07-1009 dhs privacy documents for department-wide programs 08-2012

7/31/2019 07-1009 DHS Privacy Documents for Department-wide Programs 08-2012

1/39

10820 Federal Register / Vol. 72, No. 46 / Friday, March 9, 2007/ Proposed Rules

1Sensitive Security Information or SSI isinformation obtained or developed in the conductof security activities, the disclosure of which wouldconstitute an unwarranted invasion of privacy,reveal trade secrets or privileged or confidentialinformation, or be detrimental to the security oftransportation. The protection of SSI is governed by49 CFR part 1520.

DEPARTMENT OF HOMELANDSECURITY

Office of the Secretary

6 CFR Part 37

[Docket No. DHS20060030]

RIN 1601AA37

Minimum Standards for DriversLicenses and Identification CardsAcceptable by Federal Agencies forOfficial Purposes

AGENCY: Office of the Secretary, DHS.

ACTION: Notice of proposed rulemaking.

SUMMARY: The Department of HomelandSecurity is proposing to establishminimum standards for State-issueddrivers licenses and identification cardsthat Federal agencies would accept forofficial purposes after May 11, 2008, inaccordance with the REAL ID Act of

2005. This rule proposes standards tomeet the minimum requirements of theREAL ID Act of 2005, including:information and security features thatmust be incorporated into each card;application information to establish theidentity and immigration status of anapplicant before a card can be issued;and physical security standards forlocations where drivers licenses andapplicable identification cards areissued.

DATES: Submit comments by May 8,2007.

ADDRESSES:You may submit comments,identified by the DHS docket number

DHS20060030 that corresponds tothis rulemaking, using any one of thefollowing methods:

Federal Rulemaking Portal: http://www.regulations.gov. Follow theinstructions for submitting comments.

Fax: 8664665370. Mail: Paper, disk or CDROM

submissions can be mailed to theDepartment of Homeland Security, Attn:NAC 112037, Washington, DC 20528.

FOR FURTHER INFORMATION CONTACT:Darrell Williams, REAL ID ProgramOffice, Department of HomelandSecurity, Washington, DC 20528 (202)2829829.

SUPPLEMENTARY INFORMATION:

Public Participation

The Department of HomelandSecurity (DHS) invites interestedpersons to participate in this rulemaking

by submitting written comments or data,and has requested comments on specificportions of this rulemaking as describedin section VI below. We also invitecomments relating to the economic,

environmental, energy, or federalismimpacts that might result from thisrulemaking action. See ADDRESSESabove for information on where tosubmit comments.

With each comment, please includeyour name and address, identify thedocket number at the beginning of yourcomments, and give the reason for each

comment. The most helpful commentsreference a specific portion of therulemaking, explain the reason for anyrecommended change, and includesupporting data. You may submitcomments and material electronically,

by fax, or by mail as provided underADDRESSES, but please submit yourcomments and material by only onemeans. If you submit comments by mail,submit them in two copies, in anunbound format, no larger than 8.5 by11 inches, suitable for copying andelectronic filing.

If you want DHS to acknowledge

receipt of comments submitted by mail,include with your comments a self-addressed, stamped postcard on whichthe docket number appears. We willstamp the date on the postcard and mailit back to you.

DHS will file in the public docket allcomments received by DHS, except forcomments containing confidentialinformation and sensitive securityinformation (SSI).1 DHS will considerall comments received on or before theclosing date for comments. The docketis available for public inspection.

Handling of Confidential or Proprietary

Information and Sensitive SecurityInformation (SSI) Submitted in PublicComments

Do not submit comments that includetrade secrets, confidential commercialor financial information, or SSI to thepublic regulatory docket. Please submitsuch comments separately from othercomments on the rulemaking.Comments containing this type ofinformation should be appropriatelymarked as containing such informationand submitted by mail to the addresslisted in the FOR FURTHER INFORMATIONCONTACT section.

Upon receipt of such comments, DHSwill not place the comments in thepublic docket and will handle them inaccordance with applicable safeguardsand restrictions on access. DHS willhold them in a separate file to which the

public does not have access, and placea note in the public docket that DHS hasreceived such materials from thecommenter. If DHS receives a request toexamine or copy this information, DHSwill treat it as any other request underthe Freedom of Information Act (FOIA)(5 U.S.C. 552) and the Department ofHomeland Securitys (DHS) FOIA

regulations found in 6 CFR part 5.

Reviewing Comments in the Docket

Please be aware that anyone is able tosearch the electronic form of allcomments received into any of ourdockets by the name of the individualsubmitting the comment (or signing thecomment, if submitted on behalf of anassociation, business, labor union, etc.).You may review the applicable PrivacyAct Statement published atwww.regulations.gov. You may alsoreview the comments in the publicdocket on the Internet at http://

www.regulations.gov.Availability of Rulemaking Document

You can get an electronic copy usingthe Internet by

(1) Searching on www.regulations.govby docket number or title, or

(2) Accessing the GovernmentPrinting Offices Web page at http://www.gpoaccess.gov/fr/index.html.

In addition, copies are available bywriting or calling the individual in theFOR FURTHER INFORMATION CONTACTsection. Make sure to identify the docketnumber of this rulemaking.

Abbreviations and Terms Used in ThisDocument

AAMVAAmerican Association ofMotor Vehicle Administrators

CACDepartment of Defense CommonAccess Card

CBPCustoms and Border ProtectionCDLISCommercial Drivers License

Information SystemCHRCCriminal History Records CheckCRBAConsular Report of Birth AbroadDHSDepartment of Homeland

SecurityDMVDepartment of Motor VehiclesDOSDepartment of State

DOTDepartment of TransportationEADEmployment AuthorizationDocument

EVVEElectronic Verification of VitalEvents

HHSDepartment of Health andHuman Services

IAFISIntegrated AutomatedFingerprint Identification

ICAOInternational Civil AviationOrganization

IDIdentification CardLPRLawful Permanent ResidentMRTMachine Readable Technology

VerDate Aug2005 19:17 Mar 08, 2007 Jkt 211001 PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 E:\FR\FM\09MRP2.SGM 09MRP2


2/39

10821Federal Register / Vol. 72, No. 46 / Friday, March 9, 2007/ Proposed Rules

2Division BREAL ID Act of 2005, theEmergency Supplemental Appropriations Act forDefense, the Global War on Terror, and TsunamiRelief, 2005, Pub. L. 10913, 119 Stat. 231, 302(2005) (codified at 49 U.S.C. 30301 note).

MRZMachine Readable ZoneNCSLNational Conference of State

LegislaturesNCICNational Crime Information

CenterNGANational Governors AssociationNPRMNotice of Proposed RulemakingPDPSProblem Driver Pointer SystemSAVESystematic Alien Verification

for EntitlementsSEVISStudent and Exchange Visitor

Information SystemSSASocial Security AdministrationSSISensitive Security InformationSSNSocial Security NumberSSOLVSocial Security On-Line

VerificationTIFTagged Image FormatTSATransportation Security

AdministrationTWICTransportation Worker

Identification CredentialUSCISU.S. Citizenship and

Immigration Services

VWPVisa Waiver ProgramWHTIWestern Hemisphere TravelInitiative

Table of Contents

I. BackgroundA. Statutory AuthorityB. Consultation With States, Non-

Governmental Organizations, and theDepartment of Transportation

C. Summary of the Proposed RuleII. Analysis of this Proposed Rule

A. Scope and Applicability1. Definition ofOfficial Purpose2. Definition ofREAL ID drivers license

or identification card3. Definition ofIdentification Card

B. Compliance PeriodC. Privacy ConsiderationsD. Document Standards for Issuing a REAL

ID Drivers License or Identification Card1. Documents Required for Proving Identity2. Additional Documents Considered and

Rejected for Proof of Identity3. Other Documentation RequirementsE. Verification of Information Presented1. Verification ofAddress of Principal

Residence2. Verification of Identity Information3. Verification of Lawful Status4. Verification of Date of Birth5. Verification of Social Security Account

Number or Ineligibility6. Connectivity to Systems and Databases

Required for VerificationF. Exceptions Processing for Extraordinary

CircumstancesG. Temporary Drivers Licenses and

Identification CardsH. Minimum Drivers License or

Identification Card Data ElementRequirements

1. Full Legal Name2. Drivers License or Identification Card

Number3. Digital Photograph4. Address of Principal Residence5. Signature6. Physical Security Features

7. Privacy of the Information Stored on theDrivers License or Identification Card

8. Machine-Readable Technology (MRT)9. EncryptionI. Validity Period and Renewals of Drivers

Licenses and Identification Cards1. Remote/Non-In-Person Renewals2. In-Person Renewals

