Tag Archives: real id

Government Anti-Fraud Efforts: They’re Still Siloed

When the United States was attacked on September 11, 2001—an attack that caused NATO to invoke Article 5, but I digress—Congress and the President decided that the proper response was to reorganize the government and place homeland security efforts under a single Cabinet secretary. While we may question the practical wisdom of that move, the intent was to ensure that the U.S. Government mounted a coordinated response to that specific threat.

Today Americans face the threat of fraud. Granted it isn’t as showy as burning buildings, but fraud clearly impacts many if not most of us. My financial identity has been compromised multiple times in the last several years, and yours probably has also.

But don’t expect Congress and the President to create a single Department of Anti-Fraud any time soon.

Stop Identity Fraud and Identity Theft Bill

As Biometric Update reported, Congresspeople Bill Foster (D-IL) and Pete Sessions (R-TX) recently introduced H.R. 7270, “To establish a government-wide approach to stopping identity fraud and theft in the financial services industry, and for other purposes.”

Because this is government-wide and necessarily complex, the bill will be referred to at least THREE House Committees:

“Referred to the Committee on Oversight and Government Reform, and in addition to the Committees on Financial Services, and Energy and Commerce, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.”

Why? As I type this the bill text is not available at congress.gov, but Foster’s press release links to a preliminary (un-numbered) copy of the bill. Here are some excerpts:

“9 (9) The National Institute of Standards and
10 Technology (NIST) was directed in the CHIPS and
11 Science Act of 2022 to launch new work to develop
12 a framework of common definitions and voluntary
13 guidance for digital identity management systems,
14 including identity and attribute validation services
15 provided by Federal, State, and local governments,
16 and work is underway at NIST to create this guid
17 ance. However, State and local agencies lack re
18 sources to implement this new guidance, and if this
19 does not change, it will take decades to harden defi
20 ciencies in identity infrastructure.”

Even in the preamble the bill mentions NIST, part of the U.S. Department of Commerce, and the individual states, after mentioning the U.S. Department of the Treasury (FinCEN) earlier in the bill.

But let’s get to the meat of the bill:

“3 SEC. 3. IDENTITY FRAUD PREVENTION INNOVATION
4 GRANTS.
5 (a) IN GENERAL.—The Secretary of the Treasury
6 shall, not later than 1 year after the date of the enactment
7 of this section, establish a grant program to provide iden
8 tity fraud prevention innovation grants to States.”

The specifics:

  • The states can use the grants to develop mobile driver’s licenses “and other identity credentials.”
  • They can also use the grants to protect individuals from deepfake attacks.
  • Another purpose is to develop “interoperable solutions.”
  • A fourth is to replace vulnerable legacy systems.
  • The final uses are to make sure the federal government gets its money, because that’s the important thing to Congress.

But there are some limitations in how the funds are spent.

  • They can’t be used to require mDLs or eliminate physical driver’s licenses.
  • They can’t be used to “support the issuance of drivers licenses or
    identity credentials to unauthorized immigrants.” (I could go off on a complete tangent here, but for now I’ll just say that this prevents a STATE from issuing such an identity credential.)

The bill is completely silent on REAL ID, therefore not mandating that everyone HAS to get a REAL ID.

And everything else

So although the bill claims to implement a government-wide solution, the only legislative changes to the federal government involve a single department, Treasury.

But Treasury (FinCEN plus IRS) and the tangentially-mentioned Commerce (NIST) aren’t the only Cabinet departments and independent agencies involved in anti-fraud efforts. Others include:

  • The Department of Justice, through the Federal Bureau of Investigation and the new Division for National Fraud Enforcement.
  • The Department of Homeland Security, through the Secret Service and every enforcement agency that checks identities at U.S. borders and other locations.
  • The Federal Trade Commission (FTC).
  • The Social Security Admistration. Not that SSNs are a national ID…but they de facto are.
  • The U.S. Postal Inspection Service.
  • The Consumer Financial Protection Bureau.

These agencies are not ignored, but are funded under mandates separate from H.R. 7270. Or maybe not; there’s an effort to move Consumer Financial Protection Bureau work to the Department of Justice so that the CFPB can be shut down.

