Analysts: Real ID Act Could Help ID Thieves

New legislation could make cyber-crime easier by consolidating personal information in one nationwide database.

Security experts have expressed dismay about new legislation that will usher in the nations first national ID system—citing a lack of confidence in the governments ability to employ the technology in such a way as to prevent citizens from being preyed upon by identity thieves.

The Real ID Act of 2005, added on to the $82 billion Emergency Supplemental Appropriations bill, was passed by the House of Representatives on Thursday and is expected to be passed by the Senate next week.

The act was pushed through without hearings or deliberation, over the objections of a coalition of 12 Democratic senators who decried it as a sweeping anti-immigration bill.

Beyond issues of civil liberties, whats disturbing about the imminent passage of the Real ID Act from a technological point of view is that its being done in spite of the growing popularity of state RMVs (Registries of Motor Vehicles) as targets for identity thieves, experts say.

"My feeling is theres a tremendous amount of activity going on right now around data theft," said Jon Oltsik, an analyst with Enterprise Strategies Group. "The stuff we hear about in the news is dwarfed by the stuff we dont hear about, because people bury it, because they dont want to disclose it. Theyre praying nothing happens."

The bill dictates that all states collect, at a minimum, personal information from citizens in order to obtain a drivers license, including name, date of birth, gender, drivers license or identification card number, digital photograph, address and signature.

Whereas collection of this particular information is not new, the linkage of states databases is. The bill specifies that states link what are at present discrete databases, creating, in effect, one nationwide database with personal information pertaining to all citizens.

Even with states currently discrete, disconnected databases, thieves increasingly have turned their attention to RMVs.

In March, thieves rammed a car through the back wall of a DMV near Las Vegas and stole computer equipment containing personal information on more than 8,900 people. Police in the past month have arrested DMV examiners in Florida and Maryland for selling fake drivers licenses.

Meanwhile, personal information for thousands of Americans has been compromised through the recent rash of scandals around what were considered secure databases residing with data brokers ChoicePoint and Lexis Nexis.

Next Page: Government flunks its own security grades.