Papers, Please – Page 16 – Papers, Please!

Sep 15 2015

California Dreamin’

Stumbling into the embrace of the homeland-security state, California’s state legislature has sent to Governor Jerry Brown a bill which, unless the Governor vetoes it by October 11th, will require that:

[T]he Department [of Motor Vehicles] shall require an applicant for an original driver’s license or identification card to submit satisfactory proof of California residency and that the applicant’s presence in the United States is authorized under federal law.

A.B. 1465 is unnecessary, would create severe problems for many Californians, and would discourage both immigrants to the US and residents of other states from moving to California.

As our friend Jim Harper of the Cato Institute has noted, the intent of A.B. 1465 appears to be to make it easier for the DHS to claim that California is making “progress” toward compliance with the REAL-ID Act.

Why would Californians want that?

The DHS has repeatedly threatened that if states don’t comply with the REAL-ID Act, including connecting their state drivers license and ID databases to the outsourced REAL-ID “hub” operated by the AAMVA, residents of those states won’t be allowed through Federal checkpoints at airports and at entrances to Federal facilities.

But as we discussed here and here and in this presentation at Cato earlier this year, these threats are hollow.

The TSA allows people to fly without ID every day, despite false notices in airports that ID is required.

As for access to federal buildings, the DHS says that “REAL-ID does not apply to … applying for or receiving Federal benefits, … accessing hospitals and health clinics…, or constitutionally protected activities.”

We’re not sure why else ordinary people would want to access most Federal facilities.

Jun 23 2015

Supreme Court finds L.A. hotel guest surveillance law unconstitutional

The Supreme Court has found unconstitutional on its face a Los Angeles ordinance requiring operators of hotels and motels to demand specified personal information from and about each guest and their behavior (date and time of arrival and departure, license plate number of the vehicle in which they arrived, etc.), log this travel metadata, and make this log (“guest register”) available for warrantless, suspicionless inspection by police at any time, under penalty of immediate arrest and imprisonment of the hotelier, without possibility of judicial review before complying with a demand for inspection.

The Supreme Court rejected the contention that hotels are so instrinsically dangerous as to justify their treatment as a “closely regulated industry” subject to inspection (i.e. search) without probable cause: “[N]othing inherent in the operation of hotels poses a clear and significant risk to the public welfare.” By implication, this is a significant rebuff to post-9/11 (and pre-9/11) arguments that travel or travelers are per se suspicious, and to claims that there is or should be some sort of travel (or travel industry) exception to the Fourth Amendment.

And lest anyone be tempted to say that travel services providers with legally-imposed duties to accommodate the public are somehow different when it comes to the applicability of the Fourth Amendment, the Supreme Court also found that, “laws obligating inns to provide suitable lodging to all paying guests are not the same as laws subjecting inns to warrantless searches.” The same logic, of course, would appear to apply to common carriers, who are obligated by law to provide transportation to all paying passengers.

The ruling by the Supreme Court in Los Angeles v. Patel upholds an en banc decision last year by the 9th Circuit Court of Appeals in a lawsuit first brought seven years ago by hotel owners Naranjibhai Patel and Ramilaben Patel and by the Los Angeles Lodging Association, an association of Indian-American proprietors of the sort of budget hotels that might, if allowed to do so by the government, provide accommodations of last resort to people without government-issued ID credentials who would otherwise have to sleep on the streets or under bridges.

We again commend Messrs. Patel and the LA Lodging Association for doing the right thing and standing up for their customers, even as small business owners highly vulnerable to police harassment and retaliation for questioning authority.

The Supreme Court ruling addresses only the rights of hotel owners, not those of hotel guests, and does noting in itself to establish a right to obtain lodging without having or showing government-issued permission papers. Nor does it address the requirement for hotels to monitor and log their guests’ identities and activities — only the requirement to make those logs available to the government without any possibility of prior judicial review of government demands for access.

As others have noted, and as we discussed in relation to the 9th Circuit’s decision and the Supreme Court’s decision to review it, much of the logic of this decision is equally applicable to other dragnet travel surveillance schemes involving compelled compilation, retention, and government access to travel metadata held by third parties (in this case, hotels) rather than by travelers themselves.

But as we have also noted before, this remains the only case we are aware of in which any of those travel companies — not just hotels but also airlines and other types of travel companies– have gone to court to challenge government demands for information about their customers.

