Papers, Please!

The Identity Project

Category Archives: REAL ID

May 26 2026

Reasons for California not to comply with the REAL-ID Act

The budget committees of the California legislature are continuing to consider a proposal from Governor Newsom and the Department of Motor Vehicles (DMV) to appropriate $55 million and, more importantly, change California law to permit the DMV to upload information about all licensed California drivers to the SPEXS national ID database.

We’re in Sacramento this week, along with a statewide coalition of immigrant, LGBTQ, and other human rights groups, talking to legislators about what’s wrong with this proposal:

(download this 1-page summary)

“State-to-State Verification System (S2S) Project” – OPPOSE

  • If California chooses to comply with the REAL-ID Act, the DMV will be required to make all data in DMV records about all California driver’s licenses available to all other states (and to the American Association of Motor Vehicle Administrators, AAMVA). The REAL-ID Act provides that, “To meet the requirements of this section, a State shall… Provide electronic access to all other States to information contained in the motor vehicle database of the State [and] maintain a State motor vehicle database that contains, at a minimum… all data fields printed on drivers’ licenses and identification cards issued by the State.”
  • DMV data will be available to other states through the S2S network. It will also be uploaded to the SPEXS national ID database at AAMVA’s central site.
  • Other states can make only limited queries through the S2S network. But AAMVA as the holder of the SPEXS database can query and retrieve data in bulk at its central site.
  • If the DMV doesn’t have a Social Security Number on file for a license, it will upload a record for that license to the SPEXS database with “99999” in the field for SSN.
  • AAMVA could search for and retrieve all records with “99999” in the field for SSN, or could be ordered to do so by a Federal or state warrant, subpoena, or other court order.
  • A demand to AAMVA for SPEXS data could and probably would include a gag order prohibiting AAMVA from telling the California DMV or the affected individuals that AAMVA had been required to retrieve and disclose their information.
  • No provision in a contract between the DMV and AAMVA could override a gag order. California might not know about or be able to challenge a court order to AAMVA.
  • Contractual “guardrails” would give only false and misleading reassurance, not real protection. The only way to prevent Federal agencies or other states from (secretly) obtaining data from AAMVA is for California not to upload that data to AAMVA.
  • AAMVA is a private Virginia corporation not subject to any of the public records, open meetings, or privacy laws that would apply to a Federal or state government agency.
  • AAMVA has no procedure for an individual to find out what information about them is in the SPEXS database or with whom AAMVA has shared any or all of that data.
  • The US Department of Homeland Security (DHS) has threatened to interfere with Californians’ right to travel if California doesn’t choose to comply with the REAL-ID Act. But the promises made to California drivers and the protection of Californians’ personal information should take precedence over the convenience of air travelers who don’t want to get a passport or passport card.
  • Instead of capitulating to unlawful or questionable DHS threats, California could and should challenge those threats, just as California has challenged other DHS threats.
  • The “deadline” cited by the DMV was set by AAMVA, not by any law or regulation. There is no need to rush a decision which, once made, would be irrevocable.
May 22 2026

Minnesota OK’s “open” meetings behind TSA checkpoint

The Minnesota Commissioner of Administration  has issued a formal advisory opinion that it doesn’t violate the state’s open meeting law for the Minneapolis-St. Paul Metropolitan Airports Commission (MAC) to hold its meetings in location behind a TSA checkpoint and accessible only by showing REAL-ID or paying a $45 fee, as long as the MAC offers to pay (or reimburse) the fee for those seeking to attend MAC meetings.

The advisory opinion addressed only the following question:

Does the Metropolitan Airports Commission Board of Commissioners policy requiring attendees to pay for TSA ConfirmID or obtain a Real ID or passport to attend meetings violate Minnesota Statutes, section 13D.01 to hold open meetings?

The advisory opinion only addresses the requirement to pay the fee or show REAL-ID. This leaves unresolved an issue on which we requested an opinion, but which the Commissioner declined to address: Whether Minnesota’s open meeting law permits the MAC or another state body to hold meetings in a location to which access is under the control and subject to the standardless discretion of the TSA or another third party. The TSA claims the right to deny passage to anyone, regardless of whether they show REAL-ID, pay the illegal $45 fee, or respond to the TSA’s unlawful questioning.

