Real I.D. vs. Freedom Smart Card™

The Real I.D. Act was signed into law in 2005, tacked onto a tsunami relief and defense appropriations bill. It was passed without the opportunity of committee hearings and was not open to public comment. Prior to 2005 there had been much discussion on consumer protection and privacy in general. After the passage of the Real I.D. Act of 2005, several privacy, technology, and consumer advocacy groups, experts and scholars voiced concerns and made recommendations, prior to full implementation of this law. Chief among these groups was the Electronic Privacy Information Center (EPIC), who provided the Department of Homeland Security (DHS) with detailed recommendations, as well as highlighting abuses of the Privacy Act of 1974 … these suggestions went unheeded.

In a nutshell, the Real I.D. Act of 2005 gave DHS the authority to, through an unfunded mandate, force all 56 jurisdictions (States, District of Columbia, plus territories) to share personal AND private information across their 56 databases controlled by

local Department of Motor Vehicles (DMV) offices. In effect, the DHS was “deputizing” civilian un-vetted workers at DMV offices throughout our country to screen applicants for drivers licenses, registrations, and renewals, and making a judgement call as to the legitimacy of supporting documents, including those from foreign countries, embassies and consulates.

The result was that over 19 States flat out refused to cooperate, and more troubling, the DMV databases were compromised putting citizen’s privacy at high risk for hackers. More troubling was women and children, who had been victims of abuse and stalkers, lost their cloak of protection.

The Freedom Smart Card™ seeks to repair and replace those risks; put back in place provisions and spirit of the Privacy Act of 1974; and must comply with the Consumer Bill of Rights.

Comparison

Provisions & ConcernsReal I.D. Act of 2005Freedom Smart Card™ – FSC
Data collectionData is collected by civilians at DMV offices.Data is scanned and returned to applicant at DHS satellite offices.
Data storageData is stored and shared among thousands of DMV offices.FSC equipment will not have the capability of storing anything.
Encryption of data on finished productData on “conforming” licenses, etc. is not encrypted.FSC is completely encrypted with 118:1 tamper-proof protection.
Personal dataAll personal data is required to be visibly incorporated on licenses.Only visible on the Freedom Smart Card™ will be a photo, a thumbprint and a bio-metric retina scan.
PrivacyDoes not recognize, or allow for victims of abuse or stalking – and data is shared by DMV offices.Freedom Smart Card™ recognizes and puts in place strict compliance with privacy laws.
Consumer protectionReal I.D. Act of 2005 ignores the Consumer Bill of Rights.Freedom Smart Card™ conforms 100% with the Consumer Bill of Rights.
Public ConfidenceState legislatures have passed laws forbidding participation under the Real I.D. Act of 2005.States will not be involved in inter-state data sharing.
FundingReal I.D. Act of 2005 was passed as an unfunded mandate to the states and territories.Freedom Smart Card System™ is a Federal program and requires funding at the Federal level, but must not increase deficit or debt.
InputReal I.D. Act of 2005 was enacted without hearings.Freedom Smart Card™ final version will have received input from the best & smartest – external involvement from experts in the fields of technology, privacy, security, immigration, consumer protection, and advocacy groups.
TransparencyReal I.D. Act is not transparent.The process of Freedom Smart Card™ will be totally transparent and will provide applicants a means to access and correct any errors.
Lost or stolen cardsReal I.D. Act of 2005 enables lost or stolen cards to be replaced within a state by any DMV office – and will contain all data and same “common machine readable” 2D bar code.Freedom Smart Card™ is like a snowflake. The data on the card is unique, so a replacement is equally unique.
Code of ConductThere is no provision to inform applicants of purpose, use, intended outcome, or recourse.Freedom Smart Card™ will provide applicants with clear, plain-language purpose, use, intended outcome and ability to resolve errors.
Complaint ProcedureThere is none.Freedom Smart Card™ will provide ability to field complaints or Breach of Code.
FraudThere is zero or near-zero provision for fines or penalties for fraud.Freedom Smart Card™ has clearly-defined fines and penalties for non-compliance or fraud.
EnforcementThis is poorly defined or enforced.This is fully defined, with enforcement fully detailed.
Public ConfidenceThere is no accountability or schedule for review.Freedom Smart Card™ shall produce annual reports demonstrating benefits, compliance, and complaint resolutions.
ReviewsNo review process.Freedom Smart Card™ shall incorporate a review and provision for updating in light of changing circumstances and expectations.
Third-Party AccessProvides for access, through third-party vendors, to private records and files.Under the Freedom Smart Card™ there will be no need to utilize third party vendors.
Hacking RisksGreat risk exists.ZERO risk – there is no on-line database.
ScopeOnly effective for licensed drivers.Effective for drivers & non-drivers.
Dissemination100% at risk by its very nature.ZERO dissemination of non-public information.
RegulationRelies on States to self-regulate and to certify conformity.Freedom Smart Card™ shall require DHS to issue quarterly proof of effectiveness.
Open Public ProcessPrior to passage in 2005, there was no open public process; in 2008 different input was provided but mainly ignored.Subject to national security issues, the Freedom Smart Card System™ shall be developed after obtaining input directly from affected parties and advocacy groups.
Fair Information Practice Principles (FIPPs)DHS defined the basis for FIPPs: Transparency, Individual Participation, Purpose, Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing – the final outcome of the Real I.D. Act of 2005 (as modified) comes up woefully short on nearly all parameters.The Freedom Smart Card System™, by its very nature, shall be in full compliance with the spirit and letter of Fair Information Practice Principles (FIPPs). Freedom Smart Card System™ only “pings” for most verification from existing sources and files. Freedom Smart Card System™ does collect and store that data, only the source and a data time stamp. With delivery of the Freedom Smart Card™ will be a print-out of the verified source – thus enabling corrections and providing recourse.
Flaws or GapsUnder the Real I.D. Act of 2005 (as amended – 2008) there are serious flaws or inconsistencies (recommendations by EPIC.org):