Especially in light of this decision by the Supreme Court, it should be apparent that there’s an Achilles heel for the government to the “third-party” doctrine that individuals have no standing to challenge government demands for information provided to and held by third parties, because that information is owned by those third parties and not by the individuals to whom it pertains: As this case makes clear, those third parties — not just hotels but also airlines and others — do have standing to challenge these demands, and have a good chance of success if they persevere.

The shame is on larger travel companies with deeper pockets for going along with government surveillance of their customers and guests without question, and leaving it to highly vulnerable small businesses with fewer resources to challenge this dragnet travel surveillance scheme.

In the wake of the Supreme Court’s decision in L.A. vs. Patel, there’s more reason than ever for travelers to demand that all travel companies make public, contractually binding commitments, in their tariffs or terms of service, not to disclose information about their customers to the government without challenging those demands and without seeking to notify their customers of those demands.

Jun 22 2015

Will the REAL-ID Act deny you access to Federal facilities?

As we’ve noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the threats against individual residents of “noncompliant” states (and territories and the District of Columbia) that are being used by the DHS to try to induce reluctant state governments to incorporate their state drivers license and ID databases to the distributed national REAL-ID database by connecting them to the contractor-operated REAL-ID hub:

Threatened denial of common carrier airline transportation to individuals who present drivers licenses or other ID credentials issued by noncompliant states; and
Threatened denial of access to (certain) Federal facilities to these individuals.

The first of these threats appears to be hollow. The TSA has consistently argued, when demands for ID from air travelers have been challenged in court, that no ID credentials at all are required to fly.

The TSA claims the right to subject any traveler to more intrusive search and interrogation, without probable cause, and may use this arbitrary power against residents of states that don’t comply with the REAL-ID Act. But the TSA appears to realize that it has no legal authority for outright denial of air travel to people who don’t have, or decline to carry or show to the TSA or its contractors, government-issued ID credentials, REAL-ID Act compliant or not.

With respect to its threat to deny access to Federal facilities, the DHS (in its usual fashion of rulemaking by press release) has posted an announcement on its website that this will be implemented in phases determined by the “Federal Security Level” (FSL) assigned to individual facilities.

But what are the facilities, if any, to which these levels have been assigned, and to which individuals with ID from noncompliant states will therefore be denied access? We’ve filed a series of Freedom of Information Act requests to find out.

The responses to our FOIA requests suggest that this prong of the REAL-ID Act enforcement cattle prod is, to mix metaphors, a paper tiger. We’ve been unable to find any Federal facility to which such an FSL has actually been assigned.

Jun 21 2015

More on Amtrak passenger data requirements

Amtrak has released a third batch of records (1st interim response, 2nd interim response) in response to our Freedom of Information Act (FOIA) request for information about Amtrak’s collection and “sharing” with the US and Canadian governments of information about Amtrak travelers on international routes between the US and Canada:

Amtrak-FOIA-29OCT2014-signed.pdf (note that this file is actually in .doc format, and is not a copy of our request, as the filename might imply, but a collection of responsive records)
date of birthAM.doc
Function summary.doc
IDPFOIARequest.pdf (another collection of responsive records, beginning with a list of all of Amtrak’s cross-border routes including both trains and Amtrak feeder buses)
Regression User testing 9222305 (4).doc
TheIdentityProject_InterimResponse3.pdf (cover letter from Amtrak’s FOIA office accompanying the interim response)
wspBORDER.doc

The files with “.doc” filenames all appear to be from Amtrak’s IT department, and relate to the implementation by Amtrak of requirements for inclusion of passenger ID data desired by the US government in each Amtrak reservation for travel across the US-Canada border. As we have noted previously, this “requirement” was imposed internally and “voluntarily” by Amtrak, and was not a requirement of any law, regulation, or order from any other US or Canadian government agency. It remains unclear from the records released to date whether anyone in Amtrak’s IT department was aware that this was solely an Amtrak requirement and not an externally imposed obligation.

According to these records, Amtrak began requiring a date of birth in the reservation, before a ticket could be issued, for each passenger on any international route, including infant passengers, beginning in November or December of 2000. (There are some inconsistencies in the dates in different records.) Beginning in July or August 2005, Amtrak began also requiring a nationality and passport or other ID number in each such reservation, as part of Amtrak’s “voluntary” participation in the DHS “Advanced Passenger Information System” (APIS) also used by airlines.

