[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
SECURE IDENTIFICATION: THE REAL ID ACT'S MINIMUM STANDARDS FOR DRIVER'S
LICENSES AND IDENTIFICATION CARDS
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON CRIME, TERRORISM,
AND HOMELAND SECURITY
OF THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
MARCH 21, 2012
__________
Serial No. 112-103
__________
Printed for the use of the Committee on the Judiciary
Available via the World Wide Web: http://judiciary.house.gov
U.S. GOVERNMENT PRINTING OFFICE
73-416 WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, gpo@custhelp.com.
COMMITTEE ON THE JUDICIARY
LAMAR SMITH, Texas, Chairman
F. JAMES SENSENBRENNER, Jr., JOHN CONYERS, Jr., Michigan
Wisconsin HOWARD L. BERMAN, California
HOWARD COBLE, North Carolina JERROLD NADLER, New York
ELTON GALLEGLY, California ROBERT C. ``BOBBY'' SCOTT,
BOB GOODLATTE, Virginia Virginia
DANIEL E. LUNGREN, California MELVIN L. WATT, North Carolina
STEVE CHABOT, Ohio ZOE LOFGREN, California
DARRELL E. ISSA, California SHEILA JACKSON LEE, Texas
MIKE PENCE, Indiana MAXINE WATERS, California
J. RANDY FORBES, Virginia STEVE COHEN, Tennessee
STEVE KING, Iowa HENRY C. ``HANK'' JOHNSON, Jr.,
TRENT FRANKS, Arizona Georgia
LOUIE GOHMERT, Texas PEDRO R. PIERLUISI, Puerto Rico
JIM JORDAN, Ohio MIKE QUIGLEY, Illinois
TED POE, Texas JUDY CHU, California
JASON CHAFFETZ, Utah TED DEUTCH, Florida
TIM GRIFFIN, Arkansas LINDA T. SANCHEZ, California
TOM MARINO, Pennsylvania JARED POLIS, Colorado
TREY GOWDY, South Carolina
DENNIS ROSS, Florida
SANDY ADAMS, Florida
BEN QUAYLE, Arizona
MARK AMODEI, Nevada
Richard Hertling, Staff Director and Chief Counsel
Perry Apelbaum, Minority Staff Director and Chief Counsel
------
Subcommittee on Crime, Terrorism, and Homeland Security
F. JAMES SENSENBRENNER, Jr., Wisconsin, Chairman
LOUIE GOHMERT, Texas, Vice-Chairman
BOB GOODLATTE, Virginia ROBERT C. ``BOBBY'' SCOTT,
DANIEL E. LUNGREN, California Virginia
J. RANDY FORBES, Virginia STEVE COHEN, Tennessee
TED POE, Texas HENRY C. ``HANK'' JOHNSON, Jr.,
JASON CHAFFETZ, Utah Georgia
TIM GRIFFIN, Arkansas PEDRO R. PIERLUISI, Puerto Rico
TOM MARINO, Pennsylvania JUDY CHU, California
TREY GOWDY, South Carolina TED DEUTCH, Florida
SANDY ADAMS, Florida SHEILA JACKSON LEE, Texas
MARK AMODEI, Nevada MIKE QUIGLEY, Illinois
JARED POLIS, Colorado
Caroline Lynch, Chief Counsel
Bobby Vassar, Minority Counsel
C O N T E N T S
----------
MARCH 21, 2012
Page
OPENING STATEMENTS
The Honorable F. James Sensenbrenner, Jr., a Representative in
Congress from the State of Wisconsin, and Chairman,
Subcommittee on Crime, Terrorism, and Homeland Security........ 1
The Honorable Robert C. ``Bobby'' Scott, a Representative in
Congress from the State of Virginia, and Ranking Member,
Subcommittee on Crime, Terrorism, and Homeland Security........ 3
The Honorable Lamar Smith, a Representative in Congress from the
State of Texas, and Chairman, Committee on the Judiciary....... 4
The Honorable John Conyers, Jr., a Representative in Congress
from the State of Michigan, and Ranking Member, Committee on
the Judiciary.................................................. 5
WITNESSES
David Heyman, Assistant Secretary, Office of Policy, U.S.
Department of Homeland Security
Oral Testimony................................................. 47
Prepared Statement............................................. 49
Darrell Williams, former Senior Director, Office of State-Issued
ID Support, U.S. Department of Homeland Security
Oral Testimony................................................. 53
Prepared Statement............................................. 54
Stewart A. Baker, Partner, Steptoe & Johnson, LLP
Oral Testimony................................................. 58
Prepared Statement............................................. 59
David Quam, Director, Office of Federal Relations, National
Governors Associaton
Oral Testimony................................................. 63
Prepared Statement............................................. 64
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Material submitted by the Honorable John Conyers, Jr., a
Representative in Congress from the State of Michigan, and
Ranking Member, Committee on the Judiciary..................... 6
Material submitted by the Honorable F. James Sensenbrenner, Jr.,
a Representative in Congress from the State of Wisconsin, and
Chairman, Subcommittee on Crime, Terrorism, and Homeland
Security....................................................... 10
APPENDIX
Material Submitted for the Hearing Record
Prepared Statement of the American Civil Liberties Union (ACLU).. 81
Letter from Patricia W. Potrezebowski, Ph.D., Executive Director,
the National Association for Public Health Statistics and
Information (NAPHSIS).......................................... 87
Letter from Brian Schweitzer, Governor, State of Montana......... 90
Letter from Chuck Canterbury, National President, Fraternal Order
of Police...................................................... 91
Prepared Statement of the National Conference of State
Legislatures................................................... 93
Prepared Statement of Paul E. Opsommer, State Representative,
Michigan House of Representatives, and Chair, Michigan House
Transportation Committee....................................... 98
Prepared Statement of the North American Security Products
Organization (NASPO)........................................... 102
SECURE IDENTIFICATION: THE REAL ID ACT'S MINIMUM STANDARDS FOR DRIVER'S
LICENSES AND IDENTIFICATION CARDS
----------
WEDNESDAY, MARCH 21, 2012
House of Representatives,
Subcommittee on Crime, Terrorism,
and Homeland Security,
Committee on the Judiciary,
Washington, DC.
The Subcommittee met, pursuant to call, at 9:59 a.m., in
room 2141, Rayburn Office Building, the Honorable F. James
Sensenbrenner, Jr. (Chairman of the Subcommittee) presiding.
Present: Representatives Sensenbrenner, Smith, Scott,
Conyers, Chu, Deutch, Jackson Lee, and Polis.
Staff present: (Majority) Caroline Lynch, Subcommittee
Chief Counsel; Andrea Loving, Counsel; Arthur Radford Baker,
Counsel; Lindsay Hamilton, Clerk; (Majority) Bobby Vassar,
Subcommittee Chief Counsel; Joe Graupensberger, Counsel; and
Veronica Eligan, Professional Staff Member.
Mr. Sensenbrenner. The Subcommittee will come to order.
Today's hearing examines whether the Department of Homeland
Security is taking its responsibilities seriously to help
ensure that all states and territories have the resources and
guidance they need in order to comply with the secure identity
document standards put in place by the REAL ID Act of 2005.
I authored REAL ID based on the necessity to help ensure
the security of driver's licenses and other state-issued
identification cards. Just as the September 11th hijackers
exploited loopholes in our U.S. immigration system, they also
exploited loopholes in state driver's license systems. The
terrorists moved freely throughout our country prior to
September 11th. They took flying lessons, purchased airline
tickets, rented cars, airplanes and condos. They were able to
do these things because, as the 9/11 Commission found, the 19
hijackers had at least 30 pieces of identification, most
fraudulently obtained. They ultimately used these
identification documents to board the airplanes with which they
murdered over 3,000 innocent people.
The September 11th attacks forced us to acknowledge the
weaknesses in the driver's licenses and identification document
issuance process. At that time, most states did not even verify
the true identity of the person before issuing the most
universally accepted form of identification in the United
States, the driver's license. The 9/11 Commission recognized
the importance of secure identification to prevent terrorist
activity. They stated that, quote, ``Members of al Qaeda
clearly valued freedom of movement as critical to their ability
to plan and carry out the attacks prior to September 11th,''
unquote. In addition, the Commission noted that if terrorist
travel options are reduced, they may be forced to rely on means
of interaction which can be more easily monitored and resort to
travel documents that are more easily detectable.
The REAL ID Act established minimum standards for state-
issued driver's licenses and identity documents that are used
for Federal purposes, such as to enter a Federal building or a
nuclear power plant or to board an airplane. States are free to
issue and accept non-REAL ID-compliant IDs so long as they are
clearly marked ``not for identification purposes.''
Despite the REAL ID Act's enactment, DHS is hindering
implementation by the states. Specifically, I am concerned
about the clear lack of commitment by the Department to
enforcing the REAL ID standards. Every effort has been made by
the Secretary of Homeland Security to create confusion as to
whether the law will remain in place.
Secretary Napolitano boldly stated her intent first to
repeal REAL ID and then to repeal and replace REAL ID, and she
seems now to simply ignore it. DHS has not allocated adequate
resources to fully implement REAL ID. The Office of State-
Issued Identification Support is within the Office of Policy,
which makes little sense, and it doesn't have enough staff to
adequately verify compliance packages submitted by the states
or to provide adequate guidance to the states regarding
compliance. And even more telling is the lack of commitment of
the fact that the fiscal year 2012 DHS did not even bother to
publish grant guidance or to allocate money for REAL ID grants.
Additionally, I am concerned that DHS has not yet
coordinated with the Federal Protective Service, Transportation
Security Administration, or any other relevant Federal agency
regarding enforcement of the upcoming January 2013 state
implementation deadline. It seems that the DHS has not taken
any steps to prepare for the deadline or to alert the traveling
public regarding the coming deadline.
Despite a lack of guidance and communication from DHS, many
states are moving forward with identification security reforms
based upon guidance provided by the prior Administration. In
fact, according to DHS, six states have submitted full
compliance certification packages, 22 other states are
materially compliant and are issuing compliant documents or are
committed to compliance, 12 states or territories are committed
to meeting 15 of the 18 REAL ID benchmarks, and 4 additional
states have enhanced driver's license programs comparable to
REAL ID guidelines.
States need to understand that the January 2013 deadline
will, in fact, be the final deadline. They need to understand
that secure identification is a DHS priority, and they need to
know that DHS is serious about helping them get to full
implementation. I certainly hope that DHS will not abrogate one
of its responsibilities to the American people by once again
extending the deadline.
It is now my pleasure to recognize for his opening
statement the Ranking Member of the Subcommittee, the gentleman
from Virginia, Mr. Scott.
Mr. Scott. Thank you, Mr. Chairman. I thank you for
convening today's hearing.
While it is a good idea to improve the security of state-
issued IDs and driver's licenses, I have some concerns about
the implementation of the REAL ID Act. If we make it more
difficult for terrorists to get IDs, we also make it more
difficult for everybody else. And if the process doesn't
actually prevent terrorists from getting an ID, all we have
left is the expense and inconvenience for law-abiding citizens.
The REAL ID Act requires tighter standards for driver's
licenses and identification cards. It was enacted in response
to the 9/11 Commission's recommendation to implement a more
secure form of identification for boarding aircraft and
accessing vulnerable facilities. These are seemingly prudent
and necessary requirements.
The Act, however, has been subject to significant
resistance from the states. Prior to the passage of REAL ID,
and almost immediately after 9/11, many states were already
taking action to tighten driver's licensing standards.
Intelligence Reform and Terrorism Prevention Act of 2004
provided for a collaborative rule-making process that included
states to achieve these goals. The REAL ID Act interrupted and
replaced that process with a more rigid system of requirements
that raise a number of budgetary and privacy concerns.
Many elected officials in state governments across the
country simply oppose the REAL ID Act on principle. They see it
as an unfunded mandate. The REAL ID Act has significant
expense. The Department of Homeland Security initially
estimated that it would cost over $23 billion for states to
implement. The most recent estimate is around $10 billion. But,
of course, Congress has appropriated only a fraction of that to
defray the costs.
Today, 7 years after the legislation's enactment, 25
states, either through statute or legislative resolution, have
rejected the REAL ID Act or said they would simply not comply
with it. Especially now, since states face unprecedented
budgetary constraints, it is essential that we find cost-
effective ways to meet the objectives of the REAL ID Act.
At the same time, privacy and civil rights organizations
from across the political spectrum have also objected to the
REAL ID. They see the legislation as a de facto national ID
card, one that will be used not just for boarding an airplane
but ultimately will be required for many other types of
transactions, raising significant privacy concerns.
Critics point out that the REAL ID would require a national
consolidated driver's license database accessible to thousands
of DMV officials across the country. If hacked or otherwise
compromised, millions of Americans could be at risk of identity
theft.
I am also concerned that the full implementation of the Act
would make it more difficult for citizens to vote. According to
DHS, final regulations complying with the REAL ID is expected
to create a significant expense to citizens as they acquire and
pay for necessary documents and wait in long lines at the DMV.
In fact, DHS estimates that Americans will spend hours
complying with the Act. All of this is in addition to the
direct cost of almost $4 billion imposed on the states, a cost
that will be passed on directly to drivers in the form of
higher fees.
This money and administrative burden will effectively stand
in the way of those trying to vote in states requiring the
furnishing of ID by voters, and the burden will fall most
heavily on low-income workers without paid vacation or
disposable income to spend on new fees.
While we all agree that security and validity of the
identification requirements are important issues, there are
real problems with implementing REAL ID, and so I look forward
to today's hearing to see what the witnesses have to say and
how we can comply.
Thank you, Mr. Chairman. I yield back.
Mr. Sensenbrenner. The Chair recognizes the Chairman of the
full committee, the gentleman from Texas, Mr. Smith.
Mr. Smith. Thank you, Mr. Chairman.
Last September marked the 10th anniversary of the 9/11
attacks. Unfortunately, a key recommendation of the 9/11
Commission, which called for secure forms of identification, is
still not completely addressed, and it seems that this
Administration has very little interest in addressing it.
On September 11, 2001, Americans were attacked by foreign
nationals who exploited our laws and lived unnoticed in the
United States. Nineteen of the hijackers fraudulently obtained
17 driver's licenses from Arizona, California and Florida, and
13 state-issued IDs from Florida, Virginia and Maryland.