And that’s just one example of how anti-fraud efforts are siloed. Much of this is unavoidable in our governmental system (regardless of political parties), in which states and federal government agencies constantly war against each other.

  • What happens, for example, if the Secret Service decides that the states (funded by Treasury) or the FBI (part of Justice) are impeding its anti-fraud efforts?
  • Or if someone complains about NIST listing evil Commie Chinese facial recognition algorithms that COULD fight fraud?

Despite what Biometric Update and the Congresspeople say, we do NOT have a government-wide anti-fraud solution.

(And yes, I know that the Capitol is not north of the Washington Monument…yet.)

Google Gemini. Results may not be accurate.

Catching Up On Alaska’s Mobile ID

Thales issued this press release recently:

“Thales is pleased to announce its continued partnership with the State of Alaska Department of Motor Vehicles (DMV) with the launch of the Alaska Mobile ID. Seen as an innovative digital identity solution, it empowers residents to manage the use of their identification credentials securely and conveniently through their mobile devices.

“The Alaska Mobile ID leverages Thales’ sophisticated digital ID technology to provide Alaskans with a secure method for digital verification of their identity, age, and/or driving privileges. With this ‘cybersecurity by design’ solutioncitizens benefit from a quick and secure way to digitally verify their identity while safeguarding their personal information. It also enables selective disclosure, meaning only some attributes of residents’ identities can be electronically verified. As an example, with Alaska Mobile ID, residents will be able to prove they are above 21 without revealing their exact age, which is impossible with physical ID.”

So this is a wonderful advance for Alaska…even though Thales is foreign-owned. The 2022 Alaska HB389 died without passage.

When Bureaucrats Cooperate…and When They Don’t

If you’ve read a few hundred job descriptions, one phrase that you’ll often see is “cross-functional collaboration.” The theory is that the employee (for example, a senior product marketing manager) will seamlessly work with marketing, product, R&D, customer success, sales, finance, legal, and everyone else, all working together for the good of the company.

But the world usually doesn’t work like that. YOUR department is great. The other departments are the bozos.

Google Gemini.

There’s actually a benefit to this when you look at government agencies. If you believe that “the government that governs least” is preferable to Big Brother, then the fact that multiple agencies DON’T gang up against you is a good thing. You don’t want to be chased by the FBI and the CIA and the BBC and B.B. King and Doris Day. And Matt Busby.

But there are times when government agencies work together, usually when facing a common threat. Sometimes this is good…and sometimes it isn’t. Let’s look at two examples and see where they fall in the spectrum.

The Central Intelligence Agency and the Federal Bureau of Investigation in 1972

Normally bureaucrats are loyal to their agency, to the detriment of other agencies. This is especially true when the agencies are de facto competitors.

In theory, and certainly in the 1970s, the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) have completely separate spheres of operation. But on the highest level they perform the same function: catch bad people. And each agency certainly wants to take the credit when a bad person is caught. Conversely, if one of the agencies has a bad person, the other one usually works to expose it.

Usually.

A few of you are old enough to remember a third-rate burglary in Washington, DC in 1972. The burglary took place at a political party office in some hotel or another. We now know with the benefit of hindsight that the FBI-CIA rivalry worked. Bob Woodward learned a few days after the break-in that two of the alleged burglars were connected to E. Howard Hunt, a former CIA operative. Who told Woodward?

“Woodward, we now know, had been tipped off by Mark Felt, the deputy director of the FBI. The Bureau had itself become involved in the investigation of a mere burglary because once the police found wiretapping equipment, the investigation fell under its remit.”

Google Gemini.

This is how it should work. Although the mere fact that Hunt knew Bernard Barker and Eugenio Martinez was not a crime, the FBI was certainly bound to investigate the matter.

Until it wasn’t.

“Richard Nixon and senior White House personnel including Chief-of-Staff Bob Haldeman and domestic policy tsar John Ehrlichman devised a strategy to block the investigation. This began to unfold as early as June 23, a mere three days after the break-in. That day, Haldeman proposed to Nixon to “have [Vernon] Walters [deputy director of the CIA] call Pat Gray [director of the FBI] and just say ‘stay the h*ll out of this’ on grounds of ‘national interest.’”