These records include the formats used by Amtrak sales agents working directly in Amtrak’s own “ARROW” reservation system, as well as the formats used by travel agents making Amtrak reservations through each of the four major CRSs/GDSs: Amadeus, Galileo, Sabre, and Worldspan. Amtrak’s software testing staff noted the complexity of these formats (which is indicative of how burdensome they are for the travel agents who have to learn and use them) and the likelihood of errors by travel agents. The Amtrak records include information provided to travel agents and travelers, describing these “requirements” but giving no clue that these requirements were voluntarily self-imposed by Amtrak itself.

The files linked above are posted here exactly as we received them by email from Amtrak’s FOIA office. The filenames are not indicative of the actual file contents, and some of the filename extensions don’t correspond to the file formats. One of the “.pdf” files, for example, is actually in MS-Word “.doc” format (also readable in Libre Office among other programs) rather than in PDF format.

We requested that all records found in digital form be released as bitwise copies of the files as found in Amtrak’s filesystems, but some of the files we received appear to be derivative, modified versions of copies of the original files, in some cases in completely different formats.

Most of the the records responsive to our request that we believe are likely to exist have not yet been released. Amtrak is continuing to process our request, and we expect further responses.

Apr 23 2015

Amtrak formats for passenger ID data dumps to governments

Eight pages of command-line formats for users of Amtrak’s ARROW computerized reservation system have been made public in the second of a series of interim responses to our Freedom of Information Act request for records of Amtrak’s collaboration with police and other government agencies in the US and Canada in “dataveillance” of Amtrak passengers.

The ARROW user documentation covers syntax and codes for entering ID information into Amtrak passenger name records (PNRs), generating reports (“passenger manifests”) by train number and date or other selection criteria, and transmitting these “manifests” or “API data” to the US Customs and Border Protection (CBP) “Advance Passenger Information System” (APIS).

Amtrak extracts “manifest” (API) data from PNRs, formats it according to CBP standards, and pushes it to CBP in batches using EDIFACT messages uploaded through the CBP Web-based online eAPIS submission portal.

Although Amtrak knows it isn’t actually required by law to do any of this, it “voluntarily” (and in violation of Canadian if not necessarily US law) follows the same procedures that CBP has mandated for airlines. The sample EDIFACT headers in the Amtrak documentation refer to Amtrak by its usual carrier code of “2V”.

Travel agents — at least the declining minority who use the command-line interface — will find nothing particularly surprising in these formats. ARROW formats for train reservations are generally comparable, although not identical, to the AIRIMP formats used for API data by the major computerized reservation systems (CRSs) or global distribution systems (GDSs) that host airline PNRs.

CRS/GDS companies and US airlines are private and not subject to FOIA, however, and CRS/GDS documentation is proprietary to the different systems and restricted to their users. There is no freely and publicly-available guide to commercial CRS/GDS data formats. Because Amtrak is a creature of the federal government subject to FOIA, we have been able to obtain more details of its internal procedures than we can for airlines or CRSs/GDSs

The ARROW user documentation shows — again, unsurprisingly — that the “data-mining” capabilities built into ARROW for retrieving and generating reports on selected PNR or manifest (API) entries are quite limited. This is why, despite having access to an ARROW “Police GUI” with additional data-mining functionality, CBP wants to import and retain mirror copies of API and PNR data in its own, more sophisticated TECS and Automated Targeting System databases and its new integrated data framework.

We’re continuing to await more releases from Amtrak of information about its policies for collaboration with law enforcement and other government agencies, and its apparent violation of Canadian privacy law.

Apr 09 2015

Why did the TSA prevent these people from flying?

Documents newly released to us by the TSA strongly suggest that the TSA has been lying about whether people are “allowed” by the TSA to fly without showing ID, and that decisions about whether to allow travelers to fly without ID are being made arbitrarily, on the basis of irrelevant and unreliable commercial data and/or at the “discretion” of individual field-level TSA staff. The TSA documents also show that, at least for the limited sample of data initially released, the “false-positive” rate of watch-list matches is 100%.

The TSA has for many years been contradicting itself, both in word and in deed, as to whether travelers are required show government-issued (or any other) ID credentials in order to fly, or whether it is possible to fly without ID.

TSA signs at airports say that passengers are “required” to show ID. But the TSA has repeatedly told courts at all levels — from in camera (secret) submissions to the 9th Circuit Court of Appeals in Gilmore v. Gonzales in 2006 to public testimony of the TSA’s witness in the (unsuccessful) state court frame-up of Phil Mocek in Albuquerque in 2011 — that these and other official TSA notices to passengers are false, that ID is not required to fly, and that the TSA does have (secret) “procedures” that allow people to fly without having or showing ID.