May 21 2026

Immigrant and human rights groups call for California not to upload driver’s license data to national ID database

Before a hearing last week before the California Assembly Budget Subcommittee #4 on Transportation, a coalition of 170 immigrant and human rights groups and allied organizations submitted a joint letter opposing the plan to upload data about all holders of California driver’s licenses and state-issued IDs to the SPEXS national ID database.

The joint letter and testimony by some of the witnesses at the hearing called on legislators to reject the proposal by Governor Newsom and the Department of Motor Vehicles (DMV) to appropriate $55 million and amend California’s driver’s license privacy law to allow the upload, which would be prohibited by current state law.

Alliance San Diego and other groups have also launched a petition campaign for individuals to tell Governon Newsom, “Do Not Comply” with the REAL-ID Act.

In testimony and a Powerpoint presentation for the hearing, witnesses from the DMV led by Director Steve Gordon doubled down on claims also made by Governor Newsom’s office that are partly misleading and partly false.

The DMV witnesses stressed that other states accessing the SPEXS database at AAMVA’s central site through the  S2S network will be able to send and receive answers to only a limited set of queries, and won’t be able to perform bulk searches such as for all the SPEXS records from California with “99999” in place of a Social Security number.

But the DMV avoided mentioning that AAMVA, as the owner of the SPEXS database, could perform this or any other sort of bulk search and retrieval of SPEXS data — or could be ordered to do so by  Federal or state law enforcement agencies or courts.

The DMV also said in its Powerpoint and testimony that, “AAMVA must notify CA if non-participants [such as federal agencies] request data.” This isn’t true.

The contract with AAMVA signed by the DMV on March 30, 2026 provides that AAMVA will notfy the California DMV of such a demand “if legally permitted”. A legal order to AAMVA to search for, retrieve, and hand over some or all of the information in the SPEXS database could and probably would be accompanied by a gag order prohibiting AAMVA from disclosing the order to  California authorities, the individuals whose data was retrieved and revealed, or anyone else.

As we’ve noted before, California authorities cannot truthfully promise that AAMVA will be allowed to notify them of a demand for SPEXS data, or that they will even have an opportunity to contest such a demand. Once this data is uploaded to AAMVA — a private out-of-state entity — this data will be out of the state’s control.

Some witnesses at the hearing called for “guardrails” to be included in the California law to protect sensitive data uploaded to SPEXS, such as the “9999” placeholder that flags  records of drivers who were unable to provide the DMV with a Social Security number.

But in reality, no such guardrails are possible. Nothing in California law or a contract between AAMVA and the DMV could override AAMVA’s duty, as a private Virginia corporation, to comply with orders from Federal courts or courts in Virginia or other states.

“Guardrails” in the law authorizing the upload to SPEXS would be a sham: They would offer only a misleading and falsely reassuring illusion of protection for Californians’ privacy

Senate Budget Subcommittee Chair Steve Bennett (D-Ventura) acknowledged explicitly that whether to capitulate to Federal threats to harass Californians boarding airline flights, if the state doesn’t comply with the REAL-ID Act, presents a choice between “inconvenience” to air travelers and much more severe potential negative consequences for immigrants  or others who might be targeted based on SPEXS data.

That should be any easy choice. Protection of vulnerable Californians, especially immigrants, against Federal weaponization of their personal information should take precedence over the convenience of air travelers. California should not comply with the REAL-ID Act. Instead, the state should stand up to lawless Federal threats and prepare to defend Californians against any interference with their right to travel.

The DMV witnesses at last week’s hearing weren’t asked, and didn’t explain, why they signed a contract with AAMVA to upload data to an out-of-state private entity in a manner prohibited by current California law, without waiting to see whether the legislature would amend the law to permit this upload.

