REAL ID – Papers, Please!

Dec 05 2022

DHS resets the clock on its threat to stop flyers without ID

Soccer fans have been noticing unusually large amounts of stoppage time added on to extend the final whistle in many of this year’s World Cup matches. But FIFA and World Cup referees have nothing on the US Department of Homeland Security when it comes to extending the end of the game of REAL-ID chicken that the DHS has been playing with air travelers.

Just a few months after adding a countdown clock to its website to add artistic verisimilitude to its threat to start “enforcing” a nonexistent law prohibiting flying without ID, the DHS has set that clock back by two more years.

The change announced today — only the most recent in a seemingly endless series of postponed empty REAL-ID threats — again postpones, but does not withdraw, the DHS threat to start preventing people without ID from traveling by airline within the US.

The DHS says it plans to promulgate another set of amendments to its regulations implementing the REAL-ID Act of 2005, postponing “enforcement” of the REAL-ID Act at airports until May 7, 2025. Conveniently for current Federal officials, that punts the problem of how to respond to the inevitable resistance to an attempted ban on flying without ID into the next Presidential administration.

Today’s press release from the DHS says, in part:

Under the new regulations, beginning May 7, 2025, every traveler 18 years of age or older will need a REAL ID-compliant driver’s license or identification card, state-issued enhanced driver’s license, or another TSA-acceptable form of identification at airport security checkpoints for domestic air travel.

We doubt, however, that the revised regulations will contain any such provision. None of the previous versions of the REAL-ID regulations contained any provision requiring air travelers to identify themselves, and any such regulatory provision would exceed the implementing authority granted to the DHS by the REAL-ID statute.

The REAL-ID Act restricts what ID credentials a Federal agency can accept, in circumstances where ID is required by some other Federal law or regulation. But neither the REAL-ID Act nor any other current or proposed Federal law or regulation requires travelers to show any ID to pass through Transportation Security Administration checkpoints or board domestic flights within the US — as the TSA itself has argued whenever ID to fly has become an issue in court.

It should go without saying that one doesn’t have to take a “flying test” to obtain a drivers license. A drivers license is not a permit to fly, and possession (or not) of a valid drivers license is entirely unrelated to entitlement to travel by common carrier. The REAL-ID Act has done nothing to make flying safer, any more than preventing people without ID from flying would make flying safer. The only real impact of the REAL-ID Act has been the creation of an (outsourced, privately held, opaque and uncontrolled) national ID database (SPEXS) aggregated from state and territorial driver’s license records.

By the time the two more years of added “stoppage time” runs out on the DHS threat clock, twenty years will have passed since the REAL-ID Act was rushed through Congress in post-9/11 panic, without debate and with hardly time for legislators to read the bill.

Time is running out on the REAL-ID Act: Time for Congress to admit that the REAL-ID Act was wrong from the start, has enabled the creation of a de facto national ID database overwhelmingly opposed by the American public, and should be repealed.

Sep 22 2022

Freedom to travel to get an abortion

[Arrows indicate populations of states where abortion is, or is likely to become, illegal, and directions and distances to the nearest states where abortion is legal. Note that some of the routes shown are more likely to be followed than others, since abortion is more or less heavily restricted in some states where it is shown on this map as legal. Diagram by Bloomberg News based on data from the Guttmacher Institute.]

Increasing variations between state laws related to abortion are prompting an increase in the already large numbers of women who travel across state lines to obtain abortions.

For women in many states, bans on abortion are making the right to interstate travel an essential prerequisite to the right to obtain an abortion.

Both anti-abortion vigilantes and state laws criminalizing actions related to abortion, including facilitating abortion-related travel, are prompting women seeking abortions as well as those who support abortion rights to think about how to protect abortion travelers and their supporters against identification, surveillance, stalking, harassment, or legal sanctions.

In this context, the right to anonymous travel has acquired new importance and urgency. If you’ve wondered, “Why would anyone want to travel anonymously?” now you know one of the reasons. But what’s needed is “right to travel” legislation, not just “privacy” legislation. Current Federal “privacy” bills would do little to protect abortion travelers.

What are the patterns of abortion-related travel? How could state authorities or private vigilantes identify or track the travels of these women — whether they drive or take buses, trains, planes, or automobiles? What, if anything, can women traveling across state lines to obtain abortions do to protect themselves against being identified, tracked, and potentially prosecuted or subjected to retaliation, harassment, or other sanctions? What could the Federal government do to protect these women’s right to travel, and to do so privately and safely?