J. Source Document RetentionK. Security of DMV Facilities Where

Drivers Licenses and IdentificationCards are Manufactured and Produced;Facility Security Plans

1. Background Checks for CertainEmployees

2. Physical/Logical Security3. Document Security Features on Drivers

Licenses and Identification Cards4. Security of Information Stored in the

DMV Database5. Security of Personal Data and

Documents Collected and ManagedUnder the Act

III. State Certification ProcessIV. Drivers Licenses and Identification Cards

That Do Not Meet the Standards ofSubparts A and B of These Regulations

V. Section 7209 of the Intelligence Reformand Terrorism Prevention Act of 2004

VI. Solicitation of CommentsVII. Regulatory Analyses

I. Background

A. Statutory Authority

The REAL ID Act of 2005 2 (the Act)prohibits Federal agencies, effectiveMay 11, 2008, from accepting a driverslicense or DMV-issued personalidentification card issued by a State foran official purpose unless the issuingState is meeting the requirements of theAct. The Act requires DHS to determine

whether a State is meeting the Actsrequirements based upon certificationssubmitted by each State in a mannerprescribed by DHS. The Secretary ofHomeland Security is authorized undersection 203 of the Act to issueregulations as necessary to set thestandards required under the Act. Thisrule proposes implementation standardsfor States to meet the Acts requirementsfor issuance of drivers licenses andidentification cards intended foracceptance by Federal agencies forofficial purposes.

The Act sets forth minimumdocument requirements, minimumdrivers license and identification cardissuance standards, and otherrequirements, including the following

Information and features that mustappear on the face of the drivers licenseor identification card, and inclusion ofa common machine-readable portion ofa drivers license or identification card;

Presentation and verification ofinformation an applicant must provide

before a drivers license or identificationcard may be issued, including evidencethat the applicant is a U.S. citizen or haslawful status in the United States;

Physical security of locations wheredrivers licenses and identification cardsare produced, the security of document

materials and papers from whichdrivers licenses and identification cardsare produced, and the background checkof certain employees involved in themanufacture and production of licenses,and;

Physical security of the driverslicenses and identification cards toprevent tampering, counterfeiting, andduplication of the documents for afraudulent purpose.

The Act also permits a State otherwisein compliance with the Act to issuedrivers licenses and identification cardsthat do not conform to the Acts

requirements. Such drivers licenses andidentification cards, however, cannot beused for an official purpose and mustclearly state on the face of the card thata Federal agency may not use it for anofficial purpose. The State also must usea unique design or color indicator sothat it is readily apparent to Federalagency personnel that the card is not to

be accepted for an official purpose.Section 203 of the Act amends 18

U.S.C. 1028(a) to establish a Federalcriminal penalty for persons whoknowingly traffic in actualauthentication features for use infraudulent identification cards.

B. Consultation With the States, Non-Governmental Organizations, and theDepartment of Transportation

Section 205(a) of the Act requires thatany regulations, standards, or grantsunder the Act be carried out inconsultation with the Secretary ofTransportation and the States. DHS hasmet and consulted with the Departmentof Transportation (DOT), and formed aninteragency work group to develop theseproposed regulations. DOT and otherFederal agencies with an interest in thisrulemaking participated actively in the

work group.DHS has also consulted with Stateofficials and State representativeassociations in the development of thisproposed rule through meetings andconference calls in 2005 and 2006.Many States and State representativeassociations participated in these eventsand submitted written comments forconsideration in the development of thisproposed rule. These are available forinspection in the public docket.

In particular, DHS received commentsfrom the National Governors



3/39


Association (NGA), the NationalConference of State Legislatures (NCSL),and the American Association of MotorVehicle Administrators (AAMVA),which aggregated responses from 48jurisdictions impacted by REAL ID,including 46 States, American Samoa,and the District of Columbia. DHS alsomet with various non-governmental

organizations (NGOs), particularly civilrights, privacy and religious groups. TheStates and NGOs raised a series ofconcerns about the requirementsmandated under the Act. A summary ofthese concerns is outlined below. DHSaddresses each of these concerns in thediscussion of the proposed requirementsunder this rule in section II.

One of the first issues of concern tothe States was the brief period forcompliance. There was concern thatDHS would interpret the Act in such away as to require that all driverslicenses and identification cards

nationally be brought into compliancewith the Act by May 2008, animpossible task according to the States.The States instead suggested a dateforward approach, which we haveproposed to adopt as a phase-in periodthrough May 2013.

The detailed requirements of the Act,particularly requirements for originaldocuments and proof of principalresidence, also raised State concernsthat individuals, through no fault oftheir own, might not be able to meetcertain requirements of the Act. TheStates advocated for an exceptionsprocess to accommodate certain

circumstances (victims of naturaldisasters such as Hurricanes Katrina andRita who no longer have certaindocuments, or elderly individuals withno birth certificate, for example). Weunderstand these concerns and thereforepropose that the States adopt anexceptions process in their Departmentsof Motor Vehicles (DMVs) that will bemonitored by the State and included aspart of the States certification processto DHS. This exception process wouldinclude any difficulties arising fromattempts to verify birth information forindividuals born before 1935, who, due

to various considerations, may not havebeen issued birth certificates.The Act requires States to subject

certain individuals involved in themanufacture and production of driverslicenses and identification cards toappropriate background checks. TheStates have suggested to DHS that, dueto the unique structure of each StatesDMV system, the identification ofpositions that should be subject to thisrequirement be left up to the States.DHS agrees with this proposal. TheStates have also proposed that new hires

be allowed to begin work at the DMVswhile their background check ispending. DHS understands that theStates must have flexibility in theirhiring, and therefore proposes thatStates place new employees in positionsthat are not subject to the backgroundcheck until the check is complete andsatisfaction of employment conditions

for the covered position is determined.The States have indicated to DHS that

the Act will lead to an increase in thenumber of required in-person visits toDMVs. Generally speaking, the Stateshave sought to utilize alternate servicechannels (particularly the internet andservices by mail) to reduce the requirednumber of in-person visits to DMVs, asa means of reducing State costs andimproving service to customers. TheStates have, therefore, expressedparticular concerns with the renewalprocess under REAL ID. DHSunderstands these concerns and is

therefore proposing that States continuetheir remote renewal procedures, aslong as they establish a procedure toverify the identity of individualsapplying for renewal remotely, maintainimages of the source documents theindividual used to obtain a REAL IDdrivers license or identification card,and establish a procedure to re-verifythe information on the sourcedocuments retained by the State. DHSproposes, however, that individualswith temporary REAL ID driverslicenses or temporary identificationcards renew their documents in person,

in order to present evidence ofcontinued lawful status.

C. Summary of the Proposed Rule

DHS proposes to issue REAL IDregulations that create minimumstandards for State drivers licenses andidentification cards that Federalagencies can accept for official purposeson or after May 11, 2008. Under thisproposal, States must certify that theyare in compliance with theserequirements, and DHS must concur,

before the drivers licenses andidentification cards that the States issuemay be accepted by Federal agencies forofficial purposes on or after May 11,2008. Because DHS recognizes that notall drivers licenses and identificationcards can be reissued by May 11, 2008,the proposal provides a five-year phase-in period for drivers license oridentification card renewals. All driverslicenses and identification cards that areintended to be accepted for officialpurposes as defined in these regulationsmust be REAL ID licenses andidentification cards by May 11, 2013

Key features of the proposal include:

Applicant documentation. Stateswould require individuals obtainingdrivers licenses or personalidentification cards to presentdocumentation to establish identity;U.S. citizenship or lawful immigrationstatus as defined by the Act; date of

birth; social security number (SSN) orineligibility for SSN; and principal

residence. States may establish anexceptions process for thedocumentation requirement, providedthat each such exception is fullydetailed in the applicants motor vehiclerecord.

Verification requirements. Stateswould verify the issuance, validity, andcompleteness of a document presented.This proposal specifies electronicverification methods depending on thecategory of the documents.

Information on drivers licenses andidentification cards. The followinginformation would be required toappear on State-issued drivers licensesand identification cards: full legal name,date of birth, gender, a unique driverslicense or identification card number(not the SSN), a full facial digitalphotograph, address of principalresidence (with certain exceptions),issue and expiration dates, signature,physical security features and acommon machine-readable technology(MRT).

Security features on the card. Theproposal contains standards for physicalsecurity features on the card designed toprevent tampering, counterfeiting orduplication for a fraudulent purpose,

and a common MRT with defined dataelements.

Physical security/security plans.Each State must prepare acomprehensive security plan for allState DMV offices and drivers license/identification card storage andproduction facilities, databases andsystems and submit these plans to DHSas part of its certification package.

