Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database

    Analysts: Real ID Act Could Help ID Thieves

    By
    Lisa Vaas
    -
    May 6, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Security experts have expressed dismay about new legislation that will usher in the nations first national ID system—citing a lack of confidence in the governments ability to employ the technology in such a way as to prevent citizens from being preyed upon by identity thieves.

      The Real ID Act of 2005, added on to the $82 billion Emergency Supplemental Appropriations bill, was passed by the House of Representatives on Thursday and is expected to be passed by the Senate next week.

      The act was pushed through without hearings or deliberation, over the objections of a coalition of 12 Democratic senators who decried it as a sweeping anti-immigration bill.

      Beyond issues of civil liberties, whats disturbing about the imminent passage of the Real ID Act from a technological point of view is that its being done in spite of the growing popularity of state RMVs (Registries of Motor Vehicles) as targets for identity thieves, experts say.

      “My feeling is theres a tremendous amount of activity going on right now around data theft,” said Jon Oltsik, an analyst with Enterprise Strategies Group. “The stuff we hear about in the news is dwarfed by the stuff we dont hear about, because people bury it, because they dont want to disclose it. Theyre praying nothing happens.”

      The bill dictates that all states collect, at a minimum, personal information from citizens in order to obtain a drivers license, including name, date of birth, gender, drivers license or identification card number, digital photograph, address and signature.

      Whereas collection of this particular information is not new, the linkage of states databases is. The bill specifies that states link what are at present discrete databases, creating, in effect, one nationwide database with personal information pertaining to all citizens.

      Even with states currently discrete, disconnected databases, thieves increasingly have turned their attention to RMVs.

      In March, thieves rammed a car through the back wall of a DMV near Las Vegas and stole computer equipment containing personal information on more than 8,900 people. Police in the past month have arrested DMV examiners in Florida and Maryland for selling fake drivers licenses.

      Meanwhile, personal information for thousands of Americans has been compromised through the recent rash of scandals around what were considered secure databases residing with data brokers ChoicePoint and Lexis Nexis.

      Next Page: Government flunks its own security grades.

      Government Flunks Its Own

      Security Grades”>

      “Gathering that information and putting it into state DMVs with a skyrocketing incident rate of identity thefts is a really bad idea,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, an organization which has long opposed the idea of national IDs.

      Its not that the database information cant be encrypted, security experts point out—its that the government has proven untrustworthy in doing so.

      “Yes, there are methods to protect the data. There are documented best practices,” Oltsik said. But in determining whether or not to trust government to protect the data, he said, one need look no further than its poor performance to date.

      “The metric Id give you is FISMA [the Federal Information Security Management Act],” Oltsik said, referring to legislation that mandates that government agencies be graded on their ability to protect data. “The Department of Homeland Security has gotten four Fs in a row. If theyre not securing data, do we really want to trust state RMVs with this data?”

      Indeed, the Nevada DMV initially reassured residents that information stolen from the DMV near Las Vegas was encrypted, making it virtually useless to thieves. State DMV chief Ginny Lewis subsequently told news outlets that Digimarc Corp., which provides digital drivers licenses for the state, had informed her that the information was not encrypted and was easily accessible.

      “The practical reality with this issue is the information is already in these databases,” said Ted Julian, vice president of strategy for the database security tools vendor Application Security Inc. “Do you want it in 50 of them or in one of them? I dont know which of those scenarios is better.”

      The bigger issue, Julian said, is that databases are directly under attack. “Thats where the goods are,” he said. “[Thieves] are hunting for valuable data they can sell or can otherwise benefit from. Lets face it, that typically sits in a database.”

      A roadblock to securing databases is a false sense of security derived from firewalls, Julian said. Obviously, he said, building firewalls on the perimeter doesnt mean the back-end database is safe, given that “every headline of the week, theres a database break-in,” he said. “Which is not to say the perimeter stuff is a waste of time. Its necessary, but no longer sufficient.”

      Check out eWEEK.coms for the latest database news, reviews and analysis.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×