As discussed in detail below, the possibilities for technical self-defense against threats to the right to travel are limited. Congress needs to act to include protection for the right to travel — regardless of the purpose for which you travel — in any abortion rights legislation.

Sep 16 2022

Countdown to a crackdown on flying without ID

The Department of Homeland Security has added a Countdown to REAL ID Enforcement at airports to its website. But questions remain as to what this really means, despite our best efforts to find out.

What — if anything — will really change at Transportation Security Administration checkpoints when this countdown clock runs out on May 3, 2023?

Nothing in the law will change on that date. The REAL-ID Act of 2005 established criteria for which ID credentials can be “accepted” by Federal government agencies, in circumstances where individuals are required by Federal law or regulations to possess and/or show some evidence of their identity. But the consistent position of the DHS and TSA in litigation has been that no law or regulation requires air travelers to possess or show any ID. And the REAL-ID Act did not create any new requirement to have or show ID to fly.

Since the REAL-ID Act applies only to which IDs are accepted from those who choose to show ID to fly, it should have no effect, now or at at any date in the future, on those who don’t have, or choose not to show, ID to fly. They still have the right to fly without ID — as more than a hundred thousand people do every year — subject at most to a more intrusive administrative search of their person and baggage.

The “deadline” announced by the DHS and TSA might indicate plans for new regulations that would impose a requirement for air travelers to have or to show ID. But no such regulations have been proposed or included in DHS or TSA agendas of planned rulemaking.

Despite the lack of any apparent legal authority, however, it appears from the latest extrajudicial DHS and TSA rulemaking-by-press-release that these agencies plan to begin preventing anyone from flying without ID on or after May 3, 2023, on unknown grounds.

The following statement now appears on the DHS and TSA websites:

What happens if I show up without a valid driver’s license or state ID?

Starting May 3, 2023, every traveler will need to present a REAL ID-compliant license or an acceptable form of identification to fly within the U.S. Passengers who do not present an acceptable form of identification will not be permitted through the security checkpoint.

This would be a major change, with no legal basis, from current practice or any previously disclosed DHS or TSA plans.

Mar 17 2022

Alaska may end its compliance with the REAL-ID Act

A bill introduced in the current session of the Alaska state legislature, HB 389, would end the issuance by the state of Alaska of driver’s licenses that comply with the Federal REAL-ID Act of 2005.

In addition, HB 389 would give Alaska residents “the option of having the applicant’s driver’s license photograph captured with a camera that produces a photograph in a format or with a resolution that renders the image quality insufficient for facial recognition.” The bill would require that the state Department of Administration and its Division of Motor Vehicles “shall destroy or render unusable for facial recognition purposes any photograph captured as a result of an application for a driver’s license ,” and prohibit “bulk sharing of facial images captured a result of an application for a driver’s license.”

HB 389 was introduced by Rep. David Eastman (R-Mat-Su) and is co-sponsored by Rep. Ronald Gilham (R-Kenai/Soldotna). We look forward to its consideration in the state legislature in Juneau, and to the opportunity to testify on this issue, as we did when the Alaska Legislature first debated whether to comply with the REAL-ID Act in 2006, 2007, and 2008, and again in 2017 when it reconsidered its initial choice not to comply.

HB 389 reflects longstanding sentiment in Alaska against compliance with Federal mandates for ID credentials and sharing of personal information with “outside” entities.

Even the highest official of the Transportation Security Administration in Alaska, the Federal Security Director for the state, has pointed out to his superiors in Washington that many Alaskans live off the road system and don’t need or have drivers licenses. They may be more likely to fly, and to need to fly, than to need to drive. They don’t want to have to show government-issued papers, which they might not have, in order to do so.

In 2008, Alaska enacted a law that prohibited spending any state funds on implementation of the REAL-ID Act.

Nine years later, though, the Alaska DMV defied the law by uploading information about every Alaskan with a driver’s license or state ID to the SPEXS national ID database that was created as a way for states to comply with the REAL-ID Act.