Employee background checks.States would conduct name-based andfingerprint-based criminal historyrecords checks against State criminalrecords and the FBIs NCIC and IAFIS,

respectively, on certain employeesworking in State DMVs who have theability to affect the identity informationthat appears on the drivers license oridentification card, who have access tothe production process, or who areinvolved in the manufacture of thedrivers licenses and identificationcards. States would pay a fee to FBI tocover the cost of this check. Stateswould also conduct a financial historycheck on these employees.

State certification process. Similarto DOT regulations governing State



4/39


administration of commercial driverslicenses (49 CFR part 383), States will

be required to submit a certification andspecified documents to DHS todemonstrate compliance with theseregulations and demonstrate continuedcompliance annually.

Database connectivity. States wouldbe required to provide electronic access

to specific information contained in themotor vehicle database of the State to allother States.

II. Analysis of This Proposed Rule

A. Scope and Applicability

The Act does not require any State toissue REAL ID drivers licenses andidentification cards. States may chooseto issue drivers licenses andidentification cards that cannot beaccepted by Federal agencies for officialpurposes (referred to in this documentas non-REAL ID drivers licenses andidentification cards). This proposed

rule would apply to States andterritories that choose to issue driverslicenses and identification cards thatFederal agencies can accept for officialpurposes. Consistent with section202(d)(11) of the Act, this rule alsoproposes requirements for issuance ofnon-REAL ID drivers licenses (as wellas non-REAL ID identification cards) byStates in compliance with the Act.Under this proposed rule, individualscan hold only one valid REAL IDdrivers license or identification card ata time.

DHS understands that at present an

individual may hold active driverslicenses in multiple jurisdictions.Although DHS is not regulating issuanceof non-REAL ID drivers licenses beyondwhat is required in the REAL ID Act,DHS wishes to further the concept ofone driver, one record, one record ofjurisdiction and seeks comment onhow the REAL ID Act may beimplemented to discourage the issuanceof multiple non-REAL ID driverslicenses to an individual, or what stepsStates can take to ensure individuals arenot holding multiple drivers licensesfrom multiple States.

1. Definition ofOfficial PurposeSection 201(3) of the Act provides

that the term official purposeincludes but is not limited to accessingFederal facilities, boarding Federally-regulated commercial aircraft, enteringnuclear power plants, and any otherpurposes that the Secretary shalldetermine. DHS proposes to limit theregulatory definition ofofficialpurpose at this time, to those purposesexpressly stated in the ActaccessingFederal facilities, boarding commercial

aircraft, and entering nuclear powerplants. DHS, under the discretionaryauthority granted to the Secretary ofHomeland Security under the Act, mayexpand this definition in the future.DHS seeks comment on the proposedscope ofofficial purpose, and howDHS could expand this definition toother federal activities.

DHS considered including theacquisition of Federally-issuedidentification documents, such as aTransportation Worker IdentificationCard (TWIC), military Common AccessCard (CAC), passport, or PASSport cardwithin the proposed definition ofofficial purpose. To do so would beconsistent with the concept ofstrengthening the reliability of identitydocuments, one of the primaryobjectives of the Act. However, since noState would be required to have all ofits citizens possess Real ID driverslicenses and identification cards until

May 2013, DHS concluded that it wouldbe premature to require Federal agenciesto accept only Real ID drivers licensesand identification cards during thephase-in period and that the impositionof such a requirement could inhibitindividuals from obtaining thesenecessary forms of Federalidentification.

Federal agencies themselves do notcurrently examine identification fromall individuals seeking to boardregulated commercial aircraft or to enternuclear power plants. In the case ofaircraft, often it is aircraft operators thatexamine drivers licenses or other

identification credentials of individualsseeking entry to the sterile area of anairport. However, they do so incompliance with requirements insecurity programs issued pursuant toTSA regulations. DHS interprets thelanguage of the REAL ID statute to meanthat when nongovernmental entitiesrequire identification for the scope ofactivities considered official purposesin compliance with Federalrequirements, and an individualpresents a drivers license or DMV-issued identification card, the REAL IDActs federal acceptance requirements

would also apply to thesenongovernmental entities.These regulations are not intended to

change current admittance practices atFederal facilities. If a Federal facilitydoes not currently require presentationof photo identification prior to entry,the Act and these proposed regulationswould not require that process tochange. Similarly, if a Federal facilitycurrently accepts identification otherthan a State-issued drivers license oridentification card, the Act and theseproposed regulations do not require that

the agency refuse to accept such otherforms of identification. If the individualintends to use a State-issued driverslicense or identification card, however,it must be one that is issued by a Statethat is complying with the REAL ID Act.

2. Definition ofREAL ID DriversLicense or Identification Card

Throughout this proposed rule,drivers licenses and identification cardsissued under these regulations thatFederal agencies may accept for officialpurposes are referred to as REAL IDdrivers licenses and identificationcards. The term REAL ID driverslicenses and identification cardsincludes drivers licenses andidentification cards issued by StateDMVs (or other State agencies withcomparable responsibility for issuingdrivers licenses and identificationcards) to U.S. citizens and LawfulPermanent Residents (LPRs) of theUnited States for a maximum renewableperiod of eight years. The term REALID drivers licenses and identificationcards also includes drivers licensesand identification cards acceptable forofficial purposes that are issued toaliens legally present in the UnitedStates for a finite period of time, uponverification of their current lawful statusfor the period of their authorized lengthof stay, or for one year, if no length ofstay is specified. In instances where theproposed regulation discusses thesetemporary drivers licenses andidentification cards independently,these types of REAL ID licenses and

identification cards are referred to astemporary REAL ID drivers licensesand identification cards.

3. Definition ofIdentification Card

Section 201(2) of the Act definesidentification card to mean apersonal identification card, as definedin section 1028(d) of title 18 UnitedStates Code, issued by a State. In turn,18 U.S.C. 1028(d) defines this term, inpertinent part, to mean a documentmade or issued by or under theauthority of * * * a State [or] a politicalsubdivision of a State * * * which,

when completed with informationconcerning a particular individual, is ofa type intended or commonly acceptedfor the purpose of identification ofindividuals[.] Section 201(2), by itsexpress terms, could cover anyidentification card issued by or underthe authority of a State, includingidentification cards for State-chartereduniversities and colleges, and cardsissued by State agencies to obtain public

benefits. At this time, DHS is limitingthe scope of this definition toidentification cards issued by State



5/39


DMVs or other State offices withcomparable responsibility for issuingdrivers licenses.

DHS believes that these additionaldocuments mentioned above are notcurrently accepted as identificationdocuments to the same degree as State-issued drivers licenses andidentification cards issued by a State

DMV. In addition, it would be undulyburdensome at this time for DHS torequire that the issuers of theseadditional documents comply withthese proposed standards, since DMVshave been considering the Actsrequirements for some time, and it islikely that universities and other Stateentities have not.

B. Compliance Period

Section 202(a)(3) of the Act providesthat, [b]eginning 3 years after the dateof enactment of this division, a Federalagency may not accept, for any officialpurpose, a drivers license oridentification card issued by a State toany person unless the State is meetingthe requirements of this section. TheAct further states that DHS shalldetermine whether a State is meetingthe requirements of [the Act] based oncertifications made by the State to theSecretary.Id., (a)(2). DHS, theDepartment charged with implementingand enforcing the REAL ID Actrequirements for identificationstandards, interprets the complianceprovision to mean that effective on May11, 2008, Federal officials will beprohibited from accepting State-issued

drivers licenses and identification cardsfor official purpose unless the State hassubmitted the required certification orextension application to DHS and DHShas determined that the State is meetingthe requirements of the Act. DHS isproposing under this rule to find that aState certification is sufficient forcompliance under the Act if the Statehas established a program that ensuresthe States DMVs will begin issuingdrivers licenses and identification cardsthat meet the requirements of the Actand standards proposed under thisregulation beginning May 11, 2008. DHS

does not interpret the Act as requiringthe States to recall and reissue alldrivers licenses and identification cards

by May 11, 2008. Rather, States will beable to replace all drivers licenses andidentification cards with REAL IDdrivers licenses and identification cardsintended to be accepted for officialpurposes by May 11, 2013.

Accordingly, DHS proposes thefollowing compliance requirements:

(1) Each State must submit itscertification package to DHS on itsREAL ID drivers license and

identification card programs no laterthan February 10, 2008, 90 days beforethe May 11, 2008 compliance daterequired under the Act. DHS stronglyencourages States to communicate theirintent to certify compliance or requestan extension by October 1, 2007;

(2) DHS will not find that a State ismeeting the requirements of the Act if

the States certification does notdemonstrate that the all REAL IDdrivers licenses and identification cardsissued by the State on or after May 11,2008, will meet the standards requiredunder the Act and proposed under theseregulations, unless the State has soughtand received an extension;

(3) For unexpired drivers licensesand identification cards issued prior toMay 11, 2008, DHS proposes a five-yearphase-in period to allow individuals toapply for and receive new driverslicenses and identification cards thatcomply with these rules. These driverslicenses and identification cards would

be acceptable for official purposes untilthey expire, or until the phase-in periodends, on May 10, 2013whichever isearlier. Drivers licenses andidentification cards issued before May11, 2008 that do not expire until afterthe phase-in period ends would have to

be exchanged for drivers licenses andidentification cards issued under thenew rules in order to be accepted byFederal agencies for official purposesafter May 10, 2013.