The DMV also avoided mentioning that the February 2027 “deadline” for the upload of California data to SPEXS was set solely by AAMVA and isn’t based on any provision of Federal law or regulations. There’s no need for California to do anything this year, especially on a rushed schedule that buries this major policy change in the budget bill.

The Assembly Budget Subcommittee heard testimony but deferred any decision on the proposal The next hearing on this proposal come as soon as next Thursday, May 28, in Senate Budget Subcommittee 5 on Transportation.

Apr 29 2026

Uploading California driver’s license data to the SPEXS national ID database

Our research is cited in a detailed report by Khari Johnson and Wendy Fry of CalMatters (syndicated statewide) on plans by the California Department of Motor Vehicles (DMV) to upload information about all California driver’s licenses and state IDs to the SPEXS national ID database run by the American Association of Motor Vehicle Administrators (AAMVA).

If you’re looking for background, here are some of our previous reports on this issue:

The Washington Examiner reports receiving a statement from a spoksperson for California Governor Gavin Newsom, “CalMatters got it wrong – their reporting hurts vulnerable Californians by manufacturing fear and panic with lies.”

In a statement posted on Bluesky, Gov. Newsom’s office says that, “Federal immigration  agencies have NO access” to data uploaded to SPEXS, and that “the system does NOT include immigration status and cannot be searched that way.”

These claims by the Governor’s office are false. Federal immigration or other law enforcement agencies CAN access SPEXS data with a warrant or subpoena to AAMVA, the same way they could obtain data held by any other private entity. That order to AAMVA could include a gag order so California wouldn’t know or be able to challenge it. A simple search for SPEXS records with the placeholder “99999”  in the field for the last five digits of the Social Security Number CAN retrieve all records of licenses issued to individuals who were unable to provide a Social Security Number.

What part of this do the Governor or his lawyers not understand or not believe?

We stand by our statements to CalMatters and the accuracy of their reporting.

The Governor and the DMV are proposing that the state capitulate preemptively to lawless threats by Federal authorities to harass and discriminate California residents when they travel by air. That’s a choice not to challenge those lawless Federal threats, as the state has challenged many other recent lawless Federal threats. That’s also a choice to prioritize the convenience of air travelers over the protection of immigrant Californians. If they want to make those choices, they need to make them openly and be willing to defend them.

The upload to SPEXS of data about all California licenses and IDs would break the promises made by the state and the DMV that information in driver’s license records wouldn’t be made available for immigration enforcement or other unrelated purposes. Those promises  are codified in current California law, which would prohibit the planned upload to SPEXS.

AAMVA as a private entity requires (although neither Federal nor state law requires) that if a state chooses to upload information about its residents to SPEXS, it must include either the last five digits of the Social Secuirty Number for each license holder, or “99999” as a placeholder for each license holder without an SSN. This makes licenses issued pursuant to immigrants and other individuals without SSNs, pursuant to California AB-60 and similar laws in other states, immediately identifiable in the SPEXS database.

As we pointed out in our interview with CalMatters, the Governor’s office and the DMV must have known that once data about California licenses and IDs is uploaded to SPEXS, immigration or other law enforcement agencies will be able to obtain that data from AAMVA. A warrant or subpoena could contain a gag order prohibiting AAMVA from telling California or the impacted individuals that their data has been handed over by AAMVA.

California authorities cannot truthfully promise that AAMVA will be allowed to notify them of a demand for SPEXS data, or that they will even have an opportunity to contest such a  demand. Once it’s  uploaded to AAMVA — a private entity — it’s out of the state’s control.

There’s no way to know whether AAMVA has already been required to secretly hand over any or all of the data already uploaded to SPEXS by other states.

The Governor’s proposed budget contains funding for the upload and is accompanied by a  “budget trailer bill” that would amend state law to allow the upload.

Our previous report mentions a separate bill, AB-2156, which had been introduced on this subject. AB-2156  was repurposed by amending it to substitute unrelated legislation for a new and unrelated purpose. This is a procedural tactic used in the California legislature to more rapidly advance an urgent measure for a new purpose after the deadlines for introducing new bills. The result is that AB-2156 won’t serve the original purpose.