The TSA’s actions are equally bipolar. People who say they have lost their ID cards or had them stolen are “allowed” to fly every day. But people who the TSA deems (for secret or not-so-secret reasons, or completely arbitrarily) to be”suspicious” or “uncooperative” are routinely subjected to retaliation and summary sanctions including denial of their right to travel. Mr. Mocek, for example, was both prevented from boarding the flight for which he had a valid ticket, and falsely arrested by local police at the behest of TSA staff, when he tried to fly without ID and to document the process that the TSA claimed would have allowed him to do so.

What’s the real story? From our close reading of the available evidence, it appears that:

There are no publicly-disclosed “rules” (and probably not even any unambiguous secret rules) defining what is or is not permitted or required of travelers at TSA checkpoints, or what conditions the TSA imposes on the exercise of the right to travel by air.
The TSA claims to have the legal authority, and in practice exercises actual power, to determine who to allow to fly, and who not to allow to fly, in an entirely secret, standardless, and arbitrary manner, at its sole discretion, which discretion is often delegated to front-line TSA staff.

How does this work in practice? We are just beginning to find out.

Mar 23 2015

Smile for the camera, citizen!

The Department of Homeland Security is extending its photography of travelers at US border crossings, ports, and international airports from foreign nationals to US citizens entering and leaving our own country.

On January 5, 2004, under an “interim final rule” for the “US-VISIT” program effective the same day it was published in the Federal Register, agents of US Customs and Border Protection (CBP) began fingerprinting and photographing foreign visitors on their arrival and again on their departure from the US.

At first, only those foreign citizens who required visas to enter the US were given this treatment. A few countries. starting with Brazil, took this as a sign of their “least favored nation” status with the US government, and reciprocated by photographing and fingerprinting US citizens arriving in and departing from their countries. Many other countries didn’t take things quite so far, but partially reciprocated to the extent of increasing their visa or entry fees for US visitors, or imposing new fees where entry for US tourists had been free, to match the US$135 minimum fee for a tourist or transit visa to the US for citizens of most other countries.

On August 31, 2004, under yet another “interim” rule effective the same day it was published, fingerprinting and photography at US airports and borders was extended to citizens of countries in the US “visa waiver program”.

For the third phase of expansion of US-VISIT fingerprinting and photography of border crossers, the DHS published a notice of proposed rulemaking in 2006, giving organizations and individuals a chance to object before the rules were finalized. But the numerous objections, including ours, were ignored. In December 2008, the DHS promulgated a final rule extending the fingerprinting and photography of visitors to all non-US citizens, including permanent US residents (green-card holders).

Now, without bothering to propose or finalize any new regulations, DHS has announced through a non-binding “Privacy Impact Assessment” (PIA) posted on its website that CBP is already conducting a “Facial Recognition Air Entry Pilot” program under which some unspecified fraction of US citizens entering the US by air are being required to submit to facial photography by CBP agents:

U.S. citizens with U.S. e-passports arriving at air ports of entry testing the technology may be selected to participate in the pilot at port discretion. Individuals that are selected do not have the option to opt out of this process.

Facial recognition software is being used to compare the photos to the digital photos stored on the RFID chips in US citizens’ passports, and to assign a score indicating the robot’s “confidence” that the photo in the passport and the photo taken at the airport depict the same person. “The facial recognition system is a tool to assist CBPOs [CBP officers] in the inspection process.”

The selection is supposedly random, but there is no specified limit on how large the percentage of US citizens subjected to this requirement might be:

Supervisory CBPOs (SCBPO) will set the standard for the random selection criteria and have discretion to change the criteria as needed. For example, the SCBPO may choose to select every fifth traveler but may change to every third or every seventh traveler at his or her discretion.

DHS has a history of prolonging and expanding “tests” as cover for de facto full implementation of controversial requirements. There’s nothing in this PIA to rule out the extension of the “pilot” program to nine out of ten arriving US citizens, or 99 out of 100.

Disturbingly but characteristically, DHS suggests that US citizens returning to our own country can be required to do whatever is necessary to “satisfy” CBP officers:

A person claiming U.S. citizenship must establish that fact to the examining [CBP] officer’s satisfaction [emphasis added] and must present a U.S. passport or alternative documentation as required by 22 CFR part 53. If such applicant for admission fails to satisfy the examining immigration officer that he or she is a U.S. citizen, he or she shall thereafter be inspected as an alien.