If a drivers license or identificationcard that would not otherwise expireuntil after May 11, 2008 needs to be

reissued by a State prior to its expirationdate, DHS is proposing that the driverslicense or identification card must meetthe new standards at the time it isreissued. This reissuance would occur,for example, if a drivers license oridentification card has been lost orstolen and needs to be replaced, or ifchanges in information occur whichwould cause the DMV to issue a newdrivers license or identification card.

Under section 205(b) of the Act, DHSmay grant an extension of time to meetthe requirements of the Act if the Stateprovides adequate justification. DHS

recognizes that many States need a finalrule in order to guide theirimplementation efforts. Many Stateshave informed DHS that, absentsufficient time to consider and act uponthe final rule, the States will not be ina position to comply with the Act andthe final rule. In recognition of this fact,DHS is establishing a mechanism whereStates can request an expeditedextension of the compliance deadline.States may request an extension basedon the lack of a final REAL ID rule byfiling such a request no later than

October 1, 2007. Based on informationalready received by DHS, and absentextraordinary circumstances, anextension request will be deemedjustified for a period lasting until, butnot beyond, December 31, 2009.

Under this provision of the Act, DHSalso intends to issue complianceguidance to the States. This guidance

will set forth benchmarks or bestpractices against which progress towardfull compliance will be measured and toassist States in drafting the certificationpackages. As proposed in this rule, DHSwould require submission ofcertifications no later than February 10,2008, but the Department stronglyencourages States to submit certificationpackages by October 1, 2007. Statecertification packages should includemilestones, schedules, and estimatedresources needed to meet all therequirements of the final rule no laterthan May 11, 2008. States will resubmit

and DHS will re-evaluate State plans onan annual basis until all requirements ofthis rule are met. DHS welcomescomments from the States onappropriate benchmarks for measuringprogress toward meeting therequirements of this rule and on specificresource and schedule constraints inmeeting these benchmarks.

C. Privacy Considerations

The public has long been accustomedto providing personal information forthe purpose of obtaining driverslicenses and identification cards and tohaving this information printed on

drivers licenses. Most States alreadyinclude this information in a machinereadable technology (MRT). With theenactment of the REAL ID Act, however,there has been increased attention to theprivacy ramifications involving theinformation that will appear on thelicenses and identification cards and theexchange of information. Some haveraised concerns that the Act couldcreate an increased risk of identity theftand erode privacy, or be a stepping-stone to a national identity card.

A frequently-heard concern relates tothe amount of additional information

the Federal Government will have aboutdrivers license holders and what theFederal Government will do with thatdata. In fact, however, neither the RealID Act nor these proposed regulationsgives the Federal Government anygreater access to information than it had

before. Moreover, there is noinformation about a licensee that theFederal Government will store that it isnot already required to store.

As described below, DHS has soughtto address these privacy concernswithin the limits of its authority under



6/39


3The Act does not include statutory languageauthorizing DHS to prescribe privacy requirementsfor the state-controlled databases or data exchangenecessary to implement the Act. This is in sharpcontrast with the express authorization provided insection 7212 of IRTPA, which was the prior statelicensing provision repealed by the Real ID Act.Section 7212(b)(3)(E) of IRTPA stated that theFederal regulations shall include procedures andrequirements to protect the privacy rights ofindividuals who apply for and hold driverslicenses and personal identification cards.

4Pub. L. 103322 as amended by Pub. L. 10669,18 U.S.C. 2721 et seq.

5The database connectivity mandated by theREAL ID Act is in addition to the databaseconnectivity/functionality required to implementthe Department of Transportations existing controlover commercial drivers licensing. In addition, lawenforcement already have access directly to aStates driver history via the National LawEnforcement Telecommunication System (NLETS),which is the International Justice & Public SafetyInformation Sharing Network, a message switchingsystem serving the criminal justice community.NLETS is a not-for-profit organization owned andgoverned by the States.

6The information available in each jurisdictionsdatabase varies, but generally they already storewhat is required by the Act.

the Act.3 At the Federal level, only theDrivers Privacy Protection Act of 1994(DPPA) 4 addresses the privacy of motorvehicle records, but its protections arelimited. Although it addresses the useand disclosure of personal informationstored in State motor vehicle records,the DPPA does not provides privacyprotections for the personal information

stored on the licenses themselves or setany security requirements for the motorvehicle databases. DHS has sought inthe NPRM to provide for appropriateprivacy and security protections to theextent of its authority.

This section of the NPRM willsummarize the requirements of the Actthat potentially have the greatest impacton privacy, the extent to which thoserequirements change current Statedrivers licensing practices, and howDHS intends to address privacyconcerns regarding the Act. Thisanalysis will address the three key

privacy issues posed by the Act: (1) Theconnectivity of the databases; (2) theprotection of the personal informationstored in the State databases; and (3) theprotection of the personal informationstored on machine readable technologyon the DL/IDs. We invite comments onwhether the steps outlined below andotherwise discussed within the NPRMare appropriate and adequate.

1. Connectivity of Databases Mandatedby the Act

One voiced privacy concern regardingthe Act is that it will create a nationalidentity card and centralized databaseon all drivers. This concern stems fromthe provisions in the Act requiring thatthe individual States electronicallyverify application information againstFederal databases and provide State-to-State access to verify that each applicantonly holds a valid license in onejurisdiction. DHS envisions that theoperation of both the State data query ofFederal reference databases and theState-to-State data exchanges will be leftto the States, as is currently the practicein drivers licensing.

As discussed below and in sectionII.E.6 of the NPRM, the recommended

architecture for implementing these data

exchanges does not create a nationaldatabase, because it leaves the decisionof how to conduct the exchanges in thehands of the States. Moreover, noFederal agency will operate the dataexchanges affecting non-commercialdrivers licensing.5

a. The State Data Query of FederalReference Databases. Section202(c)(3)(A) of the REAL ID Act requiresthat, before issuing a license or ID, aState verify with the issuing agency, theissuance, validity, and completeness ofeach document required to bepresented. Given that it is very difficultto validate that the source documentsprovided by applicants are genuine andhave not been altered, certainidentifying data contained in the sourcedocuments will be checked againstauthoritative Federal databases asdescribed in more detail in section II.E.of the NPRM.

As described in section II.E., many

State DMVs already access one or moreof these databases as part of theircurrent licensing processes. The fact,however, that this data verification maynow be done by all 56 jurisdictionsheightens privacy concerns. Theproposed rule seeks to address many ofthese issues by leaving the operation ofthis data query, including thedevelopment of the business rules, tothe States. The rule proposes to requireindividual States to document their

business rules for reconciling dataquality and formatting issues and urgesStates to develop best practices and

common business rules by means of acollective governance structure.

A very important example of howadministration of this data query will beleft to the States is the commitment byDHS to support the development of afederated querying service to enablethe States to access the Federalreference databases in a timely, secure,and cost-effective manner. (See sectionII.E.6.) Most States already query someof these reference databases eitherdirectly or indirectly through a portalprovided by AAMVA. DHS iscommitted to the expedited

development and deployment of acommon querying service to facilitate

the State DMV queries for REAL ID dataverification.

To address the privacy concernsposed by such a service, the NPRMmakes clear that this service will onlyenable State DMVs to query Federalsystems. The purpose of this federatedquerying service will be to minimize theimpact of data verification on StateDMV business processes and reduce thecosts of data access. So while DHS willsupport the development of a queryingservice, it will not operate this service.

Moreover, use of this federatedquerying service will be voluntary, andStates may choose to maintain orestablish direct access to the referencedatabases; combine direct access withpartial use of a common service; orverify applicant data against thereference databases in some othermanner. The proposal by DHS to leavethe operation of licensing verificationwith the States should resolve concerns

about a centralized database operated bythe Federal Government.