The only bills that will be considered will be the budget bill (funding the SPEXS upload) and a “budget trailer” bill containing legislative changes needed to allow the projects funded in the budget, including amending state law — which in its current form would prohibit the SPEXS upload — to allow the SPEXS upload. This policy change will be bundled into the budget trailer bill, rather than given full and separate consideration.

Apr 06 2026

Is a meeting “public” if you have to show REAL-ID or pay a fee?

At our request, the Minnesota Commissioner of Administration has directed the state’s Data Practices Office (DPO) to issue an advisory opinion as to whether the Minneapolis-St. Paul Metropolitan Airports Commission (MAC) violates the state’s Open Meeting Law by holding its meetings in an area at the MSP airport accessible only by passing through a TSA checkpoint, which requires either REAL-ID compliant ID, a passport, or paying a $45 fee.

The Commissioner has complete discretion to decide when to issue an advisory opinion. We are pleased that they have decided to do so in this case. We thank the DPO for their (unsuccessful buy helpful) efforts at informal mediation with the MAC, which preceded our request for a formal advisory opinion.

So far as we know, this will be the first official review by any state or local government body, under any state or local open meeting law, of whether a meeting of a government body can be considered “public” or “open” if REAL-ID or a fee is required for entry.

As stated in the Commissioner’s notice of the preparation of an advisory opinion, under Minnesota law, “Although the advisory opinion will not be binding on the Board, a court must give the opinion deference.”

We look forward to the Commissioner’s opinion. According to the notice , “Section 13.072 requires the Commissioner to issue an opinion within 50 days of receipt of the request. Therefore, the Commissioner must issue the opinion by May 21, 2026.”

Mar 15 2026

DMV wants to upload California drivers license data to the national REAL-ID database

The California Department of Motor Vehicles (DMV) has requested more than $55 million in additional funding for costs related to uploading information about every California drivers license or state-issued ID card to the national REAL-ID database, SPEXS.

The DMV Budget Change Proposal is accompanied by a “trailer bill” and a “policy” bill, AB-2156, introduced in February on an “urgency” basis to take effect as soon as enacted, that would override the provisions of California motor vehicle and privacy law that currently prohibit this upload.

[Update: AB-2156 will no longer serve this purpose. See details in comments below.]

Both the budget and policy proposals have the support of the DMV and Governor Newsom. It will be up to members of the state legislature — and public pressure — to stop them before they are enacted into state law and have to be challenged in court.

These budget and policy proposals will need to go through both the Assembly and Senate Budget and Transportation committees. The first hearing on the budget proposal is expected to be this Thursday, March 19th, in the Senate Budget and Fiscal Review Committee, Subcommittee 5 on Corrections, Public Safety, Judiciary, Labor and Transportation. The first hearing on the policy bill is tentatively expected to be April 15th in the Assembly Committee on Transportation.

The DMV is asking for $32M in fiscal year 2026-2027 and $23M in 2027-2028 for what it describes as a “State-to-State Verification System (S2S) Project”:

The Department of Motor Vehicles (DMV) requests additional funding and personnel resources to continue DMV’s compliance with the REAL ID Act of 2005 by implementing the State to State (S2S) Program. California’s compliance date for State to State (S2S) is February 16, 2027, and the core DMV systems will interface and connect the driver license (DL)/identification card (ID) S2S data elements with the American Association of Motor Vehicle Administrators (AAMVA) electronic verification and history exchange.

This summary is in parts inaccurate, in parts misleading, and in parts incomplete.

Inaccurate, because California is not in compliance with the REAL-ID Act and, as the proposal is written, this project would not bring the state into compliance.

Misleading, because it doesn’t mention the SPEXS national ID database that is central to this system; characterizes as a “state-to-state” system what is actually a hub-and-spoke network in which data is shared between states and AAMVA, not directly between states;  and downplays the role of AAMVA from the owner and controller of the database to the mere operator of an “exchange”.