That action by the DMV to move Alaska toward REAL-ID compliance was taken “without permission from the legislature,” as Rep. Chris Tuck, Majority Leader in the Alaska House of Representatives, noted in an op-ed published in newspapers throughout the state after the batch upload of Alaskan driver’s license data to SPECS became public. The batch upload took place just as the legislature was scheduled to again consider REAL-ID compliance, and appears to have been an executive and administrative effort to preempt legislative debate.

Officials from the Alaska DMV and the U.S Department of Homeland Security claimed that REAL-ID “compliant” ID would soon be required in order to travel by air, but were unable to provide any basis for this false claim. At one of the legislative committee meeting in 2008, Rep. Tuck himself testified to his colleagues about how he had flown between Juneau and Anchorage with no ID at all when he accidentally left his wallet in his office.

The Identity Project provided extensive testimony and FAQ’s fact-checking the claims being made by the DHS and the Alaska DMV in support of REAL-ID Act compliance.

A week after we provided Alaska legislators with written testimony about the right to fly without ID, Rep. Jonathan Kreiss-Tomkins, Chair of the State Affairs Committee, passed on a very similar set of questions to TSA officials in Alaska and in Washington, DC. More than a decade after the fact, when the TSA finally responded to one of our FOIA requests, we received copies of TSA internal e-mail messages discussing how to respond to Rep. Kreiss-Tomkins’ questions — but no indication of what, if any, answer was ever provided.

At the end of the 2017 legislative session, however, Alaska legislators reversed their 2008 decision, and authorized the DMV to begin issuing driver’s licenses and ID cards that “comply” with the REAL-ID Act.

From discussion at the public committee meetings we attended, it seemed clear that legislators didn’t like the REAL-ID Act or want Alaska to comply. They didn’t like it that the Alaska DMV had taken matters into its own hands by sending information about all Alaskan drivers and ID card-holders to a private database that’s stored outside Alaska and outside the jurisdiction of any government transparency or oversight laws. But legislators felt powerless to stand up to threats — even illegal threats — from Federal officials.

We welcome the opportunity provided by HB 389 for the Alaska legislature to reconsider its 2017 capitulation to Federal extortion, and reassert Alaskans’ freedom to travel without ID.

Mar 15 2022

How many people fly without REAL-ID?

[Slide from internal TSA presentation, Identity Verification Staffing Support Overview, March 2017, released in response to FOIA request by the Identity Project.]

As of 2016, almost 2,000 people a day were allowed through TSA checkpoints at US airports either without showing any ID at all, or with other forms of ID that the TSA or its contractors initially considered “unacceptable”.

According to an internal TSA presentation, there were 149,068 calls (an average of 407 per day) for “ID Verification” to the TSA’s ID Verification Call Center (IVCC) in 2016.

The previous year, 2015, there were 112,016 such calls (an average of 306 per day).

Each of these calls presumably corresponds to a person seeking to fly without ID, or with ID that was initially deemed unacceptable by checkpoint staff.

These are just the people who were required to go through the TSA’s “ID verification” questioning for people with no ID. The TSA estimates — based on a smaller sample of incident reports for a 13-day period in February 2016 — that an additional 1575 people per day are allowed to fly with “other forms of” ID that are initially deemed unacceptable, for a total of just under 2,000 people per day who fly with no ID or unacceptable ID.

These numbers are from records recently released by the Transportation Security Administration in response to one of our Freedom Of Information Act requests.

This is a substantial increase from the most recent figures previously released by the TSA.

Sep 15 2021

DHS must explain failure to release e-mail files

In a victory for the Freedom Of Information Act (FOIA), an Administrative Law Judge (ALJ) has ruled that the Department of Homeland Security (DHS) must either disclose records of e-mail messages which we requested in the “native” file formats in which they are held on DHS servers or archival storage media, or must “demonstrate with sufficient justification that they cannot produce the documents in their original fully digital version.”

This ruling was made in response to an administrative appeal by the Identity Project of the DHS (non)-response to a FOIA request we made in 2016 for the reports submitted to the DHS each month on how may people attempted to enter Federal facilities without ID or with ID deemed “noncompliant” with the REAL-ID Act of 2005, and what happened to these people. How many were eventually allowed to enter, and how many were turned away?

May 17 2021

ACLU: “Digital IDs Could Be a Nightmare”

As the U.S. Department of Homeland Security is soliciting proposals from vendors for how to put digital versions of drivers licenses and other ID credentials on smartphones, the ACLU has released a timely and insightful white paper, Identity Crisis: What Digital Driver’s Licenses Could Mean for Privacy, Equity, and Freedom, by Jay Stanley of the ACLU Speech, Privacy, and Technology Project, along with an executive summary in the form of a blog post, Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare.

