Remarks By Secretary Chertoff At A Press Conference On REAL ID

Release Date: March 1, 2007

For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
Washington, D.C.

Secretary Chertoff: Good morning, everybody. One of the first and most important priorities at the Department of Homeland Security is to protect America from individuals who are trying to do us harm. When we investigated the infamous attacks of September 11, 2001, one of the things that we discovered was that 18 of the 19 perpetrators had been issued U.S. identification documents, including state driver’s licenses, and that some of these documents had been obtained fraudulently.

Two of the hijackers, Hani Hanjour and Khalid al-Mihdhar obtained the paperwork for their Virginia driver’s licenses by handing $100 to an illegal alien in a convenience store parking lot. And then, that alien signed the forms attesting that these two hijackers were local residents. And, it was that fake ID, those phony driver’s licenses that enabled these hijackers and others to rent cars, board planes, and otherwise take the steps they needed to carry out their murderous plans.

Not surprisingly, the September 11th Commission spoke directly to this issue when it wrote these words. And I quote, “At many entry points to vulnerable facilities, including gates for boarding aircraft, sources of identification are the last opportunity to ensure that people are who they say they are and to check whether they are terrorists.”  The commission specifically urged the federal government to, set standards for the issuance of sources of identification such as driver’s licenses.

Now, in 2005, Congress acted on the commission’s recommendation, passing the Real ID Act to require Washington to work with the individual states to create new standards to secure driver’s licenses. The Real ID Act aims to make it harder for dangerous people to obtain licenses fraudulently and to make it easier for law enforcement and counterterrorism authorities to detect documents that have already been falsified. In doing so, the Real ID Act gives law enforcement and counterterrorism officials a critical new tool to prevent terrorism and to protect our homeland.

Consistent with this piece of legislation and with the 9/11 Commission recommendations, therefore, the Department of Homeland Security is announcing today a rule that proposes specific minimum standards for state issued driver’s licenses and identification cards to be accepted for federal purposes such as air travel. And, I want to say in particular that in formulating the proposal that we’re announcing today we were delighted to work closely with governors and members of Congress. I want to single out Senator Susan Collins who made some very important contributions and whose advice was critical to our formulating the approach that we have taken here today.

Now here’s how these standards are going to work. It’s very simple and it’s really a matter of common sense. Applicants for driver’s licenses are going to need to bring documents to their state Department of Motor Vehicles offices in order to validate or prove five things: who they are, what their date of birth is, what their legal status is in the United States, their social security number and their address. None of this stuff is top secret stuff.

In order to confirm this information, you’re going to need certain kinds of documents to prove you are who you say you are. So to confirm identity and date of birth and legal status there will be a number of different kinds of documents that can be presented, such as passports, or birth certificates, or permanent resident cards. To provide proof of social security number, citizens will need their social security card or some other valid document, like a W-2 form. And to provide proof of address, applicants are going to need documents issued within the last year, like a utility bill or something of that sort. So that’s what people who want to obtain licenses or renew licenses are going to have to bring to their state motor vehicle offices under this Real ID Act proposal.

What’s going to happen at the Department of Motor Vehicles?  Well, they’re going to have to take a photo of the applicant. They’re going to have to scan or copy the relevant documents that the applicants are providing, and then they’re going to have to go through a commonsense process to verify the accuracy and the legitimacy of the documents.

Now what are the ways they can do this?  Well, first they can check with the government agency that issued the document. So, for example, when a DMV office wants to authenticate a social security card or a number, that office will go to the Social Security Administration database.  Forty-seven states are now capable of authenticating social security numbers in that fashion, and under Real ID every state will be required to do so.

Now this verification process, however necessary, is of course not sufficient to address the entirety of the problem. We can’t have a truly secure identification system based on driver’s licenses unless we make sure that the states are protecting the information they’re collecting as well as the places where the licenses are being produced and issued. And that’s why, as part of today’s rule, we are requiring the states to prepare a comprehensive security plan to safeguard their DMV offices, their driver’s license storage and production facilities and their databases and systems.