Incomplete, because it doesn’t explain that the “compliance date” it refers to was set by AAMVA (and could be changed or eliminated by AAMVA), not by any law; says nothing about the status of AAMVA as a private, non-governmental, out-of-state organization not subject to any of the open meetings, public records, due process, privacy, etc. laws that would apply to a Federal or state government agency; and doesn’t consider whether the proposals violate the state constitution.

The policy bill, AB-2156, has similar defects in addition to internal contradictions. These suggest that the drafters of the legislation didn’t fully understand what it would mean, why it’s so much worse than it appears, or that they have a real choice about whether to keep chasing the moving goalposts of Federal demands for REAL-ID “compliance”.

Read More

Feb 17 2026

Show ID or pay a fee to attend a “public” meeting?

Is it an “open” meeting if you have to identify yourself, show ID, and/or pay a fee to attend?

That’s the question presented by today’s meeting of the Minneapolis-St. Paul Metropolitan Airports Commission (MAC), which is scheduled to be held in the “secure” area of the MSP airport reachable only by passing through the Transportation Security Administration (TSA) checkpoint.

As of February 1, 2026, this means individuals who want to attend a MAC meeting, including those who want to make public comments and those who just want to observe, must either (A) show ID credentials the TSA finds satisfactory or (B) pay the illegal $45 per person TSA Confirm.ID fee, answer whatever questions the TSA asks (based on records of the Accurint data broker), and be “allowed” by the TSA, in its unreviewable and arbitrary discretion, to enter the secure area of the airport. The MAC website says that “the MAC will cover this cost for up to three meetings”, but doesn’t say what will happen after that.

This is the first time — in Minnesota or any other state — that we have seen a demand for ID, a demand for a fee, a limit on the number of meetings that can be attended without a fee, or delegation of authority (authority the MAC itself would lack) to an independent third party to demand answers to questions or to decide in its discretion  who to allow to attend a meeting of a government body required by law to be open to the public.

Is any of this legal? We doubt it.

Rules for meetings of government decision-making bodies vary by state. The MAC is a Minnesota state agency whose members are appointed by the Governor.  The Minnesota Open Meeting Law (Minnesota Statutes Chapter 13D) requires that all decision-making meetings of entities such as the MAC “must be open to the public”.

The Minnesota law doesn’t define what “open to the public” means, but we don’t think it includes any of these conditions and restrictions on attendance:

  1. Requiring individuals to identify themselves (rather than attending anonymously, as they may wish to do if e.g.  they fear retaliation for attending or making public comments).
  2. Requiring individuals to have or show ID credentials.
  3. Requiring individuals to answer questions including questions from a third party (in this case, the TSA).
  4. Require individuals to pay a fee, or limiting the number of open meetings an individual may attend without paying a fee. (In this case, the fee is patently illegal, and having agreed to pay the fee on behalf of individuals attending MAC meetings, the MAC itself would have standing to challenge the fee.)
  5. Granting a third party discretion to decide who will, and who will not, be allowed to attend a meeting. (The MAC website notes that “Verification is not guaranteed”, i.e that the TSA may choose not to allow an individual to pass through the checkpoint, even if they identify themselves verbally, pay the $45 fee or have it paid for them, and answer all of the TSA’s questions.)

None of this fits within any reasonable definition of “open to the public”.

Any member of an entity subject to the Minnesota Open Meetings Law who violates this law, including by attending a business meeting of an agency that isn’t open to the public, is personally liable for a $300 fine for each “occurrence”. They have to pay the fine themselves. The agency isn’t allowed to pay it for them. Under a “three strikes you’re out” provision of this law, any office-holder found guilty of three separate violations of the Open Meetings Law forfeits their office for the remainder of their term.

Meanwhile, we’re still waiting for a full response to our request under the Minnesota Government Data Practices Act for information about the basis for the MAC’s dubious claim that it lacks any authority to limit where in the airport Federal agents can go.

The last word we received is that we can expect a response to our public records request tomorrow — the day after the monthly MAC meeting today at which we and others might (if we were allowed by the TSA to attend) have asked questions of MAC members about the decision to give Federal agents free run of the airport without challenge.