During the planning stages of the attacks, these
identification documents were used to rent vehicles, evade law
enforcement officials, and enroll in flight school. Ultimately,
the hijackers showed these licenses and identification cards in
order to board the airplanes they used to murder over 3,000
innocent Americans.
Because of these loopholes in our laws, the 9/11 Commission
recommended that the, quote, ``Federal Government should set
standards for the issuance of birth certificates and sources of
identification such as driver's licenses,'' end quote. The
Commission went on to state, ``Fraud in identification
documents is no longer just a problem of theft. At many entry
points to vulnerable facilities, including gates for boarding
aircraft, sources of identification are the last opportunity to
ensure that people are who they say they are and to check
whether they are terrorists.''
The Commission was correct, and in 2005 Congress passed and
the President signed the REAL ID Act into law. This law
addresses this security gap and requires states to meet certain
security standards for issuance of driver's licenses and
identification cards. Despite that action nearly 7 years ago,
REAL ID has not yet been fully implemented.
The current Administration has actually undermined the REAL
ID Act whenever possible. They extended the compliance deadline
two times, most recently in March of last year. Now states do
not have to comply with REAL ID until January 15th, 2013, which
is 11-and-a-half years after the 9/11 attacks. And Secretary
Napolitano has consistently supported the repeal of REAL ID
instead of compliance with the law.
Many states understand that they need to issue secure forms
of identification. They do not want to issue a driver's license
to the next terrorist. Unfortunately, the Department of
Homeland Security does not seem to have the resources in place
to help ensure that states get the guidance they need in order
to comply with REAL ID.
The risk of not implementing REAL ID is great. That is
apparent in the facts that surround the February 2011 arrest of
Khalid Ali-M Aldawsari in Texas on a Federal charge of
attempted use of a weapon of mass destruction. According to the
arrest affidavit, when the FBI searched his residence, they
found his journal in which he wrote of the need to obtain a
forged U.S. birth certificate, multiple driver's licenses, and
a U.S. passport. He planned to use those driver's licenses to
rent several cars, each with a different license, specifically
to avoid detection.
This is evidence that terrorists still plan to exploit the
weaknesses in our driver's license issuance processes in order
to attack us. If we don't do everything in our power to fully
implement REAL ID, we set ourselves up for another attack.
History can only repeat itself if we let it.
Thank you, Mr. Chairman. I yield back.
Mr. Sensenbrenner. Thank you very much.
The Chair recognizes the junior Chairman emeritus, the
gentleman from Michigan, Mr. Conyers.
Mr. Conyers. Thank you, Chairman Sensenbrenner. I am
delighted to be here in my relegated capacity to be permitted
to make an opening comment.
I notice the impatient tone in the Chairman's voice about
the delays that have occurred in terms of the REAL ID Act. But
I would like to put forward a bipartisan recognition of some
concerns that we have, and they start off with the governor of
North Carolina, the former governor of South Carolina, Governor
Mark Sanford, who called the REAL ID Act, quote, ``the worst
piece of legislation I have seen during the 15 years I've been
engaged in the political process,'' end quotation.
And then I call to my colleagues' attention the other 28
organizations and individuals, prominent individuals, including
Bob Barr, a former Member of this Committee and chairman of
Liberty Guard, who have said that this legislation would harm
individual liberty and waste precious taxpayer resources.
Now, that doesn't mean that they are all right and the
Chairman is all incorrect. I think, though, we have to take the
28 organizations, the American Civil Liberties Union, the
American Library Association, the Asian Law Caucus, the
Consumer Federation of America, Consumer Watchdog--I will put
all these in--the Hispanic Leadership Conference, and----
Mr. Sensenbrenner. Without objection.
[The information referred to follows:]
__________
Mr. Conyers. I thank the Chair, and let me go directly to
what the problem is and what we can do about it.
Number one, I am going to ask the Subcommittee Chair and
the Ranking Member to let me join with them in an invitation to
Janet Napolitano, our Secretary, and ask that we meet with her
as reasonably soon as possible, perhaps before the recess, to
see if we can make progress on this issue. She was before the
committee, one of the committees in Judiciary only recently,
but this was not the subject of the conversation.
Mr. Sensenbrenner. If the gentleman will yield.
Mr. Conyers. Certainly.
Mr. Sensenbrenner. I would be happy to invite her, and I
invite the gentleman from Michigan to help us prod her into
following the law that was passed----
Mr. Conyers. Thank you.
Mr. Sensenbrenner. I think a long time ago.
Mr. Conyers. Well, we didn't do it, so let's do it now. But
I appreciate the gentleman's cooperation, Chairman.
Then the last two points that I would like to make that get
down to what I would like to hear from the witnesses about. The
problem with the REAL ID mandate, as Mr. Scott said, it is an
unfunded mandate, $23 billion worth of unfunded mandate, and
one of the things, if we have such a meeting, Mr. Chairman,
would be to figure out how we can really work out the funding
of this.
The other issue is the matter of the privacy concerns.
States and their citizens are worried about the far-reaching
implications of having so much personal information becoming so
accessible to so many organizations, state agencies and people.
I think there may be ways that could come out of this important
hearing to tighten up privacy restrictions and address these
concerns in an appropriate way.
And so it is with that spirit of bipartisanship that I look
forward to the testimony of our very welcome witnesses. I thank
you, Mr. Chairman.
Mr. Sensenbrenner. The gentleman's time has expired.
I ask unanimous consent to submit for the record materials
from the Center for Immigration Studies, the National
Association of Public Health Statistics and Information
Systems, the Document Security Alliance, and the Coalition for
a Secure Driver's License.
And without objection, the Chair will be authorized to
declare recesses during votes on the House floor.
Hearing no objection, so ordered.
[The information referred to follows:]
__________
__________
__________
__________
Mr. Sensenbrenner. It is now my pleasure to introduce
today's witnesses.
David Heyman is the Assistant Secretary for Policy at the
U.S. Department of Homeland Security. Previously he served as a
Senior Fellow and Director of the CSIS Homeland Security
Program. He is an adjunct professor in security studies at
Georgetown. He received his Bachelor's degree from Brandeis
University in 1986 and his Master of Arts from Johns Hopkins
University School of Advanced International Studies in 1996.
Darrell Williams retired last year from the Department of
Homeland Security after 38 years of Federal Government service.
Prior to his retirement, Mr. Williams served as Senior Director
for the DHS Office of State-Issued ID Support, formerly named
the REAL ID Program Office. Prior to that, he served as the
Senior Program Manager for the Department of Homeland Security
Senior Border Initiative Program and Program Director for
several U.S. Coast Guard command, control, and communications
and Department of Defense programs. He received his
undergraduate degree from Wright State University and his
Master of Science degree in national security strategy from
U.S. National War College. He received his Master of Public
Administration degree from Central Michigan.
Stewart Baker is a Distinguished Visiting Fellow at the
Center for Strategic and International Studies. He will shortly
return to the practice of law at Steptoe & Johnson in
Washington. From 2005 to 2009, he was the First Assistant
Secretary for Policy at the Department of Homeland Security.
Prior to that, he served as General Counsel of the WMD
Commission and the National Security Agency. Mr. Baker received
his undergraduate degree from Brown University and his J.D.
from UCLA in 1976.
David Quam currently serves as Director of the Office of
Federal Relations at the National Governors Association. Prior
to his position at NGA, Mr. Quam was an associate at Powell,
Goldstein, Frazer and Murphy, LLP. He held various other
positions, including Director of International Affairs and
General Counsel at the International Anti-Counterfeiting
Coalition, Inc., and Majority Counsel to the Subcommittee on
the Constitution, Federalism and Property Rights for the U.S.
Senate Committee on the Judiciary. He received his Bachelor's
degree from Duke and his Juris Doctor from Vanderbilt.
The witnesses' written statements will be entered into the
record in their entirety. I ask that they summarize their
testimony in 5 minutes or less. You see the blinking lights in
front of you. Yellow means wrap it up. Red means time is up.
So I now recognize Mr. Heyman, and without objection, all
of the witnesses' full written statements will appear in the
record with their testimony.
TESTIMONY OF DAVID HEYMAN, ASSISTANT SECRETARY, OFFICE OF
POLICY, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Heyman. Thank you, Mr. Chairman, Congressman Scott,
Chairman Smith, distinguished Members of the Subcommittee. I
very much appreciate the opportunity to testify before you
today and to discuss the progress that states have made
implementing REAL ID and improving the security of driver's
licenses and identification documents.
The Department of Homeland Security is fundamentally a law
enforcement agency, and law enforcement must be able to rely on
government-issued IDs and know that the bearer is who he or she
claims to be. Fraudulent IDs present opportunities for
terrorists, and as such, securing IDs is a common sense
national security and law enforcement imperative, and helps
combat identity fraud and illegal immigration.
Since the Act was passed, we have made considerable
progress. In 2007, DHS published an implementation plan, and in
2008 the Department published a final rule establishing minimum
standards for states and territories. While the Nation's 56
states and territories have principal responsibility for
implementing REAL ID, DHS has provided tangible support. Since
2007, the Department has awarded over $263 million in grants to
fund enhancements to driver's license security programs and
develop verification capabilities such as matching lawful
status, improving facility security, modernization of
information technology systems, increasing interoperability,
and adding security features to documents.
Nearly half of this funding has been disbursed to states
over the past 2 years. The fact that 54 of 56 jurisdictions
have applied for and used these grant awards indicates that we
share the same goals, objectives, and even standards for
improving security of state-issued credentials.
One of the most challenging aspects of REAL ID is verifying
source documents. When the bill was passed, those verification
capabilities did not principally exist, particularly the
ability to electronically match documents against appropriate
Federal or other state databases. Over the past several years,
DHS and states have collectively built and are building the
technical infrastructure and systems to support verification of
Social Security numbers, birth certificates, U.S. passports,
and immigration status, all key steps toward improving the
security of our documents.
Today I can report that significant progress has been made
in this regard and in developing verification capabilities to
meet the verification requirements, with all but one
verification capability operational or in pilot testing today.
The Department's efforts extend beyond financial support.
DHS has issued guidance documents and engaged stakeholders to
ensure their concerns are being heard and challenges are being
addressed. In 2009, DHS issued two guidance documents to assist
states in understanding and meeting the REAL ID security
standards, one on marked guidelines and another on best
practices for security facilities and plans, card design,
privacy and personnel security.
It was apparent from conversations with the states that
additional clarification is warranted, and we will, in fact, be
issuing additional guidance soon. This additional guidance will
help reduce uncertainty regarding compliance by describing
comparable programs that meet minimum standards, and this will
help encourage states to submit information on their progress.
Additionally, our program office for this program has
conducted considerable outreach through participation and
meetings with states, territories, and partnering with Federal
organizations. The office has conducted outreach to
stakeholders, as well as attended a wide range of conferences,
even visiting 44 of 56 states and territories and working
extensively with the American Association of Motor Vehicle
Administrators.
Perhaps the greatest success of REAL ID has been the
security of driver's licenses has been improved in all states,
even in the 13 states with legislation prohibiting REAL ID. The
deadline for REAL ID is January 15th, 2013. Our goal is to get
this done, and states have made significant progress in meeting
the minimum security standards. All 56 states and territories
have submitted documentation regarding their status with
respect to material compliance benchmarks of REAL ID. They have
made significant progress in meeting the benchmarks and other
requirements, and most are meeting facility production issuance
and card standards.
When determining whether a state has implemented a secure
driver's license program, DHS will base its decision on the
totality of what states have done. We commend them for their
efforts. We have shared goals, and that is evident from the
progress being made.
Thank you again for the opportunity to speak to you today,
and I'm happy to answer your questions.
[The prepared statement of Mr. Heyman follows:]
Prepared Statement of David Heyman, Assistant Secretary,
Office of Policy, U.S. Department of Homeland Security
Chairman Sensenbrenner, Representative Scott, and Members of the
Subcommittee: Thank you for your leadership on homeland security
issues, and thank you for holding this important hearing today so that
the Department of Homeland Security (DHS) can provide you with an
update on the progress the states have made implementing the REAL ID
Act of 2005, Title II of division B of Pub. L. 109-13 (``REAL ID Act''
or ``Act''). We welcome the opportunity to submit this testimony on how
the state, territory, and federal partners have improved the security
of driver's licenses and identification documents.
Over the last two Administrations, we have worked to implement the
REAL ID Act of 2005. States have the principal responsibility for
implementing REAL ID. DHS developed an Implementation Plan in June 2007
and published a Final Rule in January 2008, which provided states and
territories with information on the minimum requirements that must be
met and the funding available to help meet those requirements. Since
then, DHS awarded over $200 million in grants to states and territories
to fund enhancements to driver's license security programs.
Additionally, DHS has issued guidance documents and engaged
stakeholders to ensure their concerns were heard. DHS, the states, and
the territories have collectively built or are building the technical
infrastructure and systems to support verification of social security
numbers, birth certificates, U.S. passports, and immigration status--
key steps toward improving the security of our documents. Perhaps the
greatest success of REAL ID has been that the security of driver's
licenses has been improved in ALL states, even in the 13 states with
legislation prohibiting their participation in REAL ID. Diligent
outreach and work with states by DHS has yielded real benefits in the
last several years.
In my testimony, I will elaborate on the progress but first it is
important to provide the background to how we got to where we are
today.
WHY WE NEED SECURE IDENTIFICATION DOCUMENTS
Law enforcement must be able to rely on government-issued
identification documents and know that the bearer of such a document is
who he or she claims to be. Obtaining fraudulent identification
documents presents an opportunity for terrorists to board airplanes,
rent cars, open bank accounts, or conduct other activities without
being detected. According to the 9/11 Commission Report, ``All but one
of the 9/11 hijackers acquired some form of U.S. identification
document, some by fraud.'' \1\
---------------------------------------------------------------------------
\1\ The 9/11 Commission Report: Final Report of the National
Commission on Terrorist Attacks upon the United States, at 390 (2004).
