Friday, January 25, 2008

New Regulations Fail to Address Security, Privacy

If you haven't read up on the FISA bill coming up for a vote in the Senate on Monday - that includes retroactive immunity for the telecom companies that were complicit in wiretapping American citizens - I strongly suggest you check out what I posted yesterday.

In the meantime I just can't help posting another article on the abysmal REAL ID Act. This analysis was just too good to pass up. Check out what Sophia Cope, a staff attorney for the Center for Democracy and Technology, has to say about the proposal.

Sophia writes:

Of particular concern is the Department’s flirtation with a central ID database. The final regulations, released Jan. 11, strongly support leveraging existing technology by expanding the central database for commercial drivers to include all drivers and state ID card holders—that is, virtually every American.

Following this path of least resistance fails to acknowledge the enormous security risks and potential for government and business abuse of a central ID database. Security experts agree that creating a “one stop shop” of highly sensitive personal information on millions of Americans, not just a relatively small pool of commercial drivers, is a bad idea. It would be an irresistible treasure trove for identity thieves, terrorists, and other computer criminals.

...

Regardless of whether ID information is stored centrally or in separate databases that are accessible via a central portal, two equally important questions have yet to be addressed: Who would have access to the ID data and for what purposes?

...

If run by a private organization, as is the current commercial driver’s license database, federal privacy and security laws may not apply, nor would the much-touted, though still weak, Driver’s Privacy Protection Act, which only regulates how state motor vehicle departments disclose personal data to government agencies and commercial entities.

Thus no robust legal framework exists to protect the personal information that would be held in the centralized ID system envisioned by DHS from misuse by government and business. Allegedly, the Department of Transportation and other federal agencies already regularly access the privately managed commercial driver’s license database with virtually no oversight.

Neither the REAL ID Act nor the final regulations prohibit the recording of individuals’ transactions in the central ID database or the skimming of personal data from the card itself, both of which would facilitate intrusive tracking by the government and unsolicited marketing by commercial entities.

Click here to read the article in its entirety.

No comments: