“a word used in order to evade or retreat from a direct or forthright statement or position”
I don’t know how weasels became the subject of a negative phrase like this, but here we are.
I learned the phrase “weasel word” when I started working in proposals. I’ve been writing proposals for nearly 15 years, and I’ve run into many cases where I don’t comply with the written word of a mandatory requirement, and I end up having to…evade or retreat.
“This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases….The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.”
As I have ranted repeatedly, the REAL ID enforcement DEADLINE is May 7, 2025, but FULL enforcement will be achieved by May 5, 2027. There are enough weasel words to distract from the fact that full enforcement is not taking place on May 7, 2025.
“Flexibility,” “implement in phases”…I’m taking notes. The next time I respond to a DHS RFI, I may use some of these.
Because Bredemarket does respond to Requests for Information, Requests for Proposal, and similar documents. One of Bredemarket’s clients recently received an award, with possible lucrative add-on work in the future.
Does your identity/biometric or technology conpany want the government to give you money? I can help. Talk to me: https://bredemarket.com/cpa/
“Passengers presenting identification that does not conform to Real ID standards ‘are being notified of their non-compliance,’ [Transportation Security Administration spokesperson Lisa] Farbstein said. They are then escorted away from the security line and asked to leave the airport or they will be arrested and sent to Gitmo as terrorists and waterboarded.”
Whoops, I appear to have made a typo and misquoted North Jersey. Here is what is ACTUALLY happening:
“Passengers presenting identification that does not conform to Real ID standards ‘are being notified of their non-compliance,’ [Transportation Security Administration spokesperson Lisa] Farbstein said. They may then be directed to a separate area for additional screening.”
That ain’t “compelling” at all. And the non-compliant people will probably get a cookie and fruit juice so they feel better.
Also note the use of the word “may,” which indicates that non-compliant travelers may NOT go to a separate area and undergo additional screening. They may just get waved on through without robust identity confirmation. And still get the cookie and fruit juice.
I will admit that this is probably unavoidable. You could tell people for years that they needed a REAL ID to fly and they would still…oh wait, we did that.
My guess is that we will continue the “you are naughty, but come on through anyway” non-enforcement until the REAL enforcement date of May 5, 2027.
Subject to extension….again.
Unless someone without a REAL ID slips through and does bad things. Then the flying public will complain that the government is ineffective.
But I have an even bigger question: what does enforcement look like at YOUR company?
“This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases….The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.”
“’If it’s not compliant, they may be diverted to a different line, have an extra step, but people will be allowed to fly,’ Noem said at a U.S. House hearing on Tuesday. ‘This is a security issue.’”
So when WILL it be enforced? Memorial Day? Thanksgiving? May 5, 2027? Ever?
It gets real tomorrow, with the enforcement date (sort of) for REAL ID at federal installations and airports. But what about the privacy of the data behind REAL IDs?
As can be expected, some people are very concerned about what this means.
“[C]oncerns persist among privacy professionals that the next step will be a federal database of driver’s license information, which is bad from a privacy and cybersecurity standpoint, said Jay Stanley, asenior policy analyst with the American Civil Liberties Union.
“‘The more information the government has, the more the government might use that information,’ said Jodi Daniels, founder and chief executive of Red Clover Advisors, a privacy consulting company. ‘But that’s not what’s happening now,’ she added.”
Kumar addressed what IS happening now, and whether our personally identifiable information (PII) is protected.
“States have been issuing driver’s licenses for many years, and personal information is already being stored. The expectation is that the same controls apply to Real ID, said Bala Kumar, chief product and technology officer at Jumio, an online mobile payment and identity verification company. ‘States have already been managing this for many years,’ Kumar said.”
If you continue to read the article, you’ll also see a statement from the American Association of Motor Vehicle Administrators that echoes what Jumio said.
But as a former IDEMIA employee, my curiosity was piqued.
Has anyone ever gained unauthorized access to a state driver’s license database?
So I checked, and could not find an example of unauthorized access to a state driver’s license database.
“On May 31, 2023, Progress Software Corporation, which developed and supports the MOVEIt managed file transfer platform, notified all customers across the globe, including [Louisiana Office of Motor Vehicles], of a zero-day vulnerability that an unauthorized party leveraged to access and acquire data without authorization. Upon learning of the incident, immediate measures were taken to secure the MOVEIt environment utilized to transfer files. A thorough investigation was conducted, and it was determined that there was unauthorized acquisition of and access to OMV files in the MOVEIt environment….
“The information varied by individual but included name and one or more of the following: address, date of birth, Social Security number, driver’s license, learner’s permit, or identification card number, height, eye color, vehicle registration information, and handicap placard information.”
Well, at least the hacked data didn’t include weight. Or claimed weight.
Cybersecurity professionals know that you cannot completely prevent these hacks. Which explains the “risk” in third party risk management. Progress Software has been around for a long time; I worked with Progress Software BEFORE I began my biometric career. But these hacks (in this case, CVE-2023-34362 as documented by CISA) can happen to anyone.
Be cautious, and remember that others with good intentions might not be cautious enough.
Driver’s license vendors already know about the states’ decades-long resistance to REAL ID, and I bet you do too.
Anthony Kimery of Biometric Update put a fundamental truth succinctly:
“The saga of the REAL ID pushback reveals a deep and ongoing tension at the heart of American governance: the friction between national imperatives and state autonomy.”
Beginning with some states telling the federal government to get out of their affairs, as well as expressing budgetary concerns about federal mandates that the federal government wouldn’t fund, Anthony Kimery’s REAL ID tale concludes with all the states and territories achieving technical compliance with REAL ID…two decades later.
(Why did the states surrender to the federal REAL ID mandates? Because as much as the states complained about federal overreach…in the end the federal government controlled the airports. If you wanted to fly, you had to get a federal passport…or bend your state driver’s license to the federal rules. And you might recall that airport security was the whole reason for REAL IDs in the first place.)
At the end of Kimery’s story, concerns have come full circle. States that maintained that they have the right to determine how they issue their own driver’s licenses are angry at how OTHER states exercise the right to issue THEIR own driver’s licenses.
“Early this year,…Wyoming passed legislation invalidating out-of-state driver’s licenses issued to undocumented immigrants.”
Maybe we need a national ID?
If you’re curious about what Bredemarket has said about REAL ID over the years, I’ve collected a few samples:
“Beyond the five wire fraud counts, the grand jury also indicted him on one count of falsifying documents related to a campaign flier. The mailer from “Conservatives for Dennis” endorsed Flanagan….[He attributed] “the source of the Mailer to a false persona, ‘Jeanne Louise,'” whom he created for the endorsement….In October 2023, he admitted to OCPF that Jeanne Louise “was fake” and he was the source of the mailer.”
There is so much effort to identify voters. What about identifying the sources of political endorsements?
12-18-6.1. Voters required to provide identification before voting.
When the voter is requesting a ballot, the voter shall present a valid form of personal identification. The personal identification that may be presented shall be either:
(1) A South Dakota driver’s license or nondriver identification card;
(2) A passport or an identification card, including a picture, issued by an agency of the United States government;
(3) A tribal identification card, including a picture; or
(4) A current student identification card, including a picture, issued by a high school or an accredited institution of higher education, including a university, college, or technical school, located within the State of South Dakota.
As most people know, legislators only define the law in broad strokes. It is up to the executive to figure out the details of how to implement the law.
So how does the South Dakota Board of Elections determine that the presented identification is valid?
Does every precinct worker in South Dakota possess a copy of a guide (such as this one) that includes, among other items:
“Explanation of what the proper alphanumeric sequencing of a South Dakota ID or Driver’s License should be (how many letters, numbers, etc.).”
In addition, does every precinct worker in South Dakota have access to software and equipment (such as this one that uses “white, infrared, ultraviolet and coaxial lights”) that detects deepfake IDs? This one has a $1,600 list price. You can get cheaper ones that only support white light and can’t detect the other security features, but such readers would violate the law.
If the state can negotiate a discount of $1,000 per reader, then you can equip almost 700 precincts for less than $1 million (excluding training and maintenance, and assuming only 1 reader per precinct). A small price to pay for democracy.
Of course voter ID fraud doesn’t just affect South Dakota, as I previously noted. But even if South Dakota doesn’t equip its precinct workers to reject voters with fake IDs, I’m sure the other states do.
When then-President George W. Bush signed into law the “Real ID Act of 2005,” American adults initially had a May 11, 2008 deadline to ensure their identification documents met federal standards.
For those who didn’t notice, we didn’t all adopt REAL IDs in 2008.
In fact, a few years later I was working on a driver’s license proposal for a state I won’t identify, and the RFP clearly and emphatically stated that REAL ID compliance for the new driver’s license was not…um…OK.
The Transportation Security Administration has published a final rule which clearly states that the REAL ID enforcement date of May 7, 2025 still stands and has not been delayed.
Or perhaps it’s not so clear.
This rule ensures that Federal agencies have appropriate flexibility to implement the card-based enforcement provisions of the REAL ID regulations after the May 7, 2025, enforcement deadline by explicitly permitting agencies to implement these provisions in phases. Under this rule, agencies may implement the card-based enforcement provisions through a phased enforcement plan if they determine it is appropriate upon consideration of relevant factors including security, operational feasibility, and public impact. The rule also requires agencies to coordinate their plans with DHS, make the plans publicly available, and achieve full enforcement by May 5, 2027.
So the enforcement DEADLINE is May 7, 2025, but FULL enforcement will be achieved by May 5, 2027.
Date subject to change.
It’s not only the U.S.
But at least these decades of delays give me an excuse to share a Geico commercial.
And Europe (the continent, not the band) has its own problems with delays to its Entry/Exit System (EES)…and a graduated rollout is proposed.
When talking about the validity periods for U.S. driver’s licenses (which vary from state to state) in a February 2024 post, Veriff points out one oft-overlooked part of the REAL ID Act:
“If a document bears the typical Real ID star symbol (or some accepted adaptation of it), meaning it is a Real ID-compliant document, it cannot be valid for longer than 8 years (Section 202(d)(10) of the Real ID Act).”
At the time of Veriff’s post, the REAL ID deadline was due for enforcement on May 7, 2025 after numerous delays. Several months later, in September 2024, the Transportation Security Administration started planning to be flexible about that deadline…
And this number is increasing. In June, Nebraska approved Legislative Bill 514 which implements voter ID requirements for Nebraska elections beginning in May 2024. Nebraska will be a “strict” voter ID state.
Proponents argue increasing identification requirements can prevent in-person voter impersonation and increase public confidence in the election process.
The exact IDs that are required vary from state to state, but all states accept a state-issued driver’s license or other state ID (REAL ID or not) as an acceptable form of identification for voting.
When you present your ID to a Transportation Security Agency official, they place the ID in a specialized machine which, among other things, can detect forgeries.
And if you win money at a Las Vegas casino, they will check your ID also before paying out (as an underage friend of mine learned the hard way).
How can YOU detect a fake ID? Well, you can buy a book such as the “I.D. Checking Guide” or similar reference and compare the presented ID to the examples in the book.
Check the hologram. You can do this without using any special tools, so it’s an easy way to spot a fake ID…unless the fraudster has placed a hologram on their document.
Check for tampering. Sometimes this is obvious to the naked eye, sometimes not so obvious. For example, a fraudster may have clumsily pasted another photo on top of the real photo. But maybe the tampering isn’t so obvious.
Inspect the microprint. You’ll need a magnifying glass for this, but if you know what to look for, you can spot fraudulent IDs…unless the fraudster also added the appropriate microprinting to their document.
Look for ultraviolet (UV) features. You’ll need a UV light for this, but again this can reveal forgeries…unless the fraudster also incorporated UV features into their document.
Use Nametag products. These (and similar products from other companies such as Regula) can check for fraud that the untrained eye cannot detect.
These fraud detection techniques are great if you work for the TSA or a casino full-time and have the appropriate training and equipment to detect fake IDs.
Enter the untrained, unequipped fraud guardians
But what about precinct workers?
They work one or maybe a few days a year, and it’s very doubtful that the elections authorities:
Train and test precinct workers in the detection of fraudulent IDs.
Provide precinct workers with reference materials, magnifiying glasses, ultraviolet lights, or automated hardware and software to detect fraudulent IDs.
If the precinct workers don’t have the training, equipment, and software, Phineas T. Bailey could walk up to a local precinct, show a fake ID saying that he is Joe Real, and if Joe Real is registered to vote in that precinct, Phineas can go ahead and vote.
On at least two occasions, John Wahl presented the ID above when voting.
When poll workers asked Alabama GOP Chairman John Wahl for his voter ID, he gave them a card they’d never seen before. He texted this picture of it to the Limestone County Probate judge, who then approved him to vote.
However, it was subsequently discovered that Wahl made the ID himself.
(Why? Because Wahl and other members of his family object to biometric identification for religious reasons. Rather than submitting to the standard biometric identification processes used to create driver’s licenses and other government forms of identification, Wahl simply had an unnamed third party create his own ID, with the knowledge of the State Auditor.)
If you’re going to insist that people present legitimate IDs for voting, then you need to enforce it, both for people who present IDs in person and for people who present IDs remotely. There are a number of companies that provide hardware and software to verify the legitimacy of driver’s licenses and other government-issued documents.
Of course, that costs money. Depending upon the solution you choose, it could cost tens or hundreds of millions of dollars to protect the more than 230,000 polling places from identity fraud.
Bredemarket 