In other words, states have to have procedures in place so you can’t hack into the database and steal the information or break into the warehouse and steal the cards or somehow get into the DMV office and get the critical documents. And of course, we have to make sure that the cards themselves, the licenses themselves, are hard to tamper with and difficult to counterfeit or duplicate for fraudulent purposes. So, we’re going to set some standards out for the states to achieve that, as well.

Finally of course, we want to ensure, as many states do, that drivers can’t hold a lot of different licenses in different jurisdictions with different names. So our rule proposes that each state check to make sure no other state is also licensing the same person. And by the way, we do that nowadays for commercial driver’s licenses.

Taken together, what these measures will do is make our states and our entire country stronger, safer and better protected against terrorism and against other threats, including identity theft. And this is, again, part of the cardinal, one of the cardinal recommendations of the 9/11 Commission that we are now taking a giant step forward to implement.

Now, how are states going to comply with Real ID?  Well, the law required a May 11, 2008 deadline, and there were already a number of states that are making progress to getting Real ID compliant, states as big as California and smaller states like Alabama and North Dakota. And I want to commend these states for their efforts to make the benefits of Real ID a reality for their citizens.

But, we also know, because we’ve had a lot of extensive consultation in preparing this rule, whether it be with motor vehicle officials or governors or members of congress, we know that a number of states are going to have difficulty meeting the deadline. And in part that’s due to the fact that this rule has taken quite a bit of time to get out. And there is a provision in the statute that does allow us to grant extensions if states have a justification for the request.

Therefore, based on that provision, I’m announcing today that states may seek justifiable extensions and obviously they have to prepare, ultimately, prepare a plan for compliance. And, those extensions will give the states that request through December 31, 2009 to come into compliance. Which means the first compliant cards from those states would be issued starting January 1, 2010.

Now as I’ve said, our Real ID proposal is aimed at enhancing security, but it does it in a way that promotes individual rights and also respects the functions of our states. We’re creating basic, simple standards. These standards give the states a lot of discretion and the power to continue to exercise their policy choices about who drives and the conditions under which they’re allowed to drive. For example, it’s the states not the Feds who are going to decide what kind of qualifications you need to drive a car.

And what’s equally clear is that our standards actually promote personal privacy because we all know that stolen and phony driver’s licenses are a powerful tool in the hands of identity thieves, and that affects the personal privacy of every single American. Therefore, under our proposal, states actually are going to have clear standards to meet, to protect the privacy of the information they collect from licensed applicants.

We require, for example, that each state can conduct name based and fingerprint based criminal history record checks and financial responsibility checks on those DMV employees who can affect the identity information that appears on the license, who have access to the production process or who manufacture the licenses or the cards.

This is, again, it’s kind of basic, common sense. Who, which one of us is going to feel comfortable if the local folks down at the DMV office have criminal records or are in a situation where they’ve committed fraud in the past?  Are we going to really want to give them our personal identification and just cross our fingers and hope for the best?  No, we want to make sure that every state has the kind of measures that many states already have to assure the privacy and security of the information each of us is giving to our Department of Motor Vehicles.

I always want to dispel the notion that the Real ID Act or our standards mandates anything like a Big Brother kind of database or style of government. We at the Department of Homeland Security in the federal government will not build, will not own, and will not operate any central database containing personal information. The data will continue to be held at the state level as it has traditionally been since they began to issue driver’s licenses. And by improving the quality of the documents, we’re going to make it very, very much harder for people to forge them, counterfeit them, or alter them.

At bottom, our approach here is an approach of partnership, a partnership between Washington and the states where we have mutual obligations and we help each other as well. I think we all have to agree that in a post September 11th world every level of government, not just the federal government, has the right and the responsibility to take steps to make sure we’re protecting our society.

Now this is obviously going to involve money. It’s going to cost money because security does cost money. And I dare say that it’s money well spent – rather to be a penny wise rather than a pound foolish. And we certainly know the consequences that phony ID can inflict upon innocent victims, as we saw dramatically on September 11th.

We are, however, going to try to pitch in and help the states with some of the costs. In recognition of the burden and recognizing also that this is program that’s going to be implemented over a number of years, we have decided that up to 20 percent of the total state homeland security program funding available for this fiscal year, which totals about $100 million in total, will be available for states to implement Real ID. We hope that will at least help them in some respect to defray the costs. Obviously a lot of the burden will still fall on state budgets however.