This recorded conversation would become very important two years later, but back in 1972 very few people knew about it. And very few people knew that Gray “destroyed secret documents removed from Howard Hunt’s safe.”

Think about it. If Richard Nixon hadn’t recorded his own conversations, we may have never learned that the CIA partially neutralized an FBI investigation.

But other instances of cross-functional collaboration come to light in other ways.

Immigration and Customs Enforcement and the Transportation Security Administration before 2026

The FBI-CIA episode of 1972 was an aberration. Normally agencies don’t cooperate, even when massive amounts of effort are performed to make them work together.

One prime example was the creation of the Department of Homeland Security (DHS) in 2002-2003. Because it was believed that 9/11 happened because relevant agencies were scattered all over the government, Congress and the President performed a massive reorganization. This affected the Departments of Agriculture, Energy, Health and Human Services, Justice, Transportation, and Treasury.

For our discussion:

  • The Department of Justice lost the Immigration and Naturalization Service (INS), which was broken up into three separate agencies within DHS. One of these is Immigration and Customs Enforcement, or ICE. Perhaps you’ve heard of it.
  • The relatively new Transportation Security Administration (TSA) was moved from the Department of Transportation to DHS.

The theory, of course, is that once all these agencies were under the DHS umbrella, they would magically work together to stop the evil terrorists. However, each of the component agencies had vastly different missions. Here is the mission of the TSA:

“Protect the nation’s transportation systems to ensure freedom of movement for people and commerce.”

Well, “freedom of movement” is not the primary part of ICE’s mission:

“Protect America through criminal investigations and enforcing immigration laws to preserve national security and public safety.”

While these missions are not mutually exclusive, the difference in emphasis is apparent. And the agencies competed.

Some of you may remember air marshals. After 9/11, some airline flight passengers were actually air marshals, but the passengers (and any terrorists) didn’t know which flights had air marshals or who they were.

Google Gemini.

The Federal Air Marshal Service (FAMS) was part of the Transportation Security Administration.

Until it wasn’t.

“Homeland Security Secretary Tom Ridge announced [in September 2003] that the federal air marshals program will move from the Transportation Security Administration to the Bureau of Immigration and Customs Enforcement (ICE).”

The idea was to concentrate all enforcement operations in one agency, to protect FAMS from uncertain TSA funding, and to allow ICE agents to be cross-trained as air marshals. But this didn’t happen, so two years later FAMS moved from ICE back to TSA.

And both agencies went on their merry little ways.

Immigration and Customs Enforcement and the Transportation Security Administration in 2026

Let’s look at a recent Biometric Update article.

“When Transportation Security Administration (TSA) Acting Director Ha Nguyen McNeill was pressed [by the House Committee on Homeland Security] on reports that ICE is using domestic flight passenger information to support deportation operations, she did not deny cooperation. Instead, she defended it as legitimate intra-departmental coordination and framed it as part of DHS’s overall mission set.

“In response to lawmakers’ questions, McNeill said TSA assistance to ICE is ‘absolutely within our authorities’ when it involves sharing passenger information for immigration enforcement operations.”

McNeill effectively said that TSA doesn’t dump its data on ICE, but responds to individual ICE inquiries.

Google Gemini.

Civil libertarians argue that this is mission creep, not the original intent.

“Airport travel…becomes a choke point for detentions – no longer just transportation, but a compliance checkpoint for civil enforcement, re-engineering mobility into an enforcement tool.”

And one more thing…

But I took special interest in McNeill’s contradictory statements that TSA is enforcing REAL ID while simultaneously allowing ConfirmID for those who don’t have a REAL ID.

In the future, it will be interesting to see how inter-agency barriers break down…and why.

Non-citizen REAL ID Expiration Dates Calculated Incorrectly in California

Remember my post that noted an error in Slashdot and Reason reporting about REAL IDs for non-citizens?

No, you don’t have to be a citizen to get a REAL ID.

But your REAL ID is tied to your authorization to be in the United States, and expires on the same date as your authorization to be here.

Well, that’s how it’s supposed to work.

In California, the date calculations (based upon 2006 legacy code) were screwed up for 300,000 legal residents.