---------------------------------------------------------------------------
We recognize that preventing terrorists from obtaining these
documents is critical. As the 9/11 Commission noted, ``For terrorists,
travel documents are as important as weapons.'' \2\
---------------------------------------------------------------------------
\2\ The 9/11 Commission Report: Final Report of the National
Commission on Terrorist Attacks upon the United States, at 384 (2004).
---------------------------------------------------------------------------
The 9/11 Commission recommended that the federal government work
with other layers of government to solidify the security of government-
issued IDs. While improving government-issued IDs alone will not thwart
every planned terrorist attack, it does present an important obstacle
to any potential terrorist operating in the United States and could aid
law enforcement in stopping terrorist plots. Securing IDs is a common-
sense national security and law enforcement imperative, which also
helps to combat identity fraud and illegal immigration. The 9/11
Commission spelled out the need for the federal government and the
state or territory \3\ to take action together on this issue and
together we have made considerable progress.
---------------------------------------------------------------------------
\3\ States and territories is used to refer to all fifty-six
jurisdictions covered by the REAL ID Act, to include the fifty states,
the District of Columbia, Puerto Rico, the Virgin Islands, Guam,
American Samoa, and the Commonwealth of the Northern Marianas Islands.
---------------------------------------------------------------------------
PASSAGE OF THE REAL ID ACT OF 2005
In May 2005, Congress enacted the REAL ID Act of 2005 in response
to the 9/11 Commission's recommendations for more secure standards for
identification. The Act included the following provisions:
Prohibits Federal agencies from accepting driver's
licenses or identification cards unless the Department
determines that the state or territory meets minimum security
requirements.
Establishes minimum standards for the:
� Information and features that appear on the face of the
card;
� Physical security of cards to prevent tampering,
counterfeiting, and duplication of the documents for a
fraudulent purpose;
� Presentation and verification of source documents,
including presentation and verification of documents evidencing
citizenship or lawful status; and
� Physical security of production and storage facilities and
for materials from which REAL ID cards are produced.
Authorizes the Department of Homeland Security to
make grants to states and territories to assist in conforming
to the minimum standards of the Act.
In June 2007, DHS submitted, and the Senate and House
Appropriations Committees subsequently approved, the REAL ID
Implementation Plan. In the REAL ID Implementation Plan, DHS outlined
its plans to make grant funds available specifically for projects that
addressed the following areas:
Enhancements to existing communications and
verification systems to support cost effective electronic
verification of source documents.
Development of a secure indexing or pointer system
for verification that an individual does not hold multiple
licenses in multiple states or territories.
Development of a cost effective capability for
verification of lawful status. Improvements to the
infrastructure to support electronic verification of birth
certificates.
Model privacy standards, security practices, and
business rules regarding verification of applicant information
with Federal and state agencies.
Additionally, in January 2008, the Department published the REAL ID
regulation (``Minimum Standards for Driver's Licenses and
Identification Cards Acceptable by Federal Agencies for Official
Purposes'' (6 C.F.R. part 37)) providing greater detail on the minimum
requirements states and territories must satisfy to be in compliance
with the Act.
When determining whether a state has implemented a secure driver's
license program, DHS will base its decision on what states have done to
meet the requirements of the regulation. The security benchmarks in the
regulation focus on: identity assurance procedures; license information
and security features; secure business processes; employee training and
background checks; and privacy protections. They also address the
primary sources of fraud in the issuance and use of driver's licenses
and identification cards.
DHS FUNDING TO SUPPORT EFFORTS TO MEET THE SECURITY STANDARDS
OF THE REAL ID ACT
Since FY 2006, the Department has obligated a total of $273 million
in REAL ID program funds to support states and territories in their
efforts to meet the requirements of the REAL ID Act.
From FY 2006 through FY 2011, FEMA awarded approximately $200
million in grants to 54 states and territories to fund individual
projects to improve the security of their credentials, facilities,
systems, and business processes commensurate with the standards of the
REAL ID Act. States and territories have been able to allocate these
funds based on individual needs, priorities, and operations.
States and territories have used these awards to meet the material
compliance security benchmarks and other REAL ID standards, including:
Adding tamper resistant or enhanced security features
to their documents.
Modifying their facilities to limit access to
sensitive materials and card production areas.
Modernizing information technology systems to promote
interoperability.
Conducting fraudulent document training or re-
engineering the driver's license issuance process to reduce
customer wait times.
Implementing verification of lawful status.
Improving their ability to protect applicants'
personal information.
For example, using REAL ID FY 2008 Demonstration Grant funds, the
State of New York purchased facial recognition software to detect
individuals holding multiple drivers' licenses, sometimes in an attempt
to evade law enforcement detection. New York used facial recognition
technology to review the records of 600,000 holders of New York State
Commercial Driver Licenses (CDLs). The results of this effort led to
the arrest of more than 50 commercial drivers for fraudulently
obtaining multiple driver licenses using an alias. Since February 2010,
800 people have been arrested for having two or more licenses under
different aliases.
From FY 2008 through FY 2011, FEMA also awarded approximately $63
million in targeted grants to five states, Mississippi, Kentucky,
Indiana, Florida, and Nevada, which volunteered to upgrade existing
communications and verification infrastructure needed by all states and
territories to meet the requirements of the REAL ID Act.
The following verification capabilities to meet the
verification requirements of the REAL ID regulation are either
operational or in pilot testing. Specifically:
� The states have upgraded the infrastructure necessary to
support DMV verification of birth certificates. Birth records
from 38 state Vital Records Agencies are now available for
electronic verification;
� Fifty states and the District of Columbia are verifying
social security numbers;
� Forty-seven states and territories have signed an
agreement with USCIS to verify lawful status through the SAVE
program; and
� Four states are piloting verification of U.S. passports
and this capability will be available to all states later this
calendar year.
Driver Licensing Agencies (DLAs) have used, and are
continuing to use, remaining Driver's License Security Grant
awards to fund the local information technology and business
process improvements needed to connect to and use these
systems.
Additionally, USCIS has supported almost $10 million in projects
for the development and deployment of cost-effective methods that
states and territories can use to verify lawful status, U.S. passports,
and social security numbers. USCIS has worked together with the states
and territories in the development, testing, and deployment of these
capabilities.
FACILITATING CONFORMITY WITH THE STANDARDS OF THE REAL ID ACT--
GUIDANCE AND OUTREACH FOR THE STATES AND TERRITORIES
The Department's efforts extend far beyond providing financial
assistance to states and territories. DHS has been working with states
and territories to assist them in understanding and meeting the
security standards of the REAL ID Act. In 2008 and 2009, DHS issued two
guidance documents for that purpose:
REAL ID Mark Guidelines (October 2008), providing DHS
recommendations for the marking of licenses.
REAL ID Security Plan Guidance Handbook (February
2009), providing best practices for: securing facilities where
enrollment, production, and/or issuance of REAL ID driver's
licenses and identification cards occur; card design and
security; privacy; personnel security, and the contents of the
security plans.
Because of additional requests from the states for clarification,
the Department plans to issue additional guidance in the near future to
clarify the minimum standards that states and territories must meet to
achieve full compliance with the Act and provide examples of how states
can meet them. While DHS has worked closely with many individual states
and territories--some of which already submitted full compliance
packages--the Department believes that the guidance will reduce the
uncertainty surrounding the regulation and encourage states and
territories to submit information on their progress consistent with the
minimum standards of the REAL ID Act. In providing further guidance,
DHS's purpose is to afford every state and territory the flexibility
and opportunity to reach full compliance in a practical manner.
DHS's subject matter experts have worked with the states and
territories continually since 2007. Through its participation in
meetings with the states, territories, partnering federal
organizations, and stakeholders as well as attendance at a wide range
of conferences, our program office, the Office of State-Issued Identity
Support (OSIIS), visited 44 of 56 states and territories covered by the
REAL ID Act, including four of the five U.S. territories. DHS continues
to work closely with the Department of State on the passport
verification module. DHS has worked with the American Association of
Motor Vehicle Administrators (AAMVA) to coordinate implementation of
the standards of the REAL ID regulation. In particular, DHS
participated with the states and territories in the drafting of the
Personal Identification--AAMVA North American Standard--DL/ID Card
Design to ensure that states and territories can implement the REAL ID
requirements for card design by means of common, consensus-based data
formats and card technologies endorsed by all states and territories.
Since 2007, OSIIS has also participated in at least 40 meetings
with AAMVA and member states regarding all aspects of the REAL ID
program, and provides regular briefings at the semiannual AAMVA Board
of Directors Meetings and regional meetings. OSIIS representatives have
also attended annual meetings of National Association for Public Health
Statistics and Information Systems since 2007. The program communicates
regularly with the Coalition for A Secure Driver's License. OSIIS has
also participated in a dozen on-site meeting with the State of
Mississippi and the Mississippi consortium of states leading state
efforts to improve the communications system infrastructure supporting
the verification requirements of the Act.
Thirteen states \4\ have laws prohibiting compliance with the REAL
ID Act. Even so, DHS believes that some of these states already issue
secure identification documents consistent with the standards of the
regulation.
---------------------------------------------------------------------------
\4\ Alaska, Arizona, Idaho, Louisiana, Maine, Minnesota, Missouri,
Montana, New Hampshire, Oklahoma, Oregon, South Carolina, and
Washington.
---------------------------------------------------------------------------
It is important to note that the REAL ID regulation provides DHS
with the ability to recognize comparable programs in states and
territories that issue driver's licenses and ID cards consistent with
the minimum requirements of the regulation. States and territories are,
in fact, already achieving success with their comparable efforts.
For example, four states (Michigan, New York, Vermont, and
Washington) currently issue Enhanced Driver's Licenses and Enhanced
Identification Documents (EDLs) that were developed in alignment with
the REAL ID standards, but can also be used by U.S. citizens as a
border crossing document to enter the United States through a land or
sea port of entry in accordance with the Western Hemisphere Travel
Initiative (WHTI).
APPROACHING DEADLINE
The deadline for meeting the standards of the REAL ID Act is
January 15, 2013. To assist DHS in making compliance determinations,
the regulation also requires states and territories to submit
certification materials at least 90 days prior to the effective date of
compliance. A DHS compliance determination means that a state's or
territory's program meets or exceeds the REAL ID regulatory
requirements or has a program comparable to the requirements of the
REAL ID regulation.
CONCLUSION
This hearing seeks to take stock of implementation of the REAL ID
Act of 2005. DHS relies on alternative data collection methods, such as
grant reporting, to document progress made by states and territories in
improving the security of their driver's licenses and identification
cards commensurate with the standards of the REAL ID Act. While this
does not afford DHS full visibility into all the progress states have
made, we can say that the Department, along with our federal, state and
territory partners, has made great strides in improving the security of
credentials since 9/11 and the subsequent enactment of the REAL ID Act
of 2005. States and territories have made significant progress in
meeting the benchmarks and other requirements of the REAL ID regulation
and most are meeting REAL ID facility, production, issuance, and card
standards. We commend them for their efforts.
Thank you again for this opportunity to testify. I am happy to
answer any questions you may have.
__________
Mr. Sensenbrenner. Thank you very much.
Mr. Williams?
TESTIMONY OF DARRELL WILLIAMS, FORMER SENIOR DIRECTOR, OFFICE
OF STATE-ISSUED ID SUPPORT, U.S. DEPARTMENT OF HOMELAND
SECURITY
Mr. Williams. Mr. Chairman and Ranking Member, and
distinguished Members of the Subcommittee, thanks for the
invitation to actually speak.
From 2006 until when I retired in 2011, I was the Director
for the REAL ID program. Pretty much all the documents, the
concept of operations, implementation plans, the expenditure
plans I pretty much developed with my staff. All the staff that
is currently in the office I actually selected.
In regards to the implementation of REAL ID, which is what
I will focus on, we actually established an outreach program
which included all 56 states and territories in regards to our
attempts to, first of all, help them understand what REAL ID is
and does, but also to take a look at the implementation
activities associated with REAL ID so they could actually get
better cost estimates as they looked forward to attempting to
implement the program.
A lot of the successes that REAL ID has actually come to
know really came from the states leaning forward not so much
because of what DHS did but because the states realized long
before 9/11 that there was a number of fallacies within their
processes in regards to security dilemmas in their facilities,
and then they also realized that a lot of the security issues
associated with producing a driver's license actually came from
internal processes where their individuals created a lot of the
internal fraud.
So again, those are things that states realized, states
wanted to do, and then REAL ID actually became the overall
umbrella to help states implement the kinds of things they
wanted to do and actually start off with.
The progress that states have made has been well
documented. For example, if you take a look at states, and we
actually did a state survey where a number of states responded,
82 percent of states have improved their card security. All
those security improvements are really consistent with REAL ID.
There are a number of other stats that I have in my testimony
that I won't review now. But again, it shows again the
tremendous progress that states have made and that states are
committed to improving their security and the integrity and the
trustworthiness of their documents.
One of the things that has prohibited states from making
more progress is states need clear and consistent guidance.
That is the one thing that they have not received. For example,
with the PASS ID dilemma, states became confused as to whether
or not DHS was going to implement REAL ID or replace it at some
point in time with PASS ID. In that confusion, states decided
to stop using some of the grant funding to improve the security
of their systems. That took, in some cases, anywhere from 12 to
18 months longer.
The other example is we talk about the verification
capabilities that states will need to use to verify whether or
not a person is issued a driver's license in another state.
That system, which I really started to develop back in the 2007
timeframe, with the advent of the PASS ID confusion, that
progress was also delayed. So that IT system that is not in
progress today could have been furthered if states weren't in
that confused state waiting for DHS to provide clear and
consistent guidance.
The other guidance that states aren't totally sure of is
when states take a look at the REAL ID Act and what it
requires, it does not provide clear pass/fail guidance as to
what states need to evaluate their facilities, their people,
and their processes to clearly determine whether or not they
meet the requirements of the REAL ID Act. DHS also does not
have that pass/fail criteria.
So when we talk about compliance audits at some point in
time in the future, without that clear pass/fail criteria, DHS
would not be capable of actually rendering and determining
whether or not a state actually meets the requirements of the
Act itself.
There is more to say, and I will save much for the
questions so I can stay within the 5 minutes. But again, thanks
for the invitation to speak, and I look forward to your
questions.