Here’s the bottom line. Secure identification that can’t be exploited and can’t be forged by terrorists or criminals is exactly what we need to prevent another terrorist attack on our soil and to protect Americans from a whole host of criminal activities which currently victimize them. That’s what the 9/11 Commission told us in certain terms. That’s what Congress mandated in passing the Real ID Act, and that is what we are implementing with the proposed regulations we’re issuing today.

By enacting this legislation and making it a reality, we as a nation are shutting a window of vulnerability that has been exploited and could continue to be exploited to hurt us. As part of our commitment to protecting America, and I think that is, at least as far as I’m concerned, job one for this department, for this United States.

And now I’m happy to take some questions.

Question: All the states will be able to fully implement this on May 11, 2008. A lot of them have complained that the databases aren’t even available for them to do all of this checking that they need to do of the documents.

Secretary Chertoff: Some of the databases are available. The Social Security database is available. Many states actually have databases now where they’re digitizing their birth certificates. I know a number of states are quite far along so I anticipate that a number of states will be able to achieve or come close to achieving May 11, 2008.

But that’s precisely why we built in this opportunity for extensions. If a state comes to us and says, look, we’ve got a plan, we’re moving forward, but we’re going to need more time, we will grant that extension. The idea here is not to set an impossible bar, it is to set an ambitious but realistic time line so we get the job done properly but also so that we avoid simply kicking the can down the road indefinitely.

Question: But do you really think that there will be some states that can implement?

Secretary Chertoff: You know, I’m not a soothsayer. I think there are states that are far along, and I think there are states that can either implement or come close to implementing by May 11th, but, time will tell. And if we have to give extensions, we’ll give extensions. That’s why I’ve announced the extensions.

Yes.

Question: I wanted to know, other than the 20 percent measure you talked about, do you expect in the future to be working with states to find some more federal funds that can be appropriated to help them out?

Secretary Chertoff: I think there’s about $30 million or so that already has been appropriated, that we’re going to be using for purposes of helping the states build the general architecture which they will share. As to what happens in future years, you know, I can’t predict future budgets, but obviously we’re mindful of the expense.

I also want to make a point though. In the end, this is about safeguarding licenses that are provided by states to their own citizens. This is going to improve the quality of service. Many states want to get there on their own anyway. What we’re doing is providing a level of standardization that I think is going to help make it interoperable.

That, by the way, also helps law enforcement because it allows the law enforcement to be able to work more readily with licenses from other states. So although obviously there’s a burden on the states, it also reflects the fact that secure driver’s licenses are a state responsibility. We want to help them in any way that we can, but it’s something that we’re going to have to do in partnership.

Yes.

Question: Mr. Chertoff, can you tell me – in a press release today, Senator Collins says that you’re going to reinstitute the negotiated rulemaking process. Can you tell me how far that’s going to go in terms of fleshing out the details of future implementation of this?

Secretary Chertoff: Well, I want to be precise. We’re in a comment period. The advisory group that had been put together eventually to do a negotiated rule making, many of whom, by the way, we consulted over the last 18 months. We will bring them in and certainly want to hear their comments on the rule. And you know the reason we have a comment period is to take comments. And based on the merit of the advice, we’ll come up with a final rule.

Yes.

Question: Secretary, we’re making rules right now for this and also the Western Hemisphere Travel Initiative. Is there any – have you given any more thought since you announced those rules for WHTI to whether states who have Real ID compliant licenses, especially those along the borders, will be able to use those licenses in lieu of the passport cards or passports for those journeys across land borders?

Secretary Chertoff: I think I’ve said all along, that would be a great idea. I mean that would require that the state choose to put into its license the characteristics that are necessary. I can tell you I’ve spoken to the government of Washington. They’re working on a pilot that, I think, aims at doing that.

Look, the idea here is to make it simple and to ultimately create both a choice but also interoperability among screening tools, which I think is both convenient, protects privacy and promotes security.