  1. Need to close exemptions (to comply) by any agency.
  2. Individual must be granted judicially enforceable rights to access and correct records and ensure compliance with ALL Privacy Act requirements.
  3. Technical Safeguards need to be incorporated into both the identifier and the database systems.
  4. The List of documents required MUST not change.

The list of required documents must allow for Native Americans, abused women & children, and those born before 1935.

The Freedom Smart Card System™ shall incorporate all of these recommendations per review by http://epic.org.
Personally Identifiable Information (PII)Under the Real Act of 2005 (as amended), holders have a huge amount of PII clearly visible and readable on a “common readable machine”, exposing the holder to a massive invasion of privacy, especially when the driver’s license is lost or stolen.The Freedom Smart Card System™ shall have no PII with the exception of a name, digitized photo, thumbprint, and a bio-metric retina scan, far less information than that contained on most municipal or corporate employee access cards.
2D BarcodeNot encrypted.The Freedom Smart Card System™ shall utilize a smart chip with an encrypted 2D Barcode to confirm validity of the Freedom Smart Card™.
Access to DataNot encrypted; extremely private information is clearly displayed.Freedom Smart Card System™ does not contain visible information other than name, digitized photo, thumbprint, and a bio-metric retina scan– balance of card is encrypted or contained on the smart chip. There is no usable data on the smart chip other than confirmation of validity.
State Address Confidentiality Programs (SACP)Not compliant.Fully compliant.
Department of Justice Reauthorization Act Violence Against Women Act (VAWA)Not compliant.Fully compliant.
Illegal Information Reform and Immigrant Responsibility Act (1996)Not compliant.Fully compliant.
Context-dependent IdentifiersNot compliant.Fully compliant through Decentralized Approach.
Reference sources:

© 2006-2016 All Rights Reserved