers, Please! » Blog Archive » Will the REAL-ID Act deny you access to Federal facilities? Says:

    […] we’ve noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the […]

  10. Papers, Please! » Blog Archive » California Dreamin’ Says:

    […] As out friend Jim Harper of the Cato Institute has noted, the intent of  A.B. 1465 appears to be to make it easier for the DHS to claim that California is making “progress” toward compliance with the REAL-ID Act. […]

  11. Papers, Please! » Blog Archive » You don’t have to show any ID to fly Says:

    […] quoted in an article in the New York Times about the Federal government’s efforts to use the threat of denial of air travel to scare state legislators into connecting their state drivers license and ID databases to the […]

  12. Papers, Please! » Blog Archive » DHS posts new lies about the REAL-ID Act Says:

    […] The REAL-ID Act won’t require you to show ID to fly. But unless the REAL-ID Act is repealed by Congress, it will require states to grant all other states access to drivers license and state ID data or risk having the DHS try to harass residents of those states that don’t participate. […]

  13. Papers, Please! » Blog Archive » DHS doubles down on its big lie about ID to fly Says:

    […] The REAL-ID Act does not purport to create any legal obligation on states to comply. It can’t: The Federal government has no authority to compel the enactment of state legislation. If financial carrots in the form of Federal grants to fund REAL-ID Act implementation aren’t sufficient to win over states that stand up for their residents’ rights, the only stick the Federal government has available to induce those states to comply with the REAL-ID Act is the threat to harass, delay, or prevent residents of those states from traveling by air. […]

  14. Papers, Please! » Blog Archive » Bills to repeal the REAL-ID Act introduced in Congress Says:

    […] of the REAL-ID Act including the creation of a distributed national ID database would depend on the collaboration of state government agencies. In the absence of any Federal authority to compel state compliance or impose sanctions on states […]

  15. Papers, Please! » Blog Archive » The REAL-ID Act and entry to Federal facilities Says:

    […] complies with the REAL-ID Act until at least 2020, the only threat left in the Federal arsenal to intimidate state governments into “compliance” with the REAL-ID Act any sooner than 2020 is the threat to bar residents of noncompliant states from access to some (but […]

Leave a Reply