Question: Two questions. Will there be an extension on the other end in terms of when all existing licenses therefore have to be replaced?  I think it was something like five years that the states had to do that. And secondly will there be some measure to prevent the magnetic strips from being read?  There’s concern that companies might start to collect that information and then invade the privacy of –

Secretary Chertoff: Well, let me deal with the first issue. Right now we’re still looking at trying to get this done in the five year period. So obviously we’ll take comments on it, but we’re balancing here between the desire to get it done efficiently and not making it unreasonable. But also every year we don’t have it is a year of vulnerability, so we got to close that window. We got to do it in a way that’s sensible. We can’t afford to shilly-shally about it.

The magnetic strips, these aren’t RFID. You’d have to actually take the strip and run it into a reader. Now, that raises the following question. Right now when you hand your license to somebody in a bar, they already have the capability to read the license. It’s called your eyes. So when I’ve handed my license to people if I wanted to cash a check or something and they copy down the information on it, they got the information.

There clearly has to be rules against anybody who takes information down to make sure they don’t misuse it, but I don’t think that technology increases the threat to privacy. Whether you read the card and copy it down or whether you run the magnetic strip through like you do with a credit card, I think the bottom line is the person who gets the card can read the information. The key is they have to be prohibited from misusing the information. And I think that’s, you know, that’s where we ought to be focusing our attention.

Question: Will there be a prohibition? 

Secretary Chertoff: That’s not within the domain of our authority. But certainly states that want to put in privacy legislation to prevent, for example, people from misusing licenses, I mean I think a lot of states have that now.

The problem with people misusing license information has been around for 20 years. People who’ve erroneously or wrongfully gotten online and taken DMV information has been a problem around for years. So if we’re going to deal with the issue of people who lawfully come into access or lawfully get access to DMV information to prevent them from misusing it, we ought to deal with that as a privacy problem.

I don’t think that technology makes it worse. In fact, I actually think it makes it better.

Question: You said that you’re going to allow up to 20 percent of the state’s Homeland Security Grant Funds to be used. Is that a new purpose for the grants; up until now they would not have been able to use that?

Secretary Chertoff: Correct, correct.

Question: Related to the grant issue, do you think it’s feasible for there to be a public tracking system for states to report to how they spend their grant money, something that the public or Congress could monitor?

Secretary Chertoff: If you’re asking me technologically is it possible, I mean a state is capable of putting anything they want on the web.

Question: Would it be something that DHS could do themselves for the state to report to?

Secretary Chertoff: You know, I think we obviously want to make sure we track and we do track that funds are spent according to the goals that we set and according to the agreements that we reach with the states.

We are transparent about it. I don’t know if there’s any particular proposal to take any step about putting it on the web or not, but we’re obviously accountable to Congress at the end of the day.

Question: The states have been using this figure, $11 billion over five years, for the cost. I’m wondering if you’ve come up with your own cost estimate of what it would be?

Secretary Chertoff: I think that the states, in terms of the actual costs, the cash costs to the states, in discounted dollars, I think the states are about right. I think we estimate it about the same. Obviously that’s discounted to present dollars. We’re talking about over five years of rollout, so it may be more money spread out over time. But if you did it current dollars, it would be about what the states said.

We also, for reasons too complicated for me to explain, also calculate what they call opportunity costs for the individuals who have to go every – someone calculates the amount of time it takes to find your birth certificate and get in the car and drive to the DMV and then they put a dollar figure to that. So you’ll see that in the rule as well.

I think the most interesting figure is this. If we were to take the amount of money the states are going to pay when they issue a license and ask what additional costs, above and beyond the normal costs will be born by the individual as a consequence of these measures, we’ve estimated that to be around $20. So, that’s – we’re basically – it’s going to be like a $20 privacy fee and security fee if, in fact, states choose to pass that on to their citizens.

And I think that it’s obviously not a trivial amount of money, but the question is, is it a reasonable amount of money that people should pay to prevent people from getting on airplanes or getting in buildings and killing Americans, and also, by the way, so that we can be confident that our licenses are harder to clone and harder to counterfeit and harder to forge. And I think most people would say, you know, that’s pretty reasonable – that’s $20 well spent.

Question: Can you go into just a little bit of what the states will have to prove that they’re on a time table, that they’re trying to comply?  I mean this sounds like it could get into a whole complicated new bureaucracy.