The ACLU white paper links to some of our research and reporting and highlights many of our concerns with compelled identification, the REAL-ID Act, invisible virtual checkpoints, ID-based blacklists and controls on what we are and aren’t allowed to do, and the role of AAMVA and other “private” entities as outsourced, opaque, unaccountable, creators of ID “standards” that function as de facto laws and regulations that govern our movements and activities, but that are adopted in secret, exempt from the Freedom Of Information Act or other transparency laws, and lack basic privacy protections. or respect for rights recognized by the U.S. Constitution and international human rights treaties.

We encourage readers interested in these issues to read the ACLU white paper in full. But here’s an excerpt form the introduction to the white paper, framing the issue:

Apr 27 2021

DHS extends REAL-ID airport enforcement “deadline” again

The Department of Homeland Security has once again postponed its self-proclaimed “deadline” for enforcement of the REAL-ID Act at airports, this time from October 1, 2021, to May 3, 2023.

The latest postponement proves, once again, that the dates of the DHS threats to begin “enforcing” the REAL-ID Act at airports are as changeable as the dates in any of the threats made by extortionists or kidnappers. Today’s DHS press release is more like a ransom note than a legal notice: “If you get an ID we deem acceptable, we might not harass you as much when you fly, and we might allow you to exercise your right to travel.”

It remains unclear what enforcement of the REAL-ID Act at airports might mean. No law requires air travelers to have any ID, and the REAL-ID Act doesn’t change that. The Transportation Security Administration recently posted a video showing how you can fly without ID. But today’s DHS press release implies that the DHS is contemplating denying passage through TSA checkpoints at airports to travelers who don’t have, don’t carry, or don’t chose to show ID credentials that the DHS and TSA deem “compliant” or “acceptable”:

Beginning May 3, 2023, every air traveler 18 years of age and older will need a REAL ID-compliant driver’s license or identification card, state-issued enhanced driver’s license, or another TSA-acceptable form of identification at airport security checkpoints for domestic air travel.

Since this is a press release, not a bill proposing new legislation or a notice of proposed new regulations, it doesn’t need to say what legal basis there might be for this claim. But so far as we call tell, there is none.

The DHS recently tried to get Congress to exempt its implementaton of the REAL-ID Act from standard Federal rules notice and approval. But Congress turned down the DHS proposal for exemption of REAL-ID implementation from the Administrative Procedure Act and the Paperwork Reduction Act. The DHS has not yet begun any of the notice and approval procedures which would be required before it could impose new restrictions or requirements for air travel on the basis of the REAL-ID Act.

We expect that today’s press release will be followed by a formal rulemaking notice that merely changes the REAL-ID threat date. But such a rulemaking will neither clarify what action is really being threatened (i.e what the TSA will really do when travelers continue to show up at TSA checkpoints without “compliant” ID), clarify what the purported legal basis would be for that action, nor, in itself, create a legal basis for any such action.

Today’s DHS press release says that the change in the “deadline” will give states and individuals more time to “comply” with the REAL-ID Act. But compliance with the REAL-ID Act was, and still is, optional for both states and individuals. What the postponement by the DHS of its self-imposed “deadline” really does is give the DHS itself more time to come up with a legal justification for its threatened actions — or to withdraw its baseless threats. It also gives Congress more time to repeal the REAL-ID Act.

Don’t be intimidated by DHS and TSA threats. Regardless of what self-imposed DHS deadlines come and go, with how many more postponements, you will still have the same right to travel without ID that you have now.

Apr 21 2021

DHS wants to put REAL-ID drivers licenses on smartphones

The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

Responses to the RFI are due by June 18, 2021.

The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

The RFI published in the Federal Register this week is not formerly part of such a rulemaking, but appears to be part of the preparations for it.

A “mobile ID” would consist of a certificate digitally signed by a state department of motor vehicles. The RFI contemplates a process through which “individuals would electronically send identity verification information to the DMV to establish their identities and ownership of the target device.” No explanation or justification is provided for why or how a digitally-signed certificate would be, or should be, bound to a specific device, rather than simply provided as a file that can be stored on any digital device or storage medium.

