NH Law vs. Real-ID

There has been much controversy over the Federal Real-ID Act: is it a "National ID", or just a tweak to existing driver's licenses? Is New Hampshire already compliant with the new law's requirements, or does it conflict with existing New Hampshire laws? Unfortunately, there has been entirely too much sensationalism and spin on both sides of the issue. Below, I will try to address these questions as concisely and clearly as possible.

Conflicts

There are indeed at least three clear conflicts between the requirements of Real-ID and current New Hampshire privacy safeguards. They concern one's Social Security number, Photograph, and Address.

Social Security Number

• New Hampshire law: your Social Security number need not be stored in the NH DMV's records. [RSA 263:40-a (I)(a)]
• Real-ID: your Social Security number must be stored in the DMV's records for a minimum of 7 years. [Sec 202(d)(1,2)]

The source of this conflict is that the NH law explicitly states that persons may instruct the NH DMV not to store the SSN in the DMV's records. However, Real-ID Section 202(b) states that a Social Security number (or verification that the person is not eligible for an SSN) is one of the required "source documents" required to obtain a license; furthermore, Section 202(d) states that all such source documents must have a copy stored for at least 7 years.

Photograph

• New Hampshire law: your photo need not be stored in the NH DMV's records. [RSA 263:40-a (I)(c)]
• Real-ID: your photograph must be stored in the DMV's records for a minimum of 7 years. [Sec 202(d)(1,2)]

This is basically the same conflict as with the SSN.

Address

• New Hampshire law: your mailing address, instead of your home address, may be printed on the license. [RSA 263:40-a (IV)]
• Real-ID: your actual home address must be printed on the card. [Sec 202(b)(6)]

This is a simple and clear conflict between the different requirements.

Open Questions

There are two major areas where the Real-ID legislation is unclear. They concern the electronic aspect of the license. These issues will need to be clarified, either via more detailed Federal legislation, or through case law via the courts.

The Real-ID legislation states that the ID card shall contain "a common machine-readable technology, with defined minimum data elements." As such, the two questions are: (1) what exactly is the "minimum data?" (2) what exactly is the "machine-readable technology?"

"Minimum Data"

Which specific data elements are the minimum is not specified in the law. Does it include the SSN? Home Address? Photograph? Fingerprint data? Felony status?

It would appear that the specific set of data required is left to the discretion of the Secretary of Homeland Security [Sec. 201(4), Sec 202(a)(2)]. It should be noted that this is an appointed Cabinet position.

"Machine-readable Technology"

This is perhaps the most unclear point. There are many machine-readable technologies in common use. The primary concerns around machine-readable technology are the relative ease with which they can be forged, and by which they can read by unauthorized persons.

Forgery is a real problem with any machine-readable technology. In essence, the more "electronic" a given piece of information is, the harder it is to verify that it has not been tampered with. While physical anti-forgery measures such as holograms and watermarks are difficult to fake, a string of binary digits is not. Encryption would not be of much use here, due to the small amount of data, and the need for many thousands of readers to be available to police departments nationwide.

Readers for each of the technologies listed below are fairly cheap and easily available ($50-$200 on Ebay); this is attractive from the standpoint of minimizing state costs, but also means that all manner of individuals and businesses can obtain such readers. As such, the "minimum data in machine-readable format" is likely to be readable by anyone who desires it, though it may not be obvious to the actual, typical holder of such an ID card.

Barcodes are common: a "2-D" barcode (such as used by FedEx or UPS) could hold the needed mount of data. However, such barcodes are quite easy to forge, by simply "changing the spots" on the code.

Magnetic Strips are currently used on some credit cards and other ID cards. These are slightly, but not significantly, more difficult to alter or to read from a distance.

Radio-Frequency ID chips ("RFID tags") are at present somewhat more expensive to implement. However, these chips have the benefit that they can store orders of magnitude more information than other technologies. Of more concern is that, with proper equipment (less than $1,000 worth), such tags can be read from several yards away, and without the awareness of the person carrying such a tag.

Conclusions

1. The Federal Real-ID law does conflict with specific New Hampshire privacy requirements.
2. There are unclear aspects of the Federal Real-ID law that will need to be clarified, either by further legislation, or via case law.
3. Machine-readable data is subject to both forgery and unauthorized access.

Sources

The relevant New Hampshire law is RSA 263:40-a, located here
The Federal Real-ID requirements are in Title II of Public Law 109-13, located here