In addition, as part of the Statecertification mandated by section202(a)(2) of the Act, each State will berequired to prepare a comprehensivesecurity plan for its DMV offices anddrivers license storage and productionfacilities, databases, and systemsutilized for collecting, disseminating orstoring information used in the issuanceof REAL ID licenses. As part of thisrequirement, DHS will require that eachState include in its annual certificationinformation as to how the State will

protect the privacy of the data collected,used, and maintained in connectionwith REAL ID, including all the sourcedocuments.

b. The State-to-State Data Exchange.Section 202(d)(12) of the Act mandatesthat States provide electronic access toinformation contained in the motorvehicle database of the State to all otherStates; and section 202(d)(13) requiresthat the State motor vehicle databasecontains, at a minimum, all data fieldsprinted on drivers licenses andidentification cards, and motor vehicledrivers histories, including motor

vehicle violations, suspensions, andpoints on licenses.6 These twoprovisions mandate the State-to-Statedata exchange, however, the NPRMcontemplates that the States will workout the business process and data accessrules necessary to implement theseprovisions prior to May 11, 2008 bymeans of a collective governancestructure.



7/39


7CDLIS was developed to enable record checksof the nations professional truck and bus drivers.It is an enhanced pointer system that requires Statesto update records and exchange data.

8The Privacy Act of 1974, 5 U.S.C. 552a.

As described in section II.E., below,although the REAL ID Act creates arequirement for this State-to-State dataexchange, such an exchange alreadyexists under the Department ofTransportations (DOT) rules andregulations governing commercialdrivers licenses (CDLs) and Stateconnections to the National Driver

Register (NDR)/Problem Driver PointerSystem (PDPS) and the CommercialDrivers License Information System(CDLIS).7 These systems exchangeinformation about commercial motorvehicle drivers, traffic convictions, anddisqualifications.

A State uses both the NDR/PDPS andCDLIS to check a drivers record, andCDLIS to make certain that the applicantdoes not already have a CDL. Underthese programs, as well as the REAL IDAct, the primary purpose of the State-to-State data exchange is to determine ifthe applicant is unqualified and the

application fraudulent; the purpose isnot specifically to verify the applicantsidentity.

The existing State-to-State dataexchange among DMVs, while focusedon commercial drivers licensing, alsoimpacts non-commercial licenseapplicants, as States are currentlyrequired to run all license applicantsagainst the PDPS and CDLIS, which are

both pointer systems that collect limitedinformation from each State in order tomatch against the incoming inquiries.Both systems offer some mandatoryprivacy protections. The PDPS is subject

to Federal regulations 23 CFR 1327.1 etseq., which adopts the Privacy Act of1974 8 principles of individualparticipation and collection, use, anddisclosure limitation.

DHS intends to work closely with theDOT, AAMVA, and the States to fulfillthe requirements for State-to-State dataexchange under the REAL ID Act, whilealso supporting privacy protections forthis exchange. It has not beendetermined whether CDLIS or someother service will be the platform for theState-to-State exchange, but regardlessof the platform, it will be necessary forthe States, working with DHS and DOT,to define the privacy protections for anyState-to-State data exchange. DHS andDOT will collaborate with states on theprivacy protections and accessprovisions for any State-to-State dataexchange.

For example, with support from theDHS Privacy Office, representatives of

the DMVs of California, Iowa,Massachusetts, and New York formed aFederation in July 2006 to identify acollective governance structure for theState-to-State data exchange and to

begin to develop business rules,including privacy protections. ThisFederation has recently joined with theAAMVA REAL ID Steering Committee

to develop an independent governancestructure for the State-to-State dataexchange. The development of privacyprotective business rules, standards, andgovernance mechanisms will be centralto ensuring that the privacy of licenseholders is protected.

2. Protection of the Personal InformationStored in State Databases

As discussed at the outset of thissection, the DPPA only addressesdisclosure of motor vehicle recordinformation but does not address thesecurity of the motor vehicle recordinformation or databases. The REAL IDAct, however, calls for DHS to issueregulations that ensure the physicalsecurity of locations where licenses andidentification cards are produced andthe security of document materials andpapers from which drivers licenses andidentification cards are produced.

DHS believes that this languageprovides authority for it to define basicsecurity program requirements to ensurethe integrity of the licenses andidentification cards. The NPRM,therefore, proposes that each Statesubmit as part of the REAL ID Actcertification process a written,

comprehensive, security plan. Thisrequirement provides an importantsafeguard for the personal informationcollected, maintained, and used by Statemotor vehicles offices, and it will helpassure the public that their informationis being handled appropriately. (SeeNPRM section II.K., below.)

As part of its security plan, each Stateis also required to outline how the Statewill protect the privacy of personalinformation collected, disseminated orstored in connection with the issuanceof REAL ID licenses from unauthorizedaccess, misuse, fraud, and identity theft.

Each State must prepare these plans tocover all State DMV offices and driverslicense storage and production facilities,databases and systems and submit themas part of its comprehensive securityplan.

The States certification shoulddemonstrate that it has implemented

best practices to protect the privacy ofthe license holder as guided by the fairinformation principles, which call foropenness, individual participation(access, correction, and redress),purpose specification, data

minimization, use and disclosurelimitation, data quality and integrity,security safeguards, and accountabilityand auditing. These principles arewidely recognized and embodied innumerous Federal, State, andinternational law and codes of practice.

DHS requests comments onrecommended best practices for

protecting the privacy of the personalinformation stored in the various Statemotor vehicle databases pertaining tothe requirements under this Act.

3. Protection of the Personal InformationStored in the Machine ReadableTechnology

The REAL ID Act standardizes theminimum personal information onREAL ID drivers licenses andidentification cards, and mandates amachine readable technology. DHS issensitive to the privacy concerns raised

by the potential for non-governmentalthird parties to collect and use thepersonal information on REAL IDdrivers licenses and identificationcards. As discussed in sections II.H.79, DHS is recommending that States usethe PDF417 2D bar code and DHS leanstoward recommending that Statesprotect the personally identifiableinformation stored in this 2D bar code

by requiring encryption, if theoperational complexity of deploying anationwide encryption infrastructure toprocess access by law enforcement can

be addressed.

4. Conclusion

In summary, DHS has proposed thefollowing privacy protections in itsimplementing regulations for the REALID Act: (1) The State-to-State dataexchanges and the State data query ofFederal reference databases will be Stateoperated and governed; (2) as part of theState certification process, States will berequired to submit a comprehensivesecurity plan, including information asto how the State implements fairinformation principles; and (3) whileacknowledging the benefits ofemploying encryption of the personalinformation stored on the identification

cards, we invite comment on itsfeasibility and costs and benefits toensure that its costs do not outweigh the

benefits to privacy.These protections are intended to

serve as a floor and do not prevent theStates from using their own statutory orexecutive authority to provideadditional privacy protections,consistent with Federal law, for thepersonal information stored on theREAL ID licenses and in their databases.DHS intends to work closely with theStates as they develop the information



8/39


9A passport also includes the passport card thatthe Department of State announced in its Notice ofProposed Rulemaking published October 17, 2006concerning the Western Hemisphere TravelInitiative (WHTI) (71 FR 60928).

system(s) necessary for queryingappropriate Federal and State databasesto verify the information contained inthe source documents and to determinelawful status of applicants. DHS expectsthat any system developed for purposesof the REAL ID Act will build inappropriate privacy and securitymechanisms to reduce the risk of

unauthorized access, misuse, fraud, andidentity theft.

DHS believes that protecting theprivacy of the personal informationassociated with implementation of theREAL ID Act is critical to maintainingthe public trust that Government canprovide basic services to its citizenswhile preserving their privacy. DHSrecognizes the significant privacy issuesthat are associated with the Act. Thepublic is encouraged to comment on theprivacy and security issues associatedwith implementation of the Act in orderto ensure that the final rule

implementing this statute reflectssufficient public input on theseimportant issues, which could includethe requirements of Statecomprehensive security plans; access toinformation collected by States pursuantto the REAL ID Act and the protectionof such information stored in Statedatabases; and the operation andgovernance of electronic verification byStates of drivers license applicationinformation.

D. Document Standards for Issuing aREAL ID Drivers License orIdentification Card

Section 202(c)(1) and (2) of the Actrequires that States issuing REAL IDdrivers licenses and identification cardsobtain and verify from applicantsdocumentation establishing

(1) The applicants identity, through aphoto identity document, or a non-photo identity document that includesfull legal name and date of birth if aphoto identity document is notavailable;

(2) Date of birth;(3) Proof of SSN or ineligibility for an

SSN;(4) The applicants address of

principal residence; and(5) Lawful status in the United States.Currently, every State has a different

list of the kind and number ofacceptable identification documents.Many are voluminous, encompassing 40or 50 different types of documents.Many States utilize a points systemwhere a combination of documentsaccumulating a sufficient number ofpoints is deemed sufficient. Othersuse a tier system ofprimary andsecondary documents, where, forexample, a primary (such as a passport)

and a secondary (such as an electric billconfirming an address) are required.

