Jun 08 2018

“Governance” of the REAL-ID database

Attendance at the most recent face-to-face (F2F) meeting of the AAMVA S2S Governance Committee, Milwaukee, WI, March 22, 2018

We’ve been trying for years to find out who is really in charge of the national ID database being created to enable states that choose to do so to comply with the  Federal REAL-ID Act of 2005.

The national ID records system includes the SPEXS database and the S2S data network and system of central-site applications. S2S, including SPEXS, is operated by AAMVA (a non-governmental non-profit organization whose members are the directors of state driver licensing agencies) and Clerus Solutions (a for-profit  private contractor most of whose executives are revolving-door former staff of AAMVA).

But who is setting policy? Who decides what information from state drivers’ license and ID records is included in the central “pointer” database? Who decides what other entities are able to retrieve, mine, or otherwise obtain or use these records?

Are state governments really in control of their residents’ data once it is uploaded to the central site (outsourced to Microsoft as a cloud hosting provider)? Or is Is the US Department of Homeland Security, AAMVA, or Clerus Solutions in the driver’s seat?

Documents we’ve recently received in response to a request to the state of Alaska under that state’s public records law don’t answer many of our questions, but shed more light on on this little-known, aggregated, privately-held database of personally identifying information obtained from state records that already contains data about roughly 50 million US citizens and residents.

We also received explicit confirmation from the minutes of a June 2017 meeting (p. 64 of this PDF file) that AAMVA staff and state driver licensing officials expect that participation in S2S and SPEXS will be added to the criteria used by the DHS to determine whether to certify or re-certify states as “compliant” with the REAL-ID Act: The latest batch of records we received (see related records released to us earlier here) is a disordered jumble bundled into a single PDF file. Below are some of the other noteworthy details, with references to page numbers in this PDF file:

Read More

May 20 2018

Who’s in charge of the REAL-ID database?

The state of Alaska has sent us a whopper of a “the records you have requested do not exist” response to one of our attempts to find out about government oversight (or lack thereof) of the private contractor operating the national ID database created to implement the REAL-ID Act of 2005.

Here’s what’s happened and why it’s significant:

One of the key goals and consequences of the REAL-ID Act is a national database of information about every drivers license or ID card issued by any of the states and territories that have chosen to “comply” with the (optional for states) Federal law.

This “SPEXS” database includes both compliant ID documents and “noncompliant” IDs issued to people who think they have opted out of being included in the national ID system. There are currently about 50 million records in this national ID database.

The SPEXS database is operated as part of the “S2S” system by a for-profit contractor to AAMVA, a “private” nonprofit corporation whose voting members are the directors of state driver licensing agencies (“DLAs” in AAMVA-speak).

According to AAMVA and officials of participating states, S2S including SPEXS is “governed” by an AAMVA subcommittee created in 2017 and consisting of representatives from DLAs in each state that has added its residents’ ID data to the SPEXS database. We don’t yet know how much actual authority the SPEXS governing body has, or how it exercises that authority.

SPEXS became a focus of attention in Alaska last year after we pointed out in testimony to the state legislature that he Alaska Department of Motor Vehicles had uploaded information about all Alaska drivers’ licenses and state IDs to SPEXS shortly before seeking legislative approval for the state to take actions to comply with the REAL-ID Act.

Read More

Apr 30 2018

Is your drivers license or state ID in the national REAL-ID database?

One of the major goals of the REAL-ID Act of 2005 was to create, and to pressure state governments to participate in, a national database of drivers’ licenses and state-issued ID cards.

The REAL-ID Act requires that, “To meet the requirements of this section, a State shall … Provide electronic access to all other States to information contained in the motor vehicle database of the State.”

In practice, the only available or affordable way for a state to comply with this part of the REAL-ID Act is to participate in the “State-to-State” (S2S) data sharing system operated by AAMVA and built by an AAMVA contractor, Clerus Solutions. AAMVA says that, “For those states … choosing to comply with REAL ID… the Department of Homeland Security has indicated that participation in S2S will be required for the state to be REAL ID compliant. This is because… the law and regulations governing REAL ID include requirements for state licensing agencies to connect their databases.”

Despite its name, which might be taken as implying that it is merely a messaging system, S2S relies on a centralized national database, “SPEXS”, which contains a record for each  drivers’ license  or ID card issued by any participating state or territory.

The DHS has been certifying states and territories as “compliant” with the REAL-ID Act, without regard for whether they have complied with this provision of the Federal law.

But that begs the question of how many states have uploaded information about how many of their residents to the national database in order to comply with the REAL-ID Act.