Secretary Chertoff: It’s not meant to become – look, we’re looking to have – we’re not looking to have them prove things. We’re looking to have them come forward and say, look, we have a plan here; we have a disciplined process to go forward to get to the plan; we estimate we’re going to need some more time. And by the way, we’re not expecting to get these requests tomorrow because we know states are going to have to look at the regulation and there’s going to be back and forth.

So this is a collaborative process. This is not the United States government jamming the states. And we’re assuming the states are operating in good faith because I still think, at the end of the day, this is good for the citizens of every state. I mean every citizen, it seems to me, is better off if they know that their license is harder to forge, their identity is harder to steal and their life is safer in a federal facility.

So rather than get into arm wrestling, I’m assuming we’re all going to work together in good faith. And I’m confident that that’s going to be what happens.

Question: Critics say that the negotiated rulemaking set up in 2004 would have resulted in standards by now and we’d be farther along. So I’m wondering what was wrong with that process?  Why did it need to be supplanted with the 2005 law that you’re acting under now?

Secretary Chertoff: Congress passed a law. So I’m not a member of Congress.

You’ll have to ask people who were involved in dealing with the negotiation. The goal, I think, has always been the same. It’s a 9/11 Commission recommendation.

I think we did an awful lot of discussion with the very people who would have been in the negotiated rulemaking. So I think at the end of the day, we’ve achieved the same result. As Senator Collins said, we’re going to bring the advisor group back in. So we’re going to get to the same place, and I’m always happy that we can do that. And I was happy to have a very – you know, Senator Collins is very persuasive and did a good job of coming up with some reasonable proposals and we’re happy to adopt them because that’s – we listen and when things make sense, we adopt them.

Question: Mr. Secretary, the governor of Virginia said on Monday that he was afraid this would mean that a lot of states would have to buy a whole bunch of new equipment and technology. Do you think the technology is there and that states are already using it right now?

Secretary Chertoff: I think the governor of Virginia; I think Governor Kaine will be relieved that I don’t think it’s going to require a lot of new technology.

A lot of states have the technology that you need. We’re not being very prescriptive. What we will need to do is build connectivity so that states can interact and have interoperability. We always think interoperability is a good thing, and I think we can help a little bit with that from the federal government standpoint.

But this is something – I can’t tell you that no state is going to have to make an investment because you’re going to have upgrade, for example – some states are going to have to upgrade the quality of their card stock and things of that sort. I don’t think this is going to, though, require a tremendous retooling of the capital.

You know, they’ll have to hire some more people to do the intake, but I think this is a flexible approach and one that will allow most states to work with us so that it’s not a huge hassle for them.

One more.

Question: On the requirement to integrate with Social Security, Immigration, State Department, other databases, will those be a requirement or any other further effort to speed that along or do the rules speak to what happens if those databases aren’t ready?

I guess this is a follow-up to Pam’s question. If the federal cost is $11 billion and the federal government is proposing to put in about $100 million, $130 million, that’s one percent. You’ve seen these former Homeland Security officials recommend $1 billion. What’s your thought on that?  Is there a larger – what’s the fair federal share to this?

Secretary Chertoff: Let me do the second thing real quick and then I’ll come back to the first. When we talk about the expense, we’re talking about a number of years. So let’s compare apples to apples, not apples to bushels of apples. For this year we’re talking about $100 million. I can’t tell you what future budgets will be like, but we’re talking about a process of implementation that’s going to take place over, you know, five, six, seven years including the extension. So when you talk about $10 billion, you’re talking about over that period of time. If you were to take it – and I know this is a very rough figure, per year, then it’s not quite so much of a delta.

As far as the first database issue is concerned, a lot of states do the Social Security already. With respect to the birth certificates, a significant number of states, using by the way federally funded program, so there’s other federal money coming into this, are in the process of digitizing their birth certificates. There, it’s simply going to be a question of connecting into existing databases. And with respect to the State Department, you know, you’re going to have a lot of documents that are self-authenticating like passports.

One of the reasons we built a little flexibility in is if we need to make adjustments in light of experience and unanticipated problems we could make those adjustments. Again, the idea here is not to jam the states, but it is to make sure that we move briskly and efficiently to a goal that I think we all believe is important.

Thanks very much.

###

This page was last modified on March 1, 2007