Late last Friday afternoon, the Department of Homeland Security announced a set of new deadlines for final implementation of the REAL ID Act, postponing the date when TSA would stop accepting certain non-compliant states’ drivers licenses for aviation screening purposes until January 2018. It had previously been expected that such a deadline would be set for mid-2016 for a number of non-compliant states. This delay to the aviation screening deadline is not unexpected, given the likely disruption to air travel that would have resulted from TSA no long accepting many states’ ID’s as an acceptable form of identification.
Thus, the day of reckoning for REAL ID is postponed for another two years, for a new leadership team at DHS to confront. But it is unclear what will change in the next two years to alter the current status quo, where many states are reluctant to implement elements of REAL ID, the detailed statutory mandates from the 2005 law remain in place, and DHS is still charged with implementing the Act but retains the authority to delay its enforcement of the Act – authority that it has used repeatedly since 2007. While some states are likely to make progress on the REAL ID requirements in the next two years, it is hard to envision that the current impasse over full implementation will end in the next two years, and the next Secretary of DHS will likely be announcing additional delays in late 2017. And meanwhile, more than ten years have already passed since REAL ID was signed into law.
Given this reality, leaders in Congress, the executive branch, and the states have a choice to make. They can allow this dynamic of delay, confrontation, impasse, and further delay to cycle through the system one more time, resulting in gradual (but perhaps outdated) improvements to the security of state-issued identification. Or they can do what I believe is called for now: a serious re-examination of the requirements of the REAL ID Act.
Such a re-examination would include a detailed inquiry into the following questions:
1. What have been the demonstrable security benefits of the REAL ID Act to date, particularly with respect to counterterrorism, but also with respect to other national priorities (e.g. immigration enforcement, fraud prevention)? What elements of the REAL ID Act requirements (of which there are nearly 100) have delivered security benefits, and which have not, from a cost/benefit standpoint? (This would be a good question for a new GAO request by Congress, building off the findings of this 2012 GAO report).
2. Given the development and maturation of other counterterrorism capabilities in the past decade, how relevant and valuable is REAL ID (and secure identification generally) today with respect to domestic counterterrorism? For example, I would assert that it is much more difficult for would-be foreign terrorists (like the 9/11 hijackers) to travel to the United States today and engage in lengthy pre-operational activity than it was before 9/11, given investments in aviation pre-screening, watchlisting, visa security, information-sharing, domestic investigative capabilities, etc. Given how these other layers of security have been enhanced, has the marginal value of REAL ID today from a counterterrorism standpoint diminished or otherwise changed?
3. The terrorism threat facing the United States is significantly different than it was a decade ago, due to factors such as the increase in homegrown terrorism and the rise of ISIS and other new terrorist groups. How have these shifts in the terrorism threat changed the value of the REAL ID Act from a security standpoint? Have we seen changes in terrorist tradecraft with respect to the potential use of drivers’ licenses and other forms of identification?
4. How has technology involved in the past decade with respect to secure identification? Is the REAL ID Act mandating things in law that are now obsolescent from a technology standpoint? For example, what is the significance of digital identification technologies (which are being adopted now in many countries) for REAL ID? What is the significance of recent developments in areas such as biometrics and encryption? How do these technological developments affect the value of current REAL ID requirements?
5. In light of these external factors, how can the dynamics of governance over secure identification be changed so that state and federal actors are working together towards shared objectives, rather than in opposition to each other? Would it be helpful to move toward legislation that is focused on outcomes (similar to many other regulatory models), rather than the checklist approach that is codified in law today? Are there new coordination structures or funding mechanisms that can be used to align incentives?
Given these changes over the past decade, it is time for policy-makers (particularly in Congress) to be asking these questions, rather than allowing the status quo to prevail and REAL ID to continue on its current slow trajectory. A re-examination of REAL ID, and subsequent legislation based on the findings of such a review, would improve our homeland security and help to ensure that state and federal funds are being spent effectively and in a way that addresses today’s threats, instead of in response to yesterday’s threats and outdated requirements.