Are records of drivers’ licenses and ID cards issued by your state or territory already included in the national database? If not, when will they be?

Read More

Apr 27 2018

DHS still usings American Samoans as “REAL-ID” guinea pigs

When last we checked in on the status of DHS threats to harass residents of states and territories that haven’t been sufficiently “compliant” with the REAL-ID Act of 2005, the focus was on the territory of American Samoa.

The REAL-ID Act applies to the District of Columbia and five US territories as well as to the fifty US states. American Samoa is the most distant from the US mainland and one of the smallest in population of these US territories, and is the only place subject to the REAL-ID Act whose native-born residents are not US citizens. There are only two scheduled airline flights a week between American Samoa and any other US state or territory.

Perhaps for these reasons, the DHS in its infinite wisdom unreviewable discretion chose to make American Samoa the test of its threats to “enforce” the REAL-ID Act.

Every other state or territory was either certified as sufficiently compliant with the REAL-ID Act (even though few of them are) or given an extension of time to show a more compliant attitude. But the DHS invoked its REAL-ID “nuclear option” on American Samoa, announcing that  effective February 5, 2018, “a driver’s license or ID issued by American Samoa (AS) will no longer be an acceptable document to board a federally-regulated commercial aircraft.” Air travelers showing ID cards issued by the government of American Samoa are subject to additional “ID verification” and/or “screening” (searches).

So how has the DHS effort to make an example out of American Samoa fared? And what can other states and territories learn from this example?

Basically, (1) the sky didn’t fall, and (2) the DHS blinked (again). The message to other states is that they shouldn’t be panicked into “compliance” by empty DHS threats.

Read More

Jan 31 2018

DHS threatens to harass American Samoan travelers

In the latest installment of the game of chicken between the Department of Homeland Security and US states and territories over the REAL-ID Act of 2005, the DHS has announced that drivers licenses and IDS issued by American Samoa won’t be accepted at TSA checkpoints for “domestic” flights beginning next Monday, February 5, 2018 — unless the DHS, in its standardless discretion, backs down again as it has so many times before, and gives American Samoan travelers a last-minute reprieve.

Why American Samoa? And what will this actually mean?

Read More

Jan 20 2018

All the fake news that’s fit to print about REAL-ID and ID to fly

We’ve been spending a lot of our time lately writing letters to the editor pointing out errors and requesting corrections of news stories reporting DHS propaganda as fact.

Earlier this month, the DHS postponed from January 22, 2018, to October 10, 2018, the date on which it had threatened to have the TSA begin (illegally) interfering with air travel by residents of certain states.  Since neither the January 22, 2018, date nor the choice of which states to threaten was set by law or regulation, but solely by DHS press release, the DHS could and did withdraw its threat merely by issuing another press release.

The DHS had little choice, after its bluff was called by reality (compliance with the REAL-ID Act would require more money, more time, and changes to state laws and in some states incluidng California, changes to state constitutions) and the likelihood of resistance by the flying public (any attempt to prevent residents of certain states from flying without ID would lead to protests at airports and lawsuits that the TSA and DHS would likely lose).

But we are not surprised, given the long history of DHS lies about the REAL-ID Act and ID to fly, that the DHS press release withdrawing the threat of a January 22, 2018, crackdown on air travel without ID by residents of certain states was immediately followed by a renewed DHS public relations campaign of lies about the law and the facts.

DHS press releases should no more be published as “facts” without fact-checking or acknowledgment that they contain contested (and readily refuted) factual and legal claims than should President Trump’s,  President Obama’s, or anyone else’s Tweets.

The New York Times is the latest news outlet to have been taken in, yet again, by this DHS “fake news” campaign, with an article this week on the Times’ website and in the travel section, “Is Your ID Approved for Travel? These Are the Latest Rules“. Many of the DHS falsehoods in this article were reported as facts in an earlier story in the Times in November, 2017, by the same reporter, Shivani Vora. We wrote to Ms. Vora at that time to correct the errors in that story, but received no reply.

To be clear, DHS claims are worthy of reporting as news. It is newsworthy that the DHS has engaged in a decade-long campaign, through both Democratic and Republican Administrations,  of brazen public lies about the REAL-ID Act and ID to fly.

It is equally newsworthy, however, that a “newspaper of record” appears to have made no attempt to fact-check the claims made by DHS spokespeople or to include any other points of view, and repeats demonstrably false DHS claims as undisputed facts even after their falsehood was pointed out to the reporter on the story.