Mar 20 2015

Amtrak lies about police use of passenger data

[Passenger Name Record (PNR) view from Amtrak “Police GUI”. Click image for larger version.]

The first “interim” release of documents responsive to our FOIA request for records of police and other government access to Amtrak reservation data show that Amtrak is not only giving police root access and a dedicated user interface to mine passenger data for general state and local law enforcement purposes, but also lying to passengers about this, misleading Amtrak’s own IT and planning staff about the legal basis for these actions, and violating Canadian if not necessarily US law.

Our FOIA request was prompted by Amtrak’s obviously incomplete response to an earlier FOIA request from the ACLU. That response omitted any mention of government access to Amtrak reservation data, even though we’ve seen records of Amtrak travel in DHS files about individual citizens obtained in response to previous Privacy Act and FOIA requests. The documents we have just received were clearly responsive to the ACLU’s request, and should have been, but weren’t, included in Amtrak’s response to that request.

Amtrak is still working on our request, but has begun providing us with responsive records as it completes “processing” of them: search, retrieval, and redaction. (Amtrak is even further behind in responding to some other FOIA requests, such as this one for certain disciplinary records related to misconduct by Amtrak Police.)

The first “interim” release to us by Amtrak includes just a few documents: a 2004 letter from US Customs and Border Protection (CBP) to the Amtrak Police legal department, requesting “voluntary” provision by Amtrak to CBP of Advanced Passenger Information System (APIS) identification data about all passengers on international Amtrak trains, and a 2004-2005 project summary and scoping document for the work that would be required by Amtrak’s IT department to automate the collection, maintenance in Amtrak’s “ARROW” passenger reservation database, and delivery to CBP of this data.

Mar 18 2015

Appeals court hears argument on appeal by “Freedom Flyer” Phil Mocek

A three-judge panel of the 10th Circuit US Court of Appeals heard oral arguments in Denver yesterday on the lawsuit brought by “Freedom Flyer” Phil Mocek against the TSA checkpoint staff and Albuquerque police responsible for falsely arresting him and trying to delete his audio and video recordings in retaliation for his trying to exercise his Constitutional rights to travel by air without carrying government-issued ID documents, and to film and record the TSA’s “ID verification” process for flyers without ID.

Mr. Mocek was able to recover his audio and video recording after the police returned his camera when they let him out of jail. On the basis of that recording, Mr. Mocek was acquitted by an Albuquerque jury of all of the trumped-up criminal charges.

After his acquittal, Mr. Mocek filed a Federal civil rights lawsuit against the TSA, the Albuquerque police department, and the individual TSA employees and ABQ airport police responsible for violating his rights.

Mr. Mocek’s lawsuit was dismissed, before it could go to trial, by US District Court Judge James Browning in Albuquerque, who ruled that Mr. Mocek had “failed to state a claim on which relief could be granted.”

The issue in rulings like this is not whether the plaintiff (Mr. Mocek) has proven his case, or what the judge believes actually happened. Those are issues for a jury to decide, after hearing the evidence presented in a trial. A motion to dismiss can be granted only if — even assuming that everything the plaintiff says in the complaint can be proven to be true — those facts would not be sufficient to constitute a basis for a finding that the plaintiff’s legal rights have been violated.

That’s what is now being considered by three judges of the 10th Circuit Court of Appeals (Presiding Judge Timothy Tymkovich and Judges Neil Gorsuch and Jerome Holmes), and that was argued before them on Tuesday morning in Denver by lawyers representing Mr. Mocek, the TSA and its employees, and the city of Albuquerque (on behalf of the Albuquerque police department, its airport division, and its employees).

[Official audio recording by the court in downlaodable podcast and streaming formats.]

Clearly there are problems with the Albuquerque Police Department which might call for oversight or corrective action by the Federal courts. Five cases, all of them appeals from decisions of the US District Court for New Mexico, were argued on Tuesday before the 10th Circuit panel that heard argument in Mocek v. Albuquerque et al. Of those five cases, three were lawsuits against the Albuquerque police, under the same Federal civil rights statute as in Mr. Mocek’s case, for a variety of violations of individuals’ Constitutional rights by the police department and its officers.

In many respects, all of these appeals concerned the limits of legal liability, and the corresponding limits of impunity, for actions by government agencies and agents that violate individuals’ rights.

Feb 23 2015

REAL-ID Act implementation, enforcement, and resistance

Is gradual implementation of the REAL-ID Act cooking us slowly, like frogs who, if the temperature of the water is increased gradually enough, don’t realize that they need to jump out of the pot until it’s too late?