Drivers licenses are the documentsused most frequently to establishidentity and often serve as sourcedocuments to obtain other forms ofidentification. If an individual obtains afraudulent drivers license oridentification card, he or she can

potentially engage in identity-basedfraud, or even obtain access to areas andfacilities where he or she might causeharm or otherwise pose a severe risk tosecurity.

Based on these considerations, DHShas determined that many of thedocuments currently accepted by DMVsand proposed by others are notsufficient to address Congress directionto enhance national security. Many ofthe documents on these lists can easily

be counterfeited, or their authenticitycannot be easily verified by the Statesespecially outside of the State ofissuance. Therefore, this rule proposes ashort list of acceptable documents forREAL ID and temporary REAL IDdrivers licenses and identificationcards.

This approach offers severaladvantages from a security perspective.First, restricting the number ofdocuments means that only thedocuments which DHS has found to bethe most secure are chosen todemonstrate identity. Second, limitingthe number improves the chances thatDMV employees will be able todistinguish valid from fraudulentdocuments because there will be fewer

categories of documents with whichthey will need to be familiar. Third, asmaller list of documents increases theease of verifying the documentsindependently, a related statutoryrequirement and one that will be veryeffective in reducing document andidentity fraud.

Under the NPRM, DHS proposes thatStates require that applicants provide atleast one of these documents in order toobtain a REAL ID drivers license oridentification card. States could addadditional documentation requirementsto satisfy their own objectives, but at

least one of the documents listed belowwould have to be presented for everyapplication. State agencies would not berequired to comply with theserequirements when issuing driverslicenses or identification cards insupport of the Federal Witness SecurityProgram, codified at 18 U.S.C. 3521 etseq., or operations by other Federal,State, or local criminal justice agencies.In addition, when requested by anauthorized representative of the FederalWitness Security Program or thecriminal justice agency, States should

remove from public records appropriatematerial relating to the prior or otheridentities of people involved in theoperation and should take sufficientother steps, as directed by appropriateofficials, to safeguard the identities ofsuch persons.

1. Documents Required for Proving

IdentityThe list of acceptable documents that

DHS proposes to establish identity forpurposes of this regulation is as follows:

A valid unexpired U.S. passport.9 A certified copy of a birth

certificate. A consular report of birth abroad. An unexpired permanent resident

card. An unexpired employment

authorization document (EAD). An unexpired foreign passport with

valid U.S. visa affixed. A U.S. certificate of citizenship. A U.S. certificate of naturalization;

or A REAL ID drivers license or

identification card issued subsequent tothe standards established by thisregulation.

a. A Valid Unexpired United StatesPassport. A U.S. passport is issued only

by the U.S. Department of State (DOS).It may be issued only to United Statescitizens or nationals. If issued for thefull validity period (ten years for adults;five years for minors under 16 and fordiplomatic and official bearers) it isstatutory proof of U.S. citizenshipduring its period of validity. Before a

U.S. passport is issued, the writtenapplication is carefully adjudicated toestablish the citizenship and identity ofthe bearer. First-time applicants mustappear in person. A U.S. passport hassecurity features that include specialpaper, inks and photo printing thatmake it difficult to counterfeit or alter.Beginning in 2006, U.S. passports alsocontain the additional security featureof an integrated circuit chip containingthe bearers bio-data, a biometric, andunique chip identification information.

b. Certified Copy of a Birth CertificateIssued by a U.S. State or Local Office ofPublic Health, Vital Records, VitalStatistics or Equivalent. DHS recognizesthat a birth certificate is not an identitydocument in the true sense of the term.Instead, a birth certificate is a recordthat a birth took place at a particulartime and place, and nothing (such as aphotograph or other biometric) ties aparticular person to a particular birth



9/39


certificate. However, section202(c)(1)(A) of the Act states that a non-photo identity document is acceptable,if it includes the persons full legalname and date of birth. DHS believesthat this strongly suggests that Congressintended to maintain the use of the birthcertificate for this purpose, recognizingthe longstanding practice that birth

certificates are used to obtain driverslicenses and identification cards. DHSalso understands that the vast majorityof drivers license and identificationcard applicants may only have a birthcertificate available for this purpose;while U.S. citizens could use a U.S.passport, passports are currently heldonly by an estimated 25 percent ofAmericans.

To achieve security objectives, DHS isproposing that only certified copies of

birth certificates that include theindividuals full name and can beverified by a State vital statistics, public

health, or similar office would beacceptable. Interpreting this morebroadly could result in a myriad of non-secure, non-verifiable documentation

being used to obtain a drivers license oridentification card. Given the fact thatCongress specified that the requirementsenumerated in section 202(c)(11) were aminimum, and given also the serioussecurity implications associated withother implementation considerationsincluded in Title II of the Act, DHS

believes that it has the necessaryauthority to interpret this clausenarrowly. Accordingly, this regulationinterprets section 202(c)(1)(A) to mean

only a certified copy of a birthcertificate, and only one issuedpursuant to the other requirementsdiscussed in this section. Theseregulations do not preclude a State thataccepts a birth certificate as theapplicants identity document fromrequiring the individual to also presentone or more forms of photoidentification to substantiate his or herclaimed identity.

A corollary issue considered by DHSis whether to recognize delayed birthcertificates issued more than one yearafter the birth itself. While these cases

are relatively few, States haveestablished procedures in place foradjudicating these claims and requireevidence to prove the actual occurrenceof the birth prior to issuing the birthcertificate. Therefore, delayed birthcertificates lawfully issued by the Stateswill also be acceptable as an identitydocument.

c. DOS Consular Report of BirthAbroad of a Citizen of the United States,FS240; and DS1350 and FS545. TheConsular Report of Birth Abroad(CRBA), FS240, is a document issued

by a United States consular officer to aperson born abroad who acquiredUnited States citizenship at birth. It isstatutory proof of U.S. citizenship. Theparent of a child acquiring U.S.citizenship at birth abroad must applyfor the CRBA before the childs 18th

birthday, and must document thechilds acquisition of U.S. citizenship.

The CRBA is printed on secure paper ina format that resembles a state birthcertificate. There are two other DOSdocuments issued for U.S. citizens bornabroad and acquiring U.S. citizenship at

birth. Certifications of Report of BirthAbroad (DS 1350), issued only byPassport Services Vital Records Office,may be accepted as the equivalent of theCRBA. Certifications of Birth (FS545)issued at U.S. Foreign Service postsprior to November 1990 but no longerissued are still valid and list only thechilds name, date of birth, place of

birth, and recording date.

d. Certificate of Naturalization, FormN550 or N570, or Certificate ofCitizenship, Form N560 or N561. TheCertificate of Naturalization is issued bythe United States government as proofof a person having obtained U.S.citizenship through naturalization (alegal process of obtaining a newnationality). The Certificate ofCitizenship is proof of an individualhaving obtained U.S. citizenshipthrough derivation or acquisition at

birth. These documents are currentlyissued by DHS, printed on secure paperand have a photograph attached.

e. Unexpired Permanent Resident

Card, Form I551. This document, alsoknown as a green card, is issued byDHS to lawful permanent residents ofthe United States. The current versioncontains numerous security features,such as microline printing and a digitalphotograph. While most of thesedocuments display an expiration date,the status itself does not expire.

f. Unexpired EAD, Form I766 orForm I688B. This document is issued

by DHS to numerous categories of aliensin the United States who are lawfullyauthorized to work. The Form I766document is secure and difficult to

counterfeit. The I688B is expected tobe phased out by 2008, but under thisproposal would be acceptable until it isphased out.

g. Unexpired Foreign Passport withvalid U.S. visa affixed. Valid unexpiredpassports from around the world havetraditionally been acceptabledocumentation to establish identity inmost, if not all, States. Most passportsmeet certain international standardscriteria for security as defined by theInternational Civil AviationOrganization (ICAO). Security features

for these documents include digitalphotographs, information stored on amachine-readable zone, and otherforensic features. Some passports issued

by foreign countries, however, do nothave these features, and can even behand-written. DHS was concerned aboutrequiring the States to maintainknowledge of passport types from all

around the world in order to be able tocombat fraud. Further, DHS believesthat DMVs, once they verify the visa,should be permitted to rely on the factthat, in issuing the visa and admittingthe alien to the United States, theDepartments of State and HomelandSecurity have verified the passport tothe extent required by the REAL ID Act(see section 202(c)(3)(A) of the Act, andsubsection II.E. of this preamble, below).

Accordingly, States may accept a U.S.visa contained in a foreign passport asan acceptable means of authenticatingidentity. Not only are the U.S. visas

secure and contain a photograph, issuedU.S. visas can be verified against DOSsystems electronically using the sameconnectivity required to verify U.S.passports.