[The prepared statement of Mr. Williams follows:]
Prepared Statement of Darrell Williams, former Senior Director, Office
of State-Issued ID Support, U.S. Department of Homeland Security
Chairman Smith, Ranking Member Conyers, and distinguished members
of this Subcommittee I am pleased to be here today to discuss the
importance of the REAL ID Act's Minimum Standards for Driver's Licenses
and Identification Cards.
From December 2006 until 1 April 2011 I served as the Director for
the Department of H0meland Security (DHS) REAL ID Program Office, later
renamed the Office of State-Issued ID Support. During my tenure, I
established the REAL ID Program Office, planned and executed the
program's budget and selected each member of the REAL ID program office
team. In addition, I lead the development the of REAL ID Regulation,
REAL ID Program's Concept of Operations, and the REAL ID Implementation
and Expenditure Plans which were both approved by DHS and submitted to
Congress. I specifically communicated the program's requirements,
implementation progress and expenditures to DHS executive leadership,
Office of Management and Budget and Congress. I also worked with other
Federal agencies and developed an outreach program designed to
establish and maintain a long-term partnership with all U.S. States and
territories Department of Motor Vehicle (DMV) leadership, the American
Association of Motor Vehicle Administrators (AAMVA) and specific
document identity data verification system managers. My goal was simply
to assist states to enhance the security, integrity and trustworthiness
of their driver licenses and identification cards, facilities and
processes to comply with the requirements of the REAL ID Act and
implementing regulation.
A brief synopsis of the primary requirements are located in Section
202 of the REAL ID Act which reads, ``Prohibits Federal agencies from
accepting State issued driver's licenses or identification cards unless
such documents are determined by the Secretary to meet minimum security
requirements, including the incorporation of specified data, a common
machine-readable technology, and certain anti-fraud security features.
In addition, Section 202 also sets forth minimum issuance standards for
such documents that require: (1) verification of presented information;
(2) evidence that the applicant is lawfully present in the United
States; (3) issuance of temporary driver's licenses or identification
cards to persons temporarily present that are valid only for their
period of authorized stay (or for one year where the period of stay is
indefinite); (4) a clear indication that such documents may not be
accepted for Federal purposes where minimum issuance standards are not
met; and (5) electronic access by all other States to the issuing
State's motor vehicle database.''
Prior to managing the REAL ID program, I served as the Senior
Program Manager for the DHS's Secure Border Initiative Program, several
U.S. Coast Guard Command, Control and Communications programs and
numerous Department of Defense major weapon system acquisition and
support programs. Lastly, among other degree's, I have a MS Degree in
National Security Strategy from The National War College.
Although I am be delighted to discuss or address any questions the
Committee may have regarding the REAL ID Act or Regulation, I will
focus my written testimony and opening remarks on the program's
implementation activities.
Under my direction the REAL ID Program Office, later renamed the
Office of State Issued Identification Support, was responsible for REAL
ID program development, REAL ID Rule development, REAL ID related grant
oversight, development of an identity documentation electronic
verification capability and implementation of the REAL ID Act. The
regulatory scope of the REAL ID Act and regulation include the
following:
Approximately 240 million holders of State driver's
licenses and identification cards
56 jurisdictions, including the 50 States, the
District of Columbia, and five U.S. territories
Approximately 2,200 State DMV offices and facilities
employing about 30,000 state employees and contractors
Millions of commercial airlines travelers and
visitors to the Federal facilities
Multiple Federal agencies to include Department of
Transportation, the Transportation Security Administration
(TSA), Federal Protective Service (FPS), the Nuclear Regulatory
Commission (NRC), and other Federal entities managing access to
Federal facilities.
In December 2006 one of the most formidable REAL ID challenges
facing DHS was direct opposition by the states and specifically each
state's DMV Offices. During this time frame, the states DMV
administrators collectively considered DHS an absolute adversary and as
result the few discussions that occurred between representatives from
the state DMV offices and DHS were quite contentious and non-
productive. However, I'm delighted to report that upon my retirement in
2011, numerous DMV staff members and specifically DMV administrators
from across the country and the U.S. territories emailed, phoned and
sent letters to thank me for my efforts that led to establishing and
maintaining an open and honest REAL ID implementation partnership.
The benefits of this partnership which began in the spring of 2007
eventually resulted in the DMV administrators teaming with AAMVA to
become the REAL ID Program Office's most supportive implementation
advocate. The implementation success that will be discussed later in
this testimony would have not been realized without the DMV
administrators and AAMVA support.
An example of this support was first realized in the spring and
summer of 2007, when AAMVA agreed to host four regional meetings in the
cites of Baltimore, Chicago, Los Angeles and Atlanta which allowed me
to conduct 4 four hour meeting with all the DMV staff members in each
region to discuss DHS plans regarding the proposed REAL ID rule and
address the numerous misconceptions, false information and reduce the
DMVs fear of this unknown rule's impact on how they conduct their day
to day business with their respective customers.
In addition to support, AAMVA and the state DMV's funded their
personnel expenses to attend and participate in these meetings. These
meetings resulted in a tremendous amount of clarity for the states.
This initial series of regional meetings reduced the state's high
anxiety by clarifying the rules intensions, removing misinformation and
asking the states to share their operational insight.
While at these meetings I also conducted several side-bar meetings
with DMV regional leaders. From the follow-on side bar meetings I
recruited numerous state DMV staff members to partner with DHS to form
several working groups. Early in 2007, I realize that I did not have
the program funding or adequately trained staff to properly understand
all the relevant operational aspects of the state DMV driver's license
issuance processes, facilities and IT capabilities. To quickly acquire
the technical expertise needed, I partnered with the DMV leadership to
develop several DMV process-focused technical working groups comprised
primarily with the DMV and AAMVA staff members. AAMVA agreed to host
the working group meetings. Without belaboring the point, I bring this
information forward to stress that virtually all the implementation
progress made to date has been greatly facilitated with state DMVs and
AAMVA technical, administrative assistance and in some cases financial
support.
States have been fully engaged in improving the security, integrity
and trust worthiness of their respective state issued driver's license
and identify cards. Many of these security improvements either exactly
meet or are consistent with the requirements of the REAL ID Act or
Rule. States have made these improvements primarily because they were
well aware prior to September 2011 that their driver's license and
identity card issuance processes, cards and facilities had numerous
security deficiencies. In addition, states have long wanted to develop
a capability that allows each state's DMV to electronically verify all
applicant's identity documents (birth record, passport, out-of-state's
driver's license, immigration documents) information prior to issuing a
driver's license or identity card.
States have and continue to make significant implementation
progress consistent with requirements of REAL ID. A February 2011
Driver's Information Verification System (DIVS) report shows the
results of a state-based questionnaire where states self-report their
driver's license and identity card security progress as follows:
82% of states have improved their card security
96% of states provide fraudulent document security
recognition training
89% of states perform background checks on employees
78% of driver's license agencies have improved the
physical security of their facilities
96% of states have instituted IT hardware and
software that links a given license issuer with a given issued
license
71% of states access USCIS data to verify U.S. issued
immigration documentation
84% of states coordinate driver's license and
identity document expiration date to an applicant's U.S.-issued
immigration documentation.
The above DIVS report indicates the great progress states have made
absent clear and consistent DHS guidance. DHS vacillation on support of
PASS ID vs. REAL ID temporarily delayed numerous states from making
progress and resulted in an untimely delay in states utilizing their
grant funding to make security improvements. In 2010, numerous states
expressed concern that if they continued to expend their 2008 and 2009
grant funds to comply with REALID requirements, those funds would not
be available if the requirements were changed to align with PASS ID. In
absence of clear and consistent guidance, numerous states delayed grant
fund expenditures and thus REAL ID implementation enhancements. States
remain unclear if DHS will, yet again, postpone the compliance deadline
beyond January 2013, continue to pursue PASS ID or another alternative,
or if they should march full speed ahead to continue to improve and
enhance their driver's license and identity card issuance processes to
become comparable to or consistent with REAL ID requirements.
In addition, states continue to express concern about REAL ID Rule
Subpart E.37.51 that says ``States must have met the REAL ID Rule
standards of subparts A through D or have a REAL ID program that DHS
has determined to be comparable to the standards of subparts A through
D.'' To date, DHS has not provided states clear guidance on what
constitutes comparable and must do so as soon as possible to allow
states time, if they so elect, to pursue a comparable alternative lead
time away from the established compliance deadline of January 15, 2013.
In addition to the above, below you will find a list several other
implementation issues that should be resolved as soon as possible to
provide all willing states a realistic opportunity to achieve a
successful REAL ID program implementation.
DHS must establish clear pass/fail criteria that
states can use to measure and determine when they comply with
the REAL ID or comparable program compliance requirements.
� Until such clear guidance is provided, states do not have
the ability to determine if they have met all the requirements
for compliance.
� In addition, DHS will need the pass/fail criteria to
perform future compliance audits
Per REAL ID rule section 37.55, 37.59 and 37.61, DHS
must establish a state compliance audit process to conduct
future compliance audits. A compliance audit process is
required to verify if a state has met or is meeting the
required initial or recertification compliance requirements per
the REAL ID rule.
� Subpart E--Procedures for Determining State Compliance,
section 37.55 indicates that DHS will make a final compliance
determination. Subpart E--Procedures for Determining State
Compliance, section 37.59 indicates that DHS will review to
determine whether the state meets the requirements for
compliance.
DHS must develop a REALID enforcement strategy that
clearly conveys how the REAL ID Act requirements will be
enforced beginning January 15, 2013.
� Enforcement strategy must include at minimum the Federal
Protective Service, Transportation Security Agency and other
Federal facilities as covered by the REAL ID Act and
implementing regulation.
DHS must develop a grant funding financial audit
review strategy to ensure the grant funds awarded to states are
being expended in accordance with the grant application and
approval.
� Currently, DHS lacks the process to know and ensure
accountability for REAL ID grant funds expenditures
To vastly improve the quality of program
implementation, strongly encourage the REAL ID program be
transitioned to an operational environment that has
acquisition, program management, system engineering, at a
minimum, as core competencies. Although the DHS Office of
Policy may be well intended, the office is not equipped with
the experience or expertise to oversee the design and
development of an operational program. The Office of Policy is
especially not capable and does not have the expertise to
oversee the design, test, implementation an initial operation
of the multi-million dollar REAL ID Driver's License
Information and Verification (DIVS) Program which is currently
in the design phase. This REAL ID electronic document
verification program, developed with Congressional appropriated
funds, is currently in the design phase. The REAL ID program
has been in the implementation and system development stage for
several years. For example, for past three years the Office of
Policy has overseen and managed the requirements generation
process, which will lead to the design, development, testing
and fielding of an operational IT system expected to process
millions of daily state to state DMV transactions. The DIVS
system is expected to complete the design phase in 2014,
testing in 2015 and become operational and deployed by 2016.
Just as policy should not be developed in an operational
environment, an IT focused system's design, development, test,
initial operation and full system deployment should not be led
by a Policy Office.
REAL ID's Greatest implementation assets:
� All DMV leadership is aware of the critical need to
improve the security, integrity and trust worthiness of their
driver's license and identity card processes and they are
willing to take action.
� State's continue to make significant progress to enhance
the security of their cards, systems, processes and facilities
REAL ID's Greatest implementation impediments:
� Retaining the design, development, testing and fielding of
an operational program in a Policy making environment will
continue to delay the program's implementation. The program
must be transitioned to an operational environment.
� Lack of DHS clear and consistent guidance to states.
The program lacks clear pass/fail compliance
criteria
The program lacks clear guidance on what
constitutes a comparable program
The program lacks clear guidance on how
enforcement will be implemented and if enforcement will begin
January 15, 2013
� Lack of DHS executive level engagement and support
States DMV leadership remain uncertain and
unconvinced that DHS executive leadership is committed to REAL
ID implementation
__________
Mr. Sensenbrenner. Thank you, Mr. Williams.
Mr. Baker?
TESTIMONY OF STEWART A. BAKER, PARTNER,
STEPTOE & JOHNSON, LLP
Mr. Baker. Chairman Sensenbrenner, Ranking Member Scott,
Chairman Smith, Chairman Emeritus Conyers, Members of the
Committee, it is a pleasure to be here. My claim to fame is I
hired Darrell and had David Heyman's job before he had it.
It is a pleasure to talk about this topic because it is so
important. It is not just that the 9/11 Commission after 10
years reiterated how important it was. It is not just that
practically every terrorist act in the last 20 years, from
Oklahoma City to 9/11 to the Lubbock, Texas attacks, depended
on fake and fraudulent IDs. But one person, one household in 14
every year is the subject of identity theft. Most of it, the
most serious of it is facilitated by fake IDs. This is the real
privacy issue that we should be focused on. People are losing
control of their identities to people who have easy access to
fake or fraudulent driver's licenses.
The good news that I do want to talk about is that most
states have, at the end of the day, as we have heard already,
recognized they have a responsibility to fix their security
problems, and nearly 40 of them could meet this deadline, or
perhaps more. They are on track to meet the deadline. That is
great news. It is particularly impressive that they have put in
place the ability to check birth certificates, which are really
the most dangerous breeder document that facilitates this kind
of fraud. That is possible by January of 2013.
The bad news from my point of view is that even if 80 or 90
percent of the states meet this deadline, they are not going to
get rid of 80 or 90 percent of the fraud. They are going to get
rid of about 10 percent of the fraud because the fraudsters and
the terrorists, everybody who wants a fake ID, are just going
to figure out which states allow them still to use bad birth
certificates or to meet other fraudulent requirements, and they
are going to go there.
So until we get everybody up to a high level, we are not
going to solve this problem. That is why, I think, the REAL ID
Act very wisely put in place a penalty for failure to meet this
deadline. Until the last state comes on board, we have a
problem in our ID system.
The difficulty with the penalty that we have, and I faced
this because I actually was facing the prospect of pulling the
trigger on the refusal to accept licenses at airports, is it is
like a nuclear weapon. It is really effective at scaring
people, but when you actually set it off, a lot of bad things
happen that no one really wants to see happen.