Last month was another of the deadlines set by the Department of Homeland Security for “implementation” and “enforcement” of the REAL-ID Act. That also makes it time for stepped-up resistance to REAL-ID.

Understanding the meaning of this deadline, and the remaining deadlines to come, requires some background. Below is an overview of what the REAL-ID Act is, how and by whom it will be implemented and enforced, what it means to “comply” with the REAL-ID Act, what we can expect to happen next, and — perphaps most importantly — what we can do, now, to resist it.

[See this 15-minute video for an introduction to the REAL-ID Act, and the REAL-ID category in this blog for more recent updates.]

The REAL-ID Act of 2005 is a Federal law intended to mandate the creation of a distributed but integrated national database of personal identity records (including birth certificates or alternative “breeder documents” [sic]) linked to state-issued identity credentials. The REAL-ID Act also includes Federal standards for the physical ID cards, including drivers’ licenses or alternative non-driver ID cards, issued by US states and territories. But the real focus is on the database: what data will be included and how it will be normalized and made accessible through a single user query interface.

The Federal government can, and often does, bribe states with Federal funding to do things the way the Feds want. But the REAL-ID Act didn’t include funding for state-level implementation, and was based (like many other DHS programs, such as its multi-billion dollar mandates for modifications to airline IT systems to support surveillance and control of air travelers) on gross underestimates of its cost. In any event, some states strongly opposed the whole idea of a national ID scheme, and would probably have declined to participate even if the Feds had been willing to foot the bill.

The states already manage the issuance of drivers’ licenses and non-driver ID cards, which are most US citizens’ primary government-issued identity credentials. Setting up a Federally-administered ID credential system would have been vastly more expensive and politically controversial than leaving it to the states.

So the problem for the architects of “REAL-ID” was how to induce all the states and territories to “comply” with goals and standards that would neither be officially binding on the states, nor financed by the Feds.

The workaround for indirect coercion of state governments was to threaten Federal sanctions against individual residents of states that don’t comply with the REAL-ID Act. The sponsors of REAL-ID hoped that these threats would scare voters into lobbying their state legislators’ to bring their states into line with the Feds’ desires.

The REAL-ID Act doesn’t officially “require” states or individuals to do anything. Its “enforcement” mechanism is a prohibition on acceptance for “Federal purposes” of drivers’ licenses or other ID credentials issued by states or territories that don’t comply with the requirements in the Federal law and the implementing regulations issued by the DHS.

There was still a problem for the DHS and the other backers of REAL-ID, however: How to make the threat of sanctions against residents of “noncompliant” states sufficiently harsh and sufficiently credible to get them to pressure their state governments to comply, without catalyzing a mass movement of grassroots resistance by outraged victims (or potential victims, or their supporters) of those sanctions.

The strategy adopted by the DHS has been to phase in the sanctions very gradually, over a period of many years, starting with those which would have the least significant consequences. The problem for the DHS is that those threats which are most intimidating are those which would be most likely to provoke blowback against the Feds, and lead to more pressure on Congress to repeal the REAL-ID Act. The result has been a decade-long game of chicken between the DHS and reluctant or resistant state governments.

The DHS won’t (and politically can’t) admit the possibility that states won’t kowtow to its demands. State legislators can’t believe that the DHS would really be able to get away with denying access to Federally-controlled facilities and programs (more on that below) to all residents of noncompliant states, as well as residents of compliant states who are unable and/or unwilling to satisfy the documentary prerequisites for issuance of a REAL-ID compliant ID card.

When states haven’t complied — because they didn’t want to, or because they couldnt’t afford to, or because it was taking longer than expected to develop the infrastructure for the distributed database — the DHS postponed the deadlines.

It’s been a decade since the REAL-ID act of 2005 was enacted, and most residents of “noncompliant” states have yet to be subjected to any Federal consequences for not having a REAL-ID card. The criterion for “compliance” is political obeisance and stated or inferred intent, not action. All states that said they intended eventually to comply were deemed to be “compliant”, and given extensions of time to get with the program in practice. Even some states which enacted state laws prohibiting state agencies from implementing REAL-ID procedures have been “certified” by the DHS to be in “constructive compliance” with the required intent to comply.

Is this DHS certiification wishful thinking? What will these states do as the deadlines approach? That remains to be seen, and depends primarily on what individual residents of those states do.

Papers, Please!

The Identity Project