DHS is aware that inclusion of a visaalone will leave a large group of alienswho have lawful status in the UnitedStates unable to obtain a document thatis on this list. First, this includes thosenonimmigrants admitted under section217 of the Immigration and NationalityAct (the Visa Waiver Program, or VWP),as well as the Guam visa waiverprogram. However, these aliens areadmitted solely for short periods of

time, are prohibited from working in theUnited States, and are unlikely toqualify for a U.S. drivers license undertypical State residency requirements.Further, these aliens can typically useeither the drivers license from theirhome country or an internationaldrivers license to be able to drive a carwhile lawfully in the United States.Also, they will still be able to obtain anon-REAL ID license (if the Statepermits it) that could be used for drivingpurposes, but not for official Federalpurposes pursuant to this regulation.Overall, DHS does not believe that this

policy would significantly impact VWPaliens.Another classification of persons that

would be unable to present a visa areCanadians who enter the United Stateswithout having to obtain a visa and whostay in the United States for extendedperiods (i.e., more than 90 days) at atime. While the majority of these areshort-term visitors who would not needa U.S. drivers license, and indeed arenot issued any U.S. documentation orrecorded in U.S. nonimmigrant datasystems, some are longer-term visitors



10/39


10Testimony of James Huse, Jr. Inspector General,Social Security Administration, House JudiciaryCommittees Subcommittee on Crime, Terrorism,and Homeland Security; and Subcommittee onImmigration, Border Security, and Claims, 107thCong., 2nd Sess., June 25, 2002.

who may be students, authorizedworkers or others who may have reasonto need a U.S. license. DHS requestscomments specifically on how thisgroup could be affected if they areunable to obtain a U.S. REAL ID driverslicense that could be used for Federalpurposes.

h. Drivers License/Identification Card

Issued After the Standards Establishedby the Regulation. Any REAL ID driverslicense or identification card issuedafter the establishment of these newstandards, except non-REAL ID driverslicenses and identification cards issuedunder section 202(d)(11) of the Act,should be acceptable to establishidentity, when an individual movesfrom State to State or when a driverslicense or identification card is beingrenewed.

2. Additional Documents Consideredand Rejected for Proof of Identity

a. Transportation WorkerIdentification Credential. One documentconsidered by DHS as acceptable todemonstrate identity is theTransportation Worker IdentificationCredential (TWIC). This identificationdocument will be very secure and thosewho obtain it will be subjected torigorous background checks. However,DHS believes that any identificationdocument acceptable in this regulationmust be capable of being verifiedelectronically by a State in a timelyfashion. Including a TWIC on the list ofacceptable identity documents, at thistime, would require DHS to develop,

and the DMVs to access, informationelectronically using a system that hasyet to be created. All TWIC holderswould also have one of the otherdocuments prescribed by the regulation.Thus, DHS is not at this time proposingto include the TWIC as an acceptableidentity document for REAL ID driverslicenses and identification cards.

b. Department of Defenses CommonAccess Card. DHS also considered theDepartment of Defenses CommonAccess Card (CAC). The CAC card mayprove convenient for members of themilitary who move frequently and need

to get new drivers licenses andidentification cards. For the samereasons as the TWIC, DHS is notproposing to include this document onthe list at this time. DHS does notdispute the quality or utility of the CAC;however, DHS believes that any CACholder would also have one of the otherdocuments on the DHS proposed list,and including the CAC card wouldrequire States to connect to additionalFederal databases for verificationpurposes, without sufficientjustification.

c. Native American Tribal Documents.DHS discussed these documents withthe Bureau of Indian Affairs of theDepartment of the Interior andconcluded that since all tribes obtainState-issued documentation to verify

birth, all tribal members will have, orcan obtain, an eligible identificationdocument, rather than using tribal

documents.DHS solicits comments on whether

these or any other documents should beincluded as acceptable documentationfor showing identity. Commentersshould address instances in whichclassifications of individuals could notobtain any of the documents already onthe proposed list, issues of reliability ofthe document proposed, and ability ofthe States to verify the proposeddocument. If DHS concludes that otherdocuments, including those listed aboveand others submitted by commenters,are reliable and can be verified

electronically by the States, they may beincluded as acceptable identitydocuments in the final REAL ID rule.

3. Other DocumentationRequirements. In addition to presentingevidence of identity, the Act requiresthat a drivers license or identificationcard applicant present the following:

a. Documentation Showing Date ofBirth. Individuals may use alldocuments included on the list ofidentity documents to demonstrate dateof birth. Thus, while this is a statutoryrequirement, it is fulfilled by presentingone of the documents already requiredunder the proposed list of identity

documents.b. Evidence of a SSN or Proof of

Ineligibility. The United States, on bothFederal and State levels, hasexperienced significant amounts offraud due to the misuse of SSNs. Muchof this has been in the context ofidentity theft or other financialcrimes. However, the misuse of SSNscan have a national security impact aswell. For example, many of theSeptember 11, 2001 (9/11) hijackersused numbers that were either neverissued by the Social SecurityAdministration (SSA), were issued in

the name of a child, or had beenassociated with multiple names. Thehijackers used this information to obtaindrivers licenses, and some heldmultiple drivers licenses from Statesincluding Virginia, Florida, California,Arizona, and Maryland.10 Accordingly,DHS believes that the congressional

mandate to check all SSNs against SSAdatabases prior to the issuance of aREAL ID drivers license oridentification card will increase securityand decrease the ability to obtaindrivers licenses fraudulently. This willnot be a significant burden to the Statesas almost all jurisdictions currentlyverify SSNs against SSA databases, 46

States using Social Security On-LineVerification (SSOLV).

SSA has taken significant steps since2001 to strengthen the SSN issuanceprocess. SSA has a plan for improvingthe security of the SSN card itself, incompliance with section 7213 of theIntelligence Reform and TerrorismPrevention Act of 2004. In recognitionof improvements in the SSN issuanceprocess and plans for improving thesecurity of the SSN card, DHSconsidered requiring DMVs to requireindividuals to present a social securitycard with their full name and SSN asthe only mechanism to demonstrateevidence of their SSN.

DHS recognizes, however, that thisapproach would be costly and wouldcreate an undue hardship on SSA andthe public, particularly on members ofthe public who had lost or misplacedtheir social security cards. Accordingly,DHS proposes to allow an applicant toestablish his or her SSN by presentinghis or her social security card, a W2form, a SSA1099 form, a non-SSA1099, or a pay stub with the applicantsname and SSN on it.

An alien in the United States withoutauthorization to work is generally noteligible for an SSN. Thus, to proveineligibility for an SSN, an alien mustpresent evidence that he or she iscurrently in a non-work authorized non-immigrant status.

c. Documentation of Address ofPrincipal Residence. There are a numberof potential ways to define the termprincipal residence. DHS reviewedState definitions of this term and didnot find a consistent definition. TheNGA observed that State laws varywidely on how to define residency/

domicile because a mobile society leadsto frequent relocations, ownership ofmultiple properties, as well as lifestylesthat include no fixed address.Accordingly, DHS proposes to use theBlacks Law Dictionarydefinition ofdomicile which DHS believescaptures the intent of the principalresidence requirement of the Act:

The place at which a person has beenphysically present and that the personregards as home; a persons true, fixed,principal and permanent home, to which that



11/39


11Bryan A. Garner, editor, Blacks LawDictionary, 8th ed., p. 523 (Thomson-West, 2004).

12Testimony of Paul McNulty, United StatesAttorney, Eastern District of Virginia, HouseJudiciary Committees Subcommittee on Crime,Terrorism, and Homeland Security; andSubcommittee on Immigration, Border Security,and Claims, 107th Cong., 2nd Sess., June 25, 2002.

13See discussion infra at II.J.2 on verification ofbirth certificates through the Electronic Verificationof Vital Events system (EVVE). If this system is notoperational by May 11, 2008, a State must verify thevalidity of the birth certificate at the first licenserenewal or re-issuance once EVVER is available.

person intends to return and remain eventhough currently residing elsewhere.11

The need to determine an individualsprincipal residence prior to issuance ofa REAL ID drivers license also has itsorigins in the 9/11 terrorist activity.Seven of the 9/11 hijackers fraudulentlyobtained drivers licenses in theCommonwealth of Virginia, althoughnone of them actually lived there, byproviding false information as to theirtrue place of residence. At the timeVirginia allowed only a signedaffidavit of a Virginia resident tosuffice as proof of residency in the State,and two of the hijackers paid an illegalimmigrant (who had himself obtained adrivers license fraudulently) $100 tovouch for them.12 By September 21,2001, Virginia had eliminated thisloophole.