“The error overrode the correct expiration date, which should have matched the end of the cardholder’s authorized stay in the United States. Under federal rules, immigrants with legal status — including permanent residents, green card holders and visa holders — are eligible for REAL IDs, but the cards’ expiration dates must align with the length of their authorized stay.”

Except when they don’t.

And for those who believe that granting REAL IDs to non-citizens is an example of California breaking the law:

  1. The DHS approved California’s REAL IDs in April 2019 under President Trump.
  2. Check reliably red South Dakota’s REAL ID requirements.

“If you’re not a U.S. citizen, you must apply in person at a state driver exam station and provide a U.S. Citizenship and Immigration document proving your lawful status in the U.S.”

Slashdot/Reason, Do You Fact Check Your REAL ID Claims?

Unchecked disinformation runs wild in this Slashdot story, contributed anonymously.

“Only the government could spend 20 years creating a national ID that no one wanted and that apparently doesn’t even work as a national ID. But that’s what the federal government has accomplished with the REAL ID, which the Department of Homeland Security (DHS) now considers unreliable, even though getting one requires providing proof of citizenship or lawful status in the country.”

The anonymous Slashdot contributor is either a liar or a fool. As I noted back in May after Leonardo Garcia Venegas’ first detainment (I didn’t know he was detained a second time), a REAL ID was NEVER intended to prove citizenship.

Here are California’s non-citizen REAL ID requirements, which are federally acceptable:

“This includes all U.S. citizens, permanent residents who are not U.S. citizens (Green Card holders), and those with temporary legal status, such as recipients of Deferred Action for Childhood Arrivals (DACA) or Temporary Protected Status (TPS) and holders of a valid student or employment visa.”

But since the REAL ID expiration date matches the date at which temporary legal status expires, it DOES prove legal presence.

Slashdot, get your facts straight.

Postscript: Slashdot lifted its claims from Reason.

AFOID With an Expanded A: If You Pay the Money, Who Needs REAL ID Anyway?

I’ve vented about this for years. Some people have vented about this for decades. And it’s been discussed for decades.

But before I launch into my rant, let me define the acronym of the day: AFOID. It stands for “acceptable form of identification.”

And for years (decades), we’ve been told that the ONLY acceptable form of identification to board a plane is a REAL ID, U.S. passport, or a similar form of identity. A REAL ID does not prove citizenship, but it does prove that you are who you say you are.

USA.GOV put it best:

“If you do not have a REAL ID-compliant driver’s license or state-issued ID, you will not be able to use it to:

“Access federal government facilities or military installations

“Board federally regulated commercial aircraft

“Enter nuclear power plants”

Pretty straightforward. Get a REAL ID (or other acceptable document such as a passport), or there are some things that YOU WILL NOT BE ABLE TO DO.

So you needed that AFOID by May 2025…

Whoops, I mean May 2027, because TSA is allowing exceptions for a couple of years.

Whoops, I mean probably never.

If you pay some bucks, you can use a MODERNIZED system. Biometric Update alerted me to this new item in the Federal Register.

“The Transportation Security Administration (TSA) is launching a modernized alternative identity verification program for individuals who present at the TSA checkpoint without the required acceptable form of identification (AFOID), such as a REAL ID or passport. This modernized program provides an alternative that may allow these individuals to gain access to the sterile area of an airport if TSA is able to establish their identity. To address the government-incurred costs, individuals who choose to use TSA’s modernized alternative identity verification program will be required to pay an $18 fee. Participation in the modernized alternative identity verification program is optional and does not guarantee an individual will be granted access to the sterile area of an airport.”

I’ve love to see details of what “modernized” means. In today’s corporate environment, that means WE USE AI.

And AI can be embarrassingly inaccurate.

And if you want to know how seedy this all sounds, I asked Google Gemini to create a picture of a man waving money at a TSA agent. Google refused the request.

“I cannot fulfill this request. My purpose is to be helpful and harmless, and that includes refusing to generate images that promote harmful stereotypes, illegal activities, or depict bribery of public officials.”

So I had to tone the request down.

Examining Voter ID From an IAL3 Lens

My recent Substack post explains what Identity Assurance Level 3 (IAL3) is, and re-examines my doubts about the effectiveness of so-called “voter ID” laws. Because if voter ID proponents REALLY wanted to guarantee that voters are eligible, they would have to do a LOT more. Security theater is not security. But what is the cost of true security?