So there is a kind of chicken that is played between the
Department and the states. The states say, ``I wonder if they
will really set that off, because if they won't, maybe I can
just, you know, skate past the deadline.'' And the Department
doesn't want to set it off, but they have to persuade people
that they are actually going to do something serious when the
deadline arrives. I don't think David or the Administration has
persuaded anybody that they are serious about setting off that
weapon or imposing that penalty.
So my suggestion for this committee is you really need to
find some penalty to enforce that deadline that is not
dependent on the Secretary having the will to use that penalty,
and my suggestion in the testimony--I will stop here--is that
you say to the 54 or 56 jurisdictions who took money to comply
with REAL ID that if you don't meet January 2013, give the
money back. Thanks.
[The prepared statement of Mr. Baker follows:]
Prepared Statement of Stewart A. Baker, Partner, Steptoe & Johnson LLP
Chairman Sensenbrenner, Ranking Member Scott, Members of the
Subcommittee, I am pleased to testify today about the importance of
improving the security of drivers' licenses, the identity documents on
whose security Americans rely daily.
WHY WE NEED MORE SECURE DRIVERS' LICENSES
It shouldn't be necessary to say that we need secure identification
documents in the United States. Ten years ago, the 9/11 hijackers
exploited the security weaknesses of state DMVs to obtain nearly 30
licenses, many of them by fraud. And twenty years ago, Timothy McVeigh
used a fake South Dakota license to rent the truck he filled with
fertilizer and fuel oil; South Dakota's license security was so weak
that McVeigh made his fake license with a typewriter and a clothes
iron.
That's not the end of it. Last year, the FBI arrested a Saudi
student in Texas whose notes showed that he had devoted much of his
young life to winning a scholarship to the United States, where he
planned emulate Osama bin Laden by killing large numbers of Americans.
His plans included casing the home of George W. Bush and preparing a
chronology for the attacks listing these key steps in his plan:
``obtaining a forged US birth certificate, applying for a US passport
and driver's license; . . . using a different drivers' license for each
car he rents; . . . putting the bombs into the cars and taking them to
different places during rush hour.''
Some things never change. Terrorists hoping to attack us at home
will keep exploiting the insecurity of our drivers' license system for
as long as we fail to improve that system.
So will criminals. Identity theft is a fast-growing and
disturbingly common crime; one household in 14 suffered an identity
theft in 2010, according to the U.S. Justice Department, up from one in
18 just five years earlier. Some of the most intrusive and devastating
forms of identity theft--forged checks, for example, or employment
fraud--require a fraudulent drivers' license or similar identification
document to accomplish. Bad drivers' license security has victimized
millions of Americans.
It could even get some of them killed. I am still appalled by the
story of Kevin Wehner. Having his wallet stolen on vacation was the
beginning a nightmare. The thief used Wehner's documents, along with a
forged Virgin Islands birth certificate, to obtain a Florida license in
Wehner's name. When Wehner moved to Florida, the DMV refused to give
him a license. ``You've already got one,'' they told him. He sent them
his picture to straighten out the mess. That only made things worse.
Because the identity thief had moved on to stealing cars and killing
police officers. To catch the killer, Florida police circulated the
photo that the real Kevin Wehner had recently supplied to the DMV.
Luckily, a friend who saw the photo on TV called Wehner before a
nervous police officer pulled him over. Shortly thereafter, police
located the fake Kevin Wehner and shot him dead in a gun battle.
Florida's inability to check a forged birth certificate could have
killed the real Kevin Wehner just as easily.
WHY REAL ID HAS NOT YET BEEN IMPLEMENTED
Unfortunately, not everyone agrees with the need for better
drivers' license security. Opposition to REAL ID unites the nations'
governors and the ACLU. As a candidate, President Obama campaigned
against REAL ID. And as a governor, Secretary Napolitano did the same.
So it was no surprise that the Obama administration supported repeal of
REAL ID and adoption of a softer approach, called PASS ID. Expecting
PASS ID to be adopted, the administration soft-pedaled the states'
obligations under REAL ID.
But PASS ID did not pass, and REAL ID is still the law.
Unfortunately, however, it's not being treated like a real law. In
2009, the Secretary of Homeland Security permanently stayed the
deadline for states to come into material compliance, on the grounds
that the Department was pursuing PASS ID. By March 2011, with the
deadline for full compliance with REAL ID just two months away, that
reasoning wouldn't work anymore; everyone recognized that PASS ID was
dead. But the Secretary nonetheless postponed the deadline for full
compliance to January 2013 without taking comments. The remarkable
justification for the delay was that the administration had encouraged
the states to hope that the law would change, so they didn't take steps
to comply with the law as it stands:
[S]ome States delayed investing in new technology and process
changes because of uncertainty associated with Congressional
action on the PASS ID Act. PASS ID, which was supported by the
Administration as well as State associations, including the
National Governor's Association and the American Association of
Motor Vehicle Administrators, would have modified certain
requirements of REAL ID to facilitate State compliance. States
delayed making investments to implement REAL ID to ensure they
were not making expenditures to comply with requirements that
would have been undone had PASS ID been enacted into law. Now
that PASS ID seems unlikely to be enacted, DHS anticipates
States will refocus on achieving compliance with the REAL ID
requirements.
Wow. I only wish I could get an extension on my tax return by
saying I was hoping the law would change before the returns were due
but that I'm now ready to ``refocus on achieving compliance'' with the
requirements of the tax code.
In fact, apart from hoping that the states will refocus, the
Department does not seem to be doing much to encourage them to meet the
new deadline. As far as I can see, it hasn't audited state compliance;
it hasn't processed the submissions of states that want to certify
their compliance with REAL ID; and it hasn't pressed the states that
are lagging far behind to step up their efforts.
THE 9/11 COMMISSION IS RIGHT: WE CAN'T AFFORD MORE DELAY
That approach will mean years of delay in improving drivers'
license security, millions more victims of identity theft, and perhaps
more victims of terrorism. It will mean negating not just a federal law
but one of the last unimplemented recommendations of the 9/11
commission. The members of that commission recently reassembled for a
tenth anniversary review of the nation's progress in adopting its
recommendations. They were blunt in their criticism of the
administration's delay in implementing REAL ID:
Recommendation: ``The federal government should set standards
for the issuance of birth certificates and sources of
identification, such as drivers licenses.''
. . .
[T]he deadlines for compliance have been pushed back twice . .
. until January 2013. The delay in compliance creates
vulnerabilities and makes us less safe. No further delay should
be authorized; rather, compliance should be accelerated. The
delay in compliance creates vulnerabilities and makes us less
safe. No further delay should be authorized; rather, compliance
should be accelerated. (Emphasis added.)
The 9/11 Commission members are right. The foot-dragging should
stop, in Washington and in the states.
MOST STATES ARE READY TO MEET THE REQUIREMENTS OF REAL ID
This is particularly true because, despite all the public outcry
and political posturing, most motor vehicle departments are making good
progress toward the goals set out in the REAL ID act. Janice Kephart of
the Center for Immigration Studies has done invaluable work in
surveying the states' progress toward achieving compliance with the
standards set by REAL ID. Her most recent study estimates that nine
states are on track to achieve full compliance with all REAL ID
requirements by January 2013, and that another 27 will have achieved
material compliance with the act by then. That means that the great
majority of states can meet the deadline, at least for material
compliance, if they simply keep on doing what they have been doing.
In saying that, I do not mean to overlook the distinction between
material compliance and full compliance. The principal difference is
that states can achieve material compliance without having in place an
electronic verification system for birth certificates. To achieve full
compliance, they must check birth certificates with the issuing
jurisdiction.
Now, as you might guess from my early remarks, I think that
checking birth certificates is crucial to achieving a more secure
license system. Birth certificates are much easier to forge and much
harder to check than licenses, so it's no wonder that everyone from
aspiring terrorists to cop-killing car thieves views a forged birth
certificate as the key to building a fake identity.
And so, having an electronic system for checking birth certificates
is crucial. It too should be in place as soon as possible.
BIRTH RECORDS CAN BE CHECKED ELECTRONICALLY TODAY
Once again, there is good news on this front in the Kephart report,
which says that by February of this year, 37 states had already entered
their birth records into a system that allows other agencies to conduct
verification online. This system, called Electronic Verification of
Vital Events (or EVVE), is administered by the National Association for
Public Health Statistics and Information Systems (or NAPHSIS). The
network is still growing; NAPHSIS tells me that they've added another
state since February; EVVE now covers 38 states. And the system isn't
just theoretically available. It's actually being used on a daily basis
by several US government agencies, such as the State Department's
passport fraud investigators, the Office of Personnel Management, and
the Social Security Administration.
The really good news, then, is that there are no technical barriers
to nearly immediate implementation of electronic birth certificate
checks. Any state that can achieve material compliance by 2013 can also
achieve the most important element of full compliance by that date; it
just has to hook up its DMV to EVVE. In short, nearly 40 jurisdictions
are on track to do what the 9/11 Commission recently urged them to do:
implement drivers' license security without delay.
WHY CONGRESS NEEDS TO ACT
Now let me turn to three pieces of bad news, and the reason that
the 9/11 Commission's goal will remain unfulfilled unless Congress
acts.
1. Everyone's security is set by the weakest states, not the
strongest. First, the efforts of nearly 40 jurisdictions to improve
their license security won't do us much good unless the remaining
states get on board. It's become quite obvious that identity thieves--
whether they're illegal workers or fraudsters--keep a close eye on the
license security practices of the states. When they need a fraudulent
document, they always manage to find the states with the weakest
security.
This is why REAL ID was needed in the first place. Many states did
a good job, and a few did not; but those few undermined the efforts of
all the others. We have to bring the laggard states up to the same
standards that most states are on track to meet. Only a firm deadline,
with penalties, will do that. And, since the administration has made
clear its reluctance to enforce REAL ID, Congress needs to impose its
own deadline.
2. We need new penalties for noncompliance. That brings me to the
second piece of bad news. The main penalty for states that miss
deadlines is that TSA will refuse to accept the licenses they issue,
meaning that residents of those states won't be able to fly without a
U.S. passport or other strong ID. The problem with this penalty is not
that it's too weak.
Rather, it's too strong. It's like a nuclear weapon--so big and so
damaging to so many innocent people that whoever sets it off is likely
to be judged harshly. With both sides aware of the risks, REAL ID
penalties are at best a game of chicken between recalcitrant states and
DHS. If the states convince DHS that they will not meet the deadline,
DHS will probably cave and issue an extension. If DHS convinces the
states that real penalties will be imposed and the deadline will not be
extended, then the states will probably cave and come into compliance.
But to be candid, having granted two extensions already, I don't think
this administration can persuade the states that this time is
different.
That's why Congress should act. REAL ID needs a statutory deadline
with penalties that are credible. Here's one idea. Remember that the
states, almost without exception, have accepted more than $220 million
in grants to comply with REAL ID or improve license security; they
accepted grants during fiscal years 2005, 2007, 2008, 2009, and 2011.
Many of those grants required the states to affirm that they were in
the process of complying with REAL ID. Yet years later some of them
still are not on track to meet the much-delayed implementation
deadline. This raises the question whether the lagging states took
federal grant funds in good faith and whether they spent the funds
prudently. If they lag so badly that they miss even the January 2013
deadline, perhaps it's time for them to give the money back.
So here's one idea for changing the dynamic of REAL ID enforcement:
perhaps any future appropriations or authorization bill dealing with
homeland security, terrorism, or immigration should include a provision
requiring that states failing to meet the REAL ID deadline must return
any funds received to improve drivers' license security. The paybacks
could be cumulative, increasing over time so that the states have a
growing incentive to comply. While imposing fines on states or a
requirement to disgorge grant funds would raise legal concerns, I see
no bar to automatically reducing by the amount of the penalty any
future payments that would otherwise be due to states under other
programs. Such a penalty would also respond to the current budget
climate by reserving scarce federal funds for states that live up to
their obligations under federal law. It could be implemented either
through appropriations or authorization bills. That's the kind of
modest but credible penalty that is likely to finally break the last
logjam of lagging states and bring about nationwide license security.
3. Electronic birth certificate checks probably won't happen
without enforcement of the deadline. Finally, the last piece of bad
news concerns the birth certificate network, EVVE. As I said, it is
available and ready for states to use. But the states are not in fact
using it, at least not to check birth certificates from other states.
(Some states do use the system to check their own birth records.)
Indeed, a pilot in which three states were using EVVE to do cross-
border birth record checks has recently ended, and the states involved
decided not to continue the checks--a troubling bit of backsliding,
given the importance of birth certificates as breeder documents for
false IDs.
Why are states reluctant to use EVVE for drivers' license checks? I
suspect the problem is the cost of the service. When the system is
running at low volumes, as it is now, the cost of an electronic record
check on EVVE is nearly two dollars. That's a lot of money for states
that issue tens of millions of licenses and may charge only $20 or $30
for each one. States have an incentive to hang back and let other
states pay the high cost of being an early adopter.
This Alfonse-and-Gaston problem is easy to solve. If all state
motor vehicle agencies join EVVE at the same time, its volume pricing
will bring the cost of each check down to less than a dollar--94 cents,
I'm told by NAPHSIS. We can achieve this goal if DHS simply enforces
the existing deadline of January 2013. Overnight, the cost of the
service will drop. That is another reason to impose a deadline and to
include birth record checks.
I know the states have complained about the costs of REAL ID. That
complaint makes no sense in the context of EVVE, however, because most
of the 94-cent cost goes to state vital records agencies to cover their
costs of maintaining EVVE records. Let me say that again; roughly 87
cents of the 94-cent EVVE fee is simply a transfer between state
agencies--from state DMVs to state vital records offices. Even when
those transfers cross state boundaries, they go in both directions and
are likely to roughly balance out.
It turns out that the states will be literally paying the great
bulk of EVVE fees to themselves, and their reluctance to make these
payments is simply a disguised turf war between the DMVs and the vital
records offices. Surely we should not leave future victims of future
identity thefts and terrorist acts unprotected simply because two state
agencies do not agree on which of them will pay to maintain digitized
birth records.