DHS recognizes that some individualsdo not have a fixed address, as that termis commonly used. Individuals who do

not have a fixed address, such as thehomeless, may still obtain a REAL IDdrivers license or identification card ifthey otherwise can produce thedocuments a State must possess andverify prior to issuing a REAL IDdrivers license or identification card.For such individuals, a State may issueREAL ID drivers licenses andidentification cards by adhering to awritten exceptions policy as describedin section II.F. below.

d. Evidence of Lawful Status in theUnited States. The REAL ID Actspecifies the scope of lawful status in

the United States for purposes ofeligibility for a REAL ID drivers licenseor identification card acceptable forofficial purposes. The applicant must bea person who: Is a citizen or national ofthe United States; is an alien lawfullyadmitted for permanent or temporaryresidence in the United States; hasconditional permanent resident status inthe United States; has an approvedapplication for asylum in the UnitedStates or has entered into the UnitedStates in refugee status; has a valid,unexpired nonimmigrant visa ornonimmigrant visa status for entry into

the United States; or has a pendingapplication for asylum in the UnitedStates; has a pending or approvedapplication for temporary protectedstatus (TPS) in the United States; hasapproved deferred action status; or has

a pending application for LPR orconditional permanent resident status.

A U.S. passport, certified copy of abirth certificate, DOS consular report ofbirth abroad, certificate of citizenship,certificate of naturalization or apermanent resident card can be used toestablish lawful status in the UnitedStates for purposes of this proposed

regulation. If an applicant presents anemployment authorization document(Form I766) or a foreign passport witha valid U.S. visa and/or DHSnonimmigrant Form I94 affixed foridentification, these documents may beaccepted as provisional evidence oflawful status, pending verification ofstatus through the Systematic AlienVerification for Entitlements (SAVE)system (see section II.E.3 below). Notethat while all documents presentedmust be verified through SAVE orotherwise, the difference is that since avisa or EAD are not necessarily linked

to an authorized status, their acceptanceis deemed provisional pendingconfirmation of exact status throughfurther verification. DHS considered,

but rejected, requiring additionaldocumentary evidence of status thatmay be issued by DHS, but consideredthis requirement unworkable,particularly since many holders of EADssimply do not have any other consistent,reliable identification.

The EAD is envisioned as thedocument to be presented by thefollowing classes of REAL ID-authorizedaliens: Temporary Protected Status(TPS) aliens; asylees and asylum

applicants; refugees; adjustmentapplicants; and aliens granted deferredaction. DHS understands that regulatorylimitations on issuance of EADs toasylum and TPS applicants will resultin a wait period before these aliens willhave acceptable documentation, andinvites comment on what alternativedocumentation regimen may serve forthese groups, and whether those groupsneed a REAL ID drivers license oridentification card before theirapplicable wait period expires.

The proposed rule also does notinclude immigration documentation

showing any status under theimmigration laws of American Samoa orthe Commonwealth of the NorthernMarianas for aliens within thosejurisdictions. REAL ID specifies U.S.immigration statuses. DHS invitesfurther comment about how thesejurisdictions may better be integratedinto the REAL ID framework.

E. Verification of Information Presented

Section 202(c)(3)(A) of the Actrequires verification from the issuingagency for issuance, validity, and

completeness of documentation toestablish the following:

Identity. Date of birth. Proof of SSN, or that the person is

not eligible for an SSN. The persons name and address of

principal residence. The persons lawful status in the

United States.The documents that individuals arerequired to present are described insection II.D.1 and are listed in 37.11 ofthe proposed regulation.

To verify with the issuing agency, theissuance, validity, and completeness ofdocumentation means that the Statemust determine independently that thedocument itself has been legitimatelyissued by the issuing agency to theindividual presenting the document,prior to issuing the drivers license oridentification card to the individual.13This means that DMVs are required toperform a physical inspection of thesource document to ensure that itappears authentic and has not beentampered with. However, documentverification is not sufficient. DMVs mustalso verify the information contained inthe document with an authoritative orreference database. Thus, States mustverify both document and data underthe Act, although this verification may

be phased in over time.The use of the phrase required to be

presented by the person underparagraph (1) and (2) in section202(c)(3)(A) of the Act means that onlythe specific documents required by this

proposed regulation need to be verified.Thus, in the case of identity, only thedocuments listed in these regulations asrequired to be presented must beverified. If States wish to requireadditional documentation to proveidentityfor example, if they wish torequire photo identification in additionto a certified copy of a birth certificatethen the State does not need toindependently verify these additionalitems, only the birth certificate, as it isincluded on the Federal list. Ensuringthat at least one document presented isindependently verified will increase

security by reducing the ability tofraudulently manufacturedocumentation typically used to obtaindrivers licenses and identificationcards.

Requiring additional documentationcan help a State to confirm the identity(or address, or whatever fact is at issue)



12/39


14One exception might be American Samoa asthis territory does not possess the same type ofaddresses commonly used in the 50 States.

of a person. This is a common methodused now by many Statesthe idea ofcross-verifying data elementsincluded on different documents.However, each independent verificationof a document can cost time and moneyfor the DMVswhich can create adisincentive to require many documentsto prove identity and thus eliminate the

benefits of this cross-verification. If thisregulation proposed to require that alldocuments presented for any purpose beverified, this would be an incentive forStates to require only the one documentthat the REAL ID regulation requires. Inthat circumstance, the verificationrequirement could result in a less secureprocess. DHS believes that the betterand more secure solution is to requirethat a State verify the identity documentan applicant presents, pursuant to REALID requirements. States retain theflexibility to require documents inaddition to the Federal document

requirements, and to verify thempursuant to their own regulations andpractices. Any additional documents

beyond those listed in 37.11 need notbe verified independently, but can becross-verified against the onedocument that must be verifiedaccording to these regulations. DHSproposes that it be up to the Stateswhether to keep digital or paper copiesof supplemental documentation beyondthe Federal document requirements,pursuant to the retention requirementsdiscussed in this regulation.

1. Verification ofAddress of Principal

ResidenceAlthough the Act requires States to

verify an applicants address ofprincipal residence, DHS believes thatthere is no nationally available, reliable,up-to-date, and cost-effective method forStates to verify this information with theissuing source of the document, as theplain language of the Act would seem torequire. DHS examined existinggovernmental and non-governmentaldatabases that alone, or in combination,could be used by States to fulfill thisrequirement, and determined that thereis no single way for States to comply

with this requirement by May 11, 2008,or in the reasonably foreseeable future.States currently have widely varying

ways of determining a personsresidence, although all States require anapplicant to demonstrate that they livein the State in which they are applyingfor a drivers license or identificationcard. While the U.S. Postal Service cando a basic electronic check for a fee, thissystem is based on nothing more thanthe applicant or some unrelatedindividual sending to the post office achange of address card. Thus, although

an electronic verification, it is not basedon reliable information.

Further, in almost all cases there is noway to verify independently fromdocuments presented that an address isa persons principal address. A mortgagestatement or lease may indicate that aperson owns or rents property in aparticular place, and while the landlord

or bank holding the mortgage couldverify this, it does not establish that thisis the persons principal residence, justthat the ownership or rental islegitimate. In addition, the cost to Statesof verifying a multitude of documentspresented to establish address, such asutility bills, leases, mortgages, or otherdocuments, is potentially significant.

In spite of these limitations, there isa need for some reliability in theinformation presented for principalresidence, as evidenced by theexperience of the 9/11 hijackers andhow they obtained Virginia drivers

licenses (see section II.D.3). Therefore,DHS is proposing that the States requireeach applicant to present at least twodocuments that include his or her nameand current principal residence.However, the States will retain theflexibility to determine for themselvesprecisely which documents, orcombination of documents, an applicantmust present to satisfy this requirementand how a State will validate or verifythis information. The proposedregulation would require States toestablish a written policy identifyingacceptable documents and how, or if,they will be independently validated orverified. The proposal would alsorequire that States provide thisinformation to DHS as part of theirinitial certification package andwhenever this policy is modified orsuperseded.

While States are free to determine thelist of acceptable documents forthemselves, whatever documentsindividuals submit must contain a streetaddress for individuals where available.Post office boxes or rural route numbersare not acceptable addresses, since thestatute requires a residence, not simplyan address.14 Documents issued

monthly (e.g., bank statements, utilitybills) could not be more than threemonths old at the time of application.Documents issued annually (e.g.,property tax records) would need to befor the most current year at the time ofapplication.

Applicants would also be required tosign a declaration (that could beincluded as part of the drivers license

or identification card application form)affirming that the information presentedis true and correct, includinginformation presented to establishaddress of principal residence. Forminors and other dependents, parents orlegal guardians would submit thedocumentation establishing a principalresidence on behalf of the drivers

license or identification card applicant.The parent or legal guardian wouldneed to present photo identification(that the DMV would need to verify) andwould be required to submit two ormore address documents, as if he or shewere the primary applicant, and sign th