“Examining Voter ID From an IAL3 Lens” on Substack: https://open.substack.com/pub/johnebredehoft/p/examining-voter-id-from-an-ial3-lens

(Picture Imagen 4)

The Late Maya Jean Yourex, Canine Identifiable Information, and Voter Fraud

There are a variety of non-person entities, all of which may engage in felonies. Take the late Maya Jean Yourex of Costa Mesa, California, who was encouraged to register to vote…even though Maya is a dog.

I’m sure that Carl DeMaio will hop on this story immediately.

Maya’s voting history

Maya first voted via mail-in ballot in the 2021 California gubernatorial recall election of Gavin Newsom. We know about this because Laura Lee Yourex posted a picture in January 2022 of her dog wearing an “I voted” sticker.

This could be dismissed as a silly picture, but Laura Lee’s October 2024 post exemplifies dumb crime. According to Orange County District Attorney spokeswoman Kimberly Edds (who presumably is human, though I haven’t verified this):

“Yourex had posted [a photo] in October 2024 of Maya’s dog tag and a vote-by-mail ballot with the caption “Maya is still getting her ballot,” even after the dog had passed away…”

The second ballot was rejected, but the first was counted.

Maya got away scot-free.

The fix was in. Imagen 4.

But Laura Lee potentially faces five felonies:

  • two counts of casting a ballot when not entitled to vote
  • perjury
  • procuring or offering a false or forged document to be filed
  • registering a non-existent person to vote

She is scheduled to enter a plea on Tuesday and theoretically faces six years behind bars.

Nathaniel Percy of the Orange County Register points out an important difference between the two elections in which Maya participated:

“Proof of residence or identification is not required for citizens to register to vote in state elections or cast ballots in state elections, which was how Maya’s vote counted in the recall election of Newsom….

“It was not immediately known on Friday how Maya voted in that election.

“However, proof of residence and registration is required of first-time voters in federal elections, and the ballot in Maya’s name for the 2022 primary was challenged and rejected….”

Voting agencies can’t find fake IDs

However, as I have previously noted, voting officials do not have the knowledge or tools to determine whether a government identification document is legitimate.

This is fake. Well, the card is real, but it’s not official.

As long as Maya’s ID declared that she was 18 years old, some voting officials would approve it.

Even if Maya’s face on the ID was a dog face.

This is also fake. Really fake, since it’s Imagen 4 generated.

Beyond “ID plus selfie“

As for proof of residency, Laura Lee’s electric bill could list Maya on the account, and Southern California Edison would be none the wiser.

Which is why many identity verification processes go beyond “ID plus selfie” (what you have plus what you are), and also include checks of textual databases for additional evidence of the person. 

Socure, for example, accesses over 400 global data sources to verify identities or identify fraudulent ones.

I doubt that Laura Lee enrolled her dog Maya in all of these sources. How many Social Security Numbers, email addresses, bank accounts, credit cards, and other records would Maya have? “Canine identifiable information” (CII)?

Do you validate identities?

If you are a marketing leader that wants to promote your identity solution, and your company can benefit from a marketing consultant with 30 years of identity experience, schedule a meeting with Bredemarket at bredemarket.com/mark.

Drive content results.

When Prospects Ask Technical Marketers the Tough Questions

Some technical marketers are expert at spinning soft fluffy stories about how their AI-powered toilet paper can cure cancer…which can be very persuasive as long as the prospects don’t ask any questions.

  • For example, let’s say you’re telling a Chick-fil-A in Kettering, Ohio that you’ll keep 17 year olds out of their restaurant. Are you ready when the prospect asks, “How do you KNOW that the person without ID is 17 years and 359 days old, and is not 18?”
  • Or let’s say you’re telling a state voter agency that you’ll enforce voter ID laws. Are you ready when the prospect asks, “How do you KNOW that the voter ID is real and not fake? Or that it is fake and not real?”

Be prepared to answer the tough questions. Expert testimonials. Independent assessments of your product’s accuracy. Customer case studies.

Analyze your product’s weaknesses. (And the threats, if you’re a SWOT groupie.)

And call in the expert help.

Stop losing prospects! Use Bredemarket content for tech marketers