Still, if Congress wants to help the states achieve compliance by
further lowering the cost of birth record checks, there is a way to do
that while also making the country more secure. As I understand EVVE's
pricing, its lowest fees will be charged to all comers once volume in
the system exceeds 1.2 million checks a month. Bringing all the states
on board through REAL ID will achieve that end. But so will requiring
that the State Department check all birth certificates through EVVE
before issuing a passport. Today, I believe, State only checks a
limited number of certificates through EVVE, as part of its fraud
prevention program. If it checked all certificates through EVVE, it
would likely uncover more fraud, and it would lower the cost of such
checks dramatically for all. This would add to the State Department's
costs, but not to the deficit, because the cost of passport processing
measures is recovered by passport fees.
CONCLUSION
Making sure that Americans can rely on the security of their
drivers' licenses is a vital national priority. It has been stalled for
too long, and this hearing serves an important purpose in drawing
attention to how much has been achieved and how much still remains to
be done.
Thank you for the opportunity to testify here today.
__________
Mr. Sensenbrenner. Thank you, Mr. Baker.
Mr. Quam?
TESTIMONY OF DAVID QUAM, DIRECTOR, OFFICE OF FEDERAL RELATIONS,
NATIONAL GOVERNORS ASSOCIATON
Mr. Quam. Thank you, Mr. Chairman, Mr. Scott, Mr. Smith,
Mr. Conyers, Members of the Subcommittee. It is a pleasure to
be here on behalf of the National Governors Association on an
issue that governors have worked on for a very long time.
I think there is some good news here that you are hearing.
States have made progress, considerable progress in moving
ahead. Every governor is concerned with increasing the
integrity and security of their driver's licenses. They were in
2005, 2007, 2009. They are interested in that issue today.
Fraud, theft, security are all concerns for every governor.
And because of that, governors, when they started to
address both REAL ID and the regs as they came out, looked
through a lens of some core principles, that licenses and
identification cards should accurately reflect the identity of
the owner, that the laws and regulations should facilitate and
encourage participation by all jurisdictions, that those laws
and regulations should also enhance the security and integrity
of all licenses and ID cards while retaining state flexibility
to innovate, set a floor, let states go above it, and then
address critical privacy concerns while reducing or eliminating
unnecessary cost.
Part of the delay with REAL ID, as it was initially written
and as it came out, represented an unworkable and unfunded
mandate, a very serious challenge for states. What we need is
continued flexibility in implementation if we are going to meet
the core objectives of the Act, something that I think
governors share with this committee and with Congress, and the
Department of Homeland Security.
So where do we stand? Mr. Chairman, you accurately stated
exactly where states are today. Six states have submitted full
compliance certifications. Twenty-two states have said that
they are materially compliant. Four states are using enhanced
driver's licenses, something akin to REAL ID but currently
doesn't exactly match the requirements of REAL ID. Twelve
states have met 15 of 18 benchmarks, and another 12 states are
falling short of that.
In addition, you have 13 states who have laws on the books
saying they will not comply. You have another three who are
saying we won't comply unless certain conditions are met, and
often that goes to funding.
Of the five electronic databases necessary to really make
REAL ID click, only two are nationally deployed and operational
and being used by states. That is SAVE with regard to
immigration status, and SSOLV with regard to Social Security.
Of the other three, the passport system I believe may come
online this year. EVVER, the Vital Records states, are joining
and participating in digitizing their records, but that will
not be fully implemented by the states for some time, and there
is not one DMV currently signed up to use EVVER. As a matter of
fact, the pilot program for the DMVs expired last year.
And then the final one, the state-to-state driver's license
system, which has taken time to satisfy the governance, the
privacy, and how it will work between states, the
implementation to get it to an operational system starts in
2015. It won't be fully ready, from the stats I have seen,
until possibly as late as 2023. Yet those are the systems you
really need to make this work from an electronic standpoint and
get this working.
So where do we go from here? States need that clear
guidance. For those numbers, those state numbers to become 100
percent, states need to be able to evaluate where they are and
what the requirements are from DHS. We have heard and we look
forward to additional guidance from the Department of Homeland
Security to see exactly where states stand and whether or not
January 15th, 2013 can be met. If it can't be met, it is
probably not at the states' hands. It is because this was a
bridge too far to begin with.
One of the reasons why governors have always been
constructive partners is because driver's licenses have
traditionally been the responsibility of the states. One of the
reasons this has taken so long is because I believe the Federal
Government found out how complicated this process is, how hard
it is to validate those source documents, and how hard it is to
check everything on those cards.
That being said, the states have made great strides.
Getting the guidance out, being able to determine where we are,
and then finding out what it is going to take to fill those
gaps, including funding, I think will be critical to finally
meeting the objectives of REAL ID, objectives that are shared
by all governors, this Congress, and the Administration. Thank
you.
[The prepared statement of Mr. Quam follows:]
Prepared Statement of David Quam, Director, Federal Relations,
National Governors Association
Chairman Sensenbrenner, Ranking Member Scott, distinguished members
of the committee; my name is David Quam, Director of Federal Relations
for the National Governors Association (NGA). I appreciate the
opportunity to appear before you today to discuss the issues
surrounding state implementation of REAL ID.
OVERVIEW:
Governors have always been committed to providing their citizens
with drivers' licenses that are accurate and secure. In fact, during
multiple discussions among governors regarding REAL ID, it was clear
that all governors share common principles regarding licenses and state
identification:
Licenses and identification cards should accurately
reflect the identity of their owner;
The systems that produce the cards and the cards
themselves must be secure;
Information received about individuals should be
protected to ensure their privacy; and
Services and products must be provided in a cost-
effective manner that maximizes value for taxpayers without
diminishing the security or integrity of the license.
It is through this lens that governors have viewed federal efforts
to regulate state licenses, such as REAL ID. While governors believe
that the objectives of REAL ID are laudable, they have found that the
law represents an unworkable and unfunded mandate that--without
continued flexibility in its implementation--will fail to make us more
secure.
BACKGROUND:
Congress passed the REAL ID Act (REAL ID) as part of the Emergency
Supplemental Appropriations for Defense, the Global War on Terror and
Tsunami Relief Act (P.L. 109-13). The law replaced section 7212 of the
Intelligence Reform Act (P.L. 108-458), which established a negotiated
rulemaking to determine national standards for state driver's licenses
and identification cards (DL/IDs). NGA supported the compromise
contained in section 7212 because it allowed stakeholders, including
governors, to participate in the process of reforming what
traditionally has been a state function.
Although the negotiated rulemaking was already underway, REAL ID
repealed the provision and replaced it with statutory standards,
procedures and requirements that must be met if state-issued licenses
and identification cards are to be accepted as valid identification by
the federal government. REAL ID's mandates require alteration of long-
standing state laws, regulations and practices governing the
qualifications for and the production and issuance of licenses in every
state. Complying with REAL ID's standards will require significant
investments by states and the federal government and will test the
resolve of citizens directly affected by changes to state systems.
More importantly, all of this must be done quickly. The next
milestone for states is January 15, 2013. As of that date, a state must
be ``materially compliant'' with the act, or individuals can no longer
use its licenses or identification cards to board commercial aircraft.
Given its impact on states and individuals, governors worked
closely with other state groups, including the National Conference of
State Legislatures and the American Association of Motor Vehicle
Administrators, to recommend a regulatory framework that could bridge
the gap between state laws and practices and the unrealistic
requirements of REAL ID. NGA commends the Department of Homeland
Security (DHS) for its continued efforts to develop a workable
regulatory system to implement the law.
Unfortunately, even after the final rule was released, major issues
remained including a lack of funding for state implementation; privacy
concerns regarding the collection and use of individuals' information;
and uncertainty regarding the availability, development and cost of
electronic databases. These concerns ultimately helped propel 16 states
to pass laws prohibiting compliance with REAL ID; laws that remain on
the books today.
DEVELOPING A SOLUTION:
Given states' ongoing concerns, and the looming deadline for
material compliance, governors asked NGA to work with state experts to
develop recommendations to improve REAL ID based on the following
principles:
1. Fulfill the 9/11 Commission recommendation for the
``federal government to set standards for sources of
identification;''
2. Facilitate and encourage participation by all
jurisdictions;
3. Enhance the security and integrity of all licenses and ID
cards while retaining state flexibility to innovate; and
4. Address critical privacy concerns and reduce unnecessary
costs.
NGA's work culminated in the following recommendations:
Provide funds necessary for states to comply with
federal requirements. The projected costs of complying with the
act far outweigh existing sources of funding. To the extent
federal requirements result in increased costs for states, the
federal government should fund the cost of complying with the
law.
Allow for date-forward implementation. To comply with
the act, states should only be required to issue compliant DL/
IDs beginning on a certain date. All DL/IDs issued after that
date would comply with the federal law, but individuals would
not be required to obtain a new DL/ID until their existing DL/
ID expires. This provision would not apply to non-federally
compliant DL/IDs issued by a state.
Limit required electronic verification of documents.
The final rule identifies five systems states will be required
to use to be compliant with the law: Social Security On-Line
Verification (SSOLV); Electronic Verification of Vital Events
Records (EVVER); Systematic Alien Verification for Entitlements
(SAVE); an all-drivers system run by states to ensure an
applicant is not licensed in another state; and a system run by
the U.S. Department of State to validate foreign passport
information. Of these systems, only SSOLV and SAVE are
nationally deployed and functioning. Because of uncertainty
regarding how and whether the five electronic systems will
work, how they will be integrated and how they will ensure the
protection of data, their use should not be required by federal
law or regulation. Rather, states should be permitted to use
existing verification processes to comply with federal
requirements.
Establish a unique symbol to indicate that a license
or identification card complies with federal requirements.
States should retain the authority to issue DL/IDs that do not
meet federal standards. In order to differentiate between DL/
IDs that meet federal requirements and those that do not, DHS
should work with states to designate a means to easily identify
federally compliant DL/IDs.
Provide greater clarification and flexibility
regarding physical security requirements. Not all departments
of motor vehicles issue DL/IDs through the same process; some
use central issuance (CI), others use over-the-counter issuance
(OTC) and some use a hybrid CI/OTC process. Therefore, DHS
should allow states to use a combination of security features
designed to protect the physical integrity of DL/IDs. Many
states have processes in place to issue, maintain and protect
DL/ID information. Federal law and accompanying regulations
should provide flexibility in how states prevent tampering,
counterfeiting or unauthorized duplication of DL/IDs for
fraudulent purposes.
Establish minimum guidelines for the further
protection of personally identifiable information. DL/ID
information is protected by federal and state Driver Privacy
Protection Acts (collectively, DPPA). However, since DPPA was
enacted well before Real ID, DHS should establish further
minimum guidelines to address requirements to protect the
security, confidentiality and integrity of personally
identifiable information that could not have been contemplated
at the time of DPPA enactment.
Establish a process to allow states greater
flexibility in validating an applicant's identity under
exceptional circumstances. States should be permitted to
establish a process to validate an applicant's identity in rare
cases where the applicant is unable to present the documents
specified in the act.
Recognize enhanced driver's licenses as being
compliant with REAL ID. Enhanced driver's licenses issued by
states should be considered compliant with requirements for
secure state DL/IDs.
Establish a demonstration program to evaluate
electronic information sharing among states. The hub system
envisioned by DHS in the final REAL ID rule is a complex and
potentially costly endeavor, and participation in the system
should not be federally required. Instead, the federal
government should facilitate a demonstration program among a
few states to determine projected costs for such a system, the
appropriate governance structure for administrative purposes
and the appropriate security and privacy measures to protect
individuals' personal information.
Provide access to federal electronic systems. Access
to any federal electronic systems that states are required to
use to comply with the act should be provided free of charge,
just as the E-Verify system is made available to employers
without cost.
PROVIDING FOR ADDITIONAL SECURITY IN STATES' IDENTIFICATION ACT:
In 2009, NGA supported S. 1261, the ``Providing for Additional
Security in States' Identification Act,'' (PASS ID) because it is built
largely on governors' recommendations for solving the problems inherent
to REAL ID.
For example, to address the issue of cost, PASS ID would have
eliminated fees associated with the use of existing federally run
databases that states must use to issue DL/IDs. It would also have
allowed states to innovate to meet security requirements and eliminated
the requirement to use electronic verification systems that do not yet
exist or are not nationally deployed. If implemented, these changes
would have combined to cut state costs of compliance from $3.9 billion
to approximately $2 billion.
PASS ID also recognized that at the time only two of the electronic
systems states must use under REAL ID existed and were nationally
deployed: SAVE to verify immigration status and SSOLV to verify social
security information.
Today little has changed; SAVE and SSOLV remain the only two
systems available although an electronic system to verify passports
should be fully operational later this year.
Work to develop an electronic database to share DL/IDs information
among states is slow, with implementation of an operational state-to-
state system not anticipated until 2015. A fully deployed and populated
system will not be available to states until 2023.
Likewise, a national vital records database to check birth
certificates remains unfunded and lacking for data. Specifically, the
recent recession and lack of federal funds has prevented states from
digitizing their records--a necessary step for making a national
database a reality.
PASS ID recognized these shortcomings by not requiring states to
use systems that do not exist. It also addressed privacy concerns by
requiring procedures to prevent the unauthorized access to or sharing
of information, as well as requiring public notice of privacy policies
and the establishment of a redress process for individuals who believe
their personal information should be amended in records systems.
Finally, PASS ID tied timelines for issuance and full
implementation to the completion of final regulations. Although not a
true date-forward implementation schedule as called for by NGA, when
combined with other enhancements, PASS ID would have allowed states to
begin issuing compliant licenses and IDs faster than called for by REAL
ID.
CONCLUSION:
Since its passage, governors have consistently offered constructive
recommendations for implementing REAL ID. Governors have encouraged DHS
and Congress to ``fix'' the act by implementing statutory or regulatory
changes to make REAL ID feasible and cost-effective. They also have
called on the federal government to ``fund'' REAL ID by providing
federal dollars to offset state expenditures for meeting new federal
standards.
If Congress wants to see REAL ID implemented, it needs to encourage
and support the implementation of regulations and guidelines that make
compliance a possibility. DHS has worked closely with states to
understand the complexities of the DL/ID process and provide rules that
encourage better and more secure DL/IDs in a more cost-effective and
realistic manner. More, however, needs to be done.
Security of our nation is not a partisan issue. Every governor is a
security governor. Every governor is interested in making government
work. Governors look forward to continuing efforts with Congress and
DHS to find workable, cost-effective solutions that can increase the
security and integrity of all state license and identification systems.