Feb 11 2026

First-hand reports confirm you can still fly with no ID

First-hand reports confirm that some people can still fly with no ID card or documents, despite a new scheme of the Transportation Security Administration (TSA) to extort an illegal $45 fee from each airline passenger who doesn’t have, or doesn’t choose to show, ID that the TSA deems to be “compliant” with the REAL-ID Act.

As long as they pay the $45 fee, travelers with no ID or with noncompliant ID have been treated the same way as before the the TSA began demanding the fee on February 1, 2026:

We’ve seen no report of the TSA stopping travelers without ID or without REAL-ID from flying, as long as a they have paid the illegal $45 per person fee.

The only apparent change since the imposition of the $45 fee on February 1 of this year is that instead of phoning the TSA’s ID Verification Call Center (IVCC) and relaying questions and answers verbally between the IVCC and travelers without ID, TSA checkpoint staff are now using a laptop or tablet app to receive the questions and send back the  answers.

The TSA has complied with none of the legal requirements for notice and approval of the information-collection app being used for questioning of travelers without ID. This leaves it unclear whether a human is still involved in fly/no-fly decisions about travelers without ID or whether this decision-making has been delegated to secret algorithms encoded within the app or at the central site that connects the app to Accurint.

We haven’t yet seen any reports of what happens if a traveler without ID or without REAL-ID who hasn’t paid the $45 fee or tries to go through a TSA checkpoint, or doesn’t leave when told to do so. Nor have we heard what happens if a traveler without ID exercises their right to remain silent when questioned about their Accurint file by checkpoint staff. We expect that they would be arrested by local police and/or assessed a civil penalty by the TSA. The Paperwork Reduction Act provides a “complete defense” against any such penalties, but raising that defense would be risky and could be expensive.

Feb 02 2026

“The TSA’s New $45 Fee to Fly Without ID is Illegal”

Edward Hasbrouck of the Identity Project has the lead article today on Frommers.com, “The TSA’s New $45 Fee to Fly Without ID is Illegal”, Says Regulatory Expert:

On Sunday, February 1, the Transportation Security Administration (TSA) began charging travelers without REAL ID $45 to fly.

This may come as a surprise, but no U.S. law requires you to show ID to get on a domestic flight—or pay the new $45 TSA fee.

It doesn’t matter if you have REAL ID or not. The law doesn’t mandate any ID….

The REAL-ID Act pertains only to which IDs are accepted by Federal agencies in circumstances where ID is required.

The Act did nothing to legally impose a new ID requirement where there wasn’t one already, such as for airline passengers….

Requiring ID won’t make us safer, but it enables surveillance and potential control of our movements….

If you try to defend your rights and refuse, you may be arrested and/or assessed a “civil penalty” by the TSA. Defending yourself in court or finding a lawyer with appropriate expertise may be hard.

But the law, as written, is clear: You have the right to fly without ID, without paying a $45 fee, and without answering questions. Exercising that right, however, is another matter.

Read the full article on Frommers.com.

Jan 29 2026

TSA plans illegal ID and fee shakedown starting Feb. 1, 2026

For more than twenty years, we’ve seen a never-ending succession of lawless empty threats made by the Transportation Security Administration (TSA) and Department of Homeland Security (DHS) — amplified by airlines, airport operators,  and state driver licensing agencies — to prevent ticketed airline passengers from exercising their right to travel by common carrier if they don’t have or show ID or show state-issued IDs not certified by the DHS as “compliant” with the Federal REAL-ID Act of 2005.

To date, none of these threats have been carried out.

Now the TSA is threatening, yet again unlawfully, that starting February 1, 2025 it will prevent any traveler from passing through a TSA or TSA-contractor checkpoint at a US airport with no ID or “non-compliant” ID unless they (1) pay an illegal $45 per person fee and (2) submit to as-yet undisclosed new “identity verification” procedures that are likely to include illegal demands for additional personal information.

What will happen on February 1st  if you try to fly without ID, or without REAL-ID, and without paying the $45 fee or answering more questions? Will the TSA stop you from flying? If so, how can you challenge the TSA’s denial of your right to travel?

Read More