Specifically, the latest article in the New York Times reports the following DHS “fake news” as fact: Read More

Jan 08 2018

DHS postpones threats of REAL-ID Act enforcement

Again postponing its threats to interfere with air travel by residents of “noncompliant” states, the Department of Homeland Security announced today that it has given the last three remaining states either certifications of “compliance” with the REAL-ID Act of 2005, or extensions of time to comply until at least October 10, 2018.

Travelers in all 50 states can continue to ignore the false signs at airports, the false claims being made by state authorities collaborating with the Feds in the national ID scheme, and the blizzard of confused  and error-filled news stories (largely based on unverified and misleading DHS and state government press releases) claiming that U.S. citizens will need to obtain, carry, or show passports or other government-issued ID in order to travel by air.

This does not mean that all or most states have actually complied with the REAL-ID Act or are planning to do so. At most 14 states are arguably compliant with the Federal law.

The plain language of the Federal law requires that, “To meet the requirements of this section, a State shall … Provide electronic access to all other States to information contained in the motor vehicle database of the State.”  Only 14 states are participating in the outsourced SPEXS national ID database set up to enable this nationwide data access:

In addition to the 14 current SPEXS particpants, the contractor managing the national ID database optimistically lists 4 other states as “actively working on implementation.” But none of these states are listed as having signed letters of intent  to join the SPEXS national ID database.

The other 32 states are not compliant with the data-sharing provision of the REAL-ID Act, and have given no indication of intent to comply.

What will happen next?

Read More

Jan 05 2018

A REAL-ID Christmas present from the California DMV

On the Friday before Christmas Monday, when state officials hoped that everyone who might object would be sleeping, the California Department of Motor Vehicles finalized its regulations for partial compliance by the state with the Federal REAL-ID Act of 2005.

The final regulations and a statement of responses to public testimony and comments were posted on the DMV website on December 22, 2017, and went into effect the same day.

The final regulations are essentially unchanged from those the DMV proposed in September 2017, and that we objected to in written comments and in-person testimony at the DMV’s one hearing on the proposal in Sacramento in October.

The DMV’s response to public testimony and comments brushes off our objections, and the objections by other commenters and witnesses, on the basis of repeated invocation of patently false and/or irrelevant and unresponsive legal and factual claims.

Read More

Oct 24 2017

DHS blinks (again) on REAL-ID

The Department of Homeland Security and the Transportation Security Administration have threatened to prevent citizens of many US states from being able to travel by air within the US, starting in January 2018, because their state governments won’t dump all their driver’s license and ID card information into a nationwide database. But these threats didn’t actually cause states to follow the TSA’s illegal orders. So rather than follow through on the threat, which would risk a legal challenge that would make it clear the threat is hollow, the DHS has again blinked. It just quietly deferred its deadline about when it claims it will enforce the REAL-ID Act against airline passengers.

Just over a week ago, when we testified before the California Department of Motor Vehicles about why the largest state in the union should not comply with the REAL-ID Act, and could not do so without violating its state constitution and its residents’ rights, the DHS website included California among 21 states “under review” by the DHS for possible Federal interference with their residents’ right to travel by air beginning as early as January 18, 2018.

Just days later, the DHS in its standardless discretion granted 15 of these 21 states, including California, another round of “extensions of time” to comply with the REAL-ID Act until October 20, 2018.

The states granted another round of arbitrary extensions until October 2018 included eight of the nine states singled out by signs in airports across the country as targeted for TSA harassment of their residents who travel by air beginning in January 2018:

The dates picked by the DHS are as arbitrary as the DHS choices of which states to threaten. The DHS has repeatedly amended its REAL-ID Act regulations to postpone its threatened “deadlines”, but neither January 18, 2018, nor October 20, 2018, are dates that appear anywhere in the law or the most recently revised regulations.

Read More

Oct 11 2017

Comments to the California DMV on the REAL-ID Act

As we noted a month ago, the California Department of Motor Vehicles (DMV) is currently considering whether to amend state regulations on driver’s license and state ID cards to meet some, but not all, of the statutory criteria for “compliance” with the Federal REAL-ID Act of 2005.

States are not required to comply with this Federal law, but apparently the DMV hopes that if the state of California makes a show of partial compliance, the TSA and DHS won’t carry out some of their threats to unlawfully interfere with air travel by residents of California and other noncompliant states.

Comments on these proposals can be submitted to the DMV in writing until 5 p.m. Monday, October 16th, or in person at a public hearing on Monday at 10 a.m. in Sacramento. We encourage everyone concerned about ID demands and freedom to travel to submit written comments and/or come to the hearing.

We’ll be at the hearing on Monday to testify in person, and today we submitted more detailed written comments, which we introduce with the following summary: Read More