__________
Mr. Sensenbrenner. Thank you very much.
The Chair is going to clean up and ask questions last. So
the gentleman from Virginia, Mr. Scott, is recognized.
Mr. Scott. Thank you, Mr. Chairman.
I guess, Mr. Williams, what ID is necessary to get a REAL
ID? What does a person have to present in order to get
identification?
Mr. Williams. Well, what an individual would need to do is
present source documents, for example, such as a birth
certificate, and if they have a Social Security number, they
should present that Social Security card or another acceptable
document with the Social Security number so that number can be
verified.
If they are in the country, for example, with immigration
papers, then they certainly need to present their immigration
document to be verified.
Mr. Scott. Let me just--for a citizen just trying to get an
ID----
Mr. Williams. For a U.S. citizen?
Mr. Scott. Yes.
Mr. Williams. A birth certificate and Social Security card.
Mr. Scott. Now, what do you need to do to get a birth
certificate?
Mr. Williams. To get a birth certificate, different states
have different processes in regards to how you get it and who
is authorized to get a birth certificate. But in many cases, I
think you would have to go to your vital records agency within
that state to request a birth certificate. And again, that is
the general term. Different states have different processes.
Mr. Scott. And again, what do you have to present to get
the birth certificate?
Mr. Williams. Each state I think has a different process
for it.
Mr. Scott. Could a terrorist show up and get a birth
certificate, my birth certificate?
Mr. Williams. That is a question I couldn't answer. I don't
participate in the vital records agency processes.
Mr. Scott. I don't know where my Social Security card is. I
know my number, but I wouldn't have a clue as to where the
actual card is.
Mr. Williams. If you don't have your Social Security card,
there are other documents that you can use with that Social
Security number.
Mr. Scott. Okay.
Mr. Williams. For example, if you are employed and you have
a W-2----
Mr. Scott. If two people were wandering around using the
same birth certificate or the same Social Security number, is
there something in the system that would expose that?
Mr. Williams. Well, Social Security, the agency has the
capability to identify----
Mr. Scott. A lot of people sell Social Security numbers,
those that would actually check when you go through the
process, as a valid Social Security number. How do you know
that the person before you is the one with that Social Security
number?
Mr. Williams. Again, that would be a process of checking
with the Social Security Administration and using their
processes.
Mr. Scott. REAL ID doesn't solve this.
Mr. Williams. No, REAL ID doesn't govern that process.
Mr. Scott. Mr. Heyman, is possession of a fake ID a crime?
Mr. Heyman. I believe it is.
Mr. Scott. You believe it is?
Mr. Heyman. I don't know.
Mr. Scott. You don't know.
Mr. Heyman. Use of it is a crime.
Mr. Scott. Use of it. But, I mean, if you just ran across
somebody and they had three or four different IDs in their
pocket, would that be a--you don't know if that is a crime or
not? Okay.
Mr. Williams, you indicated exposure of employee fraud. If
you have a DMV clerk somewhere in some rural area just making
money by selling fake IDs, would these IDs be as good-looking
as other IDs?
Mr. Williams. The most valuable ID that you can actually
get is working with an internal person to produce one based
upon the internal processes of that particular state's DMV. The
cost for that process, to show you how realistic it is, for
example in New York, they were selling fake IDs for as much as
$10,000 per copy. In the State of, for example, Maryland, a
fake ID produced internally could render as much as anywhere
from $2,500 to $3,000; California, anywhere from about $5,000--
--
Mr. Scott. Well, if you have bribed a DMV official, will
the ID be--would anybody be able to ascertain that this is a
fake ID?
Mr. Williams. If the ID is produced internally, it will be
exactly the same as any other ID. That is the value of finding
someone who works inside, and that is what REAL ID seeks to
prevent.
Mr. Scott. How does it prevent internal fraud?
Mr. Williams. By coming up with a number of internal
processes that the DMV must actually utilize, for example, to
include background checks of its employees, but also internal
processes to ensure that, for example, one person does not have
the authority to actually produce a driver's license from start
to finish, and then other internal processes like, for example,
making sure that you have a photo of the individual who sought
a driver's license through application so you can actually
check internally to see whether or not that photo shows up on
any other driver's license with a different name and Social
Security number.
Mr. Scott. Is that check actually done anywhere?
Mr. Williams. That check is actually done by a number of
DMVs today. With the advent of REAL ID, that number of internal
checks has gone up significantly.
Mr. Scott. If I can just follow up on this with one
question?
Mr. Sensenbrenner. Without objection, the gentleman has one
more question.
Mr. Scott. If two people are using the same photo, that
would be exposed?
Mr. Williams. If two people were using the same photo at
the same DMV, DMVs have----
Mr. Scott. The DMVs, one is in Connecticut and one is in
Virginia.
Mr. Williams. Well, if they were in different states and
those states did not have a process where they actually shared
photos, then that would be more difficult. But in the same
state, a number of states have same-day processes where they
take your picture and then run it through the database and
check with all other photos in their database to see whether
you are the person you claim to be. And then on a 24-hour
basis, they run it through their entire system to process to
see whether or not you have a, quote unquote, face that is
recognized in their database, and then what they have is
control investigators. Once they ascertain that you may have a
photo already in their database, the investigator is actually
used to pursue to determine whether or not you are an exact
match or if you are a similar match but not necessarily the
exact same person.
So a number of processes are in place to prevent the same
photos with different IDs inside the state level. States have
cooperative sharing relationships where they are actually
starting to share some of their photos across state lines to
ensure that you don't have, for example, a picture ID in the
State of North Carolina, but also in the State of South
Carolina.
Mr. Sensenbrenner. I guess all this was done because of
REAL ID.
The gentleman from Michigan, Mr. Conyers.
Mr. Conyers. Thanks, Chairman Sensenbrenner.
Let's use this time to focus on the two issues that have
been so well raised in this discussion, and I want to thank
attorney Stewart Baker for his emphasis on the privacy issue.
Let's talk about how we fund and how we guard for privacy.
Remember now that we may be meeting with the Secretary
Napolitano on this subject, and we want to use these minutes to
get your best advice as to how we deal with her, with the
Chairman, with these two issues.
Let's start off with you, David Quam, and then let's
everybody just chime in when you want to.
Mr. Quam. Thank you, sir. I think the emphasis with the
Secretary has really got to be first and foremost with the
guidance that needs to come out so states know exactly where
they are. So knowing those rules so states can evaluate where
we are today and where states need to be by January 15th is
critical. I think that guidance is pending and will come out
very shortly.
With regard to privacy, governors have always been
concerned with governance of these systems. It is how the
systems work, but how are they governed? How is individual
information being protected, and how can it be corrected if
there is a mistake, to make sure there aren't false-positives?
So, very large privacy concerns that need to be worked out.
That is why some of those systems are going to take some time
to bring online, and privacy guidance is critical, and
hopefully it is going to be part of this next guidance.
And then finally, with regard to funding, states have long
said this is an expensive proposition. If it is a mandate from
the Federal Government, it should be paid for by the Federal
Government. One simple example that we have called for, if
there is a requirement to use Federal systems, then those
Federal systems should be free to the states, much like e-
Verify is for a lot of businesses. The Federal Government has
the databases, let us use that. It is part of the problem we
have had with vital records where there is a fee that has to be
charged every time. In the fiscal condition of states, that can
be very problematic. But with some funding for states, I think
you can find that states can more easily come on board.
Mr. Scott. Attorney Stewart Baker.
Mr. Baker. On the privacy issue, to my mind the biggest
privacy issue in this area is not having a good ID. I don't
understand what privacy interest is served by having a bad ID.
The real privacy concern is the risk that your identity will be
stolen and someone will use a fake ID to pretend to be you.
The Department has lots of information about people who are
engaged in that kind of identity fraud, and there needs to be
better coordination with the states so that they don't continue
to issue driver's licenses to people using bad Social Security
numbers and so they can reinvestigate people who may have used
bad Social Security numbers to get their cards in the first
place.
So that would be a privacy issue that I think would be very
useful to address. I do think the Department has done a good
job of coming up with some additional privacy standards that
they think should be met by states to protect data, and that is
a good thing.
On the question of unfunded mandate, I think that is--I
don't agree with it, and the problem with that is the argument
that somehow the Federal Government should make free the SSOLV
and SAVE programs that allow you to use the government's
records to check Social Security numbers and the like. Those
cost pennies, maybe 20 cents. The states, on the other hand,
have put in place EVVER, in which they propose to charge $2 a
check, the income of which they are going to keep to use for--
--
Mr. Conyers. Do you prefer the state solution?
Mr. Baker. This is the state electronic event verification,
essentially the birth record database. The current prices for
that are $2 because the state vital records offices want to
make about $1 every time they provide this information. For the
states to say we want to charge you dollars and we want you to
forgive the pennies that we are paying is inconsistent, I
think.
Mr. Conyers. Let me get to Darrell Williams.
Mr. Williams. There are only three issues we are talking
about: privacy, cost, and a recommendation for DHS. On privacy,
most of the data that we are talking about already exists in
various state DMV databases. States use what they call--this is
actually run by the Department of Transportation--the CDLIS
system, and that CDLIS, which is a commercial driver's license
information system, actually contains the name, date of birth,
and driver's license information for virtually all drivers
already, because whenever anyone applies for a CDL, a
commercial driver's license, they are run through the CDLIS
system to determine whether or not they have a commercial
driver's license somewhere else. So the data that we are pretty
much talking about in regards to privacy concerns, it already
exists in the database.
The second issue, we talked about cost, and actually I will
piggyback on an example that you gave in regards to Mark
Sanford. Of course, now, Mark Sanford did write a letter.
Actually, he wrote a couple of letters to DHS that went to
Secretary Chertoff, but also to Napolitano, where he expressed
concern about REAL ID and its cost. However, in that same
letter Mark Sanford said that South Carolina, at the time of
his writing, currently met about 90 percent of the REAL ID
requirements. So if he was concerned about cost, he is 90
percent there. There is only a 10 percent delta, and the delta
wasn't going to be overly substantial at the time when I
actually read his letter and talked with Marcia Adams, who is
the South Carolina DMV Director in that timeframe to determine
exactly where South Carolina was. So the cost delta using that
example was not going to be that great.
The last item in regards to a recommendation for REAL ID
implementation, REAL ID is a program, and REAL ID is managed
pretty much out of a program office. I know because I started
it. However, the enforcement part about REAL ID today is that
program and that program office remains in a policy
environment, which is the exact wrong place for a program to
be.
The skill sets are not there. The program management skills
are not there. The engineering skills are not there. So if you
are designing and developing an information-based system,
policy is the exact wrong environment to be in for a program to
thrive and flourish as we look at going forward.
Mr. Sensenbrenner. Without objection, the gentleman from
Michigan will be given an additional minute.
Mr. Conyers. I thought it was 2 minutes.
Mr. Sensenbrenner. No. I said you were already 2 minutes
over.
Mr. Conyers. Oh. Thank you very much. Mr. Heyman, please.
Mr. Heyman. Thank you, Congressman. Thank you. Let me just
talk on those three points that you are interested in.
First, in terms of the privacy, the REAL ID Act did not
contemplate or stipulate privacy requirements, but we did put
in the regulation privacy requirements on the states. There are
standards for data protection, particularly on the network.
There will be encryption standards, and as Mr. Williams
mentioned, the networks are built on private networks that
already exist with privacy protections.
We are moving forward with guidance, as the states have
asked for. That guidance will, I believe, help provide clarity
for helping on compliance questions by providing comparable
programs that had not possibly been contemplated.
And then lastly on the funding question, funding this year,
the Secretary did sign out in February 2012 new FEMA grant
guidance to state administrative agencies to help address and
to be used for funding driver's license security grant
programs.
Mr. Conyers. Thank you.
Mr. Sensenbrenner. The gentleman's time has expired.
The gentleman from Colorado, Mr. Polis.
Mr. Polis. Thank you.
My first question is for Mr. Heyman. I am concerned that
there are several classes of legal immigrants who would not be
eligible for a license under this law. Some of those include
non-immigrant visas such as victims of trafficking, immigrants
who have been paroled into the U.S. for humanitarian reasons,
battered immigrants who are awaiting actions or on petitions
filed with U.S. CIS. These are some of the most vulnerable
legal immigrants in our country.
Does the law need to be fixed so these people can get a
license, or is there some procedure under this law where these
groups of legal immigrants would be able to get licenses?
Mr. Heyman. Well, under the REAL ID Act and regulations,
lawful presence is assessed and determined, but the actual
determination of who to issue a state driver's license for
operating a vehicle but perhaps not REAL ID-compliant is left
to the state. So that decision is a state decision.
Mr. Polis. But the issue is whether the ID would be useful
for Federal purposes, and I think it is in many ways a backdoor
Federal takeover of the licensing requirement for the states.
Do you anticipate that the states will have two sets of
licensing requirements, one REAL ID-compliant and one not? Is
that what you are contemplating?
Mr. Heyman. We are not--we are contemplating that if a
driver's license is to be used for Federal purposes, it must be
REAL ID-compliant.
Mr. Polis. As far as you know, are any of the states
maintaining two separate types of driver's license, one REAL
ID-compliant and one non?
Mr. Heyman. We don't have an assessment at this point, as
you know, because the compliance deadline has not been met yet.
We do not have visibility into what all states are
contemplating.
Mr. Polis. Have any states brought that up to the agency,
that they are considering doing a two-ID approach?
Mr. Heyman. I am not aware of that.
Mr. Polis. Okay. Again, so the concern is, again under the
REAL ID requirements, which are being heavily pushed to the
states, it is my understanding that a victim of trafficking or
a legal immigrant who has been paroled in the U.S. for
humanitarian reasons or a battered immigrant who is awaiting
actions on a petition filed under U.S. CIS, at least those
three categories of immigrants it is my understanding are not
able to get REAL ID-compliant driver's licenses. Is that
consistent with your understanding?
Mr. Heyman. An individual must be able, must present, must
be lawfully present in the United States to attain a driver's
license. So if they are lawfully present, they will be, along
with all the other requirements.