It’s just as easy to loan a smartphone or other mobile device to another person whose appearance is similar as it is to loan a physical ID card to another person.

A drivers license rarely needs to be displayed, and in the form of a wallet-sized plastic card it can be kept in a relatively secure pocket or compartment of a purse. A smartphone, in marked contrast, is likely to be frequently consulted and carried in a location on one’s person that is much more exposed and vulnerable to snatch-thieves than one’s wallet.

A smartphone is already, for many people, vulnerable as a single point of failure for identity and password management. Binding a digital ID to a specific smartphone appears likely to increase the risk and exacerbate the consequences of smartphone theft as a method of identity theft.

The RFI says that the DHS is considering incorporating the American Association of Motor Vehicle Administrators Mobile Driver License (mDL) Implementation Guidelines (April 2019) in the DHS standards and regulations, and the DHS seeks comments on those AAMVA guidelines. But those AAMVA guidelines are posted only on the “members-only” portion of the AAMVA website, and aren’t available to the public.

In the past, when we reposted specifications for the AAMVA’s national REAL-ID database that AAMVA had posted for years on the public portion of its website, AAMVA not only moved those specifications to to the members-only portion of its website, but asserted their copyright and threatened us with litigation to get us to take them off our site.

The DHS notice purporting to invite the public to submit comments on a secret document, not available to the public, that might be incorporated into DHS regulations, exemplifies everything that is wrong with both secret law and the outsourcing of “lawmaking” to entities such as AAMVA that are nominally private and not subject to Federal or state freedom of information, public records, or open meetings laws.

There’s no indication in the RFI as to when or how the DHS plans to move forward with the separate rulemaking and approval procedures that will be required if it is to follow through on its threats to start turning away would-be air travelers at TSA checkpoints if they don’t have REAL-ID approved ID or don’t have or show any ID.

Apr 08 2021

TSA posts video showing how you can fly without ID

For years Transportation Security Administration (TSA) and Department of Homeland Security (DHS) officials and their state government collaborators have been repeating the big lie that all airline passengers must have government-issued ID credentials. That lie has been included in TSA and DHS press releases, airport signage, and Tweets from the official DHS and TSA accounts.

This public relations lie has been disclaimed, over and over, in TSA and DHS court filings and sworn testimony. But now it has been contradicted on the TSA’s official Twitter feed.

Tonight the TSA Tweeted a video showing some of the ways you can fly without “acceptable” ID or without any ID at all.

If the TSA deems your ID “unacceptable”, you can still fly if you can show two or more pieces of suitable (according to the TSA’s secret non-rules) although “unacceptable” ID.

The TSA video also shows that even if you have no ID at all, you can fly if your answers to questions relayed by phone by the TSA’s ID Verification Call Center match the information in the (secret) file of information that has been linked to you by the commercial data aggregator Accurint (originally part of the discredited “Total Information Awareness” program but now a division of Lexis-Nexis).

No ID at all, much less “acceptable” ID, is actually required to fly. So changes in REAL-ID Act regulations or TSA/DHS orders to airlines as to what ID is “acceptable” are irrelevant to whether you have right to fly without ID. Nothing in the REAL-ID Act negates this right.

In the screengrab above (one minute in), the video shows a traveler filling out a copy of TSA Form 415, “Certification of Identity”. The TSA has been using versions of this form illegally since at least 2008, without ever having obtained the approval from the Office of Management and Budget (OMB) required before any collection of information such as this by a Federal agency. The TSA has twice said it intends to seek approval from OMB for Form 415. But in the face of our objections, the TSA has yet to request, much less obtain, that approval. It’s unclear whether when the TSA will actually do so.

To avoid having to give public notice of its planned information collection or respond to our objections, the TSA tried to get Congress to enact a special airport exception from the Paperwork Reduction Act (PRA). But Congress declined to do so. It’s unclear whether and if so when the TSA will actually apply to OMB for the required approval, or what additional illegal actions it may try to take in the meantime.

All use of both Form 415 and the associated questioning of travelers continues to be in violation of the PRA. As we noted in 2008 when the TSA first started asking travelers to fill out the form later labeled Form 415, the PRA provides an absolute defense against any sanctions the TSA might try to impose for refusing to fill out this unapproved form or cooperate with the TSA’s “20 questions” game of ID verification security theater.

Travelers can and should say no. Fly without ID, and exercise your right to remain silent.