Mr. Polis. Okay. Well, those are people who are lawfully
present in the United States, but they are legal immigrants,
not illegal immigrants. But it is my understanding that in some
cases, because their cases are pending, they would be unable to
get the REAL ID. But are you saying they would be able to get a
REAL ID-compliant state ID?
Mr. Heyman. I am not aware of an exception to that. So if
the Congressman would allow, we can get back to you on the
record.
Mr. Polis. We will be happy to get you some specifics.
Let me go to Mr. Baker. It is my understanding DHS
postponed the REAL ID implementation under the Bush
Administration, and I would like to ask what those reasons were
for that postponement over those period of years.
Mr. Baker. We concluded that the states, by and large, were
not going to meet the deadline. It was a pretty demanding set
of requirements. They had been fighting them. They had been
hoping to delay the implementation. And we broke the
implementation into two stages, material and full compliance,
so that we could get the states to a place with about a 1-year
extension where they were implementing most of REAL ID. So we
gave them a relatively short extension to meet, I would say, 90
percent of the requirements, and in exchange for that we got
their assurance that they were working diligently toward
achieving the standards of REAL ID.
Mr. Polis. Mr. Quam mentioned that the original was
untenable and the flexibility was critical. I would like to ask
Mr. Quam, is there sufficient flexibility in the current law,
or do we need to go back and add additional flexibility to
ensure that this can be implemented?
Mr. Quam. It is quite possible that we need additional
flexibility. Part of the reason for the delay was the first set
of regs really was untenable. It was not going to provide the
opportunity for states to truly implement the law. I think DHS
did a very good job of listening to the states. I have to
congratulate the Department, both Administrations, for
listening to the states and realizing how complex this was in
making changes.
I think this next set of guidance is going to be critical
for states to evaluate where we are and what other
flexibilities need to be put in. Again, with regard to some of
the databases that are necessary, they are just not there. If
they are not there, states cannot be required to meet a
compliance standard that is impossible to meet. So that
flexibility has to be there to get states to move forward.
States are moving forward. They are doing the best they can
with the rules as we have them.
Mr. Polis. I just want to ask for 30 seconds?
Mr. Sensenbrenner. Without objection.
Mr. Polis. And the final question, Mr. Quam. So again,
without additional flexibility, do you believe that there would
have to be additional postponing of the hard deadline for the
REAL ID Act to go into effect?
Mr. Quam. Until we see the guidelines, it is impossible to
say what is going to be necessary for the states. States do
have to make progress in order to meet the rules as they stand
today. I think that guidance and an evaluation by the states is
going to be critical to determine that question.
Mr. Polis. Thank you, and I yield back.
Mr. Sensenbrenner. The gentlewoman from California, Ms.
Chu.
Ms. Chu. Thank you, Mr. Chair.
Under the REAL ID Act, an individual's address has to be on
the face of the card, but many individuals ranging from law
enforcement and judges to victims of domestic violence may be
put at risk due to this requirement. Mr. Heyman, there are many
domestic violence victims who don't want their address on the
ID card, and there are many victims of domestic violence. One
in four women will experience domestic violence in her
lifetime.
What is DHS doing to address this issue, and has there been
any study of the effect of these provisions on survivors of
domestic violence, sexual assault, or stalking?
Mr. Heyman. There are provisions for alternative ways for
identification, the specifics of which I would actually turn to
my colleague here, who used to work for me, who actually helped
implement them.
Mr. Williams. The rule as written today does allow for
individuals that are victims of domestic violence not to have
their home addresses displayed, for law enforcement and judges
as well.
Ms. Chu. So there are allowances for that?
Mr. Williams. Yes.
Ms. Chu. Let me ask about another issue. Actually, Mr.
Williams, I would like to address this to you, and that has to
do with the fact that, of course, there are more stringent
requirements for the REAL ID Act, and yet at the same time
there is another thing going on, which is that at least 34
states have introduced legislation just this last year that
would require voters to provide a photo ID when they go to
vote. At least 12 states have introduced legislation that would
require proof of citizenship such as a birth certificate to
register to vote.
To what extent--and Mr. Heyman, too--to what extent has the
Department been monitoring the recent attempts to enforce these
ID requirements and its impact on voting?
Mr. Williams. For that, I would have to really refer back
to the Secretary Heyman in regards to what DHS is doing to
monitor.
Mr. Heyman. Well, we are aware of those provisions. They
are not material to the compliance for REAL ID, but we are
certainly paying attention to that.
Ms. Chu. Let me ask about the 25 states that have, through
statute or legislative resolution, rejected their intent to
comply with the Act. I know there has been some dialogue and so
forth, but what conversations has DHS had with governors and
state legislatures to address their concerns with the Act? And
also, if REAL ID is implemented by 2013, what implications will
it have for citizens from these states if there are still those
that reject the REAL ID Act? Will citizens from these states no
longer be able to board a plane? What implications are there
for their everyday life, Mr. Williams and Mr. Heyman?
Mr. Heyman. Well, let me just say that if you look at all
states and all territories to include those that have acts
against REAL ID, all of them have made progress on driver's
license security. In fact, if you look at the material
compliance, the 18 benchmarks for material compliance, 83
percent of those with benchmarks, states have committed to
meeting or are already meeting 83 percent of those.
What that reflects is that while the actual compliance with
the specific Act may have been rejected by some states, they
are continuing to make progress on the actual underlying
security standards.
Mr. Williams. I would say one of the other advantages that
citizens of those states would have is REAL ID is only required
when an individual goes to the airport and is asked to produce
a form of ID. If that person chooses to produce a driver's
license as a form of ID is where the REAL ID requirement would
come in. There are other forms of ID a person could actually
produce, and that could be very well accepted by the TSA
individuals at the airport. Or, for example, a person could
very well have no form of ID and still be allowed to get on an
airplane.
So they do have alternatives and options if, by chance, you
are addressing the issue as to, when they go to the airport,
whether or not they would be allowed to actually board a
commercial airline. So, yes, there are options available for
them in any of those states.
Ms. Chu. And the other forms of ID for boarding a plane
would be?
Mr. Williams. Please?
Ms. Chu. The other forms of ID you said would be acceptable
for boarding a plane?
Mr. Williams. Well, there's a TSA list of items that they
accept, I guess on the TSA website, I believe, in regards to
what are acceptable forms of identification other than a
driver's license.
Mr. Sensenbrenner. The gentlewoman's time has expired.
The gentlewoman from Texas, Ms. Jackson Lee.
Ms. Jackson Lee. Mr. Chairman, thank you very much, and
thank you for holding this hearing that reviews what I think is
a stalled law ready for burial. I believe the REAL ID Act was
implemented in 2005, and it seems as if implementation has
completely stalled, and there seems to be resistance to the
REAL ID implementation in the states, and it is guaranteed that
the statute seemingly will never be implemented as it is
currently drafted.
It was passed as a rider to a bill funding the military
expenditures and tsunami relief, so it obviously slipped under
the radar screen. But it gives states 3 years to bring their
driver's license into compliance with the Act's requirements,
common licensing standards national database, et cetera. It is
now 2012. That is 7 years. The REAL ID has faced opposition
from civil rights and civil liberties, but I think the real
question is the lack of sufficient protections.
We are now in the midst of another rage of what we call
voter ID laws in 40 states, all being confronted with the real
issue of denying someone a birthright, a citizen's right to
vote. They have been previously able to identify themselves,
have a voter registration card.
So I want to ask the representative of the National
Governors Association. I have never known the National
Governors Association to not be quite prompt, and not only
prompt but conversant and ready to adhere to Federal laws, but
I am respectful of the fact of the different requirements of
each state. Tell me why this has been so difficult and what I
perceive to be opposition to implementing a law passed in 2005.
And I might just put on the record that there are those
opponents that come from all political perspectives who are
dealing with questions of civil liberties and civil rights. But
let me hear from the representative of the National Governors
Association, please.
Mr. Quam. I greatly appreciate the question. I think a lot
of the problem initially was a misunderstanding of how driver's
license systems work, and there was an education process that
had to go on between the time of the passage of the bill and
ultimately the regulations that came out, and then the
regulations that were rewritten. As everybody learned how
difficult the processes are, the fact that the states have been
doing this for over 100 years and not the Federal Government,
and that combining rules for the Nation when you have each
state doing their own is a difficult process.
And so what happened is that governors really tried to be
constructive partners to find a solution. One of our key calls
was fix and fund REAL ID early on. Later it became let's take
the strengths of REAL ID and get rid of its problems. That
became the PASS ID Act that was introduced, at least in the
Senate.
You still see states today trying to improve and meeting
some of these benchmarks, the integrity of their licenses,
because every governor is a security governor. They want their
driver's license to be secure and safe. But very real problems
were raised on both sides of the aisle with regard to privacy,
with regard to the reach of the Federal Government into state
actions, and then ultimately how do you get this done, how do
you find a solution that makes the most sense.
The original compromise for a negotiated rulemaking was
something that governors and states were willing to participate
in and were active participants. I think if that had been
allowed to go forward, we may be further than we are today. But
like I said, there was a partnership formed between governors,
between states, the Department of Homeland Security, and even
many Members of Congress to try to find a way forward. You have
seen a lot of progress, but there are still a lot of
objections, and there are 16 states who still have a law on the
books today saying we will not comply.
It is a problem when one-fourth of the states say we are
not participating in a national system. It is hard to have a
national system when one out of every four isn't participating.
Ms. Jackson Lee. Let me thank you for that explanation. I
know that, as a Member of the Homeland Security Committee, I
will be probing this independently, and I am not going to probe
Mr. Heyman at this time. I think the record is going to be very
clear in this hearing. It is not functioning. It is not
working. I think the privacy issues are severe, and I think
that this adds to the opposition to this massive plague of
voter ID laws. It just compounds fears.
I just came out of a hearing dealing with Hezbollah and
homeland concerns on Hezbollah's presence on the homeland. Yes,
that is where we need to be focusing. And, yes, we need to be
acknowledging that 9/11, tragic as it was, that our message was
that we are not going to allow terrorists to cause ourselves to
undermine our basic civil liberties and privacy.
So I just want to yield back at this time and say that my
concern remains on this REAL ID law, and I believe it is not
effective at this time. I yield back.
Mr. Sensenbrenner. The gentlewoman's time has expired.
It seems from this hearing that because of the REAL ID law,
there have been significant improvements in the security of
state IDs, even in the states that rejected the REAL ID law.
And Mr. Quam I notice is nodding his head, and so we will put
that in the record.
I think one of the ways to get the ball over the goal on
this--and I realize as the author of the bill that this is a
complicated bill--is, first of all, states need guidance; and
secondly, the DHS has to show that it is serious that there is
a deadline.
So, Mr. Heyman, let me ask you, when are the states going
to get some guidance, better guidance?
Mr. Heyman. Guidance is in OMB now for clearance. It should
be forthcoming in the next couple of weeks.
Mr. Sensenbrenner. That is good. Now, during an oversight
hearing that this committee had last November, Secretary
Napolitano refused to say whether or not the DHS would hold
firm to the January 15th, 2013 deadline. Is DHS going to extend
the deadline again?
Mr. Heyman. We have no plans to extend the deadline.
Mr. Sensenbrenner. That is good. Now, Mr. Heyman, in your
testimony you state that REAL ID regulation, as opposed to the
law, provides DHS with the ability to recognize comparable
programs in states and territories that issue driver's license
and ID cards consistent with the minimum requirements of the
regulation. But the REAL ID Act does not differentiate between
requirements that are mandatory and those that are
discretionary. Please inform the committee which part of the
REAL ID Act authorizes DHS to make that distinction.
Mr. Heyman. Congressman, what we are looking to do here is
to take the brilliant invention of states which allowed for
innovation in a democratic society and to capture that, in
effect, such that one state that may have thought of a solution
for implementation of the regs that we had not originally
contemplated but was consistent with the regs could be
identified and shared with others. That is the purpose of
putting forward comparable programs.
Mr. Sensenbrenner. Well, in my high school civics class, I
learned in a democratic society that laws that are passed by a
majority vote of the legislature and signed either by the
President or the governor are the law. Now, has that basic
constitutional principle penetrated DHS or not?
Mr. Heyman. The law is the law, Congressman, and the ways
in which states can comply with that law, there may be
comparable programs that, with technology or otherwise, that
allow for consistent application of the law through state by
state innovations.
Mr. Sensenbrenner. Okay. Let's get back to the guidance.
Why has the DHS waited so long to issue the guidance?
Mr. Heyman. The guidance has been in development over a
period of probably a little over a year, and it is forthcoming
now. I think it is timely. It will give states an opportunity
to assess where they are in the compliance process, and for us
to do the same.
Mr. Sensenbrenner. Well, the law was signed in 2005 by
former President Bush. Did it take DHS 6 years to start doing
the guidance and now we are about ready to get to it?
Mr. Heyman. Well, the history of the implementation is that
first the Department established a regulation and an
implementation plan, and then it issued two other forms of
guidance in 2009. In our dialogue, this is a partnership with
the states, and in our dialogue with the states it has become
clear that they have sought additional clarity, and we are
therefore putting forward additional guidance.
Mr. Sensenbrenner. Okay. Now, my final question is there
has been a disconnect between DHS and the states, both in this
Administration and in the Bush Administration on this subject.
How many states has DHS visited or AAMVA meetings has DHS
participated in with regard to the REAL ID Act?
Mr. Heyman. I believe we have traveled to 44 out of 56
states or territories, and I can't give you the number on AAMVA
participation, but we regularly, perhaps even annually,
participate in their national convention.
Mr. Sensenbrenner. Okay. Well, thank you. I think that
completes the record. I yield back the balance of my time.
Are there any further items that Mr. Scott wants to put
into the record?
Mr. Scott. Well, Mr. Chairman, we have had statements from
others that we would like into the record, if we could.
Mr. Sensenbrenner. Without objection, both the majority and
the minority may put additional statements into the record that
are relevant and material to the purpose of this hearing or the
testimony of the witnesses.
Hearing none, so ordered.
And without objection, this hearing is adjourned. I thank
all of the witnesses for their testimony.
[Whereupon, at 11:17 a.m., the Subcommittee was adjourned.]
A P P E N D I X
----------
Material Submitted for the Hearing Record
